socket: Add support for socket protcol Now we don't support the socket protocol like sctp and udplite . This patch add a new config param SocketProtocol: udplite/sctp With this now we can configure the protocol as udplite = IPPROTO_UDPLITE sctp = IPPROTO_SCTP Tested with nspawn:

man: document automatic dependencies For all units ensure there's an "Automatic Dependencies" section in the man page, and explain which dependencies are automatically added in all cases, and which ones are added on top if DefaultDependencies=yes is set. This is also done for systemd.exec(5), systemd.resource-control(5) and systemd.unit(5) as these pages describe common behaviour of various unit types.

doc: use expanded forms for written style

doc: correct orthography, word forms and missing/extraneous words

doc: correct punctuation and improve typography in documentation

core: add support for naming file descriptors passed using socket activation This adds support for naming file descriptors passed using socket activation. The names are passed in a new $LISTEN_FDNAMES= environment variable, that matches the existign $LISTEN_FDS= one and contains a colon-separated list of names. This also adds support for naming fds submitted to the per-service fd store using FDNAME= in the sd_notify() message. This also adds a new FileDescriptorName= setting for socket unit files to set the name for fds created by socket units. This also adds a new call sd_listen_fds_with_names(), that is similar to sd_listen_fds(), but also returns the names of the fds. systemd-activate gained the new --fdname= switch to specify a name for testing socket activation. This is based on #1247 by Maciej Wereski. Fixes #1247.

core: add new setting Writable= to ListenSpecial= socket units Writable= is a new boolean setting. If ture, then ListenSpecial= will open the specified path in O_RDWR mode, rather than just O_RDONLY. This is useful for implementing services like rfkill, where /dev/rfkill is more useful when opened in write mode, if we want to not only save but also restore its state.

man: minor wording improvements to USB FunctionFS documentation

man: use "=" when referring to configuration file settings This convention is almost universal in systemd man pages, and makes it easier to visually parse the docs. Also fix some markup along the way.

man: add link to functionfs docs Also reword some ungainly grammar constructs.

man: Add documentation for functionfs socket activation

man: typo fixes

man: revert dynamic paths for split-usr setups This did not really work out as we had hoped. Trying to do this upstream introduced several problems that probably makes it better suited as a downstream patch after all. At any rate, it is not releaseable in the current state, so we at least need to revert this before the release. * by adjusting the path to binaries, but not do the same thing to the search path we end up with inconsistent man-pages. Adjusting the search path too would be quite messy, and it is not at all obvious that this is worth the effort, but at any rate it would have to be done before we could ship this. * this means that distributed man-pages does not make sense as they depend on config options, and for better or worse we are still distributing man pages, so that is something that definitely needs sorting out before we could ship with this patch. * we have long held that split-usr is only minimally supported in order to boot, and something we hope will eventually go away. So before we start adding even more magic/effort in order to make this work nicely, we should probably question if it makes sense at all.

man: generate configured paths in manpages In particular, use /lib/systemd instead of /usr/lib/systemd in distributions like Debian which still have not adopted a /usr merge setup. Use XML entities from man/custom-entities.ent to replace configured paths while doing XSLT processing of the original XML files. There was precedent of some files (such as systemd.generator.xml) which were already using this approach. This addresses most of the (manual) fixes from this patch: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/patches/Fix-paths-in-man-pages.patch?h=experimental-220 The idea of using generic XML entities was presented here: http://lists.freedesktop.org/archives/systemd-devel/2015-May/032240.html This patch solves almost all the issues, with the exception of: - Path to /bin/mount and /bin/umount. - Generic statements about preference of /lib over /etc. These will be handled separately by follow up patches. Tested: - With default configure settings, ran "make install" to two separate directories and compared the output to confirm they matched exactly. - Used a set of configure flags including $CONFFLAGS from Debian: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/rules Installed the tree and confirmed the paths use /lib/systemd instead of /usr/lib/systemd and that no other unexpected differences exist. - Confirmed that `make distcheck` still passes.

man: link to freebsd.org for inetd(8)

man: fix a bunch of links All hail linkchecker!

add REMOTE_ADDR and REMOTE_PORT for Accept=yes

man: boilerplate unification

Reindent man pages to 2ch

man: fix typos in description of SELinuxContextFromNet=

man: fix typos

socket: introduce SELinuxContextFromNet option This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>

man: fix references to systemctl man page which is now in section 1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760613

Fix a few more typos

socket: suffix newly added TCP sockopt time properties with "Sec" This is what we have done so far for all other time values, and hence we should do this here. This indicates the default unit of time values specified here, if they don't contain a unit.

Revert "socket: introduce SELinuxLabelViaNet option" This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec. Needs more discussion on the mailing list.

socket: introduce SELinuxLabelViaNet option This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>

socket: Add support for TCP defer accept TCP_DEFER_ACCEPT Allow a listener to be awakened only when data arrives on the socket. If TCP_DEFER_ACCEPT set on a server-side listening socket, the TCP/IP stack will not to wait for the final ACK packet and not to initiate the process until the first packet of real data has arrived. After sending the SYN/ACK, the server will then wait for a data packet from a client. Now, only three packets will be sent over the network, and the connection establishment delay will be significantly reduced.

socket: Add Support for TCP keep alive variables The tcp keep alive variables now can be configured via conf parameter. Follwing variables are now supported by this patch. tcp_keepalive_intvl: The number of seconds between TCP keep-alive probes tcp_keepalive_probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end. tcp_keepalive_time: The number of seconds a connection needs to be idle before TCP begins sending out keep-alive probes.

Revert "socket: add support for TCP fast Open" This reverts commit 9528592ff8d7ff361da430285deba8196e8984d5. Apparently TFO is actually the default at least for the server side now. Also the setsockopt doesn't actually take a bool, but a qlen integer.

socket: add support for TCP fast Open TCP Fast Open (TFO) speeds up the opening of successiveTCP) connections between two endpoints.It works by using a TFO cookie in the initial SYN packet to authenticate a previously connected client. It starts sending data to the client before the receipt of the final ACK packet of the three way handshake is received, skipping a round trip and lowering the latency in the start of transmission of data.

socket: add support for tcp nagle This patch adds support for TCP TCP_NODELAY socket option. This can be configured via NoDelay conf parameter. TCP Nagle's algorithm works by combining a number of small outgoing messages, and sending them all at once. This controls the TCP_NODELAY socket option.

man: correct references to DefaultTimeout*Sec Noticed by thp on #systemd.

man: add a mapping for external manpages It is annoying when we have dead links on fd.o. Add project='man-pages|die-net|archlinux' to <citerefentry>-ies. In generated html, add external links to http://man7.org/linux/man-pages/man, http://linux.die.net/man/, https://www.archlinux.org/. By default, pages in sections 2 and 4 go to man7, since Michael Kerrisk is the autorative source on kernel related stuff. The rest of links goes to linux.die.net, because they have the manpages. Except for the pacman stuff, since it seems to be only available from archlinux.org. Poor gummiboot gets no link, because gummitboot(8) ain't to be found on the net. According to common wisdom, that would mean that it does not exist. But I have seen Kay using it, so I know it does, and deserves to be found. Can somebody be nice and put it up somewhere?

doc: grammatical corrections

socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.

socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.

socket: optionally remove sockets/FIFOs in the file system after use

doc: corrections to words and forms This patch exchange words which are inappropriate for a situation, deletes duplicated words, and adds particles where needed.

core: clean up some confusing regarding SI decimal and IEC binary suffixes for sizes According to Wikipedia it is customary to specify hardware metrics and transfer speeds to the basis 1000 (SI decimal), while software metrics and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary). So far we specified everything in IEC, let's fix that and be more true to what's otherwise customary. Since we don't want to parse "Mi" instead of "M" we document each time what the context used is.

doc: resolve missing/extraneous words or inappropriate forms Issues fixed: * missing words required by grammar * duplicated or extraneous words * inappropriate forms (e.g. singular/plural), and declinations * orthographic misspellings

doc: update punctuation Resolve spotted issues related to missing or extraneous commas, dashes.

man: use spaces instead of tabs Several sections of the man pages included intermixed tabs and spaces; this commit replaces all tabs with spaces.

man: replace STDOUT with standard output, etc. Actually 'STDOUT' is something that doesn't appear anywhere: in the stdlib we have 'stdin', and there's only the constant STDOUT_FILENO, so there's no reason to use capitals. When refering to code, STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in other places they are replaced with normal phrases like standard output, etc.

man: expand on some more subtle points in systemd.socket(5) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727708#1694

man: resolve word omissions This is a recurring submission and includes corrections to: word omissions and word class choice.

man: wording and grammar updates This is a recurring submission and includes corrections to various issue spotted: comma setting, missing words/preposition choice.

Configurable Timeouts/Restarts default values https://bugs.freedesktop.org/show_bug.cgi?id=71132 Patch adds DefaultTimeoutStartSec, DefaultTimeoutStopSec, DefaultRestartSec configuration options to manager configuration file.

man: drop references to "cgroup" wher appropriate Since cgroups are mostly now an implementation detail of systemd lets deemphasize it a bit in the man pages. This renames systemd.cgroup(5) to systemd.resource-control(5) and uses the term "resource control" rather than "cgroup" where appropriate. This leaves the word "cgroup" in at a couple of places though, like for example systemd-cgtop and systemd-cgls where cgroup stuff is at the core of what is happening.

man: wording and grammar updates This is a recurring submission and includes corrections to various issue spotted. I guess I can just skip over reporting ubiquitous comma placement fixes… Highligts in this particular commit: - the "unsigned" type qualifier is completed to form a full type "unsigned int" - alphabetic -> lexicographic (that way we automatically define how numbers get sorted)

man: make reference to bind(2) explicit

man: wording and grammar update

man: document the slice and scope units, add systemd.cgroup(5)

man: use <literal> not <filename> for suffixes Especially sentences like "filename ends in .suffix" are easier to parse if the suffix is surrounded by quotes. In sentences like "requires a .service unit", where the suffix is used as a class designation, there is no need to use quotes.

basic SO_REUSEPORT support

man: add more formatting markup

man: improve grammar and word formatting in numerous man pages Use proper grammar, word usage, adjective hyphenation, commas, capitalization, spelling, etc. To improve readability, some run-on sentences or sentence fragments were revised. [zj: remove the space from 'file name', 'host name', and 'time zone'.]

man: use <constant> for various constants which look ugly with quotes

man: document that shutdown() is only sometimes OK on sockets passed in via socket activation

Describe handling of an AF_UNIX socket Describe how to handle an AF_UNIX socket, with Accept set to false, received from systemd, upon exit. Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>

man: link to socket activation blog entries

man: use <replaceable> in various places

man: typo fix in systemd.socket

man: extend systemd.directives(7) to all manual pages New sections are added: PAM options, crypttab options, commandline options, miscellaneous. The last category will be used for all untagged <varname> elements. Commandline options sections is meant to be a developer tool: when adding an option it is sometimes useful to be able to check if similarly named options exist elsewhere.

units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787

man: add links to directive index to see-alsos systemd.directives(5) is renamed to systemd.directives(7). Section 7 is "Miscellaneous".

Revert "Implement SocketUser= and SocketGroup= for [Socket]" This was never intended to be pushed. This reverts commit aea54018a5e66a41318afb6c6be745b6aef48d9e.

Implement SocketUser= and SocketGroup= for [Socket] Since we already allow defining the mode of AF_UNIX sockets and FIFO, it makes sense to also allow specific user/group ownership of the socket file for restricting access.

systemd.socket.xml: fix typo

man: typo fixes Fixes a few more typos. Also changes a "Accept=no" to "Accept=false" to be consistent with the previous examples in the same man page.

SMACK: Add configuration options. (v3) This adds SMACK label configuration options to socket units. SMACK labels should be applied to most objects on disk well before execution time, but two items remain that are generated dynamically at run time that require SMACK labels to be set in order to enforce MAC on all objects. Files on disk can be labelled using package management. For device nodes, simple udev rules are sufficient to add SMACK labels at boot/insertion time. Sockets can be created at run time and systemd does just that for several services. In order to protect FIFO's and UNIX domain sockets, we must instruct systemd to apply SMACK labels at runtime. This patch adds the following options: Smack - applicable to FIFO's. SmackIpIn/SmackIpOut - applicable to sockets. No external dependencies are required to support SMACK, as setting the labels is done using fsetxattr(). The labels can be set on a kernel that does not have SMACK enabled either, so there is no need to #ifdef any of this code out. For more information about SMACK, please see Documentation/Smack.txt in the kernel source code. v3 of this patch changes the config options to be CamelCased.

Reword sentences that contain psuedo-English "resp." As you likely know, Arch Linux is in the process of moving to systemd. So I was reading through the various systemd docs and quickly became baffled by this new abbreviation "resp.", which I've never seen before in my English-mother-tongue life. Some quick Googling turned up a reference: <http://www.transblawg.eu/index.php?/archives/870-Resp.-and-other-non-existent-English-wordsNicht-existente-englische-Woerter.html> I guess it's a literal translation of the German "Beziehungsweise", but English doesn't work the same way. The word "respectively" is used exclusively to provide an ordering connection between two lists. E.g. "the prefixes k, M, and G refer to kilo-, mega-, and giga-, respectively." It is also never abbreviated to "resp." So the sentence "Sets the default output resp. error output for all services and sockets" makes no sense to a natural English speaker. This patch removes all instances of "resp." in the man pages and replaces them with sentences which are much more clear and, hopefully, grammatically valid. In almost all instances, it was simply replacing "resp." with "or," which the original author (Lennart?) could probably just do in the future. The only other instances of "resp." are in the src/ subtree, which I don't feel privileged to correct. Signed-off-by: Andrew Eikum <aeikum@codeweavers.com>

man: document behaviour of ListenStream= with only a port number in regards to IPv4/IPv6

man: fix a bunch of typos in docs https://bugs.freedesktop.org/show_bug.cgi?id=54501

unit: split off KillContext from ExecContext containing only kill definitions

man: reword man page titles Make sure the man page titles are similar in style and capitalization so that our man page index looks pretty.

relicense to LGPLv2.1 (with exceptions) We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.

socket: add option for SO_PASSEC https://bugzilla.redhat.com/show_bug.cgi?id=798760 (Note that this work is not complete yet, as the kernel seems to send us useless data with SCM_SECURITY enabled)

socket: rename the PassCred= option to PassCredentials=, since we don't want to needlessly abbreviate options unless they are very well established

'@' is an 'ampersat' not an 'ampersand'; let's call it 'at symbol'

man: document the PassCred option

man: Documentation spelling fixes

socket: expose SO_BROADCAST

socket: expose IP_TRANSPARENT

socket: add POSIX mqueue support

def: lower default timeout to 90s Almost everybody found 3min too long, so lower it again

socket: support ListeSpecial= sockets

man: fix specification of default timeouts

socket: support netlink sockets

exec: drop process group kill mode since it has little use and confuses the user

man: clarify a few things

execute: make sending of SIGKILL on shutdown optional

man: document missing KillSignal= and swap options

socket: make service to start on incoming traffic configurable

socket: Allow selection of TCP Congestion Avoidance algorithm to socket Hi, attached path extends socket configurables with another knob - TCP Congestion Avoidance selection. Linux implements handful of those, useful in various situations. For example, TCP Low Priority may be used by FTP service to gracefully yield bandwidth for more important TCP/IP streams. Until recently TCP_CONGESTION was Linux-specific, recently FreeBSD 8 and OpenSolaris gained compatible support.

man: update man pages for recent syntax changes

update man pages for recent changes

man: various man page updates

man: document execution context related settings

man: extend references to exec man page

man: trivial spelling fixes

man: document automount units

man: document mount units

man: document socket units