summaryrefslogtreecommitdiff
path: root/man/systemd.socket.xml
Commit message (Collapse)AuthorAge
* socket: introduce SELinuxContextFromNet optionMichal Sekletar2014-09-19
| | | | | | | | | | This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
* man: fix references to systemctl man page which is now in section 1Michael Biebl2014-09-06
| | | | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760613
* Fix a few more typosRuben Kerkhof2014-08-30
|
* socket: suffix newly added TCP sockopt time properties with "Sec"Lennart Poettering2014-08-19
| | | | | | This is what we have done so far for all other time values, and hence we should do this here. This indicates the default unit of time values specified here, if they don't contain a unit.
* Revert "socket: introduce SELinuxLabelViaNet option"Lennart Poettering2014-08-19
| | | | | | This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec. Needs more discussion on the mailing list.
* socket: introduce SELinuxLabelViaNet optionMichal Sekletar2014-08-19
| | | | | | | | | | This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
* socket: Add support for TCP defer acceptSusant Sahani2014-08-14
| | | | | | | | | | | TCP_DEFER_ACCEPT Allow a listener to be awakened only when data arrives on the socket. If TCP_DEFER_ACCEPT set on a server-side listening socket, the TCP/IP stack will not to wait for the final ACK packet and not to initiate the process until the first packet of real data has arrived. After sending the SYN/ACK, the server will then wait for a data packet from a client. Now, only three packets will be sent over the network, and the connection establishment delay will be significantly reduced.
* socket: Add Support for TCP keep alive variablesSusant Sahani2014-08-14
| | | | | | | | | | | | | | The tcp keep alive variables now can be configured via conf parameter. Follwing variables are now supported by this patch. tcp_keepalive_intvl: The number of seconds between TCP keep-alive probes tcp_keepalive_probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end. tcp_keepalive_time: The number of seconds a connection needs to be idle before TCP begins sending out keep-alive probes.
* Revert "socket: add support for TCP fast Open"Lennart Poettering2014-08-14
| | | | | | | | This reverts commit 9528592ff8d7ff361da430285deba8196e8984d5. Apparently TFO is actually the default at least for the server side now. Also the setsockopt doesn't actually take a bool, but a qlen integer.
* socket: add support for TCP fast OpenSusant Sahani2014-08-14
| | | | | | | | | | TCP Fast Open (TFO) speeds up the opening of successiveTCP) connections between two endpoints.It works by using a TFO cookie in the initial SYN packet to authenticate a previously connected client. It starts sending data to the client before the receipt of the final ACK packet of the three way handshake is received, skipping a round trip and lowering the latency in the start of transmission of data.
* socket: add support for tcp nagleSusant Sahani2014-08-14
| | | | | | | This patch adds support for TCP TCP_NODELAY socket option. This can be configured via NoDelay conf parameter. TCP Nagle's algorithm works by combining a number of small outgoing messages, and sending them all at once. This controls the TCP_NODELAY socket option.
* man: correct references to DefaultTimeout*SecZbigniew Jędrzejewski-Szmek2014-08-07
| | | | Noticed by thp on #systemd.
* man: add a mapping for external manpagesZbigniew Jędrzejewski-Szmek2014-07-07
| | | | | | | | | | | | | | | | | | | | | | | | It is annoying when we have dead links on fd.o. Add project='man-pages|die-net|archlinux' to <citerefentry>-ies. In generated html, add external links to http://man7.org/linux/man-pages/man, http://linux.die.net/man/, https://www.archlinux.org/. By default, pages in sections 2 and 4 go to man7, since Michael Kerrisk is the autorative source on kernel related stuff. The rest of links goes to linux.die.net, because they have the manpages. Except for the pacman stuff, since it seems to be only available from archlinux.org. Poor gummiboot gets no link, because gummitboot(8) ain't to be found on the net. According to common wisdom, that would mean that it does not exist. But I have seen Kay using it, so I know it does, and deserves to be found. Can somebody be nice and put it up somewhere?
* doc: grammatical correctionsJan Engelhardt2014-06-28
|
* socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file ↵Lennart Poettering2014-06-05
| | | | | | | system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.
* socket: add new Symlinks= option for socket unitsLennart Poettering2014-06-04
| | | | | | | | | | | With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
* socket: optionally remove sockets/FIFOs in the file system after useLennart Poettering2014-06-04
|
* doc: corrections to words and formsJan Engelhardt2014-05-07
| | | | | This patch exchange words which are inappropriate for a situation, deletes duplicated words, and adds particles where needed.
* core: clean up some confusing regarding SI decimal and IEC binary suffixes ↵Lennart Poettering2014-02-23
| | | | | | | | | | | for sizes According to Wikipedia it is customary to specify hardware metrics and transfer speeds to the basis 1000 (SI decimal), while software metrics and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary). So far we specified everything in IEC, let's fix that and be more true to what's otherwise customary. Since we don't want to parse "Mi" instead of "M" we document each time what the context used is.
* doc: resolve missing/extraneous words or inappropriate formsJan Engelhardt2014-02-17
| | | | | | | | Issues fixed: * missing words required by grammar * duplicated or extraneous words * inappropriate forms (e.g. singular/plural), and declinations * orthographic misspellings
* doc: update punctuationJan Engelhardt2014-02-17
| | | | Resolve spotted issues related to missing or extraneous commas, dashes.
* man: use spaces instead of tabsJason St. John2014-02-14
| | | | | Several sections of the man pages included intermixed tabs and spaces; this commit replaces all tabs with spaces.
* man: replace STDOUT with standard output, etc.Zbigniew Jędrzejewski-Szmek2014-02-14
| | | | | | | | | Actually 'STDOUT' is something that doesn't appear anywhere: in the stdlib we have 'stdin', and there's only the constant STDOUT_FILENO, so there's no reason to use capitals. When refering to code, STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in other places they are replaced with normal phrases like standard output, etc.
* man: expand on some more subtle points in systemd.socket(5)Zbigniew Jędrzejewski-Szmek2013-12-30
| | | | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727708#1694
* man: resolve word omissionsJan Engelhardt2013-12-25
| | | | | This is a recurring submission and includes corrections to: word omissions and word class choice.
* man: wording and grammar updatesJan Engelhardt2013-11-07
| | | | | This is a recurring submission and includes corrections to various issue spotted: comma setting, missing words/preposition choice.
* Configurable Timeouts/Restarts default valuesOleksii Shevchuk2013-11-05
| | | | | | | https://bugs.freedesktop.org/show_bug.cgi?id=71132 Patch adds DefaultTimeoutStartSec, DefaultTimeoutStopSec, DefaultRestartSec configuration options to manager configuration file.
* man: drop references to "cgroup" wher appropriateLennart Poettering2013-09-27
| | | | | | | | | | | Since cgroups are mostly now an implementation detail of systemd lets deemphasize it a bit in the man pages. This renames systemd.cgroup(5) to systemd.resource-control(5) and uses the term "resource control" rather than "cgroup" where appropriate. This leaves the word "cgroup" in at a couple of places though, like for example systemd-cgtop and systemd-cgls where cgroup stuff is at the core of what is happening.
* man: wording and grammar updatesJan Engelhardt2013-09-12
| | | | | | | | | | | | This is a recurring submission and includes corrections to various issue spotted. I guess I can just skip over reporting ubiquitous comma placement fixes… Highligts in this particular commit: - the "unsigned" type qualifier is completed to form a full type "unsigned int" - alphabetic -> lexicographic (that way we automatically define how numbers get sorted)
* man: make reference to bind(2) explicitShawn Landden2013-08-23
|
* man: wording and grammar updateJan Engelhardt2013-07-13
|
* man: document the slice and scope units, add systemd.cgroup(5)Zbigniew Jędrzejewski-Szmek2013-07-12
|
* man: use <literal> not <filename> for suffixesZbigniew Jędrzejewski-Szmek2013-07-12
| | | | | | | Especially sentences like "filename ends in .suffix" are easier to parse if the suffix is surrounded by quotes. In sentences like "requires a .service unit", where the suffix is used as a class designation, there is no need to use quotes.
* basic SO_REUSEPORT supportShawn Landden2013-07-11
|
* man: add more formatting markupZbigniew Jędrzejewski-Szmek2013-07-02
|
* man: improve grammar and word formatting in numerous man pagesJason St. John2013-07-02
| | | | | | | | | | Use proper grammar, word usage, adjective hyphenation, commas, capitalization, spelling, etc. To improve readability, some run-on sentences or sentence fragments were revised. [zj: remove the space from 'file name', 'host name', and 'time zone'.]
* man: use <constant> for various constants which look ugly with quotesZbigniew Jędrzejewski-Szmek2013-06-26
|
* man: document that shutdown() is only sometimes OK on sockets passed in via ↵Lennart Poettering2013-06-20
| | | | socket activation
* Describe handling of an AF_UNIX socketŁukasz Stelmach2013-06-19
| | | | | | | Describe how to handle an AF_UNIX socket, with Accept set to false, received from systemd, upon exit. Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
* man: link to socket activation blog entriesZbigniew Jędrzejewski-Szmek2013-05-02
|
* man: use <replaceable> in various placesZbigniew Jędrzejewski-Szmek2013-02-13
|
* man: typo fix in systemd.socketMichael Biebl2013-02-09
|
* man: extend systemd.directives(7) to all manual pagesZbigniew Jędrzejewski-Szmek2013-01-26
| | | | | | | | | | New sections are added: PAM options, crypttab options, commandline options, miscellaneous. The last category will be used for all untagged <varname> elements. Commandline options sections is meant to be a developer tool: when adding an option it is sometimes useful to be able to check if similarly named options exist elsewhere.
* units: for all unit settings that take lists, allow the empty string for ↵Lennart Poettering2013-01-17
| | | | | | resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
* man: add links to directive index to see-alsosZbigniew Jędrzejewski-Szmek2013-01-15
| | | | | systemd.directives(5) is renamed to systemd.directives(7). Section 7 is "Miscellaneous".
* Revert "Implement SocketUser= and SocketGroup= for [Socket]"Dave Reisner2012-11-06
| | | | | | This was never intended to be pushed. This reverts commit aea54018a5e66a41318afb6c6be745b6aef48d9e.
* Implement SocketUser= and SocketGroup= for [Socket]Dave Reisner2012-11-05
| | | | | | Since we already allow defining the mode of AF_UNIX sockets and FIFO, it makes sense to also allow specific user/group ownership of the socket file for restricting access.
* systemd.socket.xml: fix typoDave Reisner2012-11-05
|
* man: typo fixesThomas Hindoe Paaboel Andersen2012-11-01
| | | | | | Fixes a few more typos. Also changes a "Accept=no" to "Accept=false" to be consistent with the previous examples in the same man page.
* SMACK: Add configuration options. (v3)Auke Kok2012-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds SMACK label configuration options to socket units. SMACK labels should be applied to most objects on disk well before execution time, but two items remain that are generated dynamically at run time that require SMACK labels to be set in order to enforce MAC on all objects. Files on disk can be labelled using package management. For device nodes, simple udev rules are sufficient to add SMACK labels at boot/insertion time. Sockets can be created at run time and systemd does just that for several services. In order to protect FIFO's and UNIX domain sockets, we must instruct systemd to apply SMACK labels at runtime. This patch adds the following options: Smack - applicable to FIFO's. SmackIpIn/SmackIpOut - applicable to sockets. No external dependencies are required to support SMACK, as setting the labels is done using fsetxattr(). The labels can be set on a kernel that does not have SMACK enabled either, so there is no need to #ifdef any of this code out. For more information about SMACK, please see Documentation/Smack.txt in the kernel source code. v3 of this patch changes the config options to be CamelCased.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 10:10:21 +0000