Fixes #22432.
done. If set to <literal>grow</literal> the home area is grown to the size configured via
<option>--disk-size=</option> should it currently be smaller. If it already matches the configured
size or is larger no operation is executed. If set to <literal>shrink-and-grow</literal> the home
- area is also resized to the minimal size used disk space and file system constraints permit, during
- logout. This mode thus ensures that while a home area is activated it is sized to the configured
- size, but while deactivated it is compacted taking up only the minimal space possible. Note that if
- the system is powered off abnormally or if the user otherwise not logged out cleanly the shrinking
- operation will not take place, and the user has to re-login/logout again before it is executed
- again.</para></listitem>
+ area is also resized during logout to the minimal size the used disk space and file system
+ constraints permit. This mode thus ensures that while a home area is activated it is sized to the
+ configured size, but while deactivated it is compacted taking up only the minimal space possible.
+ Note that if the system is powered off abnormally or if the user otherwise not logged out cleanly the
+ shrinking operation will not take place, and the user has to re-login/logout again before it is
+ executed again.</para></listitem>
</varlistentry>
<varlistentry>
<literal>UUID=</literal> followed by the UUID,
<literal>PARTUUID=</literal> followed by the partition UUID,
<literal>LABEL=</literal> followed by the label,
- <literal>PARTLABEL=</literal> followed by the partition label,
+ <literal>PARTLABEL=</literal> followed by the partition label.
</para>
<para>The third field if present contains an absolute filename path to a key file or a <literal>-</literal>
<term><varname>$SYSTEMD_NSS_RESOLVE_CACHE</varname></term>
<listitem><para>Takes a boolean argument. When false, the cache of previously queried records will
- not be used by <filename>systemd-resolved</filename>.</para></listitem>
+ not be used by <command>systemd-resolved</command>.</para></listitem>
</varlistentry>
</variablelist>
<term><varname>$SYSTEMD_NSS_RESOLVE_NETWORK</varname></term>
<listitem><para>Takes a boolean argument. When false, answers will be returned without using the
- network, i.e. either from local sources or the cache in <filename>systemd-resolved</filename>.
+ network, i.e. either from local sources or the cache in <command>systemd-resolved</command>.
</para></listitem>
</varlistentry>
</variablelist>
<refsect1>
<title>Example</title>
- <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables <command>nss-resolve</command>
- correctly:</para>
+ <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables
+ <command>nss-resolve</command> correctly:</para>
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
<programlisting>passwd: compat systemd
<term><varname>PORTABLE_PREFIXES=</varname></term>
<listitem><para>Takes a space-separated list of one or more valid prefix match strings for the
<ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink> logic. This field
- serves two purposes: it's informational, identifying portable service images as such (and thus
- allowing them to be distinguished from other OS images, such as bootable system images); whenever a
- portable service image is attached the specified or implied portable service prefix is checked
- against this list, to enforce restrictions how images may be attached to a
+ serves two purposes: it is informational, identifying portable service images as such (and thus
+ allowing them to be distinguished from other OS images, such as bootable system images). In is also
+ used when a portable service image is attached: the specified or implied portable service prefix is
+ checked against the list specified here, to enforce restrictions how images may be attached to a
system.</para></listitem>
</varlistentry>
</variablelist>
</term>
<listitem><para>Create a block device <replaceable>volume</replaceable> using
- <replaceable>device</replaceable>. See integritytab man page and
+ <replaceable>device</replaceable>. See
+ <citerefentry><refentrytitle>systemd-integritytab</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ and
<ulink url="https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html">
Kernel dm-integrity</ulink> documentation for details.
</para></listitem>
then access them in this directory. This is supposed to be used to store auxiliary, encrypted,
authenticated credentials for use with <varname>LoadCredentialEncrypted=</varname> in the UEFI System
Partition. See
- <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ and
+ <citerefentry><refentrytitle>systemd-creds</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ for
details on encrypted credentials. The generated <command>cpio</command> archive is measured into TPM
- PCR 4 (if a TPM is present)</para></listitem>
+ PCR 4 (if a TPM is present).</para></listitem>
<listitem><para>Similarly, files <filename><replaceable>foo</replaceable>.efi.extra.d/*.raw</filename>
are packed up in a <command>cpio</command> archive and placed in the <filename>/.extra/sysext/</filename>
</row>
<row>
<entry>@known</entry>
- <entry>All known filesystems defined by the kernel. This list is defined statically in systemd based on a kernel
- version that was available when this systemd version was released. It will become progressively more
- out-of-date as the kernel is updated.</entry>
+ <entry>All known filesystems defined by the kernel. This list is defined statically in systemd based on a kernel version that was available when this systemd version was released. It will become progressively more out-of-date as the kernel is updated.</entry>
</row>
</tbody>
</tgroup>
<varlistentry>
<term><varname>TransmitVLANSTAGHardwareAcceleration=</varname></term>
<listitem>
- <para>Takes a boolean. If set to true, transmit VLAN STAG HW acceleration is enabled.
+ <para>Takes a boolean. If set to true, transmit VLAN STAG hardware acceleration is enabled.
When unset, the kernel's default will be used.</para>
</listitem>
</varlistentry>
<citerefentry><refentrytitle>sd-id128</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_id128_from_string</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
and
- <citerefentry><refentrytitle>sd_id128_get_machine</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>sd_id128_get_machine</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
<para>
Note that the <literal>prefixstable</literal> algorithm uses both the interface
capabilities (see
<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details). The <varname>AmbientCapability=</varname> setting
- specifies capability which will be passed to the started program
+ specifies capabilities which will be passed to the started program
in the inheritable and ambient capability sets. This will grant
these capabilities to this process. This setting correspond to
the <option>--ambient-capability=</option> command line switch.
<term><varname>TriggerLimitIntervalSec=</varname></term>
<term><varname>TriggerLimitBurst=</varname></term>
- <listitem><para>Configures a limit on how often this path unit may be activated within a specific time
- interval. The <varname>TriggerLimitIntervalSec=</varname> may be used to configure the length of the time
- interval in the usual time units <literal>us</literal>, <literal>ms</literal>, <literal>s</literal>,
- <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See
- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details on
- the various time units understood). The <varname>TriggerLimitBurst=</varname> setting takes a positive integer
- value and specifies the number of permitted activations per time interval, and defaults to 200. Set either to
- 0 to disable any form of trigger rate limiting. If the limit is hit, the unit is placed into a failure mode,
- and will not watch the path(s) anymore until restarted. Note that this limit is enforced before the service
- activation is enqueued.</para></listitem>
+ <listitem><para>Configures a limit on how often this path unit may be activated within a specific
+ time interval. The <varname>TriggerLimitIntervalSec=</varname> may be used to configure the length of
+ the time interval in the usual time units <literal>us</literal>, <literal>ms</literal>,
+ <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, … and defaults to 2s. See
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
+ details on the various time units understood. The <varname>TriggerLimitBurst=</varname> setting takes
+ a positive integer value and specifies the number of permitted activations per time interval, and
+ defaults to 200. Set either to 0 to disable any form of trigger rate limiting. If the limit is hit,
+ the unit is placed into a failure mode, and will not watch the path(s) anymore until restarted. Note
+ that this limit is enforced before the service activation is enqueued.</para></listitem>
</varlistentry>
</variablelist>
<varlistentry>
<term><option>--json=</option><replaceable>FORMAT</replaceable></term>
- <listitem><para>Selects JSON out mode (like <option>--output=json</option>) and selects the precise
- display mode. Takes one of <literal>pretty</literal> or <literal>short</literal>. If
- <literal>pretty</literal> human-friendly whitespace and newlines are inserted in the output to make
- the JSON data more readable. If <literal>short</literal> all superfluous whitespace is
+ <listitem><para>Selects JSON output mode (like <option>--output=json</option>) and selects the
+ precise display mode. Takes one of <literal>pretty</literal> or <literal>short</literal>. If
+ <literal>pretty</literal>, human-friendly whitespace and newlines are inserted in the output to make
+ the JSON data more readable. If <literal>short</literal>, all superfluous whitespace is
suppressed.</para></listitem>
</varlistentry>
projects / thirdparty / systemd.git / commitdiff
