switch from one to the other via a simple reboot. Distributions
apparently have lost interest in this, and the functionality has not
been supported on the primary distribution this was still intended
- for for a long time, and hence has been removed now.
+ for a long time, and hence has been removed now.
* A new concept called "capsules" has been introduced. "Capsules" wrap
additional per-user service managers, whose users are transient and
* systemd-nspawn now provides a /run/systemd/nspawn/unix-export/
directory where the container payload can expose AF_UNIX sockets to
- allow them them to be accessed from outside.
+ allow them to be accessed from outside.
* systemd-nspawn will tint the terminal background for containers in a
blueish color. This can be controller with the new --background=
sd_device_enumerator_add_match_property_required() which allows
configuring matches on properties that are strictly required. This is
different from the existing sd_device_enumerator_add_match_property()
- matches of which one one needs to apply.
+ matches of which one needs to apply.
* The MAC address the veth side of an nspawn container shall get
assigned may now be controlled via the $SYSTEMD_NSPAWN_NETWORK_MAC
to the current working directory of the crashing process.)
Net effect: after PID1 has started and performed this setup coredumps are
-disabled, but by means of the the `kernel.core_pattern` sysctl rather than by
+disabled, but by means of the `kernel.core_pattern` sysctl rather than by
size limit.
This is generally preferable, since the pattern can be updated trivially at the right time to enable coredumping once the system is ready, taking comprehensive effect on all userspace.
(Or to say this differently: disabling coredumps via the size limit is problematic, since it cannot easily
* Early boot runlevels as they are used by some distributions are no longer supported. i.e. "fake", distribution-specific runlevels such as "S" or "b" cannot be used with systemd.
* On SysV systems changes to init scripts or any other files that define the boot process (such as /etc/fstab) usually had an immediate effect on everything started later. This is different on systemd-based systems where init script information and other boot-time configuration files are only reread when "systemctl daemon-reload" is issued. (Note that some commands, notably "systemctl enable"/"systemctl disable" do this implicitly however.) This is by design, and a safety feature, since it ensures that half-completed changes are not read at the wrong time.
* Multiple entries for the same mount path in /etc/fstab are not supported. In systemd there's only a single unit definition for each mount path read at any time. Also the listing order of mounts in /etc/fstab has no effect, mounts are executed in parallel and dependencies between them generated automatically depending on path prefixes and source paths.
-* systemd's handling of the existing "nofail" mount option in /etc/fstab is stricter than it used to be on some sysvinit distributions: mount points that fail and are not listed as "nofail" will cause the boot to be stopped, for security reasons, as we we should not permit unprivileged code to run without everything listed — and not expressly exempted through "nofail" — being around. Hence, please mark all mounts where booting shall proceed regardless whether they succeeded or not with "nofail"
+* systemd's handling of the existing "nofail" mount option in /etc/fstab is stricter than it used to be on some sysvinit distributions: mount points that fail and are not listed as "nofail" will cause the boot to be stopped, for security reasons, as we should not permit unprivileged code to run without everything listed — and not expressly exempted through "nofail" — being around. Hence, please mark all mounts where booting shall proceed regardless whether they succeeded or not with "nofail"
* Some SysV systems support an "rc.local" script that is supposed to be called "last" during boot. In systemd, the script is supported, but the semantics are less strict, as there is simply no concept of "last service", as the boot process is event- and request-based, parallelized and compositive. In general, it's a good idea to write proper unit files with properly defined dependencies, and avoid making use of rc.local.
* systemd assumes that the UID boundary between system and regular users is a choice the distribution makes, and not the administrator. Hence it expects this setting as compile-time option to be picked by the distribution. It will _not_ check /etc/login.defs during runtime.
**ListInhibitors()** lists all currently active inhibitor locks. It returns an array of structs, each consisting of What, Who, Why, Mode as above, plus the PID and UID of the process that requested the lock.
-The **PrepareForShutdown()** and **PrepareForSleep()** signals are emitted when a system suspend or shutdown has been requested and is about to be executed, as well as after the the suspend/shutdown was completed (or failed).
+The **PrepareForShutdown()** and **PrepareForSleep()** signals are emitted when a system suspend or shutdown has been requested and is about to be executed, as well as after the suspend/shutdown was completed (or failed).
The signals carry a boolean argument.
If _True_ the shutdown/sleep has been requested, and the preparation phase for it begins, if _False_ the operation has finished completion (or failed).
<listitem><para>Control whether log messages received by the journal daemon shall be forwarded to a
traditional syslog daemon, to the kernel log buffer (kmsg), to the system console, sent as wall
messages to all logged-in users or sent over a socket. These options take boolean arguments except
- for <literal>ForwardToSocket=</literal> which takes an an address instead. If forwarding
+ for <literal>ForwardToSocket=</literal> which takes an address instead. If forwarding
to syslog is enabled but nothing reads messages from the socket, forwarding to syslog has no effect. By default,
only forwarding to wall is enabled. These settings may be overridden at boot time with the kernel
command line options <literal>systemd.journald.forward_to_syslog</literal>,
<listitem><para>The exit status of a service or the manager itself. Note that
<command>systemd</command> currently does not consume this value when sent by services, so this
assignment is only informational. The manager will send this notification to <emphasis>its</emphasis>
- notification socket, which may be used to to collect an exit status from the system (a container or
+ notification socket, which may be used to collect an exit status from the system (a container or
VM) as it shuts down. For example,
<citerefentry project='debian'><refentrytitle>mkosi</refentrytitle><manvolnum>1</manvolnum></citerefentry>
makes use of this. The value to return may be set via the
</variablelist>
<para>The notification messages sent by services are interpreted by the service manager. Unknown
- assignments are ignored. Thus, it is is safe (but often without effect) to send assignments which are not
+ assignments are ignored. Thus, it is safe (but often without effect) to send assignments which are not
in this list. The protocol is extensible, but care should be taken to ensure private extensions are
recognizable as such. Specifically, it is recommend to prefix them with <literal>X_</literal> followed by
some namespace identifier. The service manager also sends some messages to <emphasis>its</emphasis>
<para><filename>systemd-cryptsetup</filename> is used to set up (with <command>attach</command>) and tear
down (with <command>detach</command>) access to an encrypted block device. It is primarily used via
- <filename>systemd-cryptsetup@.service</filename> during early boot, but may also be be called manually.
+ <filename>systemd-cryptsetup@.service</filename> during early boot, but may also be called manually.
The positional arguments <parameter>VOLUME</parameter>, <parameter>SOURCE-DEVICE</parameter>,
<parameter>KEY-FILE</parameter>, and <parameter>CRYPTTAB-OPTIONS</parameter> have the same meaning as the
fields in <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
<filename>*.pcrlock.d/*.pcrlock</filename>, see
<citerefentry><refentrytitle>systemd.pcrlock</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
that each define expected measurements for one component of the boot process, permitting alternative
- variants for each. (Variants may be used used to bless multiple kernel versions or boot loader versions
+ variants for each. (Variants may be used to bless multiple kernel versions or boot loader versions
at the same time.)</para></listitem>
</itemizedlist>
specific key.</para></listitem>
<listitem><para>A <literal>.pcrpkey</literal> section with a public key in the PEM format matching the
- signature data in the the <literal>.pcrsig</literal> section.</para></listitem>
+ signature data in the <literal>.pcrsig</literal> section.</para></listitem>
</itemizedlist>
<para>If UEFI SecureBoot is enabled and the <literal>.cmdline</literal> section is present in the executed
<listitem><para>Naming was changed for SR-IOV virtual device representors, optionally settable at
compilation time. The <literal>r<replaceable>slot</replaceable></literal> suffix was added to
differentiate SR-IOV virtual device representors attached to a single physical device interface.
- Because of a mistake, this scheme was <emphasis>not the the default scheme for systemd version
+ Because of a mistake, this scheme was <emphasis>not the default scheme for systemd version
254</emphasis>.</para>
<xi:include href="version-info.xml" xpointer="v255"/>
* doesn't exist, then we likely are upgrading from an older systemd version that
* didn't know the more recent addition to the xdg-basedir spec: the $XDG_STATE_HOME
* directory. In older systemd versions EXEC_DIRECTORY_STATE was aliased to
- * EXEC_DIRECTORY_CONFIGURATION, with the advent of $XDG_STATE_HOME is is now
+ * EXEC_DIRECTORY_CONFIGURATION, with the advent of $XDG_STATE_HOME it is now
* separated. If a service has both dirs configured but only the configuration dir
* exists and the state dir does not, we assume we are looking at an update
* situation. Hence, create a compatibility symlink, so that all expectations are
assert(m);
- /* Set up the socket pair used for for passing timestamps back when the executor processes we fork
+ /* Set up the socket pair used for passing timestamps back when the executor processes we fork
* off invokes execve(), i.e. when we hand off control to our payload processes. */
if (m->handoff_timestamp_fds[0] < 0) {
assert(restart_state >= 0 && restart_state < _SERVICE_STATE_MAX);
/* We make two state changes here: one that maps to the high-level UNIT_INACTIVE/UNIT_FAILED
- * state (i.e. a state indicating deactivation), and then one that that maps to the
+ * state (i.e. a state indicating deactivation), and then one that maps to the
* high-level UNIT_STARTING state (i.e. a state indicating activation). We do this so that
* external software can watch the state changes and see all service failures, even if they
* are only transitionary and followed by an automatic restart. We have fine-grained
* LUKS image in case the image was used in a different system where the password was changed. In
* that case it will happen that the LUKS password and the host password are different, and we handle
* that by collecting and passing multiple passwords in that case. Hence we treat bad passwords as a
- * request to collect one more password and pass the new all all previously used passwords again. */
+ * request to collect one more password and pass the new and all previously used passwords again. */
_cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
r = pam_acquire_bus_connection(handle, "pam-systemd-home", &bus, bus_data);
} else {
/* If we are going upwards, then we need to return the last object that passes the test.
- * When there is no object that passes the test, we need to return the the last object that
+ * When there is no object that passes the test, we need to return the last object that
* test_object() returns TEST_LEFT for. */
if (r == TEST_RIGHT)
return 0; /* Not only the 'extra' object, but also all objects in the chained arrays
MOUNT_TOUCH = 1 << 9, /* if set, touch file to mount over first */
MOUNT_PREFIX_ROOT = 1 << 10,/* if set, prefix the source path with the container's root directory */
MOUNT_FOLLOW_SYMLINKS = 1 << 11,/* if set, we'll follow symlinks for the mount target */
- MOUNT_PRIVILEGED = 1 << 12,/* if set, we'll only mount this in in the outer child if we are running in privileged mode */
+ MOUNT_PRIVILEGED = 1 << 12,/* if set, we'll only mount this in the outer child if we are running in privileged mode */
} MountSettingsMask;
typedef enum CustomMountType {
* is then allocated for the container, the root mount and everything else will be out of reach for
* it. For unprivileged containers we cannot do that however, since we couldn't mount a sysfs and
* procfs then anymore, since that only works if there's an unobstructed instance currently
- * visible. Hence there we do it the other way round: we first allocate a new set set of namespaces
+ * visible. Hence there we do it the other way round: we first allocate a new set of namespaces
* (and fork for it) for which we then mount sysfs/procfs, and only then switch root. */
if (arg_privileged) {
}
FOREACH_ARRAY(alg, el->algorithms, el->n_algorithms) {
- /* If we have SHA256, focus on that that */
+ /* If we have SHA256, focus on that */
if (*alg == TPM2_ALG_SHA256) {
el->primary_algorithm = *alg;
* If 'where' is not NULL then we'll either mount the partitions to the right places ourselves,
* or use DissectedPartition.fsmount_fd and bind it to the right places.
*
- * This allows splitting the setting up up the superblocks and the binding to file systems paths into
+ * This allows splitting the setting up the superblocks and the binding to file systems paths into
* two distinct and differently privileged components: one that gets the fsmount fds, and the other
* that then applies them.
*
assert(userns_fd >= 0);
- /* This remounts all specified paths with the specified userns as idmap. It will do so in in the
+ /* This remounts all specified paths with the specified userns as idmap. It will do so in the
* order specified in the strv: the expectation is that the top-level directories are at the
* beginning, and nested directories in the right, so that the tree can be built correctly from left
* to right. */
/* Load the PIN (which we have stored in the "auth" TPM2B_AUTH) into the TPM as an HMAC key so that
* we can use it in a TPM2_PolicySigned() to write to the nvindex. For that we'll prep a pair of
* TPM2B_PUBLIC and TPM2B_SENSITIVE that defines an HMAC-SHA256 keyed hash function, and initialize
- * it based on on the provided PIN data. */
+ * it based on the provided PIN data. */
TPM2B_PUBLIC auth_hmac_public = {
.publicArea = {
const VarlinkSymbol *found;
if (!field->symbol->name || !field->named_type || !streq(field->symbol->name, field->named_type))
- return varlink_idl_log_full(level, SYNTHETIC_ERRNO(EUCLEAN), "Resolved symbol name and named type of field '%s' in symbol '%s' do do not match, refusing.", field->name, symbol_name);
+ return varlink_idl_log_full(level, SYNTHETIC_ERRNO(EUCLEAN), "Resolved symbol name and named type of field '%s' in symbol '%s' do not match, refusing.", field->name, symbol_name);
/* If this is a named type, then check if it's properly part of the interface */
found = varlink_idl_find_symbol(interface, _VARLINK_SYMBOL_TYPE_INVALID, field->symbol->name);
opts.verb = 'build'
# Check that --pcr-public-key=, --pcr-private-key=, and --phases=
- # have either the same number of arguments are are not specified at all.
+ # have either the same number of arguments or are not specified at all.
n_pcr_pub = None if opts.pcr_public_keys is None else len(opts.pcr_public_keys)
n_pcr_priv = None if opts.pcr_private_keys is None else len(opts.pcr_private_keys)
n_phase_path_groups = None if opts.phase_path_groups is None else len(opts.phase_path_groups)
# Trigger the update 15min after boot, and then – on average – every 6h, but
# randomly distributed in a 2h…6h interval. In addition trigger things
# persistently once on each Saturday, to ensure that even on systems that are
-# never booted up for long we have a chance to to do the update.
+# never booted up for long we have a chance to do the update.
OnBootSec=15min
OnUnitActiveSec=2h
OnCalendar=Sat
projects / thirdparty / systemd.git / commitdiff
