system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-09-30 05:15:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

man: document the new concepts

Browse source
This commit is contained in:
Lennart Poettering 2024-01-03 19:29:23 +01:00
parent 00431b2b66
commit e8fd555471
8 changed files with 180 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
man/busctl.xml
View file

@ -449,6 +449,7 @@
<xi:include href="user-system-options.xml" xpointer="system" />
<xi:include href="user-system-options.xml" xpointer="host" />
<xi:include href="user-system-options.xml" xpointer="machine" />
<xi:include href="user-system-options.xml" xpointer="capsule" />
<varlistentry>
<term><option>-l</option></term>

118
man/capsule@.service.xml Normal file
View file

@ -0,0 +1,118 @@
<?xml version="1.0"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="capsule_.service">
<refentryinfo>
<title>capsule@.service</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>capsule@.service</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>capsule@.service</refname>
<refpurpose>System unit for the capsule service manager</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>capsule@<replaceable>NAME</replaceable>.service</filename></para>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>Service managers for capsules run in
<filename>capsule@<replaceable>NAME</replaceable>.service</filename> system units, with the capsule name as the
instance identifier. Capsules are way to run additional instances of the service manager, under dynamic
user IDs, i.e. UIDs that are allocated when the capsule service manager is started, and released when it
is stopped.</para>
<para>In many ways <filename>capsule@.service</filename> is similar to the per-user
<filename>user@.service</filename> service manager, but there are a few important distinctions:</para>
<itemizedlist>
<listitem><para>The capsule service manager utilizes <varname>DynamicUser=</varname> (see
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>) to
allocate a new UID dynamically on invocation. The user name is automatically generated from the capsule
name, by prefixng <literal>p_</literal>. The UID is released when the service is terminated. The user
service manager on the other hand operates under a statically allocated user ID that must be
pre-existing, before the user service manager is invoked.</para></listitem>
<listitem><para>User service managers register themselves with <citerefentry
project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, capsule
service managers do not.</para></listitem>
<listitem><para>User service managers typically read their configuration from a
<varname>$HOME</varname> directory below <filename>/home/</filename>, capsule service managers from a
<varname>$HOME</varname> directory below <filename>/var/lib/capsules/</filename>.</para></listitem>
<listitem><para>User service managers are collectively contained in the <filename>user.slice</filename>
unit, capsule service managers in <filename>capsule.slice</filename>. Also see
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para></listitem>
<listitem><para>User service managers start the user unit <filename>default.target</filename>
initially. Capsule service managers invoke the user unit <filename>capsule@.target</filename>
instead.</para></listitem>
</itemizedlist>
<para>The capsule service manager and the capsule's bus broker can be reached via the
<option>--capsule=</option> switch to
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry> and
<citerefentry><refentrytitle>busctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
<para>New capsules can be started via a simple <command>systemctl start
capsule@<replaceable>NAME</replaceable>.service</command> command, and stopped via <command>systemctl
stop capsule@<replaceable>NAME</replaceable>.service</command>. Starting a capsule will implicitly create
a home directory <filename>/var/lib/capsules/<replaceable>NAME</replaceable>/</filename>, if missing. A
runtime directory is created as <filename>/run/capsules/<replaceable>NAME</replaceable>/</filename>. To
remove these resources use <command>systemctl clean capsule@<replaceable>NAME</replaceable>.service</command>,
for example with the <option>--what=all</option> switch.</para>
<para>The <filename>capsule@.service</filename> unit invokes a <command>systemd --user</command>
service manager process. This means unit files are looked for according to the sames rules as for regular user
service managers, for example in
<filename>/var/lib/capsules/<replaceable>NAME</replaceable>/.config/systemd/user/</filename>.</para>
<para>Capsule names may be chosen freely by the user, however, they must be suitable as UNIX filenames
(i.e. 255 characters max, and contain no <literal>/</literal>), and when prefixed with
<literal>p-</literal> be suitable as a user name matching strict POSIX rules, see <ulink
url="https://systemd.io/USER_NAMES">User/Group Name Syntax</ulink> for details.</para>
</refsect1>
<refsect1>
<title>Examples</title>
<example>
<title>Create a new capsule, invoke two programs in it (one interactively), terminate it, and clean everything up</title>
<programlisting># systemctl start capsule@tatze.service
# systemd-run --capsule=tatze --unit=sleeptest.service sleep 999
# systemctl --capsule=tatze status sleeptest.service
# systemd-run -t --capsule=tatze bash
# systemctl --capsule=tatze stop sleeptest.service
# systemctl stop capsule@tatze.service
# systemctl clean --all capsule@tatze.service</programlisting>
</example>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>busctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>

1
man/rules/meson.build
View file

@ -8,6 +8,7 @@ manpages = [
['bootctl', '1', [], ''],
['bootup', '7', [], ''],
['busctl', '1', [], ''],
['capsule@.service', '5', [], ''],
['coredump.conf', '5', ['coredump.conf.d'], 'ENABLE_COREDUMP'],
['coredumpctl', '1', [], 'ENABLE_COREDUMP'],
['crypttab', '5', [], 'HAVE_LIBCRYPTSETUP'],

1
man/systemctl.xml
View file

@ -2813,6 +2813,7 @@ EOF
<xi:include href="user-system-options.xml" xpointer="host" />
<xi:include href="user-system-options.xml" xpointer="machine" />
<xi:include href="user-system-options.xml" xpointer="capsule" />
<xi:include href="standard-options.xml" xpointer="no-pager" />
<xi:include href="standard-options.xml" xpointer="legend" />

1
man/systemd-run.xml
View file

@ -517,6 +517,7 @@
<xi:include href="user-system-options.xml" xpointer="system" />
<xi:include href="user-system-options.xml" xpointer="host" />
<xi:include href="user-system-options.xml" xpointer="machine" />
<xi:include href="user-system-options.xml" xpointer="capsule" />
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />

66
man/systemd.special.xml
View file

@ -96,9 +96,10 @@
<filename>umount.target</filename>,
<filename>usb-gadget.target</filename>,
<!-- slices --><filename>-.slice</filename>,
<filename>capsule.slice</filename>,
<filename>machine.slice</filename>,
<filename>system.slice</filename>,
<filename>user.slice</filename>,
<filename>machine.slice</filename>,
<!-- the rest --><filename>-.mount</filename>,
<filename>dbus.service</filename>,
<filename>dbus.socket</filename>,
@ -1291,18 +1292,39 @@
<varlistentry>
<term><filename>-.slice</filename></term>
<listitem>
<para>The root slice is the root of the slice hierarchy. It usually does not contain
units directly, but may be used to set defaults for the whole tree.</para>
<para>The root slice is the root of the slice hierarchy. It usually does not contain units
directly, but may be used to set defaults for the whole tree.</para>
<xi:include href="version-info.xml" xpointer="v206"/>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>machine.slice</filename></term>
<listitem>
<para>By default, all virtual machines and containers registered with
<command>systemd-machined</command> are found in this slice. This is pulled in by
<filename>systemd-machined.service</filename>.</para>
<xi:include href="version-info.xml" xpointer="v206"/>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>capsule.slice</filename></term>
<listitem>
<para>By default, all capsules encapsulated in <filename>capsule@.service</filename> are found in
this slice.</para>
<xi:include href="version-info.xml" xpointer="v255"/>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>system.slice</filename></term>
<listitem>
<para>By default, all system services started by
<command>systemd</command> are found in this slice.</para>
<para>By default, all system services started by <command>systemd</command> are found in this
slice.</para>
<xi:include href="version-info.xml" xpointer="v206"/>
</listitem>
@ -1320,17 +1342,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term><filename>machine.slice</filename></term>
<listitem>
<para>By default, all virtual machines and containers
registered with <command>systemd-machined</command> are
found in this slice. This is pulled in by
<filename>systemd-machined.service</filename>.</para>
<xi:include href="version-info.xml" xpointer="v206"/>
</listitem>
</varlistentry>
</variablelist>
</refsect2>
</refsect1>
@ -1348,16 +1359,31 @@
<varlistentry>
<term><filename>default.target</filename></term>
<listitem>
<para>This is the main target of the user session, started by default. Various services that
compose the normal user session should be pulled into this target. In this regard,
<filename>default.target</filename> is similar to <filename>multi-user.target</filename> in the
system instance, but it is a real unit, not an alias.</para>
<para>This is the main target of the user service manager, started by default when the service
manager is invoked. Various services that compose the normal user session should be pulled into
this target. In this regard, <filename>default.target</filename> is similar to
<filename>multi-user.target</filename> in the system instance, but it is a real unit, not an
alias.</para>
<xi:include href="version-info.xml" xpointer="v242"/>
</listitem>
</varlistentry>
</variablelist>
<variablelist>
<varlistentry>
<term><filename>capsule@.target</filename></term>
<listitem>
<para>This is the main target of capsule service managers, started by default, instantiated with
the capsule name. This may be used to define different sets of units that are started for
different capsules via generic unit definitions. For details about capsules see
<citerefentry><refentrytitle>capsule@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<xi:include href="version-info.xml" xpointer="v255"/>
</listitem>
</varlistentry>
</variablelist>
<para>In addition, the following units are available which have definitions similar to their
system counterparts:
<filename>exit.target</filename>,

11
man/user-system-options.xml
View file

@ -55,4 +55,15 @@
implied.</para>
</listitem>
</varlistentry>
<varlistentry id='capsule'>
<term><option>-C</option></term>
<term><option>--capsule=</option></term>
<listitem id='capsule-text'>
<para>Execute operation on a capsule. Specify a capsule name to connect to. See
<citerefentry><refentrytitle>capsule@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
details about capsules.</para>
</listitem>
</varlistentry>
</variablelist>

1
man/user@.service.xml
View file

@ -188,6 +188,7 @@ TasksMax=33%</programlisting>
<member><citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>capsule@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>