From: David Tardon Date: Sat, 23 Dec 2023 17:40:15 +0000 (+0100) Subject: man: use for warnings X-Git-Tag: v256-rc1~1390^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=617b85d10e66cd1f572a02bb7ee8093bc45e22b9;p=thirdparty%2Fsystemd.git man: use for warnings --- diff --git a/man/crypttab.xml b/man/crypttab.xml index 5e67d44cb3a..175e169fbc7 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -458,10 +458,12 @@ mkswap8. This option implies . - WARNING: Using the option will - destroy the contents of the named partition during every boot, - so make sure the underlying block device is specified - correctly. + + Using the option will + destroy the contents of the named partition during every boot, + so make sure the underlying block device is specified + correctly. + @@ -591,8 +593,10 @@ btrfs. If no argument is specified defaults to ext4. This option implies . - WARNING: Using the option will destroy the contents of the named partition - during every boot, so make sure the underlying block device is specified correctly. + + Using the option will destroy the contents of the named partition + during every boot, so make sure the underlying block device is specified correctly. + diff --git a/man/systemctl.xml b/man/systemctl.xml index e0267df7783..b22c1b19541 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -2478,11 +2478,15 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err processes will be killed forcibly and all file systems are unmounted or remounted read-only. This is hence a drastic but relatively safe option to request an immediate reboot. If is specified twice for these operations (with the exception of kexec), they will be executed - immediately, without terminating any processes or unmounting any file systems. Warning: specifying - twice with any of these operations might result in data loss. Note that when - is specified twice the selected operation is executed by - systemctl itself, and the system manager is not contacted. This means the command should - succeed even when the system manager has crashed. + immediately, without terminating any processes or unmounting any file systems. + + + Specifying + twice with any of these operations might result in data loss. Note that when + is specified twice the selected operation is executed by + systemctl itself, and the system manager is not contacted. This means the command should + succeed even when the system manager has crashed. + diff --git a/man/systemd-storagetm.service.xml b/man/systemd-storagetm.service.xml index 0ca1cbd8a5c..728b3ae37a0 100644 --- a/man/systemd-storagetm.service.xml +++ b/man/systemd-storagetm.service.xml @@ -39,9 +39,11 @@ NVMe-TCP mass storage devices. Its primary use-case is to be invoked by the storage-target-mode.target unit that can be booted into. - Warning: the NVMe disks are currently exposed without authentication or encryption, in read/write - mode. This means network peers may read from and write to the device without any restrictions. This - functionality should hence only be used in a local setup. + + The NVMe disks are currently exposed without authentication or encryption, in read/write + mode. This means network peers may read from and write to the device without any restrictions. This + functionality should hence only be used in a local setup. + Note that to function properly networking must be configured too. The recommended mechanism to boot into a storage target mode is by adding rd.systemd.unit=storage-target-mode.target diff --git a/man/systemd.network.xml b/man/systemd.network.xml index ea558c4b4ef..1f30cc13b30 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -1342,13 +1342,15 @@ Table=1234 Fallback Peer Labeling rules. They will be removed when the interface is deconfigured. Failures to manage the labels will be ignored. - Warning: Once labeling is enabled for network traffic, a lot of LSM access control points in - Linux networking stack go from dormant to active. Care should be taken to avoid getting into a - situation where for example remote connectivity is broken, when the security policy hasn't been - updated to consider LSM per-packet access controls and no rules would allow any network - traffic. Also note that additional configuration with netlabelctl8 - is needed. + + Once labeling is enabled for network traffic, a lot of LSM access control points in + Linux networking stack go from dormant to active. Care should be taken to avoid getting into a + situation where for example remote connectivity is broken, when the security policy hasn't been + updated to consider LSM per-packet access controls and no rules would allow any network + traffic. Also note that additional configuration with netlabelctl8 + is needed. + Example: [Address] diff --git a/man/udevadm.xml b/man/udevadm.xml index a9a4a4c3749..34f7f5c3874 100644 --- a/man/udevadm.xml +++ b/man/udevadm.xml @@ -550,14 +550,16 @@ Typically, it is essential that applications which intend to use such a match, make sure a suitable udev rule is installed that sets at least one property on devices that shall be matched. See also Initialized Devices section below for more details. - WARNING: can potentially save a significant - amount of time compared to re-triggering all devices in the system and e.g. can be used to - optimize boot time. However, this is not safe to be used in a boot sequence in general. - Especially, when udev rules for a device depend on its parent devices (e.g. - ATTRS or IMPORT{parent} keys, see - udev7 - for more details), the final state of the device becomes easily unstable with this option. - + + can potentially save a significant + amount of time compared to re-triggering all devices in the system and e.g. can be used to + optimize boot time. However, this is not safe to be used in a boot sequence in general. + Especially, when udev rules for a device depend on its parent devices (e.g. + ATTRS or IMPORT{parent} keys, see + udev7 + for more details), the final state of the device becomes easily unstable with this option. + + diff --git a/man/veritytab.xml b/man/veritytab.xml index 5e444878bc8..ee88528775a 100644 --- a/man/veritytab.xml +++ b/man/veritytab.xml @@ -150,10 +150,11 @@ This is based on crypttab(5). Instruct kernel to not verify blocks that are expected to contain zeroes and always directly - return zeroes instead. + return zeroes instead. - WARNING: Use this option only in very specific cases. This option is available since Linux kernel version 4.5. - + + Use this option only in very specific cases. This option is available since Linux kernel version 4.5. + @@ -162,11 +163,12 @@ This is based on crypttab(5). Instruct kernel to verify blocks only the first time they are read from the data device, rather - than every time. + than every time. - WARNING: It provides a reduced level of security because only offline tampering of the data device's content - will be detected, not online tampering. This option is available since Linux kernel version 4.17. - + + It provides a reduced level of security because only offline tampering of the data device's content + will be detected, not online tampering. This option is available since Linux kernel version 4.17. +