2022-09-16 21:57:26 +00:00
|
|
|
<?xml version='1.0'?> <!--*-nxml-*-->
|
|
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
|
|
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
|
|
|
|
|
|
|
<refentry id="systemd-pcrphase.service" conditional='HAVE_GNU_EFI'
|
|
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
|
|
|
|
|
|
<refentryinfo>
|
|
|
|
<title>systemd-pcrphase.service</title>
|
|
|
|
<productname>systemd</productname>
|
|
|
|
</refentryinfo>
|
|
|
|
|
|
|
|
<refmeta>
|
|
|
|
<refentrytitle>systemd-pcrphase.service</refentrytitle>
|
|
|
|
<manvolnum>8</manvolnum>
|
|
|
|
</refmeta>
|
|
|
|
|
|
|
|
<refnamediv>
|
|
|
|
<refname>systemd-pcrphase.service</refname>
|
2022-10-14 18:53:42 +00:00
|
|
|
<refname>systemd-pcrphase-sysinit.service</refname>
|
2022-09-16 21:57:26 +00:00
|
|
|
<refname>systemd-pcrphase-initrd.service</refname>
|
2022-10-17 13:20:53 +00:00
|
|
|
<refname>systemd-pcrmachine.service</refname>
|
|
|
|
<refname>systemd-pcrfs-root.service</refname>
|
|
|
|
<refname>systemd-pcrfs@.service</refname>
|
2022-09-16 21:57:26 +00:00
|
|
|
<refname>systemd-pcrphase</refname>
|
2022-10-17 13:20:53 +00:00
|
|
|
<refpurpose>Measure boot phase into TPM2 PCR 11, machine ID and file system identity into PCR 15</refpurpose>
|
2022-09-16 21:57:26 +00:00
|
|
|
</refnamediv>
|
|
|
|
|
|
|
|
<refsynopsisdiv>
|
|
|
|
<para><filename>systemd-pcrphase.service</filename></para>
|
2022-10-17 13:21:49 +00:00
|
|
|
<para><filename>systemd-pcrphase-sysinit.service</filename></para>
|
2022-09-16 21:57:26 +00:00
|
|
|
<para><filename>systemd-pcrphase-initrd.service</filename></para>
|
2022-10-17 13:20:53 +00:00
|
|
|
<para><filename>systemd-pcrmachine.service</filename></para>
|
|
|
|
<para><filename>systemd-pcrfs-root.service</filename></para>
|
|
|
|
<para><filename>systemd-pcrfs@.service</filename></para>
|
2023-02-03 02:52:31 +00:00
|
|
|
<para><filename>/usr/lib/systemd/systemd-pcrphase</filename> <optional><replaceable>STRING</replaceable></optional></para>
|
2022-09-16 21:57:26 +00:00
|
|
|
</refsynopsisdiv>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Description</title>
|
|
|
|
|
2022-10-14 18:53:42 +00:00
|
|
|
<para><filename>systemd-pcrphase.service</filename>,
|
2023-01-11 16:03:48 +00:00
|
|
|
<filename>systemd-pcrphase-sysinit.service</filename>, and
|
2022-09-16 21:57:26 +00:00
|
|
|
<filename>systemd-pcrphase-initrd.service</filename> are system services that measure specific strings
|
2022-10-14 18:53:42 +00:00
|
|
|
into TPM2 PCR 11 during boot at various milestones of the boot process.</para>
|
2022-09-16 21:57:26 +00:00
|
|
|
|
2022-10-17 13:20:53 +00:00
|
|
|
<para><filename>systemd-pcrmachine.service</filename> is a system service that measures the machine ID
|
|
|
|
(see <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>) into
|
|
|
|
PCR 15.</para>
|
|
|
|
|
|
|
|
<para><filename>systemd-pcrfs-root.service</filename> and <filename>systemd-pcrfs@.service</filename> are
|
|
|
|
services that measure file system identity information (i.e. mount point, file system type, label and
|
|
|
|
UUID, partition label and UUID) into PCR 15. <filename>systemd-pcrfs-root.service</filename> does so for
|
|
|
|
the root file system, <filename>systemd-pcrfs@.service</filename> is a template unit that measures the
|
|
|
|
file system indicated by its instance identifier instead.</para>
|
|
|
|
|
2022-09-16 21:57:26 +00:00
|
|
|
<para>These services require
|
|
|
|
<citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry> to be
|
man: fix issues reported by the manpage-l10n project
Fixes #25780.
> Man page: crypttab.5
> Issue 1: Missing fullstop
> Issue 2: I<cipher=>, I<hash=>, I<size=> → B<cipher=>, B<hash=>, B<size=>
>
> "Force LUKS mode\\&. When this mode is used, the following options are "
> "ignored since they are provided by the LUKS header on the device: "
> "I<cipher=>, I<hash=>, I<size=>"
Seems OK to me. The full stop is there and has been for at least a few years. And we use <option> for the markup, which is appropriate here.
> Man page: crypttab.5
> Issue 1: Missing fullstop
> Issue 2: I<cipher=>, I<hash=>, I<keyfile-offset=>, I<keyfile-size=>, I<size=> → B<cipher=>, B<hash=>, B<keyfile-offset=>, B<keyfile-size=>, B<size=>
>
> "Use TrueCrypt encryption mode\\&. When this mode is used, the following "
> "options are ignored since they are provided by the TrueCrypt header on the "
> "device or do not apply: I<cipher=>, I<hash=>, I<keyfile-offset=>, I<keyfile-"
> "size=>, I<size=>"
Same.
> Man page: journalctl.1
> Issue 1: make be → may be
Fixed.
> Issue 2: below\\&. → below:
Fixed.
> Man page: journalctl.1
> Issue: Colon at the end?
>
> "The following commands are understood\\&. If none is specified the default "
> "is to display journal records\\&."
> msgstr ""
> "Die folgenden Befehle werden verstanden\\&. Falls keiner festgelegt ist, ist "
> "die Anzeige von Journal-Datensätzen die Vorgabe\\&."
This is a bit awkward, but I'm not sure how to fix it.
> Man page: kernel-install.8
> Issue: methods a fallback → methods fallback
It was correct, but I added a comma to make the sense clearer.
> Man page: loader.conf.5
> Issue 1: secure boot variables → Secure Boot variables
> Issue 2: one → one for (multiple times)
>
> "Supported secure boot variables are one database for authorized images, one "
> "key exchange key (KEK) and one platform key (PK)\\&. For more information, "
> "refer to the \\m[blue]B<UEFI specification>\\m[]\\&\\s-2\\u[2]\\d\\s+2, "
> "under Secure Boot and Driver Signing\\&. Another resource that describe the "
> "interplay of the different variables is the \\m[blue]B<EDK2 "
> "documentation>\\m[]\\&\\s-2\\u[3]\\d\\s+2\\&."
"one of" would sound strange. "One this and one that" is OK.
> Man page: loader.conf.5
> Issue: systemd-boot → B<systemd-boot>(7)
Fixed.
> Man page: logind.conf.5
> Issue: systemd-logind → B<systemd-logind>(8)
We use <filename>systemd-logind</> on subsequent references… I think that's good enough.
> Man page: nss-myhostname.8
> Issue: B<getent> → B<getent>(1)
Fixed.
> Man page: nss-resolve.8
> Issue: B<systemd-resolved> → B<systemd-resolved>(8)
The first reference does this, subsequent are shorter.
> Man page: os-release.5
> Issue: Portable Services → Portable Services Documentation?
Updated.
> Man page: pam_systemd_home.8
> Issue: auth and account use "reason", while session and password do not?
Reworded.
> Man page: portablectl.1
> Issue: In systemd-portabled.service(8): Portable Services Documentation
Updated.
> Man page: repart.d.5
> Issue: The partition → the partition
Fixed.
> Man page: repart.d.5
> Issue: B<systemd-repart> → B<systemd-repart>(8)
The first reference does this. I also change this one, because it's pretty far down in the text.
> Man page: systemd.1
> Issue: kernel command line twice?
>
> "Takes a boolean argument\\&. If false disables importing credentials from "
> "the kernel command line, qemu_fw_cfg subsystem or the kernel command line\\&."
Apparently this was fixed already.
> Man page: systemd-boot.7
> Issue: enrollement → enrollment
Fixed.
> Man page: systemd-cryptenroll.1
> Issue: multiple cases: any specified → the specified
Reworded.
> Man page: systemd-cryptenroll.1
> Issue: If this this → If this
Fixed tree-wide.
> Man page: systemd-cryptsetup-generator.8
> Issue: and the initrd → and in the initrd
"Is honoured by the initrd" is OK, because we often speak about the initrd as a single unit. But in the same paragraph we also used "in the initrd", which makes the other use look sloppy. I changed it to "in the initrd" everywhere in that file.
> Man page: systemd.directives.7
> Issue: Why are these two quoted (but not others)?
>
> "B<\\*(Aqh\\*(Aq>"
>
> B<\\*(Aqs\\*(Aq>"
>
> "B<\\*(Aqy\\*(Aq>"
This is autogenerated from files… We use slightly different markup in different files, and it's just too hard to make it consistent. We gave up on this.
> Man page: systemd.exec.5
> Issue 1: B<at>(1p) → B<at>(1)
> Issue 2: B<crontab>(1p) → B<crontab>(1)
Fixed.
> Man page: systemd.exec.5
> Issue: B<select()> → B<select>(2)
Fixed.
> Man page: systemd.exec.5
> Issue: qemu → B<qemu>(1)
The man page doesn't seem to be in any of the canonical places on the web.
I added a link to online docs.
> Man page: systemd.exec.5
> Issue: variable → variables
Seems to be fixed already.
> Man page: systemd-integritysetup-generator.8
> Issue: systemd-integritysetup-generator → B<systemd-integritysetup-generator>
I changed <filename> to <command>.
> Man page: systemd-integritysetup-generator.8
> Issue: superfluous comma at the end
Already fixed.
> Man page: systemd-measure.1
> Issue: (see B<--pcr-bank=>) below → (see B<--pcr-bank=> below)
Reworded.
> Man page: systemd-measure.1
> Issue: =PATH> → =>I<PATH>
Fixed.
> Man page: systemd-measure.1.po
> Issue: B<--bank=DIGEST> → B<--bank=>I<DIGEST>
Fixed.
> Man page: systemd.netdev.5
> Issue: os the → on the
Appears to have been fixed already.
> Man page: systemd.netdev.5
> Issue: Onboard → On-board (as in previous string)
Updated.
> Man page: systemd.network.5
> Issue: B<systemd-networkd> -> B<systemd-networkd>(8)
First reference does this, subsequent do not.
> Man page: systemd.network.5
> Issue: B<netlabelctl> → B<netlabelctl>(8)
First reference does this, subsequent do not.
> Man page: systemd.network.5
> Issue: Missing verb (aquired? configured?) in the half sentence starting with "or by a "
I dropped the comma.
> Man page: systemd-nspawn.1
> Issue: All host users outside of that range → All other host users
Reworded.
> # FIXME no effect → no effect\\&.
> #. type: Plain text
> #: archlinux debian-unstable fedora-rawhide mageia-cauldron opensuse-tumbleweed
> msgid ""
> "Whichever ID mapping option is used, the same mapping will be used for users "
> "and groups IDs\\&. If B<rootidmap> is used, the group owning the bind "
> "mounted directory will have no effect"
A period is added. Not sure if there's some other issue.
> Man page: systemd-oomd.service.8
> Issue: B<systemd> → B<systemd>(1)
Done.
> Man page: systemd.path.5
> Issue 1: B<systemd.exec>(1) → B<systemd.exec>(5)
> Issue 2: This section does not (yet?) exist
Fixed.
> Man page: systemd-pcrphase.service.8
> Issue 1: indicate phases into TPM2 PCR 11 ??
> Issue 2: Colon at the end of the paragraph?
Fixed.
> Man page: systemd-pcrphase.service.8
> Issue: final boot phase → final shutdown phase?
Updated.
> Man page: systemd-pcrphase.service.8
> Issue: for the the → for the
Fixed tree-wide.
> Man page: systemd-portabled.service.8
> Issue: In systemd-portabled.service(8): Portable Services Documentation
Updated.
> Man page: systemd-pstore.service.8
> Issue: Here and the following paragraphs: . → \\&. // Upstream: What does this comment mean? // You normally write \\&. for a full dot (full stop etc.); here you write only "." (i.e. a plain dot).
>
> "and we look up \"localhost\", nss-dns will send the following queries to "
> "systemd-resolved listening on 127.0.0.53:53: first \"localhost.foobar.com\", "
> "then \"localhost.barbar.com\", and finally \"localhost\". If (hopefully) the "
> "first two queries fail, systemd-resolved will synthesize an answer for the "
> "third query."
Looks all OK to me.
> Man page: systemd.resource-control.5
> Issue: Missing closing bracket after link to Control Groups version 1
Fixed.
> Man page: systemd-sysext.8
> Issue: In systemd-portabled.service(8): Portable Services Documentation
Updated.
> Man page: systemd.timer.5
> Issue 1: B<systemd.exec>(1) → B<systemd.exec>(5)
> Issue 2: This section does not (yet?) exist
Fixed.
> Man page: systemd.unit.5
> Issue: that is → that are
Fixed.
> Man page: systemd-veritysetup-generator.8
> Issue: systemd-veritysetup-generator → B<systemd-veritysetup-generator>
>
> "systemd-veritysetup-generator implements B<systemd.generator>(7)\\&."
>
> "systemd-veritysetup-generator understands the following kernel command line "
> "parameters:"
Updated.
> Man page: systemd-volatile-root.service.8
> Issue: initrdyes → Initrd
Fixed.
> Man page: sysupdate.d.5
> Issue: : → \\&. (As above in TRANSFER)
Updated.
> Man page: sysupdate.d.5
> Issue: some → certain
Updated.
> Man page: sysupdate.d.5
> Issue 1: i\\&.e\\& → I\\&.e\\&
Fixed.
> Issue 2: the image → the system
"image" seems correct.
> Man page: tmpfiles.d.5
> Issue: systemd-tmpfiles → B<systemd-tmpfiles>(8)
Updated.
2023-01-11 15:45:59 +00:00
|
|
|
used in a unified kernel image (UKI). They execute no operation when the stub has not been used to invoke
|
|
|
|
the kernel. The stub will measure the invoked kernel and associated vendor resources into PCR 11 before
|
2023-01-11 16:03:48 +00:00
|
|
|
handing control to it; once userspace is invoked these services then will extend TPM2 PCR 11 with certain
|
2022-10-17 13:20:53 +00:00
|
|
|
literal strings indicating phases of the boot process. During a regular boot process PCR 11 is extended
|
|
|
|
with the following strings:</para>
|
2022-09-16 21:57:26 +00:00
|
|
|
|
|
|
|
<orderedlist>
|
2023-01-11 16:03:48 +00:00
|
|
|
<listitem><para><literal>enter-initrd</literal> — early when the initrd initializes, before activating
|
|
|
|
system extension images for the initrd. It acts as a barrier between the time where the kernel
|
|
|
|
initializes and where the initrd starts operating and enables system extension images, i.e. code
|
|
|
|
shipped outside of the UKI. (This extension happens when
|
|
|
|
<filename>systemd-pcrphase-initrd.service</filename> is started.)</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para><literal>leave-initrd</literal> — when the initrd is about to transition into the host
|
|
|
|
file system. It acts as barrier between initrd code and host OS code. (This extension happens when
|
|
|
|
<filename>systemd-pcrphase-initrd.service</filename> is stopped.)</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para><literal>sysinit</literal> — when basic system initialization is complete (which
|
|
|
|
includes local file systems having been mounted), and the system begins starting regular system
|
|
|
|
services. (This extension happens when <filename>systemd-pcrphase-sysinit.service</filename> is
|
|
|
|
started.)</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para><literal>ready</literal> — during later boot-up, after remote file systems have been
|
|
|
|
activated (i.e. after <filename>remote-fs.target</filename>), but before users are permitted to log in
|
|
|
|
(i.e. before <filename>systemd-user-sessions.service</filename>). It acts as barrier between the time
|
|
|
|
where unprivileged regular users are still prohibited to log in and where they are allowed to log in.
|
|
|
|
(This extension happens when <filename>systemd-pcrphase.service</filename> is started.)
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para><literal>shutdown</literal> — when the system shutdown begins. It acts as barrier
|
|
|
|
between the time the system is fully up and running and where it is about to shut down. (This extension
|
|
|
|
happens when <filename>systemd-pcrphase.service</filename> is stopped.)</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para><literal>final</literal> — at the end of system shutdown. It acts as barrier between
|
|
|
|
the time the service manager still runs and when it transitions into the final shutdown phase where
|
|
|
|
service management is not available anymore. (This extension happens when
|
|
|
|
<filename>systemd-pcrphase-sysinit.service</filename> is stopped.)</para></listitem>
|
2022-09-16 21:57:26 +00:00
|
|
|
</orderedlist>
|
|
|
|
|
2023-01-11 16:03:48 +00:00
|
|
|
<para>During a regular system lifecycle, PCR 11 is extended with the strings
|
|
|
|
<literal>enter-initrd</literal>, <literal>leave-initrd</literal>, <literal>sysinit</literal>,
|
|
|
|
<literal>ready</literal>, <literal>shutdown</literal>, and <literal>final</literal>.</para>
|
2022-09-16 21:57:26 +00:00
|
|
|
|
|
|
|
<para>Specific phases of the boot process may be referenced via the series of strings measured, separated
|
2023-01-11 16:03:48 +00:00
|
|
|
by colons (the "phase path"). For example, the phase path for the regular system runtime is
|
2022-10-14 18:53:42 +00:00
|
|
|
<literal>enter-initrd:leave-initrd:sysinit:ready</literal>, while the one for the initrd is just
|
2023-01-11 16:03:48 +00:00
|
|
|
<literal>enter-initrd</literal>. The phase path for the boot phase before the initrd is an empty string;
|
|
|
|
because that's hard to pass around a single colon (<literal>:</literal>) may be used instead. Note that
|
|
|
|
the aforementioned six strings are just the default strings and individual systems might measure other
|
|
|
|
strings at other times, and thus implement different and more fine-grained boot phases to bind policy
|
|
|
|
to.</para>
|
2022-09-16 21:57:26 +00:00
|
|
|
|
2023-01-11 16:03:48 +00:00
|
|
|
<para>By binding policy of TPM2 objects to a specific phase path it is possible to restrict access to
|
|
|
|
them to specific phases of the boot process, for example making it impossible to access the root file
|
|
|
|
system's encryption key after the system transitioned from the initrd into the host root file system.
|
|
|
|
</para>
|
2022-09-16 21:57:26 +00:00
|
|
|
|
|
|
|
<para>Use
|
|
|
|
<citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry> to
|
2023-01-11 16:03:48 +00:00
|
|
|
pre-calculate expected PCR 11 values for specific boot phases (via the <option>--phase=</option> switch).
|
|
|
|
</para>
|
2022-10-17 13:20:53 +00:00
|
|
|
|
|
|
|
<para><filename>systemd-pcrfs-root.service</filename> and <filename>systemd-pcrfs@.service</filename> are
|
|
|
|
automatically pulled into the initial transaction by
|
|
|
|
<citerefentry><refentrytitle>systemd-gpt-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
|
|
for the root and <filename>/var/</filename> file
|
|
|
|
systems. <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
|
|
will do this for all mounts with the <option>x-systemd.pcrfs</option> mount option in
|
|
|
|
<filename>/etc/fstab</filename>.</para>
|
2022-09-16 21:57:26 +00:00
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Options</title>
|
|
|
|
|
|
|
|
<para>The <filename>/usr/lib/systemd/system-pcrphase</filename> executable may also be invoked from the
|
|
|
|
command line, where it expects the word to extend into PCR 11, as well as the following switches:</para>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
|
|
<term><option>--bank=</option></term>
|
|
|
|
|
|
|
|
<listitem><para>Takes the PCR banks to extend the specified word into. If not specified the tool
|
|
|
|
automatically determines all enabled PCR banks and measures the word into all of
|
|
|
|
them.</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><option>--tpm2-device=</option><replaceable>PATH</replaceable></term>
|
|
|
|
|
|
|
|
<listitem><para>Controls which TPM2 device to use. Expects a device node path referring to the TPM2
|
|
|
|
chip (e.g. <filename>/dev/tpmrm0</filename>). Alternatively the special value <literal>auto</literal>
|
|
|
|
may be specified, in order to automatically determine the device node of a suitable TPM2 device (of
|
|
|
|
which there must be exactly one). The special value <literal>list</literal> may be used to enumerate
|
|
|
|
all suitable TPM2 devices currently discovered.</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2022-12-15 17:07:20 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term><option>--graceful</option></term>
|
|
|
|
|
|
|
|
<listitem><para>If no TPM2 firmware, kernel subsystem, kernel driver or device support is found, exit
|
|
|
|
with exit status 0 (i.e. indicate success). If this is not specified any attempt to measure without a
|
|
|
|
TPM2 device will cause the invocation to fail.</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2022-10-17 13:20:53 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term><option>--machine-id</option></term>
|
|
|
|
|
|
|
|
<listitem><para>Instead of measuring a word specified on the command line into PCR 11, measure the
|
|
|
|
host's machine ID into PCR 15.</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><option>--file-system=</option></term>
|
|
|
|
|
|
|
|
<listitem><para>Instead of measuring a word specified on the command line into PCR 11, measure
|
|
|
|
identity information of the specified file system into PCR 15. The parameter must be the path to the
|
|
|
|
established mount point of the file system to measure.</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2022-09-16 21:57:26 +00:00
|
|
|
<xi:include href="standard-options.xml" xpointer="help" />
|
|
|
|
<xi:include href="standard-options.xml" xpointer="version" />
|
|
|
|
|
|
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>See Also</title>
|
|
|
|
<para>
|
|
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
|
|
<citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
2022-10-17 13:20:53 +00:00
|
|
|
<citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
|
|
<citerefentry><refentrytitle>systemd-gpt-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
|
|
<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
2022-09-16 21:57:26 +00:00
|
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
</refentry>
|