<listitem><para>If the service opens sockets or other files on it own, and those file descriptors
shall survive a restart, the daemon should store them in the service manager via
<citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry> with
- <varname>FDSTORE=1</varname>..</para></listitem>
+ <varname>FDSTORE=1</varname>.</para></listitem>
<listitem><para>Instead of using the <function>syslog()</function> call to log directly to the system
syslog service, a new-style daemon may choose to simply log to standard error via
<refsect1>
<title>Commands</title>
- <para>The following commands are understood. If none is specified the default is to display journal records.</para>
+ <para>The following commands are understood. If none is specified the default is to display journal records:</para>
<variablelist>
<varlistentry>
multiple times, in which case the order in which images are laid down follows the rules specified in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the <varname>ExtensionImages=</varname> directive and for the
- <citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry> and.
+ <citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry> and
<citerefentry><refentrytitle>systemd-confext</refentrytitle><manvolnum>8</manvolnum></citerefentry> tools.
The images must contain an <filename>extension-release</filename> file with metadata that matches
what is defined in the <filename>os-release</filename> of <replaceable>IMAGE</replaceable>. See:
<refnamediv>
<refname>systemd-bsod.service</refname>
<refname>systemd-bsod</refname>
- <refpurpose>Displays boot-time emergency log message in full screen.</refpurpose>
+ <refpurpose>Displays boot-time emergency log message in full screen</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>systemd-cryptsetup</filename> is used to set up (with <command>attach</command>) and tear
down (with <command>detach</command>) access to an encrypted block device. It is primarily used via
<filename>systemd-cryptsetup@.service</filename> during early boot, but may also be be called manually.
- The positional arguments <parameter>VOLUME</parameter>, <parameter>SOURCEDEVICE</parameter>,
+ The positional arguments <parameter>VOLUME</parameter>, <parameter>SOURCE-DEVICE</parameter>,
<parameter>KEY-FILE</parameter>, and <parameter>CRYPTTAB-OPTIONS</parameter> have the same meaning as the
fields in <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
<para>In order to embed binary data into the credential data for <option>--set-credential=</option>,
use C-style escaping (i.e. <literal>\n</literal> to embed a newline, or <literal>\x00</literal> to
embed a <constant>NUL</constant> byte). Note that the invoking shell might already apply unescaping
- once, hence this might require double escaping!.</para>
+ once, hence this might require double escaping!</para>
<para>The
<citerefentry><refentrytitle>systemd-sysusers.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<listitem><para>Generates/removes a <filename>.pcrlock</filename> file based on raw binary data. The
data is either read from the specified file or from STDIN (if none is specified). This requires that
- <option>--pcrs=</option> is specified. The generated pcrlock file is written to the file specified
+ <option>--pcrs=</option> is specified. The generated .pcrlock file is written to the file specified
via <option>--pcrlock=</option> or to STDOUT (if none is specified).</para>
<xi:include href="version-info.xml" xpointer="v255"/>
<varlistentry>
<term><option>--nv-index=</option></term>
- <listitem><para>Specifies to NV index to store the policy in. Honoured by
+ <listitem><para>Specifies the NV index to store the policy in. Honoured by
<command>make-policy</command>. If not specified the command will automatically pick a free NV
index.</para>
<literal>kexec</literal>, depending on the chosen action. All executables in this directory are executed
in parallel, and execution of the action is not continued before all executables finished. Note that
these executables are run <emphasis>after</emphasis> all services have been shut down, and after most
- mounts have been detached (the root file system as well as <filename>/run/</filename> and various API
+ mounts have been unmounted (the root file system as well as <filename>/run/</filename> and various API
file systems are still around though). This means any programs dropped into this directory must be
prepared to run in such a limited execution environment and not rely on external services or hierarchies
such as <filename>/var/</filename> to be around (or writable).</para>
<title>Generate a configuration extension image</title>
<para>The following creates a configuration extension DDI (confext) for an
- <filename>/etc/motd</filename> update.</para>
+ <filename>/etc/motd</filename> update:</para>
<programlisting>mkdir tree tree/etc tree/etc/extension-release.d
echo "Hello World" > tree/etc/motd
via <varname>SurviveFinalKillSignal=yes</varname>, and also be configured to avoid being stopped on
isolate via <varname>IgnoreOnIsolate=yes</varname>. They also have to be configured to be stopped on
normal shutdown, reboot and maintenance mode. Finally, they have to be ordered after
- <constant>basic.target</constant> to ensure correct ordeering on boot. Note that in case any new or
+ <constant>basic.target</constant> to ensure correct ordering on boot. Note that in case any new or
custom units are used to isolate to, or that implement an equivalent shutdown functionality, they will
also have to be configured manually for correct ordering and conflicting. For example:</para>
exposed NVMe-TCP mass storage devices. The NQN should follow the syntax described in <ulink
url="https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-2.0c-2022.10.04-Ratified.pdf">NVM
Express Base Specification 2.0c</ulink>, section 4.5 "NVMe Qualified Names". Note that the NQN
- specified here will be suffixed with a dot and the the block device name before it is exposed on the
+ specified here will be suffixed with a dot and the block device name before it is exposed on the
NVMe target. If not specified defaults to
<literal>nqn.2023-10.io.systemd:storagetm.<replaceable>ID</replaceable></literal>, where ID is
replaced by a 128bit ID derived from
but the used architecture identifiers are the same as for <varname>ConditionArchitecture=</varname>
described in <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
<varname>EXTENSION_RELOAD_MANAGER=</varname> can be set to 1 if the extension requires a service manager reload after application
- of the extension. Note that the for the reasons mentioned earlier:
+ of the extension. Note that for the reasons mentioned earlier:
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink> remain
the recommended way to ship system services.
<para>The services will store the public key of the SRK key pair in a PEM file in
<filename>/run/systemd/tpm2-srk-public-key.pem</filename> and
- <filename>/var/lib/systemd/tpm2-srk-public-key.pem</filename>. It will also store it in TPM2B_PUBLIC
+ <filename>/var/lib/systemd/tpm2-srk-public-key.pem</filename>. They will also store it in TPM2B_PUBLIC
format in <filename>/run/systemd/tpm2-srk-public-key.tpm2_public</filename> and
<filename>/var/lib/systemd/tpm2-srk-public-key.tpm2b_public</filename>.</para>
<refnamediv>
<refname>systemd-vmspawn</refname>
- <refpurpose>Spawn an OS in a virtual machine.</refpurpose>
+ <refpurpose>Spawn an OS in a virtual machine</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para>In order to embed binary data into the credential data for <option>--set-credential=</option>,
use C-style escaping (i.e. <literal>\n</literal> to embed a newline, or <literal>\x00</literal> to
embed a <constant>NUL</constant> byte). Note that the invoking shell might already apply unescaping
- once, hence this might require double escaping!.</para>
+ once, hence this might require double escaping!</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
<literal>ipv4</literal>, <literal>ipv6</literal>, <literal>both</literal>, or
<literal>no</literal>. Defaults to <literal>no</literal>.</para>
<para>Note. Any positive boolean values such as <literal>yes</literal> or
- <literal>true</literal> are now deprecated. Please use one of the values in the above.</para>
+ <literal>true</literal> are now deprecated. Please use one of the values above.</para>
<xi:include href="version-info.xml" xpointer="v219"/>
</listitem>
Address=192.168.0.2/24
[DHCPServer]
ServerAddress=192.168.0.1/24</programlisting>
- are equivalent to the following.
+ are equivalent to the following:
<programlisting>[Network]
DHCPServer=yes
Address=192.168.0.2/24
<listitem><para>Takes a timespan. Configures the retransmit time, used by clients to retransmit Neighbor
Solicitation messages on address resolution and the Neighbor Unreachability Detection algorithm.
- An integer the default unit of seconds, in the range 0…4294967295 msec. Defaults to 0.</para>
+ An integer, the default unit is seconds, in the range 0…4294967295 msec. Defaults to 0.</para>
<xi:include href="version-info.xml" xpointer="v255"/>
</listitem>
<varlistentry>
<term><varname>HomeAgent=</varname></term>
- <listitem><para>Takes a boolean. Specifies that IPv6 router advertisements which indicates to hosts that
- the router acts as a Home Agent and includes a Home Agent Option. Defaults to false. See
+ <listitem><para>Takes a boolean. Specifies that IPv6 router advertisements which indicate to hosts that
+ the router acts as a Home Agent and includes a Home Agent option. Defaults to false. See
<ulink url="https://tools.ietf.org/html/rfc6275">RFC 6275</ulink> for further details.</para>
<xi:include href="version-info.xml" xpointer="v255"/>
<varlistentry>
<term><varname>HomeAgentLifetimeSec=</varname></term>
- <listitem><para>Takes a timespan. Specifies the lifetime of the Home Agent. An integer the default unit of seconds,
+ <listitem><para>Takes a timespan. Specifies the lifetime of the Home Agent. An integer, the default unit is seconds,
in the range 1…65535. Defaults to the value set to <varname>RouterLifetimeSec=</varname>.</para>
<xi:include href="version-info.xml" xpointer="v255"/>
<term><filename>250-firmware-code-early.pcrlock</filename></term>
<listitem><para>Firmware code measurements, as recorded to PCR 0 and 2, up to the separator
- measurement (see <filename>400-secureboot-separator.pcrlock.</filename> below). May be generated via
+ measurement (see <filename>400-secureboot-separator.pcrlock</filename> below). May be generated via
<command>systemd-pcrlock lock-firmware-code</command>.</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
<term><filename>250-firmware-config-early.pcrlock</filename></term>
<listitem><para>Firmware configuration measurements, as recorded to PCR 1 and 3, up to the separator
- measurement (see <filename>400-secureboot-separator.pcrlock.</filename> below). May be generated via
+ measurement (see <filename>400-secureboot-separator.pcrlock</filename> below). May be generated via
<command>systemd-pcrlock lock-firmware-config</command>.</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
<term><filename>550-firmware-code-late.pcrlock</filename></term>
<listitem><para>Firmware code measurements, as recorded to PCR 0 and 2, after the separator
- measurement (see <filename>400-secureboot-separator.pcrlock.</filename> above). May be generated via
+ measurement (see <filename>400-secureboot-separator.pcrlock</filename> above). May be generated via
<command>systemd-pcrlock lock-firmware-code</command>.</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
<term><filename>550-firmware-config-late.pcrlock</filename></term>
<listitem><para>Firmware configuration measurements, as recorded to PCR 1 and 3, after the separator
- measurement (see <filename>400-secureboot-separator.pcrlock.</filename> above). May be generated via
+ measurement (see <filename>400-secureboot-separator.pcrlock</filename> above). May be generated via
<command>systemd-pcrlock lock-firmware-config</command>.</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
<term><filename>700-action-efi-exit-boot-services.pcrlock</filename></term>
<listitem><para>The EFI action generated when <function>ExitBootServices()</function> is generated,
- i.e. the UEFI environment is left and the OS takes over. Covers the PCR 5 measurement. Statically
+ i.e. when the UEFI environment is left and the OS takes over. Covers the PCR 5 measurement. Statically
defined.</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
<arg choice="plain">call</arg>
<arg choice="plain"><replaceable>ADDRESS</replaceable></arg>
<arg choice="plain"><replaceable>METHOD</replaceable></arg>
- <arg choice="opt"><replaceable>PARAMETERS</replaceable></arg>
+ <arg choice="opt"><replaceable>ARGUMENTS</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<term><command>info</command> <replaceable>ADDRESS</replaceable></term>
<listitem><para>Show brief information about the specified service, including vendor name and list of
- implemented interfaces. Expects a service address in the formats described above.</para>
+ implemented interfaces. Expects a service address in one of the formats described above.</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
<term><command>list-interfaces</command> <replaceable>ADDRESS</replaceable></term>
<listitem><para>Show list of interfaces implemented by the specified service. Expects a service
- address in the formats described above.</para>
+ address in one of the formats described above.</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
<term><command>introspect</command> <replaceable>ADDRESS</replaceable> <replaceable>INTERFACE</replaceable></term>
<listitem><para>Show interface definition of the specified interface provided by the specified
- service. Expects a service address in the formats described above and a Varlink interface
+ service. Expects a service address in one of the formats described above and a Varlink interface
name.</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
<varlistentry>
<term><option>uuid=<replaceable>UUID</replaceable></option></term>
- <listitem><para>Use the provided <replaceable>UUID</replaceable> for format command instead of generating new one. The <replaceable>UUID</replaceable> must be
+ <listitem><para>Use the provided <replaceable>UUID</replaceable> instead of generating new one. The <replaceable>UUID</replaceable> must be
provided in standard <acronym>UUID</acronym> format, e.g. <literal>12345678-1234-1234-1234-123456789abc</literal>.</para>
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
<term><option>fec-device=<replaceable>PATH</replaceable></option></term>
<listitem><para>Use forward error correction (<acronym>FEC</acronym>) to recover from corruption if hash verification fails. Use
- encoding data from the specified device. The fec device argument can be block device or file image. For format,
- if fec device path doesn't exist, it will be created as file. Note: block sizes for data and hash devices must
+ encoding data from the specified device. The fec device argument can be block device or file image.
+ If fec device path doesn't exist, it will be created as file. Note: block sizes for data and hash devices must
match. Also, if the verity data_device is encrypted the fec_device should be too.</para>
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
projects / thirdparty / systemd.git / commitdiff
