</variablelist>
</refsect1>
+ <refsect1>
+ <title>Credentials</title>
+
+ <para><command>systemd-sysctl</command> supports the service credentials logic as implemented by
+ <varname>LoadCredential=</varname>/<varname>SetCredential=</varname> (see
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
+ details). The following credentials are used when passed in:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>sysctl.extra</literal></term>
+
+ <listitem><para>The contents of this credential may contain additional lines to operate on. The
+ credential contents should follow the same format as any other <filename>sysctl.d/</filename>
+ drop-in. If this credential is passed it is processed after all of the drop-in files read from the
+ file system. The settings configured in the credential hence take precedence over those in the file
+ system.</para></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Note that by default the <filename>systemd-sysctl.service</filename> unit file is set up to inherit
+ the <literal>sysctl.extra</literal> credential from the service manager.</para>
+ </refsect1>
+
<refsect1>
<title>Examples</title>
#include <sys/types.h>
#include "conf-files.h"
+#include "creds-util.h"
#include "def.h"
#include "errno-util.h"
#include "fd-util.h"
return r;
}
+static int read_credential_lines(OrderedHashmap **sysctl_options) {
+ _cleanup_free_ char *j = NULL;
+ const char *d;
+ int r;
+
+ r = get_credentials_dir(&d);
+ if (r == -ENXIO)
+ return 0;
+ if (r < 0)
+ return log_error_errno(r, "Failed to get credentials directory: %m");
+
+ j = path_join(d, "sysctl.extra");
+ if (!j)
+ return log_oom();
+
+ (void) parse_file(sysctl_options, j, /* ignore_enoent= */ true);
+ return 0;
+}
+
static int help(void) {
_cleanup_free_ char *link = NULL;
int r;
if (k < 0 && r == 0)
r = k;
}
+
+ k = read_credential_lines(&sysctl_options);
+ if (k < 0 && r == 0)
+ r = k;
}
k = apply_all(sysctl_options);
TEST_DESCRIPTION="test credentials"
NSPAWN_ARGUMENTS="${NSPAWN_ARGUMENTS:-} --set-credential=mynspawncredential:strangevalue"
QEMU_OPTIONS="${QEMU_OPTIONS:-} -fw_cfg name=opt/io.systemd.credentials/myqemucredential,string=othervalue"
-KERNEL_APPEND="${KERNEL_APPEND:-} systemd.set_credential=kernelcmdlinecred:uff rd.systemd.import_credentials=no"
+KERNEL_APPEND="${KERNEL_APPEND:-} systemd.set_credential=kernelcmdlinecred:uff systemd.set_credential=sysctl.extra:kernel.domainname=sysctltest rd.systemd.import_credentials=no"
# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"
systemd-detect-virt -q -v
expected_credential=myqemucredential
expected_value=othervalue
+
+ # Verify that writing a sysctl via the kernel cmdline worked
+ [ "$(cat /proc/sys/kernel/domainname)" = "sysctltest" ]
else
echo "qemu_fw_cfg support missing in kernel. Sniff!"
expected_credential=""
RemainAfterExit=yes
ExecStart={{ROOTLIBEXECDIR}}/systemd-sysctl
TimeoutSec=90s
+LoadCredential=sysctl.extra
projects / thirdparty / systemd.git / commitdiff
