diff --git a/man/90-rearrange-path.py b/man/90-rearrange-path.py index 5c727e411e..0620195157 100755 --- a/man/90-rearrange-path.py +++ b/man/90-rearrange-path.py @@ -35,7 +35,7 @@ def rearrange_bin_sbin(path): if __name__ == '__main__': path = os.environ['PATH'] # This should be always set. - # If it's not, we'll just crash, which is OK too. + # If it is not, we will just crash, which is OK too. new = rearrange_bin_sbin(path) if new != path: print('PATH={}'.format(new)) diff --git a/man/bootctl.xml b/man/bootctl.xml index 3159f42347..89ae019ad7 100644 --- a/man/bootctl.xml +++ b/man/bootctl.xml @@ -406,7 +406,7 @@ - By default the install command initializes a random seed file in + By default, the install command initializes a random seed file in the ESP. When creating an image it may be desirable to disable that in order to avoid having the same seed in all instances. @@ -468,8 +468,8 @@ os-release (e.g. vendorx-cashier-system). If set to (the default), the /etc/kernel/entry-token - file will be read if it exists, and the stored value used. Otherwise if the local machine ID is - initialized it is used. Otherwise IMAGE_ID= from os-release + file will be read if it exists, and the stored value used. Otherwise, if the local machine ID is + initialized it is used. Otherwise, IMAGE_ID= from os-release will be used, if set. Otherwise, ID= from os-release will be used, if set. @@ -509,7 +509,7 @@ Using the default entry name Linux Boot Manager is generally preferable as only one bootloader installed to a single ESP partition should be used to boot any number of OS installations found on the various disks installed in the system. Specifically distributions should not use this flag - to install a branded entry in the boot option list. However in situations with multiple disks, each with + to install a branded entry in the boot option list. However, in situations with multiple disks, each with their own ESP partition, it can be beneficial to make it easier to identify the bootloader being used in the firmware's boot option menu. diff --git a/man/bootup.xml b/man/bootup.xml index a0aafe5e79..8c97051b56 100644 --- a/man/bootup.xml +++ b/man/bootup.xml @@ -339,7 +339,7 @@ systemd-reboot.service | | | | remaining file systems, kill any remaining processes and release any other remaining resources, in a simple and robust fashion, without taking any service or unit concept into account anymore. At that point, regular applications and resources are generally terminated and released already, the second phase hence operates only as - safety net for everything that couldn't be stopped or released for some reason during the primary, unit-based + safety net for everything that could not be stopped or released for some reason during the primary, unit-based shutdown phase described above. diff --git a/man/crypttab.xml b/man/crypttab.xml index c91e8c2819..ab77dea837 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -104,7 +104,7 @@ see above and below. The key may be acquired via a PKCS#11 compatible hardware security token or - smartcard. In this case a saved key used in unlock process is stored on disk/removable media, acquired via + smartcard. In this case, a saved key used in unlock process is stored on disk/removable media, acquired via AF_UNIX, or stored in the LUKS2 JSON token metadata header. For RSA, the saved key is an encrypted volume key. The encrypted volume key is then decrypted by the PKCS#11 token with an RSA private key stored on it, and used to unlock the encrypted volume. For elliptic-curve (EC) cryptography, @@ -114,14 +114,14 @@ Similarly, the key may be acquired via a FIDO2 compatible hardware security token - (which must implement the "hmac-secret" extension). In this case a key generated randomly during + (which must implement the "hmac-secret" extension). In this case, a key generated randomly during enrollment is stored on disk/removable media, acquired via AF_UNIX, or stored in the LUKS2 JSON token metadata header. The random key is hashed via a keyed hash function (HMAC) on the FIDO2 token, using a secret key stored on the token that never leaves it. The resulting hash value is then used as key to unlock the encrypted volume. Use the option described below to use this mechanism. - Similarly, the key may be acquired via a TPM2 security chip. In this case a (during + Similarly, the key may be acquired via a TPM2 security chip. In this case, a (during enrollment) randomly generated key — encrypted by an asymmetric key derived from the TPM2 chip's seed key — is stored on disk/removable media, acquired via AF_UNIX, or stored in the LUKS2 JSON token metadata header. Use the option described below to use @@ -713,7 +713,7 @@ The specified URI can refer directly to a private key stored on a token or alternatively just to a slot or token, in which case a search for a suitable private key will be performed. In - this case if multiple suitable objects are found the token is refused. The keyfile configured + this case, if multiple suitable objects are found, the token is refused. The keyfile configured in the third column of the line is used as is (i.e. in binary form, unprocessed). The resulting decrypted key (for RSA) or derived shared secret (for ECC) is then Base64 encoded before it is used to unlock the LUKS volume. @@ -783,7 +783,7 @@ Takes a string, configuring the FIDO2 Relying Party (rp) for the FIDO2 unlock - operation. If not specified io.systemd.cryptsetup is used, except if the LUKS2 + operation. If not specified, io.systemd.cryptsetup is used, except if the LUKS2 JSON token header contains a different value. It should normally not be necessary to override this. @@ -891,7 +891,7 @@ public key specified at key enrollment time can be provided. See systemd-cryptenroll1 for details on enrolling TPM2 PCR public keys. If this option is not specified but it is attempted to - unlock a LUKS2 volume with a signed TPM2 PCR enrollment a suitable signature file + unlock a LUKS2 volume with a signed TPM2 PCR enrollment, a suitable signature file tpm2-pcr-signature.json is searched for in /etc/systemd/, /run/systemd/, /usr/lib/systemd/ (in this order). @@ -908,7 +908,7 @@ variants. See systemd-cryptenroll1 for details on enrolling TPM2 pcrlock policies. If this option is not specified but it is attempted - to unlock a LUKS2 volume with a TPM2 pcrlock enrollment a suitable signature file + to unlock a LUKS2 volume with a TPM2 pcrlock enrollment, a suitable signature file pcrlock.json is searched for in /run/systemd/ and /var/lib/systemd/ (in this order). @@ -934,7 +934,7 @@ Selects one or more TPM2 PCR banks to measure the volume key into, as configured with above. Multiple banks may be specified, separated by a colon - character. If not specified automatically determines available and used banks. Expects a message + character. If not specified, automatically determines available and used banks. Expects a message digest name (e.g. sha1, sha256, …) as argument, to identify the bank. @@ -984,10 +984,10 @@ systemd.mount5 units marked with . - Although it's not necessary to mark the mount entry for the root file system with + Although it is not necessary to mark the mount entry for the root file system with , is still recommended with the encrypted block device containing the root file system as otherwise systemd will - attempt to detach the device during the regular system shutdown while it's still in + attempt to detach the device during the regular system shutdown while it is still in use. With this option the device will still be detached but later after the root file system is unmounted. diff --git a/man/directives-template.xml b/man/directives-template.xml index 0b6ee21929..80d8e08b02 100644 --- a/man/directives-template.xml +++ b/man/directives-template.xml @@ -163,7 +163,7 @@ Miscellaneous options and directives - Other configuration elements which don't fit in any of the above groups. + Other configuration elements which do not fit in any of the above groups. diff --git a/man/fido2-crypttab.sh b/man/fido2-crypttab.sh index d1c31e3e8c..6823958a4e 100644 --- a/man/fido2-crypttab.sh +++ b/man/fido2-crypttab.sh @@ -8,7 +8,7 @@ sudo systemd-cryptenroll --fido2-device=auto /dev/sdXn sudo systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=auto # If that worked, let's now add the same line persistently to /etc/crypttab, -# for the future. We don't want to use the (unstable) /dev/sdX name, so let's +# for the future. We do not want to use the (unstable) /dev/sdX name, so let's # figure out a stable link: udevadm info -q symlink -r /dev/sdXn diff --git a/man/file-hierarchy.xml b/man/file-hierarchy.xml index 358f428538..1c4a33d597 100644 --- a/man/file-hierarchy.xml +++ b/man/file-hierarchy.xml @@ -72,7 +72,7 @@ If the boot partition /boot/ is maintained separately from the EFI System Partition (ESP), the latter is mounted here. Tools that need to operate on the EFI system partition should look for it at this mount point first, and fall back to /boot/ - — if the former doesn't qualify (for example if it is not a mount point or does not have the correct + — if the former does not qualify (for example if it is not a mount point or does not have the correct file system type MSDOS_SUPER_MAGIC). @@ -534,7 +534,7 @@ possible to mount them , because various programs use those directories for dynamically generated or optimized code, and with that flag those use cases would break. Using this flag is OK on special-purpose installations or systems where all software that may be installed is - known and doesn't require such functionality. See the discussion of + known and does not require such functionality. See the discussion of // in mount8 and PROT_EXEC in Takes a path to use as home directory for the user. Note that this is the directory the user's home directory is mounted to while the user is logged in. This is not where the user's - data is actually stored, see for that. If not specified defaults to + data is actually stored, see for that. If not specified, defaults to /home/$USER. @@ -329,7 +329,7 @@ Takes a file system path to a directory. Specifies the skeleton directory to initialize the home directory with. All files and directories in the specified path are copied into - any newly create home directory. If not specified defaults to /etc/skel/. + any newly create home directory. If not specified, defaults to /etc/skel/. @@ -339,7 +339,7 @@ Takes a file system path. Specifies the shell binary to execute on terminal - logins. If not specified defaults to /bin/bash. + logins. If not specified, defaults to /bin/bash. @@ -633,7 +633,7 @@ After this time passes logging in may only proceed after the password is changed. specifies how much earlier than then the time configured with the user is warned at login to change their password as - it will expire soon. Finally configures the time which + it will expire soon. Finally, configures the time which has to pass after the password as expired until the user is not permitted to log in or change the password anymore. Note that these options only apply to password authentication, and do not apply to other forms of authentication, for example PKCS#11-based security token @@ -896,7 +896,7 @@ loopback file system instead of immediately from a common pool like the other backends do it). In regular intervals free disk space in the active home areas and their backing storage is redistributed among them, taking the weight value configured here into account. Expects an integer in the range - 1…10000, or the special string off. If not specified defaults to 100. The weight + 1…10000, or the special string off. If not specified, defaults to 100. The weight is used to scale free space made available to the home areas: a home area with a weight of 200 will get twice the free space as one with a weight of 100; a home area with a weight of 50 will get half of that. The backing file system will be assigned space for a weight of 20. If set to @@ -914,7 +914,7 @@ Configures the nosuid, nodev and - noexec mount options for the home directories. By default nodev + noexec mount options for the home directories. By default, nodev and nosuid are on, while noexec is off. For details about these mount options see mount8. @@ -932,7 +932,7 @@ directory/user account, as well as the file share ("service") to mount as directory. The latter is used when cifs storage is selected. The file share should be specified in format //host/share/directory/…. The - directory part is optional — if not specified the home directory will be placed in the top-level + directory part is optional — if not specified, the home directory will be placed in the top-level directory of the share. The setting allows specifying additional mount options when mounting the share, see mount.cifs8 @@ -948,7 +948,7 @@ sessions of the user ended. The default is configured in logind.conf5 (for home directories of LUKS2 storage located on removable media this defaults to 0 though). A longer - time makes sure quick, repetitive logins are more efficient as the user's service manager doesn't + time makes sure quick, repetitive logins are more efficient as the user's service manager does not have to be started every time. @@ -1310,7 +1310,7 @@ ykman piv generate-key -a RSA2048 9d pubkey.pem # Create a self-signed certificate from this public key, and store it on the device. ykman piv generate-certificate --subject "Knobelei" 9d pubkey.pem -# We don't need the public key on disk anymore +# We do not need the public key on disk anymore rm pubkey.pem # Allow the security token to unlock the account of user 'lafcadio'. diff --git a/man/homed.conf.xml b/man/homed.conf.xml index 4b51093877..72d29fb43a 100644 --- a/man/homed.conf.xml +++ b/man/homed.conf.xml @@ -60,7 +60,7 @@ homectl1. If not configured or assigned the empty string, the default storage is automatically determined: if not running in a container environment and /home/ is not itself encrypted, defaults - to luks. Otherwise defaults to subvolume if + to luks. Otherwise, defaults to subvolume if /home/ is on a btrfs file system, and directory otherwise. Note that the storage selected on the homectl command line always takes precedence. @@ -72,7 +72,7 @@ DefaultFileSystemType= When using luks as storage (see above), selects the default file system to use inside the user's LUKS volume. Takes one of btrfs, - ext4 or xfs. If not specified defaults to + ext4 or xfs. If not specified, defaults to btrfs. This setting has no effect if a different storage mechanism is used. The file system type selected on the homectl command line always takes precedence. diff --git a/man/journalctl.xml b/man/journalctl.xml index 5881a52eaf..b977c7521a 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -206,8 +206,8 @@ - Takes a journal namespace identifier string as argument. If not specified the data - collected by the default namespace is shown. If specified shows the log data of the specified + Takes a journal namespace identifier string as argument. If not specified, the data + collected by the default namespace is shown. If specified, shows the log data of the specified namespace instead. If the namespace is specified as * data from all namespaces is shown, interleaved. If the namespace identifier is prefixed with + data from the specified namespace and the default namespace is shown, interleaved, but no other. For details about @@ -272,7 +272,7 @@ If FILE exists and contains a cursor, start showing - entries after this location. Otherwise show entries according to the other + entries after this location. Otherwise, show entries according to the other given options. At the end, write the cursor of the last entry to FILE. Use this option to continually read the journal by sequentially calling journalctl. @@ -737,7 +737,7 @@ - Don't show the hostname field of log messages originating from the local host. This + Do not show the hostname field of log messages originating from the local host. This switch has an effect only on the family of output modes (see above). Note: this option does not remove occurrences of the hostname from log entries themselves, so diff --git a/man/journald.conf.xml b/man/journald.conf.xml index 1aa74926ab..d96886baab 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -422,7 +422,7 @@ where the console is often a slow, virtual serial port. Since journald is implemented as a conventional single-process daemon, forwarding to a completely hung console will block journald. This can have a cascading effect resulting in any services synchronously - logging to the blocked journal also becoming blocked. Unless actively debugging/developing something, it's + logging to the blocked journal also becoming blocked. Unless actively debugging/developing something, it is generally preferable to setup a journalctl --follow style service redirected to the console, instead of ForwardToConsole=yes, for production use. @@ -487,7 +487,7 @@ Note that this option does not control whether systemd-journald collects generated audit records, it just controls whether it tells the kernel to generate them. If you need to prevent systemd-journald from collecting the generated messages, the socket - unit systemd-journald-audit.socket can be disabled and in this case this setting + unit systemd-journald-audit.socket can be disabled and, in this case, this setting is without effect. diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml index 94bc874009..528f23b809 100644 --- a/man/kernel-command-line.xml +++ b/man/kernel-command-line.xml @@ -168,7 +168,7 @@ the special value state. If false (the default), normal boot mode is selected, the root directory and /var/ are mounted as specified on the kernel command line or /etc/fstab, or otherwise configured. If true, full state-less boot mode is selected. In - this case the root directory is mounted as volatile memory file system (tmpfs), and only + this case, the root directory is mounted as volatile memory file system (tmpfs), and only /usr/ is mounted from the file system configured as root device, in read-only mode. This enables fully state-less boots were the vendor-supplied OS is used as shipped, with only default configuration and no stored state in effect, as /etc/ and /var/ (as @@ -403,7 +403,7 @@ If root= is not set (or set to gpt-auto) the automatic root partition discovery implemented by systemd-gpt-auto-generator8 - will be in effect. In this case rootfstype=, rootflags=, + will be in effect. In this case, rootfstype=, rootflags=, ro, rw will be interpreted by systemd-gpt-auto-generator. @@ -688,7 +688,7 @@ dd if=/dev/urandom bs=512 count=1 status=none | base64 -w 0 - Again: do not use this option outside of testing environments, it's a security risk elsewhere, + Again: do not use this option outside of testing environments, it is a security risk elsewhere, as secret key material derived from the entropy pool can possibly be reconstructed by unprivileged programs. diff --git a/man/kernel-install.xml b/man/kernel-install.xml index f3468bbde0..7c0ef0efc9 100644 --- a/man/kernel-install.xml +++ b/man/kernel-install.xml @@ -308,9 +308,9 @@ If set to (the default), the /etc/kernel/entry-token (or $KERNEL_INSTALL_CONF_ROOT/entry-token) file will be read if it exists, and the - stored value used. Otherwise if the local machine ID is initialized it is used. Otherwise + stored value used. Otherwise, if the local machine ID is initialized, it is used. Otherwise, IMAGE_ID= from os-release will be used, if set. Otherwise, - ID= from os-release will be used, if set. Otherwise a + ID= from os-release will be used, if set. Otherwise, a randomly generated machine ID is used. Using the machine ID for naming the entries is generally preferable, however there are cases @@ -413,7 +413,7 @@ $KERNEL_INSTALL_MACHINE_ID is set for the plugins to the desired machine-id to - use. It's always a 128-bit ID. Normally it's read from /etc/machine-id, but it can + use. It's always a 128-bit ID. Normally it is read from /etc/machine-id, but it can also be overridden via $MACHINE_ID (see below). If not specified via these methods, a fallback value will generated by kernel-install and used only for a single invocation. @@ -429,7 +429,7 @@ Note that while $KERNEL_INSTALL_ENTRY_TOKEN and $KERNEL_INSTALL_MACHINE_ID are often set to the same value, the latter is guaranteed to be a valid 32 character ID in lowercase hexadecimals while the former can be any short string. The - entry token to use is read from /etc/kernel/entry-token, if it exists. Otherwise a + entry token to use is read from /etc/kernel/entry-token, if it exists. Otherwise, a few possible candidates below $BOOT are checked for Boot Loader Specification Type 1 entry directories, and if found the entry token is derived from that. If that is not successful, $KERNEL_INSTALL_MACHINE_ID is used as fallback. @@ -442,7 +442,7 @@ $KERNEL_INSTALL_LAYOUT=auto|bls|uki|other|... is set for the plugins to specify the installation layout. Additional layout names may be defined by convention. If a plugin uses a special layout, - it's encouraged to declare its own layout name and configure layout= in + it is encouraged to declare its own layout name and configure layout= in install.conf upon initial installation. The following values are currently understood: diff --git a/man/logcontrol-example.c b/man/logcontrol-example.c index 23e73846cd..eb527280ff 100644 --- a/man/logcontrol-example.c +++ b/man/logcontrol-example.c @@ -220,7 +220,7 @@ int main(int argc, char **argv) { if (r < 0) return log_error(o.log_level, r, "sd_bus_add_object_vtable()"); - /* By default the service is assigned an ephemeral name. Also add a fixed + /* By default, the service is assigned an ephemeral name. Also add a fixed * one, so that clients know whom to call. * https://www.freedesktop.org/software/systemd/man/sd_bus_request_name.html */ diff --git a/man/logind.conf.xml b/man/logind.conf.xml index da41d56e7f..ff3ab5422a 100644 --- a/man/logind.conf.xml +++ b/man/logind.conf.xml @@ -386,7 +386,7 @@ Specifies a timeout in seconds, or a time span value after which systemd-logind checks the idle state of all sessions. Every session that is idle - for longer than the timeout will be stopped. Note that this option doesn't apply to + for longer than the timeout will be stopped. Note that this option does not apply to greeter or lock-screen sessions. Defaults to infinity (systemd-logind is not checking the idle state of sessions). For details about the syntax of time spans, see diff --git a/man/machinectl.xml b/man/machinectl.xml index 5b19a9abbd..a47269b24e 100644 --- a/man/machinectl.xml +++ b/man/machinectl.xml @@ -422,7 +422,7 @@ Edit the settings file of the specified machines. For the format of the settings file, refer to systemd.nspawn5. - If an existing settings file of the given machine can't be found, edit + If an existing settings file of the given machine cannot be found, edit automatically create a new settings file from scratch under /etc/systemd/nspawn/. diff --git a/man/networkctl.xml b/man/networkctl.xml index 22f9744c95..c8ebaa227d 100644 --- a/man/networkctl.xml +++ b/man/networkctl.xml @@ -156,7 +156,7 @@ pending systemd-udevd8 - is still processing the link, we don't yet know if we will manage it. + is still processing the link, we do not yet know if we will manage it. @@ -165,7 +165,7 @@ initialized systemd-udevd8 - has processed the link, but we don't yet know if we will manage it. + has processed the link, but we do not yet know if we will manage it. @@ -296,7 +296,7 @@ Show discovered LLDP (Link Layer Discovery Protocol) neighbors. If one or more PATTERNs are specified only neighbors on those interfaces are shown. - Otherwise shows discovered neighbors on all interfaces. Note that for this feature to work, + Otherwise, shows discovered neighbors on all interfaces. Note that for this feature to work, LLDP= must be turned on for the specific interface, see systemd.network5 for details. @@ -632,7 +632,7 @@ s - Service VLAN, m - Two-port MAC Relay (TPMR) drop-in directories are created and populated in one go. Multiple drop-ins may be "edited" in this mode with , and - the same contents will be written to all of them. Otherwise exactly one main configuration file + the same contents will be written to all of them. Otherwise, exactly one main configuration file is expected. diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml index 890faaea32..fc887cacac 100644 --- a/man/nss-systemd.xml +++ b/man/nss-systemd.xml @@ -39,7 +39,7 @@ systemd-homed.service8, or systemd-machined.service8. This module also ensures that the root and nobody users and groups (i.e. the users/groups with the UIDs/GIDs - 0 and 65534) remain resolvable at all times, even if they aren't listed in /etc/passwd or + 0 and 65534) remain resolvable at all times, even if they are not listed in /etc/passwd or /etc/group, or if these files are missing. This module preferably utilizes diff --git a/man/org.freedesktop.home1.xml b/man/org.freedesktop.home1.xml index dd947a3ed4..403778288d 100644 --- a/man/org.freedesktop.home1.xml +++ b/man/org.freedesktop.home1.xml @@ -568,7 +568,7 @@ node /org/freedesktop/home1/home { operate like their matching counterparts on the org.freedesktop.home1.Manager interface (see above). The main difference is that they are methods of the home directory objects, and hence carry no additional user name parameter. Which of the two flavors of methods to call depends on - the handles to the user known on the client side: if only the user name is known, it's preferable to use + the handles to the user known on the client side: if only the user name is known, it is preferable to use the methods on the manager object since they operate with user names only. Clients can also easily operate on their own home area by using the methods on the manager object with an empty string as the user name. If the client has the home's object path already acquired in some way, however, it is preferable to operate diff --git a/man/org.freedesktop.login1.xml b/man/org.freedesktop.login1.xml index a69a8ecb35..965d826101 100644 --- a/man/org.freedesktop.login1.xml +++ b/man/org.freedesktop.login1.xml @@ -1420,7 +1420,7 @@ node /org/freedesktop/login1/session/1 { only works on devices that are attached to the seat of the given session. A process is not required to have direct access to the device node. systemd-logind only requires you to be the active session controller (see TakeControl()). Also note that any device can only - be requested once. As long as you don't release it, further TakeDevice() calls + be requested once. As long as you do not release it, further TakeDevice() calls will fail. ReleaseDevice() releases a device again (see @@ -1465,7 +1465,7 @@ node /org/freedesktop/login1/session/1 { notification. pause means systemd-logind grants you a limited amount of time to pause the device. You must respond to this via PauseDeviceComplete(). This synchronous pausing mechanism is used for backwards-compatibility to VTs and systemd-logind is free to not make use of - it. It is also free to send a forced PauseDevice() if you don't respond in a timely + it. It is also free to send a forced PauseDevice() if you do not respond in a timely manner (or for any other reason). gone means the device was unplugged from the system and you will no longer get any notifications about it. There is no need to call ReleaseDevice(). You may call TakeDevice() again if a new diff --git a/man/org.freedesktop.resolve1.xml b/man/org.freedesktop.resolve1.xml index a9c121d12f..324b688853 100644 --- a/man/org.freedesktop.resolve1.xml +++ b/man/org.freedesktop.resolve1.xml @@ -500,7 +500,7 @@ node /org/freedesktop/resolve1 { hence where the data was found. The primary use cases for these five flags are follow-up look-ups based on DNS data retrieved - earlier. In this case it is often a good idea to limit the follow-up look-up to the protocol that was + earlier. In this case, it is often a good idea to limit the follow-up look-up to the protocol that was used to discover the first DNS result. The NO_CNAME flag controls whether CNAME/DNAME resource records shall be followed during the @@ -625,7 +625,7 @@ node /org/freedesktop/resolve1 { each non-existence proof. The secure counter is increased for each operation that successfully verified a signed reply, the insecure counter is increased for each operation that successfully verified that an unsigned reply is rightfully unsigned. The bogus counter is increased for each operation where the - validation did not check out and the data is likely to have been tempered with. Finally the + validation did not check out and the data is likely to have been tempered with. Finally, the indeterminate counter is increased for each operation which did not complete because the necessary keys could not be acquired or the cryptographic algorithms were unknown. diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 2ab21f0607..1c5e7f2eb7 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -1283,7 +1283,7 @@ node /org/freedesktop/systemd1 { its dependencies, possibly replacing already queued jobs that conflict with it. If fail, the method will start the unit and its dependencies, but will fail if this would change an already queued job. If isolate, the method will start the unit in question - and terminate all units that aren't dependencies of it. If ignore-dependencies, it + and terminate all units that are not dependencies of it. If ignore-dependencies, it will start a unit but ignore all its dependencies. If ignore-requirements, it will start a unit but only ignore the requirement dependencies. It is not recommended to make use of the latter two options. On reply, if successful, this method returns the newly created job object @@ -1309,8 +1309,8 @@ node /org/freedesktop/systemd1 { TryRestartUnit(), ReloadOrRestartUnit(), or ReloadOrTryRestartUnit() may be used to restart and/or reload a unit. These methods take similar arguments as StartUnit(). Reloading is done only if the unit is already - running and fails otherwise. If a service is restarted that isn't running, it will be started unless - the "Try" flavor is used in which case a service that isn't running is not affected by the restart. The + running and fails otherwise. If a service is restarted that is not running, it will be started unless + the "Try" flavor is used in which case a service that is not running is not affected by the restart. The "ReloadOrRestart" flavors attempt a reload if the unit supports it and use a restart otherwise. EnqueueMarkedJobs() creates reload/restart jobs for units which have been @@ -1619,12 +1619,12 @@ node /org/freedesktop/systemd1 { failed, dependency, or skipped. done indicates successful execution of a job. canceled indicates that a job has been canceled (via - CancelJob() above) before it finished execution (this doesn't necessarily mean + CancelJob() above) before it finished execution (this does not necessarily mean though that the job operation is actually cancelled too, see above). timeout indicates that the job timeout was reached. failed indicates that the job failed. dependency indicates that a job this job depended on failed and the job hence was removed as well. skipped indicates that a job was skipped because - it didn't apply to the unit's current state. + it did not apply to the unit's current state. StartupFinished() is sent out when startup finishes. It carries six microsecond timespan values, each indicating how much boot time has been spent in the firmware (if @@ -2575,7 +2575,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { reboot). masked indicates that the unit file is masked permanently. masked-runtime indicates that it is masked in /run/ temporarily (until the next reboot). static indicates that the unit is statically enabled, i.e. - always enabled and doesn't need to be enabled explicitly. invalid indicates that it + always enabled and does not need to be enabled explicitly. invalid indicates that it could not be determined whether the unit file is enabled. InactiveExitTimestamp, InactiveExitTimestampMonotonic, @@ -2636,7 +2636,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { five fields are given: condition type (e.g. ConditionPathExists), whether the condition is a trigger condition, whether the condition is reversed, the right hand side of the condition (e.g. the path in case of ConditionPathExists), and the status. The status - can be 0, in which case the condition hasn't been checked yet, a positive value, in which case the + can be 0, in which case the condition has not been checked yet, a positive value, in which case the condition passed, or a negative value, in which case the condition is not met. Currently only 0, +1, and -1 are used, but additional values may be used in the future, retaining the meaning of zero/positive/negative values. @@ -4767,7 +4767,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { with runtime data. LimitCPU (and related properties) map more or less directly to the - corresponding settings in the service unit files except that if they aren't set, their value is + corresponding settings in the service unit files except that if they are not set their value is 18446744073709551615 (i.e. -1). Capabilities contains the configured capabilities, as formatted with @@ -4813,7 +4813,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { Result encodes the execution result of the last run of the service. It is useful to determine the reason a service failed if it is in the failed state (see ActiveState above). The following values are currently known: - success is set if the unit didn't fail. resources indicates that + success is set if the unit did not fail. resources indicates that not enough resources were available to fork off and execute the service processes. timeout indicates that a timeout occurred while executing a service operation. exit-code indicates that a service process exited with an unclean exit @@ -6890,8 +6890,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - PollLimitIntervalUSec/PollLimitBurst properties configure the - polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to + The PollLimitIntervalUSec and PollLimitBurst properties configure the + polling limit for the socket unit. Expects a time in µs and unsigned integer, respectively. If either is set to zero the limiting feature is turned off. diff --git a/man/org.freedesktop.sysupdate1.xml b/man/org.freedesktop.sysupdate1.xml index 651422477a..a34ca18c5c 100644 --- a/man/org.freedesktop.sysupdate1.xml +++ b/man/org.freedesktop.sysupdate1.xml @@ -284,7 +284,7 @@ node /org/freedesktop/sysupdate1/target/host { software center to correctly associate the catalogs with this target. GetVersion() returns the current version of this target, if any. The current - version is the newest version that is installed. Note that this isn't necessarily the same thing as the + version is the newest version that is installed. Note that this is not necessarily the same thing as the booted or currently-in-use version of the target. For example, on the host system the booted version is the current version most of the time, but if an update is installed and pending a reboot it will become the current version instead. You can query the booted version of the host system via diff --git a/man/os-release.xml b/man/os-release.xml index 99e31ba24e..548eb47a4c 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -120,7 +120,7 @@ In the extension-release.IMAGE filename, the IMAGE part must exactly match the file name of the containing image with the - suffix removed. In case it is not possible to guarantee that an image file name is stable and doesn't + suffix removed. In case it is not possible to guarantee that an image file name is stable and does not change between the build and the deployment phases, it is possible to relax this check: if exactly one file whose name matches extension-release.* is present in this directory, and the file is tagged with a user.extension-release.strict diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index 183b37d676..33d02c4efb 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -192,7 +192,7 @@ for details on the capabilities concept. If not specified, the default bounding set is left as is (i.e. usually contains the full set of capabilities). The default ambient set is set to CAP_WAKE_ALARM for regular users if the PAM session is associated with a local - seat or if it is invoked for the systemd-user service. Otherwise defaults to the + seat or if it is invoked for the systemd-user service. Otherwise, defaults to the empty set. diff --git a/man/pam_systemd_home.xml b/man/pam_systemd_home.xml index 5bd48de4a6..74c4363b73 100644 --- a/man/pam_systemd_home.xml +++ b/man/pam_systemd_home.xml @@ -65,8 +65,8 @@ user concurrently uses graphical login sessions that implement the required re-authentication mechanism and console logins that do not, the home directory is not locked during suspend, due to the logic explained above. That said, it is possible to set this field for TTY logins too, ignoring the - fact that TTY logins actually don't support the re-authentication mechanism. In that case the TTY - sessions will appear hung until the user logs in on another virtual terminal (regardless if via + fact that TTY logins actually do not support the re-authentication mechanism. In that case the TTY + sessions will appear hung until the user logs in on another virtual terminal (regardless of whether via another TTY session or graphically) which will resume the home directory and unblock the original TTY session. (Do note that lack of screen locking on TTY sessions means even though the TTY session appears hung, keypresses can still be queued into it, and the existing screen contents be read diff --git a/man/portablectl.xml b/man/portablectl.xml index cafb3565ac..5678171a17 100644 --- a/man/portablectl.xml +++ b/man/portablectl.xml @@ -119,7 +119,7 @@ /run/portables/, to make sure it is included in it. - By default all unit files whose names start with a prefix generated from the image's file name are copied + By default, all unit files whose names start with a prefix generated from the image's file name are copied out. Specifically, the prefix is determined from the image file name with any suffix such as .raw removed, truncated at the first occurrence of an underscore character (_), if there is one. The underscore logic is supposed to be used to versioning so that the @@ -170,7 +170,7 @@ Detaches an existing portable service image from the host, and immediately attaches it again. This is useful in case the image was replaced. Running units are not stopped during the process. Partial matching, to allow for different versions in the image name, is allowed: only the part before the first _ - character has to match. If the new image doesn't exist, the existing one will not be detached. The parameters + character has to match. If the new image does not exist, the existing one will not be detached. The parameters follow the same syntax as the attach command. If and/or are passed, the portable services are @@ -186,7 +186,7 @@ Extracts various metadata from a portable service image and presents it to the caller. Specifically, the os-release5 file of the - image is retrieved as well as all matching unit files. By default a short summary showing the most relevant + image is retrieved as well as all matching unit files. By default, a short summary showing the most relevant metadata in combination with a list of matching unit files is shown (that is the unit files attach would install to the host system). If combined with (see above), the os-release data and the units files' contents is displayed unprocessed. This @@ -314,7 +314,7 @@ PROFILE - When attaching an image, select the profile to use. By default the default + When attaching an image, select the profile to use. By default, the default profile is used. For details about profiles, see below. @@ -350,7 +350,7 @@ - Don't reload the service manager after attaching or detaching a portable service + Do not reload the service manager after attaching or detaching a portable service image. Normally the service manager is reloaded to ensure it is aware of added or removed unit files. @@ -388,7 +388,7 @@ - Don't block waiting for attach --now to complete. + Do not block waiting for attach --now to complete. diff --git a/man/poweroff.xml b/man/poweroff.xml index 501db12a58..ce4ff3cb2c 100644 --- a/man/poweroff.xml +++ b/man/poweroff.xml @@ -129,7 +129,7 @@ - Don't sync hard disks/storage media before power-off, reboot, or halt. + Do not sync hard disks/storage media before power-off, reboot, or halt. diff --git a/man/repart.d.xml b/man/repart.d.xml index 204fc16208..8e3d496ab2 100644 --- a/man/repart.d.xml +++ b/man/repart.d.xml @@ -60,7 +60,7 @@ no matching partition file are left as they are. Note that these definitions may only be used to create and initialize new partitions or to grow - existing ones. In the latter case it will not grow the contained files systems however; separate + existing ones. In the latter case, it will not grow the contained files systems however; separate mechanisms, such as systemd-growfs8 may be used to grow the file systems inside of these partitions. Partitions may also be marked for automatic @@ -250,7 +250,7 @@ The textual label to assign to the partition if none is assigned yet. Note that this setting is not used for matching. It is also not used when a label is already set for an existing partition. It is thus only used when a partition is newly created or when an existing one had a no - label set (that is: an empty label). If not specified a label derived from the partition type is + label set (that is: an empty label). If not specified, a label derived from the partition type is automatically used. Simple specifier expansion is supported, see below. @@ -338,7 +338,7 @@ SizeMaxBytes=) otherwise. If the backing device does not provide enough space to fulfill the constraints placing the partition will fail. For partitions that shall be created, depending on the setting of Priority= (see above) the partition might be dropped - and the placing algorithm restarted. By default a minimum size constraint of 10M and no maximum size + and the placing algorithm restarted. By default, a minimum size constraint of 10M and no maximum size constraint is set. @@ -351,7 +351,7 @@ Specifies minimum and maximum size constraints in bytes for the free space after the partition (the "padding"). Semantics are similar to SizeMinBytes= and SizeMaxBytes=, except that unlike partition sizes free space can be shrunk and can - be as small as zero. By default no size constraints on padding are set, so that only + be as small as zero. By default, no size constraints on padding are set, so that only PaddingWeight= determines the size of the padding applied. @@ -391,7 +391,7 @@ This option has no effect if the partition it is declared for already exists, i.e. existing data is never overwritten. Note that the data is copied in before the partition table is updated, i.e. before the partition actually is persistently created. This provides robustness: it is - guaranteed that the partition either doesn't exist or exists fully populated; it is not possible that + guaranteed that the partition either does not exist or exists fully populated; it is not possible that the partition exists but is not or only partially populated. This option cannot be combined with Format= or @@ -445,7 +445,7 @@ The copy operation is executed before the file system is registered in the partition table, thus ensuring that a file system populated this way only ever exists fully initialized. - Note that CopyFiles= will skip copying files that aren't supported by the + Note that CopyFiles= will skip copying files that are not supported by the target filesystem (e.g symlinks, fifos, sockets and devices on vfat). When an unsupported file type is encountered, systemd-repart will skip copying this file and write a log message about it. @@ -718,7 +718,7 @@ Flags= Configures the 64-bit GPT partition flags field to set for the partition when creating - it. This option has no effect if the partition already exists. If not specified the flags values is + it. This option has no effect if the partition already exists. If not specified, the flags value is set to all zeroes, except for the three bits that can also be configured via NoAuto=, ReadOnly= and GrowFileSystem=; see below for details on the defaults for these three flags. Specify the flags value in hexadecimal (by diff --git a/man/resolvectl.xml b/man/resolvectl.xml index 44c0e6622f..a176fe4fa8 100644 --- a/man/resolvectl.xml +++ b/man/resolvectl.xml @@ -43,7 +43,7 @@ The program's output contains information about the protocol used for the look-up and on which network interface the data was discovered. It also contains information on whether the information could be - authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover all data + authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover, all data originating from local, trusted sources is also reported authenticated, including resolution of the local host name, the localhost hostname or all data from /etc/hosts. @@ -84,10 +84,10 @@ RFC 2782 SRV services, depending on the specified list of parameters. If three parameters are passed the first is assumed to be the DNS-SD service name, the second the SRV service type, and the third the - domain to search in. In this case a full DNS-SD style SRV and + domain to search in. In this case, a full DNS-SD style SRV and TXT lookup is executed. If only two parameters are specified, the first is assumed to be the SRV service type, and the second the - domain to look in. In this case no TXT resource record is requested. + domain to look in. In this case, no TXT resource record is requested. Finally, if only one parameter is specified, it is assumed to be a domain name, that is already prefixed with an SRV type, and an SRV lookup is done (no TXT). @@ -298,7 +298,7 @@ llmnr-ipv4, llmnr-ipv6 (LLMNR via the indicated underlying IP protocols), mdns (Multicast DNS), mdns-ipv4, mdns-ipv6 (MDNS via the indicated underlying IP protocols). - By default the lookup is done via all protocols suitable for the lookup. If used, limits the set of + By default, the lookup is done via all protocols suitable for the lookup. If used, limits the set of protocols that may be used. Use this option multiple times to enable resolving via multiple protocols at the same time. The setting llmnr is identical to specifying this switch once with llmnr-ipv4 and once via llmnr-ipv6. Note that this option does not force @@ -399,7 +399,7 @@ Takes a boolean parameter; used in conjunction with query. If true (the default), lookups use the local DNS resource record cache. If false, lookups are routed to the - network instead, regardless if already available in the local cache. + network instead, regardless of whether already available in the local cache. diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml index 65dd83f240..a90de83b84 100644 --- a/man/resolved.conf.xml +++ b/man/resolved.conf.xml @@ -201,7 +201,7 @@ returned data could not be verified (either because the data was found unsigned in the DNS, or the DNS server did not support DNSSEC or no appropriate trust anchors were known). In - the latter case it is assumed that client programs employ a + the latter case, it is assumed that client programs employ a secondary scheme to validate the returned DNS data, should this be required. @@ -294,7 +294,7 @@ CacheFromLocalhost= Takes a boolean as argument. If no (the default), and response cames from - host-local IP address (such as 127.0.0.1 or ::1), the result wouldn't be cached in order to avoid + host-local IP address (such as 127.0.0.1 or ::1), the result would not be cached in order to avoid potential duplicate local caching. @@ -382,7 +382,7 @@ DNSStubListenerExtra=udp:[2001:db8:0:f102::13]:9953 This is useful when a DNS server failure occurs or becomes unreachable. In such cases, systemd-resolved8 continues to use the stale records to answer DNS queries, particularly when no valid response can be - obtained from the upstream DNS servers. However, this doesn't apply to NXDOMAIN responses, as those + obtained from the upstream DNS servers. However, this does not apply to NXDOMAIN responses, as those are still perfectly valid responses. This feature enhances resilience against DNS infrastructure failures and outages. diff --git a/man/run0.xml b/man/run0.xml index 1c42d46baa..16774813d4 100644 --- a/man/run0.xml +++ b/man/run0.xml @@ -215,7 +215,7 @@ Set a shell prompt prefix string. This ultimately controls the $SHELL_PROMPT_PREFIX environment variable for the invoked program, which is - typically imported into the shell prompt. By default – if emojis are supported – a superhero emoji is + typically imported into the shell prompt. By default – if emojis are supported –, a superhero emoji is shown (🦸). This default may also be changed (or turned off) by passing the $SYSTEMD_RUN_SHELL_PROMPT_PREFIX environment variable to run0, see below. Set to an empty string to disable shell prompt prefixing. @@ -291,7 +291,7 @@ $SHELL_PROMPT_PREFIX - By default set to the superhero emoji (if supported), but may be overridden with the + By default, set to the superhero emoji (if supported), but may be overridden with the $SYSTEMD_RUN_SHELL_PROMPT_PREFIX environment variable (see below), or the switch (see above). diff --git a/man/sd-json.xml b/man/sd-json.xml index 95a1985d6f..de75be042d 100644 --- a/man/sd-json.xml +++ b/man/sd-json.xml @@ -40,7 +40,7 @@ The API's central data structure is JsonVariant which encapsulates a JSON object, array, string, boolean, number or null value. These data structures are mostly considered immutable after - construction (i.e. their contents won't change, but some meta-data might, such as reference counters). + construction (i.e. their contents will not change, but some meta-data might, such as reference counters). The APIs broadly fall into five categories: diff --git a/man/sd_bus_add_match.xml b/man/sd_bus_add_match.xml index 575d628364..2cdd6db055 100644 --- a/man/sd_bus_add_match.xml +++ b/man/sd_bus_add_match.xml @@ -134,7 +134,7 @@ If an error occurs during the callback invocation, the callback should return a negative error number (optionally, a more precise error may be returned in ret_error, as well). If it wants other - callbacks that match the same rule to be called, it should return 0. Otherwise it should return a positive integer. + callbacks that match the same rule to be called, it should return 0. Otherwise, it should return a positive integer. If the bus refers to a direct connection (i.e. not a bus connection, as set with diff --git a/man/sd_bus_attach_event.xml b/man/sd_bus_attach_event.xml index 16d46e5c45..47baedc239 100644 --- a/man/sd_bus_attach_event.xml +++ b/man/sd_bus_attach_event.xml @@ -58,7 +58,7 @@ will be automatically read and processed, and outgoing messages written, whenever the event loop is run. When the event loop is about to terminate, the bus connection is automatically flushed and closed (see sd_bus_set_close_on_exit3 for - details on this). By default bus connection objects are not attached to any event loop. When a bus connection + details on this). By default, bus connection objects are not attached to any event loop. When a bus connection object is attached to one it is not necessary to invoke sd_bus_wait3 or sd_bus_process3 as this diff --git a/man/sd_bus_get_fd.xml b/man/sd_bus_get_fd.xml index c7bab0f955..21eba13013 100644 --- a/man/sd_bus_get_fd.xml +++ b/man/sd_bus_get_fd.xml @@ -77,7 +77,7 @@ CLOCK_MONOTONIC and specified in microseconds. When converting this value in order to pass it as third argument to poll() (which expects relative milliseconds), care should be taken to convert to a relative time and use a division that rounds up to ensure the I/O polling - operation doesn't sleep for shorter than necessary, which might result in unintended busy looping + operation does not sleep for shorter than necessary, which might result in unintended busy looping (alternatively, use ppoll2 instead of plain poll(), which understands timeouts with nano-second granularity). diff --git a/man/sd_bus_message_read.xml b/man/sd_bus_message_read.xml index 7ee3448968..eab02b5d64 100644 --- a/man/sd_bus_message_read.xml +++ b/man/sd_bus_message_read.xml @@ -209,7 +209,7 @@ sd_bus_message_read(m, "x", &x); Read a boolean value: sd_bus_message *m; -int x; /* Do not use C99 'bool' type here, it's typically smaller +int x; /* Do not use C99 "bool" type here, it is typically smaller in memory and would cause memory corruption */ sd_bus_message_read(m, "b", &x); diff --git a/man/sd_bus_message_seal.xml b/man/sd_bus_message_seal.xml index d64486b41a..25f0d325db 100644 --- a/man/sd_bus_message_seal.xml +++ b/man/sd_bus_message_seal.xml @@ -45,7 +45,7 @@ corresponding request. timeout_usec specifies the maximum time in microseconds to wait for a reply to arrive. - Note that in most scenarios, it's not necessary to call this function directly. + Note that in most scenarios, it is not necessary to call this function directly. sd_bus_call3, sd_bus_call_async3 and sd_bus_send3 diff --git a/man/sd_bus_message_sensitive.xml b/man/sd_bus_message_sensitive.xml index af46a6ed7e..f994c8bb25 100644 --- a/man/sd_bus_message_sensitive.xml +++ b/man/sd_bus_message_sensitive.xml @@ -39,7 +39,7 @@ sensitive data. This ensures that the message data is carefully removed from memory (specifically, overwritten with zero bytes) when released. It is recommended to mark all incoming and outgoing messages like this that contain security credentials and similar data that should be dealt with carefully. Note - that it is not possible to unmark messages like this, it's a one way operation. If a message is already + that it is not possible to unmark messages like this, it is a one way operation. If a message is already marked sensitive and then marked sensitive a second time the message remains marked so and no further operation is executed. diff --git a/man/sd_bus_message_set_destination.xml b/man/sd_bus_message_set_destination.xml index 1e2775dd5d..bbb38596c4 100644 --- a/man/sd_bus_message_set_destination.xml +++ b/man/sd_bus_message_set_destination.xml @@ -81,7 +81,7 @@ sd_bus_message_get_member() return the destination, path, interface, and member fields from message header. The return value will be NULL is message is NULL or the - message is of a type that doesn't use those fields or the message doesn't have them set. See + message is of a type that does not use those fields or the message does not have them set. See sd_bus_message_new_method_call3 and sd_bus_message_set_destination3 for more discussion of those values. @@ -96,7 +96,7 @@ When a string is returned, it is a pointer to internal storage, and may not be modified or freed. It is only valid as long as the message remains referenced and - this field hasn't been changed by a different call. + this field has not been changed by a different call. diff --git a/man/sd_bus_query_sender_creds.xml b/man/sd_bus_query_sender_creds.xml index f7c802bee9..dff38d07b6 100644 --- a/man/sd_bus_query_sender_creds.xml +++ b/man/sd_bus_query_sender_creds.xml @@ -52,7 +52,7 @@ for a list of possible flags. First, this message checks if the requested credentials are attached to the message itself. If not, but the message contains the pid of the sender and the caller specified the SD_BUS_CREDS_AUGMENT flag, this function tries to figure out - the missing credentials via other means (starting from the pid). If the pid isn't available but the + the missing credentials via other means (starting from the pid). If the PID is not available but the message has a sender, this function calls sd_bus_get_name_creds3 to get the requested credentials. If the message has no sender (when a direct connection is used), this diff --git a/man/sd_bus_send.xml b/man/sd_bus_send.xml index 8cdfff07ba..97b5850991 100644 --- a/man/sd_bus_send.xml +++ b/man/sd_bus_send.xml @@ -56,11 +56,11 @@ sd_bus_send() queues the bus message object m for transfer. If bus is NULL, the bus that m is attached to is used. bus only needs to be set when the - message is sent to a different bus than the one it's attached to, for example when forwarding messages. + message is sent to a different bus than the one it is attached to, for example when forwarding messages. If the output parameter cookie is not NULL, it is set to the message identifier. This value can later be used to match incoming replies to their corresponding messages. If cookie is set to NULL and the message is not - sealed, sd_bus_send() assumes the message m doesn't expect a + sealed, sd_bus_send() assumes the message m does not expect a reply and adds the necessary headers to indicate this. Note that in most scenarios, sd_bus_send() should not be called diff --git a/man/sd_bus_service_reconnect.c b/man/sd_bus_service_reconnect.c index fc7c3b1a72..ddb9c6b497 100644 --- a/man/sd_bus_service_reconnect.c +++ b/man/sd_bus_service_reconnect.c @@ -181,7 +181,7 @@ static int setup(object *o) { o); if (r < 0) return log_error(r, "sd_bus_add_object_vtable()"); - /* By default the service is only assigned an ephemeral name. Also add a + /* By default, the service is only assigned an ephemeral name. Also add a * well-known one, so that clients know whom to call. This needs to be * asynchronous, as D-Bus might not be yet available. The callback will check * whether the error is expected or not, in case it fails. @@ -242,7 +242,7 @@ int main(int argc, char **argv) { if (r < 0) return log_error(r, "sd_event_default()"); - /* By default the event loop will terminate when all sources have disappeared, + /* By default, the event loop will terminate when all sources have disappeared, * so we have to keep it 'occupied'. Register signal handling to do so. * https://www.freedesktop.org/software/systemd/man/sd_event_add_signal.html */ diff --git a/man/sd_bus_set_close_on_exit.xml b/man/sd_bus_set_close_on_exit.xml index 43f6eff093..bb551a0105 100644 --- a/man/sd_bus_set_close_on_exit.xml +++ b/man/sd_bus_set_close_on_exit.xml @@ -55,7 +55,7 @@ sd-event3 event loop, see sd_bus_attach_event3. - By default this mechanism is enabled and makes sure that any pending messages that have not been + By default, this mechanism is enabled and makes sure that any pending messages that have not been written to the bus connection are written out when the event loop is shutting down. In some cases this behaviour is not desirable, for example when the bus connection shall remain usable until after the event loop exited. If b is true, the feature is enabled diff --git a/man/sd_bus_set_sender.xml b/man/sd_bus_set_sender.xml index 0f8e40d3a6..24108446a0 100644 --- a/man/sd_bus_set_sender.xml +++ b/man/sd_bus_set_sender.xml @@ -50,7 +50,7 @@ that are sent on the connection and have no sender set yet, for example through sd_bus_message_set_sender3. Note that this function is only supported on direct connections, i.e. not on connections to a bus broker as the broker - will fill in the sender service name automatically anyway. By default no sender name is configured, and hence + will fill in the sender service name automatically anyway. By default, no sender name is configured, and hence messages are sent without sender field set. If the name parameter is specified as NULL the default sender service name is cleared, returning to the default state if a default sender service name was set before. If passed as non-NULL the specified name must be a valid diff --git a/man/sd_bus_set_watch_bind.xml b/man/sd_bus_set_watch_bind.xml index 6619d3c9cb..747a397e61 100644 --- a/man/sd_bus_set_watch_bind.xml +++ b/man/sd_bus_set_watch_bind.xml @@ -61,7 +61,7 @@ sd_bus_call3, sd_bus_add_match3 or sd_bus_request_name3), - that is used on a connection with this feature enabled that hasn't been established yet, might block + that is used on a connection with this feature enabled that has not been established yet, might block forever if the socket is never created. However, asynchronous remote operations (such as sd_bus_send3, sd_bus_call_async3, diff --git a/man/sd_bus_track_add_name.xml b/man/sd_bus_track_add_name.xml index a7be6a24b8..5b3306da65 100644 --- a/man/sd_bus_track_add_name.xml +++ b/man/sd_bus_track_add_name.xml @@ -126,7 +126,7 @@ sd_bus_track_count() returns the number of names currently being tracked by the specified bus peer tracking object. Note that this function always returns the actual number of names tracked, and hence if sd_bus_track_add_name() has been invoked multiple times for the same name it is only - counted as one, regardless if recursive mode is used or not. + counted as one, regardless of whether recursive mode is used or not. sd_bus_track_count_name() returns the current per-name counter for the specified name. If non-recursive mode is used this returns either 1 or 0, depending on whether the specified name has been @@ -159,7 +159,7 @@ On success, sd_bus_track_add_name() and sd_bus_track_add_sender() return 0 if the specified name has already been added to the bus peer tracking object before and positive if it - hasn't. On failure, they return a negative errno-style error code. + has not. On failure, they return a negative errno-style error code. sd_bus_track_remove_name() and sd_bus_track_remove_sender() return positive if the specified name was previously tracked by the bus peer tracking object and has now been removed. In diff --git a/man/sd_bus_track_new.xml b/man/sd_bus_track_new.xml index 7041e92f78..e8480eb52e 100644 --- a/man/sd_bus_track_new.xml +++ b/man/sd_bus_track_new.xml @@ -137,7 +137,7 @@ irrelevant and the tracking of the specific peer is immediately removed. sd_bus_track_get_recursive() may be used to determine whether the bus peer tracking object is operating in recursive mode. sd_bus_track_set_recursive() may be used to enable or - disable recursive mode. By default a bus peer tracking object operates in non-recursive mode, and + disable recursive mode. By default, a bus peer tracking object operates in non-recursive mode, and sd_bus_track_get_recursive() for a newly allocated object hence returns a value equal to zero. Use sd_bus_track_set_recursive() to enable recursive mode, right after allocation. It takes a boolean argument to enable or disable recursive mode. Note that tracking objects for which diff --git a/man/sd_event_add_child.xml b/man/sd_event_add_child.xml index fa2361d221..e3b9cdd746 100644 --- a/man/sd_event_add_child.xml +++ b/man/sd_event_add_child.xml @@ -155,7 +155,7 @@ project='man-pages'>pthread_sigmask3). If the second parameter of sd_event_add_child() is passed as - NULL no reference to the event source object is returned. In this case the event + NULL no reference to the event source object is returned. In this case, the event source is considered "floating", and will be destroyed implicitly when the event loop itself is destroyed. @@ -202,7 +202,7 @@ sd_event_source_get_child_pidfd() retrieves the file descriptor referencing the watched process ("pidfd") if this functionality is available. On kernels that support the concept the - event loop will make use of pidfds to watch child processes, regardless if the individual event sources + event loop will make use of pidfds to watch child processes, regardless of whether the individual event sources are allocated via sd_event_add_child() or sd_event_add_child_pidfd(). If the latter call was used to allocate the event source, this function returns the file descriptor used for allocation. On kernels that do not support the @@ -212,7 +212,7 @@ sd_event_source_get_child_pidfd_own() may be used to query whether the pidfd the event source encapsulates shall be closed when the event source is freed. This function returns zero - if the pidfd shall be left open, and positive if it shall be closed automatically. By default this + if the pidfd shall be left open, and positive if it shall be closed automatically. By default, this setting defaults to on if the event source was allocated via sd_event_add_child() and off if it was allocated via sd_event_add_child_pidfd(). The sd_event_source_set_child_pidfd_own() function may be used to change the setting and @@ -221,7 +221,7 @@ sd_event_source_get_child_process_own() may be used to query whether the process the event source watches shall be killed (with SIGKILL) and reaped when the event source is freed. This function returns zero if the process shell be left running, and positive if - it shall be killed and reaped automatically. By default this setting defaults to off. The + it shall be killed and reaped automatically. By default, this setting defaults to off. The sd_event_source_set_child_process_own() function may be used to change the setting and takes a boolean parameter with the new setting. Note that currently if the calling process is terminated abnormally the watched process might survive even thought the event source ceases to diff --git a/man/sd_event_add_defer.xml b/man/sd_event_add_defer.xml index af43ef1449..811992453b 100644 --- a/man/sd_event_add_defer.xml +++ b/man/sd_event_add_defer.xml @@ -122,7 +122,7 @@ sd_event_source_set_enabled3. If the second parameter of these functions is passed as NULL no reference to - the event source object is returned. In this case the event source is considered "floating", and will be + the event source object is returned. In this case, the event source is considered "floating", and will be destroyed implicitly when the event loop itself is destroyed. If the handler parameter to sd_event_add_defer() or diff --git a/man/sd_event_add_inotify.xml b/man/sd_event_add_inotify.xml index ed26c8ac96..abebff32f8 100644 --- a/man/sd_event_add_inotify.xml +++ b/man/sd_event_add_inotify.xml @@ -126,7 +126,7 @@ sd_event_source_set_enabled3. If the second parameter of sd_event_add_inotify() is passed as - NULL no reference to the event source object is returned. In this case the event + NULL no reference to the event source object is returned. In this case, the event source is considered "floating", and will be destroyed implicitly when the event loop itself is destroyed. diff --git a/man/sd_event_add_io.xml b/man/sd_event_add_io.xml index 6eab52b030..baf1debaf0 100644 --- a/man/sd_event_add_io.xml +++ b/man/sd_event_add_io.xml @@ -137,7 +137,7 @@ read from or written to the file descriptor to reset the mask of events seen. Setting the I/O event mask to watch for to 0 does not mean - that the event source won't be triggered anymore, as + that the event source will not be triggered anymore, as EPOLLHUP and EPOLLERR may be triggered even with a zero event mask. To temporarily disable an I/O event source use @@ -156,7 +156,7 @@ If the second parameter of sd_event_add_io() is NULL no reference to the event source object - is returned. In this case the event source is considered + is returned. In this case, the event source is considered "floating", and will be destroyed implicitly when the event loop itself is destroyed. @@ -227,7 +227,7 @@ event source shall take ownership of the file descriptor. Takes a boolean parameter b. When true (nonzero), the file descriptor will be closed automatically when the event source is freed or when the file descriptor is replaced by - sd_event_source_set_io_fd(). By default the descriptor is not owned by the event + sd_event_source_set_io_fd(). By default, the descriptor is not owned by the event source, and the application has to do close it on its own if needed. sd_event_source_get_io_fd_own() may be used to query the current setting of the file diff --git a/man/sd_event_add_memory_pressure.xml b/man/sd_event_add_memory_pressure.xml index 096f0480ef..6b24643f41 100644 --- a/man/sd_event_add_memory_pressure.xml +++ b/man/sd_event_add_memory_pressure.xml @@ -84,7 +84,7 @@ with SD_EVENT_OFF. If the second parameter of sd_event_add_memory_pressure() is - NULL no reference to the event source object is returned. In this case the event + NULL no reference to the event source object is returned. In this case, the event source is considered "floating", and will be destroyed implicitly when the event loop itself is destroyed. @@ -138,7 +138,7 @@ This event source typically fires on memory pressure stalls, i.e. when operational latency above a configured threshold already has been seen. This should be taken into consideration when discussing - whether later latency to re-aquire any released resources is acceptable: it's usually more important to + whether later latency to re-aquire any released resources is acceptable: it is usually more important to think of the latencies that already happened than those coming up in future. The sd_event_source_set_memory_pressure_type() and diff --git a/man/sd_event_add_signal.xml b/man/sd_event_add_signal.xml index ec8210b0b8..1956f45f6e 100644 --- a/man/sd_event_add_signal.xml +++ b/man/sd_event_add_signal.xml @@ -107,7 +107,7 @@ If the second parameter of sd_event_add_signal() is NULL no reference to the event source object - is returned. In this case the event source is considered + is returned. In this case, the event source is considered "floating", and will be destroyed implicitly when the event loop itself is destroyed. diff --git a/man/sd_event_add_time.xml b/man/sd_event_add_time.xml index c65c367eac..75176c06d2 100644 --- a/man/sd_event_add_time.xml +++ b/man/sd_event_add_time.xml @@ -164,7 +164,7 @@ If the second parameter of sd_event_add_time() is NULL no reference to the event source object - is returned. In this case the event source is considered + is returned. In this case, the event source is considered "floating", and will be destroyed implicitly when the event loop itself is destroyed. @@ -197,7 +197,7 @@ base the usec parameter passed to the timer callback, or the timestamp returned by sd_event_now(). In the former case timer - events will be regular, while in the latter case the scheduling + events will be regular, while in the latter case, the scheduling latency will keep accumulating on the timer. sd_event_source_get_time() retrieves the configured time value of an event diff --git a/man/sd_event_set_signal_exit.xml b/man/sd_event_set_signal_exit.xml index 10b68a0edf..fd40863868 100644 --- a/man/sd_event_set_signal_exit.xml +++ b/man/sd_event_set_signal_exit.xml @@ -48,10 +48,10 @@ If the parameter b is specified as true, the event loop will terminate on SIGINT and SIGTERM. If specified as false, it will no longer. When this functionality is turned off the calling thread's signal mask is restored to match the - state before it was turned on, for the two signals. By default the two signals are not handled by the + state before it was turned on, for the two signals. By default, the two signals are not handled by the event loop, and Linux' default signal handling for them is in effect. - It's customary for UNIX programs to exit on either of these two signals, hence it's typically a + It is customary for UNIX programs to exit on either of these two signals, hence it is typically a good idea to enable this functionality for the main event loop of a program. diff --git a/man/sd_event_source_set_ratelimit.xml b/man/sd_event_source_set_ratelimit.xml index cc1ce816bc..4adfb44f73 100644 --- a/man/sd_event_source_set_ratelimit.xml +++ b/man/sd_event_source_set_ratelimit.xml @@ -74,10 +74,10 @@ dispatched more often than the specified burst within the specified interval it is placed in a mode similar to being disabled with sd_event_source_set_enabled3 - and the SD_EVENT_OFF parameter. However it is disabled only temporarily – once the + and the SD_EVENT_OFF parameter. However, it is disabled only temporarily – once the specified interval is over regular operation resumes. It is again disabled temporarily once the specified rate limiting is hit the next time. If either the interval or the burst value are specified as zero, rate - limiting is turned off. By default event sources do not have rate limiting enabled. Note that rate + limiting is turned off. By default, event sources do not have rate limiting enabled. Note that rate limiting and disabling via sd_event_source_set_enabled() are independent of each other, and an event source will only effect event loop wake-ups and is dispatched while it both is enabled and rate limiting is not in effect. @@ -111,7 +111,7 @@ return a negative errno-style error code. sd_event_source_is_ratelimited() returns zero if rate limiting is currently not in effect and greater than zero if it is in effect; it returns a negative errno-style error code on failure. sd_event_source_leave_ratelimit() - returns zero if rate limiting wasn't in effect on the specified event source, and positive if it was and + returns zero if rate limiting was not in effect on the specified event source, and positive if it was and rate limiting is now turned off again; it returns a negative errno-style error code on failure. @@ -151,7 +151,7 @@ -ENOEXEC sd_event_source_get_ratelimit() was called on an event source - that doesn't have rate limiting configured. + that does not have rate limiting configured. diff --git a/man/sd_journal_get_catalog.xml b/man/sd_journal_get_catalog.xml index 6db9b8bf17..56acabb441 100644 --- a/man/sd_journal_get_catalog.xml +++ b/man/sd_journal_get_catalog.xml @@ -85,9 +85,9 @@ Notes Function sd_journal_get_catalog() is thread-agnostic and only - a single specific thread may operate on a given object during its entire lifetime. It's safe to allocate multiple - independent objects and use each from a specific thread in parallel. However, it's not safe to allocate such an - object in one thread, and operate or free it from any other, even if locking is used to ensure these threads don't + a single specific thread may operate on a given object during its entire lifetime. It is safe to allocate multiple + independent objects and use each from a specific thread in parallel. However, it is not safe to allocate such an + object in one thread, and operate or free it from any other, even if locking is used to ensure these threads do not operate on it at the very same time. Function sd_journal_get_catalog_for_message_id() is are thread-safe and may be called in diff --git a/man/sd_journal_get_data.xml b/man/sd_journal_get_data.xml index 61e9268a7e..e3c8e0b5cd 100644 --- a/man/sd_journal_get_data.xml +++ b/man/sd_journal_get_data.xml @@ -148,7 +148,7 @@ code. sd_journal_enumerate_data() and sd_journal_enumerate_available_data() return a positive integer if the next field has been read, 0 when no more fields remain, or a negative errno-style error code. - sd_journal_restart_data() doesn't return anything. + sd_journal_restart_data() does not return anything. sd_journal_set_data_threshold() and sd_journal_get_threshold() return 0 on success or a negative errno-style error code. diff --git a/man/sd_journal_get_fd.xml b/man/sd_journal_get_fd.xml index 2f7afa8763..9510ecc45f 100644 --- a/man/sd_journal_get_fd.xml +++ b/man/sd_journal_get_fd.xml @@ -192,7 +192,7 @@ else { invocation. If SD_JOURNAL_APPEND is returned, new entries have been appended to the end - of the journal. In this case it is sufficient to simply continue reading at the previous end location of the + of the journal. In this case, it is sufficient to simply continue reading at the previous end location of the journal, to read the newly added entries. If SD_JOURNAL_INVALIDATE, journal files were added to or removed from the diff --git a/man/sd_journal_has_runtime_files.xml b/man/sd_journal_has_runtime_files.xml index dd6fc02d58..a2dcc1c05f 100644 --- a/man/sd_journal_has_runtime_files.xml +++ b/man/sd_journal_has_runtime_files.xml @@ -46,11 +46,11 @@ sd_journal_has_runtime_files() returns a positive value if runtime journal files (present in /run/systemd/journal/) have been found. - Otherwise returns 0. + Otherwise, returns 0. sd_journal_has_persistent_files() returns a positive value if persistent journal files (present in /var/log/journal/) have been found. - Otherwise returns 0. + Otherwise, returns 0. diff --git a/man/sd_journal_query_unique.xml b/man/sd_journal_query_unique.xml index fedee468fe..3ad1146059 100644 --- a/man/sd_journal_query_unique.xml +++ b/man/sd_journal_query_unique.xml @@ -119,7 +119,7 @@ code. sd_journal_enumerate_unique() and sd_journal_query_available_unique() return a positive integer if the next field data has been read, 0 when no more fields remain, or a negative errno-style error code. - sd_journal_restart_unique() doesn't return anything. + sd_journal_restart_unique() does not return anything. Errors diff --git a/man/sd_listen_fds.xml b/man/sd_listen_fds.xml index 8a10677b93..f8a6d43ffa 100644 --- a/man/sd_listen_fds.xml +++ b/man/sd_listen_fds.xml @@ -52,13 +52,13 @@ (i.e. SD_LISTEN_FDS_START), the remaining descriptors follow at 4, 5, 6, …, if any. - The file descriptors passed this way may be closed at will by the processes receiving them: it's up + The file descriptors passed this way may be closed at will by the processes receiving them: it is up to the processes themselves to close them after use or whether to leave them open until the process exits (in which case the kernel closes them automatically). Note that the file descriptors received by daemons are duplicates of the file descriptors the service manager originally allocated and bound and of which it continuously keeps a copy (except if Accept=yes is used). This means any socket option changes and other changes made to the sockets will be visible to the service manager too. Most - importantly this means it's generally not a good idea to invoke shutdown2 on such sockets, since it will shut down communication on the file descriptor the service manager holds for the same socket too. Also note that if a daemon is restarted (and its associated sockets are not) it will diff --git a/man/sd_notify.xml b/man/sd_notify.xml index 6aaaa64b3f..9ba2c85688 100644 --- a/man/sd_notify.xml +++ b/man/sd_notify.xml @@ -292,7 +292,7 @@ MAINPID=… Change the main process ID (PID) of the service. This is especially useful in the case - where the real main process isn't directly forked off by the service manager. + where the real main process is not directly forked off by the service manager. Example: MAINPID=4711. @@ -362,7 +362,7 @@ Tells the service manager to extend the startup, runtime or shutdown service timeout corresponding the current state. The value specified is a time in microseconds during which the - service must send a new message. A service timeout will occur if the message isn't received, but only + service must send a new message. A service timeout will occur if the message is not received, but only if the runtime of the current state is beyond the original maximum times of TimeoutStartSec=, RuntimeMaxSec=, and TimeoutStopSec=. See diff --git a/man/standard-conf.xml b/man/standard-conf.xml index 0ff71ece72..9f908725f8 100644 --- a/man/standard-conf.xml +++ b/man/standard-conf.xml @@ -61,7 +61,7 @@ /usr/lib/systemd/. The vendor version of the file contains commented out entries showing the defaults as a guide to the administrator. Local overrides can also be created by creating drop-ins, as described below. The main - configuration file can also be edited for this purpose (or a copy in /etc/ if it's + configuration file can also be edited for this purpose (or a copy in /etc/ if it is shipped under /usr/), however using drop-ins for local configuration is recommended over modifications to the main configuration file. diff --git a/man/standard-options.xml b/man/standard-options.xml index d181f90b83..1e958594ad 100644 --- a/man/standard-options.xml +++ b/man/standard-options.xml @@ -110,7 +110,7 @@ Takes an image policy string as argument, as per systemd.image-policy7. The policy is enforced when operating on the disk image specified via , see - above. If not specified defaults to the * policy, i.e. all recognized file systems + above. If not specified, defaults to the * policy, i.e. all recognized file systems in the image are used. diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml index 7e1ecfa030..9bcd62aa53 100644 --- a/man/sysctl.d.xml +++ b/man/sysctl.d.xml @@ -174,7 +174,7 @@ net.ipv4.conf.hub0.rp_filter = 1 net.ipv4.conf.default.rp_filter first, so any interfaces which are added later will get this value (this also covers any interfaces detected while we're running). The glob matches any interfaces which were detected earlier. The glob - will also match net.ipv4.conf.all.rp_filter, which we don't want to set at all, so + will also match net.ipv4.conf.all.rp_filter, which we do not want to set at all, so it is explicitly excluded. And "hub0" is excluded from the glob because it has an explicit setting. diff --git a/man/systemctl.xml b/man/systemctl.xml index fe15bd3722..770f0e0c04 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -59,14 +59,14 @@ List units that systemd currently has in memory. This includes units that are either referenced directly or through a dependency, units that are pinned by applications programmatically, - or units that were active in the past and have failed. By default only units which are active, have pending + or units that were active in the past and have failed. By default, only units which are active, have pending jobs, or have failed are shown; this can be changed with option . If one or more PATTERNs are specified, only units matching one of them are shown. The units that are shown are additionally filtered by and if those options are specified. Note that this command does not show unit templates, but only instances of unit - templates. Units templates that aren't instantiated are not runnable, and will thus never show up + templates. Units templates that are not instantiated are not runnable, and will thus never show up in the output of this command. Specifically this means that foo@.service will never be shown in this list — unless instantiated, e.g. as foo@bar.service. Use list-unit-files (see below) for @@ -357,7 +357,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err on disk, which might not match the system manager's understanding of these units if any unit files were updated on disk and the daemon-reload - command wasn't issued since. + command was not issued since. @@ -391,7 +391,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err default.target is implied. The units that are shown are additionally filtered by and - if those options are specified. Note that we won't be able to + if those options are specified. Note that we will not be able to use a tree structure in this case, so is implied. By default, only target units are recursively @@ -405,7 +405,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Note that this command only lists units currently loaded into memory by the service manager. In particular, this command is not suitable to get a comprehensive list at all reverse dependencies on a - specific unit, as it won't list the dependencies declared by units currently not loaded. + specific unit, as it will not list the dependencies declared by units currently not loaded. @@ -496,8 +496,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Stop and then start one or more units specified on the command line if the units are running. This does nothing if units are not running. - + @@ -514,8 +514,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Reload one or more units if they support it. If not, stop and then start them instead. This does nothing if the units are not running. - + @@ -629,7 +629,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err command line using cgroup freezer Freezing the unit will cause all processes contained within the cgroup corresponding to the unit - to be suspended. Being suspended means that unit's processes won't be scheduled to run on CPU until thawed. + to be suspended. Being suspended means that unit's processes will not be scheduled to run on CPU until thawed. Note that this command is supported only on systems that use unified cgroup hierarchy. Unit is automatically thawed just before we execute a job against the unit, e.g. before the unit is stopped. @@ -1108,12 +1108,12 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err bad - The unit file is invalid or another error occurred. Note that is-enabled will not actually return this state, but print an error message instead. However the unit file listing printed by list-unit-files might show it. + The unit file is invalid or another error occurred. Note that is-enabled will not actually return this state, but print an error message instead. However, the unit file listing printed by list-unit-files might show it. > 0 not-found - The unit file doesn't exist. + The unit file does not exist. 4 @@ -1142,7 +1142,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err specified). If a matching unit file already exists under these directories this operation will hence fail. This means that the operation is primarily useful to mask units shipped by the vendor (as those are shipped in /usr/lib/systemd/system/ and not the aforementioned - two directories), but typically doesn't work for units created locally (as those are typically + two directories), but typically does not work for units created locally (as those are typically placed precisely in the two aforementioned directories). Similar restrictions apply for mode, in which case the directories are below the user's home directory however. @@ -1740,7 +1740,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Shut down and reboot the system via kexec. This command will load a - kexec kernel if one wasn't loaded yet or fail. A kernel may be loaded earlier by a separate step, + kexec kernel if one was not loaded yet or fail. A kernel may be loaded earlier by a separate step, this is particularly useful if a custom initrd or additional kernel command line options are desired. The can be used to continue without a kexec kernel, i.e. to perform a normal reboot. The final reboot step is equivalent to @@ -1939,7 +1939,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err units currently in memory, and patterns which do not match anything are silently skipped. For example: # systemctl stop "sshd@*.service" - will stop all sshd@.service instances. Note that alias names of units, and units that aren't + will stop all sshd@.service instances. Note that alias names of units, and units that are not in memory are not considered for glob expansion. @@ -2350,7 +2350,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err - Don't generate the warnings shown by default in the following cases: + Do not generate the warnings shown by default in the following cases: when systemctl is invoked without procfs mounted on @@ -2358,7 +2358,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err when using enable or disable on units without - install information (i.e. don't have or have an empty [Install] section), + install information (i.e. do not have or have an empty [Install] section), when using disable combined with on units diff --git a/man/systemd-ac-power.xml b/man/systemd-ac-power.xml index a693187864..ca4aa4d768 100644 --- a/man/systemd-ac-power.xml +++ b/man/systemd-ac-power.xml @@ -31,7 +31,7 @@ Description systemd-ac-power may be used to check whether the system - is running on AC power or not. By default it will simply return success (if we + is running on AC power or not. By default, it will simply return success (if we can detect that we are running on AC power) or failure, with no output. This can be useful for example to debug ConditionACPower= (see systemd.unit5). @@ -55,7 +55,7 @@ - Instead of showing AC power state, show low battery state. In this case will return + Instead of showing AC power state, show low battery state. In this case, will return zero if all batteries are currently discharging and below 5% of maximum charge. Returns non-zero otherwise. diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index cf005db70b..a371810f26 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -255,7 +255,7 @@ multi-user.target reached after 47.820s in userspace This command prints a list of all running units, ordered by the time they took to initialize. This information may be used to optimize boot-up times. Note that the output might be misleading as the initialization of one service might be slow simply because it waits for the initialization of another - service to complete. Also note: systemd-analyze blame doesn't display results for + service to complete. Also note: systemd-analyze blame does not display results for services with Type=simple, because systemd considers such services to be started immediately, hence no measurement of the initialization delays can be done. Also note that this command only shows the time units took for starting up, it does not show how long unit jobs spent in the @@ -291,7 +291,7 @@ multi-user.target reached after 47.820s in userspace blame command, this only takes into account the time units spent in activating state, and hence does not cover units that never went through an activating state (such as device units that transition directly from - inactive to active). Moreover it does not show information on + inactive to active). Moreover, it does not show information on jobs (and in particular not jobs that timed out). @@ -371,8 +371,8 @@ $ eog bootup.svg& Note that this plot is based on the most recent per-unit timing data of loaded units. This means that if a unit gets started, then stopped and then started again the information shown will cover the - most recent start cycle, not the first one. Thus it's recommended to consult this information only - shortly after boot, so that this distinction doesn't matter. Moreover, units that are not referenced by + most recent start cycle, not the first one. Thus it is recommended to consult this information only + shortly after boot, so that this distinction does not matter. Moreover, units that are not referenced by any other unit through a dependency might be unloaded by the service manager once they terminate (and did not fail). Such units will not show up in the plot. @@ -688,7 +688,7 @@ NAutoVTs=8 This command has two distinct modes of operation, depending on whether the operator OP is specified. - In the first mode — when OP is not specified — it will compare the two + In the first mode — when OP is not specified —, it will compare the two version strings and print either VERSION1 < VERSION2, or VERSION1 == VERSION2, or VERSION1 > @@ -964,7 +964,7 @@ default ignore - - Reports whether the system is equipped with a usable TPM2 device. If a TPM2 device has been discovered, is supported, and is being used by firmware, by the OS kernel drivers and by userspace (i.e. systemd) this prints yes and exits with exit status zero. If no such device is - discovered/supported/used, prints no. Otherwise prints + discovered/supported/used, prints no. Otherwise, prints partial. In either of these two cases exits with non-zero exit status. It also shows five lines indicating separately whether firmware, drivers, the system, the kernel and libraries discovered/support/use TPM2. Currently, required libraries are libtss2-esys.so.0, @@ -1630,7 +1630,7 @@ LEGEND: M → sys_vendor (LENOVO) ┄ F → product_family (ThinkPad X1 Carbon G When used with the calendar command, show next iterations relative - to the specified point in time. If not specified defaults to the current time. + to the specified point in time. If not specified, defaults to the current time. @@ -1730,7 +1730,7 @@ LEGEND: M → sys_vendor (LENOVO) ┄ F → product_family (ThinkPad X1 Carbon G 0 or 1 if the condition is respectively true or false. In case of the has-tpm2 command returns 0 if a TPM2 device is discovered, - supported and used by firmware, driver, and userspace (i.e. systemd). Otherwise returns the OR + supported and used by firmware, driver, and userspace (i.e. systemd). Otherwise, returns the OR combination of the value 1 (in case firmware support is missing), 2 (in case driver support is missing) and 4 (in case userspace support is missing). If no TPM2 support is available at all, value 7 is hence returned. diff --git a/man/systemd-bless-boot.service.xml b/man/systemd-bless-boot.service.xml index 7ace7703b9..86a3fac799 100644 --- a/man/systemd-bless-boot.service.xml +++ b/man/systemd-bless-boot.service.xml @@ -41,7 +41,7 @@ OS. It contains a file system path (relative to the EFI system partition) of the Boot Loader Specification compliant boot loader entry file or unified kernel image file that was used to boot up the - system. systemd-bless-boot.service removes the two 'tries done' and 'tries left' numeric boot + system. systemd-bless-boot.service removes the two "tries done" and "tries left" numeric boot counters from the filename, which indicates to future invocations of the boot loader that the entry has completed booting successfully at least once. (This service will hence rename the boot loader entry file or unified kernel image file on the first successful boot.) @@ -84,8 +84,8 @@ - When called the 'tries left' counter in the boot loader entry file name or unified kernel image - file name is set to zero, marking the boot loader entry or kernel image as "bad", so that the boot loader won't + When called the "tries left" counter in the boot loader entry file name or unified kernel image + file name is set to zero, marking the boot loader entry or kernel image as "bad", so that the boot loader will not consider it anymore on future boots (at least as long as there are other entries available that are not marked "bad" yet). This command is normally not executed, but can be used to instantly put an end to the boot counting logic if a problem is detected and persistently mark the boot entry as bad. diff --git a/man/systemd-boot-random-seed.service.xml b/man/systemd-boot-random-seed.service.xml index 2e7aff5378..0993f7a75e 100644 --- a/man/systemd-boot-random-seed.service.xml +++ b/man/systemd-boot-random-seed.service.xml @@ -43,12 +43,12 @@ the random seed stored in the ESP is refreshed on every reboot ensuring that multiple subsequent boots will boot with different seeds. On the other hand, the system token is generated randomly once, and then persistently stored in the system's EFI variable - storage, ensuring the same disk image won't result in the same series of boot loader seed values if used + storage, ensuring the same disk image will not result in the same series of boot loader seed values if used on multiple systems in parallel. The systemd-boot-random-seed.service unit invokes the bootctl random-seed command, which updates the random seed in the ESP, and initializes the system - token if it's not initialized yet. The service is conditionalized so that it is run only when a boot + token if it is not initialized yet. The service is conditionalized so that it is run only when a boot loader is used that implements the Boot Loader Interface. For further details see bootctl1, regarding diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml index 2c2128482f..18b0708035 100644 --- a/man/systemd-boot.xml +++ b/man/systemd-boot.xml @@ -602,7 +602,7 @@ If the 'tries left' counter of an entry is greater than zero the entry is considered to be in - 'indeterminate' state. This means the entry has not completed booting successfully yet, but also hasn't been + 'indeterminate' state. This means the entry has not completed booting successfully yet, but also has not been determined not to work. If the 'tries left' counter of an entry is zero it is considered to be in 'bad' state. This means diff --git a/man/systemd-bsod.service.xml b/man/systemd-bsod.service.xml index 29a08710c2..ad16b69eaa 100644 --- a/man/systemd-bsod.service.xml +++ b/man/systemd-bsod.service.xml @@ -52,7 +52,7 @@ When specified, systemd-bsod waits continuously for changes in the - journal if it doesn't find any emergency messages on the initial attempt. + journal if it does not find any emergency messages on the initial attempt. @@ -60,7 +60,7 @@ - Specify the TTY to output to. By default systemd-bsod will + Specify the TTY to output to. By default, systemd-bsod will automatically find a free VT to display the message on. If this option is specified a TTY may be selected explicitly. Use to direct output to the terminal the command is invoked on. diff --git a/man/systemd-creds.xml b/man/systemd-creds.xml index e88cbb5e6f..55c5064b65 100644 --- a/man/systemd-creds.xml +++ b/man/systemd-creds.xml @@ -88,7 +88,7 @@ Generates a host encryption key for credentials, if one has not been generated already. This ensures the /var/lib/systemd/credential.secret file is initialized - with a random secret key if it doesn't exist yet. This secret key is used when encrypting/decrypting + with a random secret key if it does not exist yet. This secret key is used when encrypting/decrypting credentials with encrypt or decrypt, and is only accessible to the root user. Note that there's typically no need to invoke this command explicitly as it is implicitly called when encrypt is invoked, and credential host key encryption @@ -247,7 +247,7 @@ When specified with cat or decrypt controls - whether to add a trailing newline character to the end of the output if it doesn't end in one, + whether to add a trailing newline character to the end of the output if it does not end in one, anyway. Takes one of auto, yes or no. The default mode of auto will suffix the output with a single newline character only when writing credential data to a TTY. @@ -271,20 +271,20 @@ When specified with the encrypt command controls the credential - name to embed in the encrypted credential data. If not specified the name is chosen automatically + name to embed in the encrypted credential data. If not specified, the name is chosen automatically from the filename component of the specified output path. If specified as empty string no credential name is embedded in the encrypted credential, and no verification of credential name is done when the credential is decrypted. When specified with the decrypt command control the credential name to - validate the credential name embedded in the encrypted credential with. If not specified the name is + validate the credential name embedded in the encrypted credential with. If not specified, the name is chosen automatically from the filename component of the specified input path. If no credential name is embedded in the encrypted credential file (i.e. the with an empty string was used when encrypted) the specified name has no effect as no credential name validation is done. Embedding the credential name in the encrypted credential is done in order to protect against - reuse of credentials for purposes they weren't originally intended for, under the assumption the + reuse of credentials for purposes they were not originally intended for, under the assumption the credential name is chosen carefully to encode its intended purpose. @@ -300,7 +300,7 @@ When specified with the decrypt command controls the timestamp to use to validate the "not-after" timestamp that was configured with during - encryption. If not specified defaults to the current system time. + encryption. If not specified, defaults to the current system time. @@ -311,7 +311,7 @@ When specified with the encrypt command controls the time when the credential shall not be used anymore. This embeds the specified timestamp in the encrypted credential. During decryption the timestamp is checked against the current system clock, and if the - timestamp is in the past the decryption will fail. By default no such timestamp is set. Takes a + timestamp is in the past the decryption will fail. By default, no such timestamp is set. Takes a timestamp specification in the format described in systemd.time7. @@ -392,7 +392,7 @@ /etc/systemd/, /run/systemd/, /usr/lib/systemd/ (searched in this order), it is automatically used. The option takes a list of TPM2 PCR indexes to bind to (same - syntax as described above). If not specified defaults to 11 (i.e. this + syntax as described above). If not specified, defaults to 11 (i.e. this binds the policy to any unified kernel image for which a PCR signature can be provided). Note the difference between and diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml index fb36f455ba..b80a63f426 100644 --- a/man/systemd-cryptenroll.xml +++ b/man/systemd-cryptenroll.xml @@ -229,7 +229,7 @@ Note that currently when enrolling a new key of one of the five supported types listed above, it is required to first provide a passphrase, a recovery key, a FIDO2 token, or a TPM2 key. It's currently not supported to unlock a device with a PKCS#11 key in order to enroll a new PKCS#11 key. Thus, if in future - key roll-over is desired it's generally recommended to ensure a passphrase, a recovery key, a FIDO2 + key roll-over is desired it is generally recommended to ensure a passphrase, a recovery key, a FIDO2 token, or a TPM2 key is always enrolled. Also note that support for enrolling multiple FIDO2 tokens is currently limited. When multiple FIDO2 @@ -398,7 +398,7 @@ is unsupported if option is also specified. The special value list may be used to enumerate all suitable FIDO2 tokens currently plugged in. Note that many hardware security tokens that implement FIDO2 also implement the older PKCS#11 - standard. Typically FIDO2 is preferable, given it's simpler to use and more modern. + standard. Typically FIDO2 is preferable, given it is simpler to use and more modern. In order to unlock a LUKS2 volume with an enrolled FIDO2 security token, specify the option in the respective /etc/crypttab line: @@ -628,7 +628,7 @@ /etc/systemd/, /run/systemd/, /usr/lib/systemd/ (searched in this order), it is automatically used. The option takes a list of TPM2 PCR indexes to bind to (same - syntax as described above). If not specified defaults to 11 (i.e. this + syntax as described above). If not specified, defaults to 11 (i.e. this binds the policy to any unified kernel image for which a PCR signature can be provided). Note the difference between and diff --git a/man/systemd-dissect.xml b/man/systemd-dissect.xml index 191ae3394b..fccc61c6d8 100644 --- a/man/systemd-dissect.xml +++ b/man/systemd-dissect.xml @@ -152,7 +152,7 @@ unmounted. The OS image may either be specified as path to an OS image stored in a regular file or may - refer to block device node (in the latter case the block device must be the "whole" device, i.e. not + refer to block device node (in the latter case, the block device must be the "whole" device, i.e. not a partition device). (The other supported commands described here support this, too.) All mounted file systems are checked with the appropriate Detach the specified disk image from a loopback block device. This undoes the effect of above. This expects either a path to a loopback block device as an - argument, or the path to the backing image file. In the latter case it will automatically determine + argument, or the path to the backing image file. In the latter case, it will automatically determine the right device to detach. @@ -277,9 +277,9 @@ the current working directory, or an absolute path, both outside of the image). If the destination path is omitted or specified as dash (-), the specified file is written to standard output. If the source path in the image file system refers to a regular file it is copied to - the destination path. In this case access mode, extended attributes and timestamps are copied as + the destination path. In this case, access mode, extended attributes and timestamps are copied as well, but file ownership is not. If the source path in the image refers to a directory, it is copied - to the destination path, recursively with all containing files and directories. In this case the file + to the destination path, recursively with all containing files and directories. In this case, the file ownership is copied too. @@ -295,9 +295,9 @@ image) and a destination path (relative to the image's root directory). If the source path is omitted or specified as dash (-), the data to write is read from standard input. If the source path in the host file system refers to a regular file, it is copied to the destination path. - In this case access mode, extended attributes and timestamps are copied as well, but file ownership + In this case, access mode, extended attributes and timestamps are copied as well, but file ownership is not. If the source path in the host file system refers to a directory it is copied to the - destination path, recursively with all containing files and directories. In this case the file + destination path, recursively with all containing files and directories. In this case, the file ownership is copied too. As with file system checks are implicitly run before the copy @@ -344,7 +344,7 @@ dissection policy into account. Since this operation does not mount file systems, this command – unlike all other commands implemented by this tool – requires no privileges other than the ability to access the specified file. Prints "OK" and returns zero if the image appears to be in order and - matches the specified image dissection policy. Otherwise prints an error message and returns + matches the specified image dissection policy. Otherwise, prints an error message and returns non-zero. @@ -366,7 +366,7 @@ - Operate in read-only mode. By default will establish + Operate in read-only mode. By default, will establish writable mount points. If this option is specified they are established in read-only mode instead. @@ -376,7 +376,7 @@ - Turn off automatic file system checking. By default when an image is accessed for + Turn off automatic file system checking. By default, when an image is accessed for writing (by or ) the file systems contained in the OS image are automatically checked using the appropriate fsck8 @@ -390,7 +390,7 @@ Turn off automatic growing of accessed file systems to their partition size, if - marked for that in the GPT partition table. By default when an image is accessed for writing (by + marked for that in the GPT partition table. By default, when an image is accessed for writing (by or ) the file systems contained in the OS image are automatically grown to their partition sizes, if bit 59 in the GPT partition flags is set for partition types that are defined by the Write configuration even if the relevant files already exist. Without this option, - systemd-firstboot doesn't modify or replace existing files. Note that when + systemd-firstboot does not modify or replace existing files. Note that when configuring the root account, even with this option, systemd-firstboot only modifies the entry of the root user, leaving other entries in /etc/passwd and /etc/shadow intact. @@ -337,7 +337,7 @@ - Takes a boolean argument. By default when prompting the user for configuration + Takes a boolean argument. By default, when prompting the user for configuration options a brief welcome text is shown before the first question is asked. Pass false to this option to turn off the welcome text. @@ -445,7 +445,7 @@ systemd.firstboot= Takes a boolean argument, defaults to on. If off, systemd-firstboot.service - won't interactively query the user for basic settings at first boot, even if those settings are not + will not interactively query the user for basic settings at first boot, even if those settings are not initialized yet. diff --git a/man/systemd-import-generator.xml b/man/systemd-import-generator.xml index 108509d7d4..1ccccb2689 100644 --- a/man/systemd-import-generator.xml +++ b/man/systemd-import-generator.xml @@ -130,7 +130,7 @@ completing the download successfully, or unsuccessfully. See SuccessAction=/FailureAction= on systemd.unit5 for - details about the available actions. If not specified no action is taken, and the system will + details about the available actions. If not specified, no action is taken, and the system will continue to boot normally. diff --git a/man/systemd-journal-remote.service.xml b/man/systemd-journal-remote.service.xml index be195a0508..d6258ce2fc 100644 --- a/man/systemd-journal-remote.service.xml +++ b/man/systemd-journal-remote.service.xml @@ -49,7 +49,7 @@ systemd-journal-remote.service is a system service that uses systemd-journal-remote to listen for connections. systemd-journal-remote.socket configures the network address that - systemd-journal-remote.service listens on. By default this is port 19532. + systemd-journal-remote.service listens on. By default, this is port 19532. What connections are accepted and how the received data is stored can be configured through the journal-remote.conf5 configuration file. diff --git a/man/systemd-journald.service.xml b/man/systemd-journald.service.xml index 94df62fb50..3a9d804972 100644 --- a/man/systemd-journald.service.xml +++ b/man/systemd-journald.service.xml @@ -77,7 +77,7 @@ necessary. Individual fields making up a log record stored in the journal may be up to 2⁶⁴-1 bytes in size. The journal service stores log data either persistently below /var/log/journal or in a - volatile way below /run/log/journal/ (in the latter case it is lost at reboot). By default, log + volatile way below /run/log/journal/ (in the latter case, it is lost at reboot). By default, log data is stored persistently if /var/log/journal/ exists during boot, with an implicit fallback to volatile storage otherwise. Use Storage= in journald.conf5 to configure @@ -112,7 +112,7 @@ systemd-tmpfiles --create --prefix /var/log/journal If systemd-journald.service is stopped, the stream connections associated with all services are terminated. Further writes to those streams by the service will result in EPIPE - errors. In order to react gracefully in this case it is recommended that programs logging to standard output/error + errors. In order to react gracefully in this case, it is recommended that programs logging to standard output/error ignore such errors. If the SIGPIPE UNIX signal handler is not blocked or turned off, such write attempts will also result in such process signals being generated, see signal7. @@ -152,7 +152,7 @@ systemd-tmpfiles --create --prefix /var/log/journal consisting of one or more services from the rest of the system and a mechanism for improving performance. Multiple journal namespaces may exist simultaneously, each defining its own, independent log stream managed by its own instance of systemd-journald. Namespaces are independent of - each other, both in the data store and in the IPC interface. By default only a single 'default' namespace + each other, both in the data store and in the IPC interface. By default, only a single "default namespace exists, managed by systemd-journald.service (and its associated socket units). Additional namespaces are created by starting an instance of the systemd-journald@.service service template. The instance name is the namespace @@ -169,7 +169,7 @@ systemd-tmpfiles --create --prefix /var/log/journal the native logging protocol of the journal and via stdout/stderr; the logging from all three transports is associated with the namespace. - By default only the default namespace will collect kernel and audit log messages. + By default, only the default namespace will collect kernel and audit log messages. The systemd-journald instance of the default namespace is configured through /etc/systemd/journald.conf (see below), while the other instances are configured diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml index 368c94f700..97f1abe1f9 100644 --- a/man/systemd-measure.xml +++ b/man/systemd-measure.xml @@ -46,7 +46,7 @@ The result may optionally be signed cryptographically, to allow TPM2 policies that can only be unlocked if a certain set of kernels is booted, for which such a PCR signature can be provided. - It usually doesn't make sense to call this tool directly when constructing a UKI. Instead, + It usually does not make sense to call this tool directly when constructing a UKI. Instead, ukify1 should be used; it will invoke systemd-measure and take care of embedding the resulting measurements into the UKI. @@ -178,7 +178,7 @@ same PEM key should be supplied in both cases. If the is not specified but is - specified the public key is automatically derived from the private key. + specified, the public key is automatically derived from the private key. can be used to specify an X.509 certificate as an alternative to since v256. @@ -234,7 +234,7 @@ enter-initrd:leave-initrd:sysinit:ready, i.e. calculates expected PCR values for the boot phase in the initrd, during early boot, during later boot, and during system runtime, but excluding the phases before the initrd or when shutting down. This setting is honoured both by - calculate and sign. When used with the latter it's particularly + calculate and sign. When used with the latter it is particularly useful for generating PCR signatures that can only be used for unlocking resources during specific parts of the boot process. diff --git a/man/systemd-mount.xml b/man/systemd-mount.xml index 05357b06b1..d0eb9678d7 100644 --- a/man/systemd-mount.xml +++ b/man/systemd-mount.xml @@ -77,7 +77,7 @@ If two arguments are specified, the first indicates the mount source (the WHAT) and the second indicates the path to mount it on (the WHERE). In this mode no probing of the source is attempted, and a backing - device node doesn't have to exist. However, if this mode is combined with , + device node does not have to exist. However, if this mode is combined with , device node probing for additional metadata is enabled, and – much like in the single-argument case discussed above – the specified device has to exist at the time of invocation of the command. @@ -138,7 +138,7 @@ Enable probing of the mount source. This switch is implied if a single argument is specified on the command line. If passed, additional metadata is read from the device to enhance the unit to create. For example, a descriptive string for the transient units is generated from the file system label and device - model. Moreover if a removable block device (e.g. USB stick) is detected an automount unit instead of a regular + model. Moreover, if a removable block device (e.g. USB stick) is detected an automount unit instead of a regular mount unit is created, with a short idle timeout, in order to ensure the file-system is placed in a clean state quickly after each access. @@ -218,7 +218,7 @@ accessed. In automount mode the switch (see below) may be used to ensure the mount point is unmounted automatically after the last access and an idle period passed. - If this switch is not specified it defaults to false. If not specified and is + If this switch is not specified, it defaults to false. If not specified and is used (or only a single argument passed, which implies , see above), and the file system block device is detected to be removable, it is set to true, in order to increase the chance that the file system is in a fully clean state if the device is unplugged abruptly. @@ -238,7 +238,7 @@ Takes a time value that controls the idle timeout in automount mode. If set to - infinity (the default) no automatic unmounts are done. Otherwise the file system backing the + infinity (the default) no automatic unmounts are done. Otherwise, the file system backing the automount point is detached after the last access and the idle timeout passed. See systemd.time7 for details on the time syntax supported. This option has no effect if only a regular mount is established, and automounting @@ -265,7 +265,7 @@ This option only has an effect in automount mode, and controls whether the automount unit shall be bound to the backing device's lifetime. If set, the - automount unit will be stopped automatically when the backing device vanishes. By default the automount unit + automount unit will be stopped automatically when the backing device vanishes. By default, the automount unit stays around, and subsequent accesses will block until backing device is replugged. This option has no effect in case of non-device mounts, such as network or virtual file system mounts. @@ -310,7 +310,7 @@ all mount units that mount and failed are kept in memory until the user explicitly resets their failure state with systemctl reset-failed or an equivalent command. On the other hand, units that stopped successfully are unloaded immediately. If this option is turned on the "garbage collection" of units is more - aggressive, and unloads units regardless if they exited successfully or failed. This option is a shortcut for + aggressive, and unloads units regardless of whether they exited successfully or failed. This option is a shortcut for --property=CollectMode=inactive-or-failed, see the explanation for CollectMode= in systemd.unit5 for further diff --git a/man/systemd-network-generator.service.xml b/man/systemd-network-generator.service.xml index 8962f1a05f..f18508e5f0 100644 --- a/man/systemd-network-generator.service.xml +++ b/man/systemd-network-generator.service.xml @@ -142,7 +142,7 @@ credential network.link.50-foobar will be copied into a configuration file 50-foobar.link. - Note that the resulting files are created world-readable, it's hence recommended to not include + Note that the resulting files are created world-readable, it is hence recommended to not include secrets in these credentials, but supply them via separate credentials directly to systemd-networkd.service. diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 7bdb55d5d5..e3282793cd 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -351,7 +351,7 @@ Takes an image policy string as argument, as per systemd.image-policy7. The policy is enforced when operating on the disk image specified via , see - above. If not specified defaults to + above. If not specified, defaults to root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:esp=unprotected+absent:xbootldr=unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent, i.e. all recognized file systems in the image are used, but not the swap partition. @@ -363,7 +363,7 @@ Takes the path to an OCI runtime bundle to invoke, as specified in the OCI Runtime Specification. In - this case no .nspawn file is loaded, and the root directory and various settings are read + this case, no .nspawn file is loaded, and the root directory and various settings are read from the OCI runtime JSON data (but data passed on the command line takes precedence). @@ -375,7 +375,7 @@ Mount the container's root file system (and any other file systems contained in the container image) read-only. This has no effect on additional mounts made with , and similar options. This mode is implied if the container image file or directory is - marked read-only itself. It is also implied if is used. In this case the container + marked read-only itself. It is also implied if is used. In this case, the container image on disk is strictly read-only, while changes are permitted but kept non-persistently in memory only. For further details, see below. @@ -400,7 +400,7 @@ Note that if one of the volatile modes is chosen, its effect is limited to the root file system (or /var/ in case of ), and any other mounts placed in the - hierarchy are unaffected — regardless if they are established automatically (e.g. the EFI system + hierarchy are unaffected — regardless of whether they are established automatically (e.g. the EFI system partition that might be mounted to /efi/ or /boot/) or explicitly (e.g. through an additional command line option such as , see below). This means, even if is used changes to @@ -626,7 +626,7 @@ SIGTERM, in order to trigger an orderly shutdown of the container. Defaults to SIGRTMIN+3 if is used (on systemd-compatible init systems SIGRTMIN+3 triggers an orderly shutdown). If is not used and this - option is not specified the container's processes are terminated abruptly via SIGKILL. For + option is not specified, the container's processes are terminated abruptly via SIGKILL. For a list of valid signals, see signal7. @@ -733,7 +733,7 @@ Make the container part of the specified slice, instead of the default machine.slice. This applies only if the machine is run in its own scope unit, i.e. if - isn't used. + is not used. @@ -743,7 +743,7 @@ Set a unit property on the scope unit to register for the machine. This applies only if the - machine is run in its own scope unit, i.e. if isn't used. Takes unit property + machine is run in its own scope unit, i.e. if is not used. Takes unit property assignments in the same format as systemctl set-property. This is useful to set memory limits and similar for the container. @@ -1416,7 +1416,7 @@ After=sys-subsystem-net-devices-ens1.device It's recommended to use copy-… or replace-… if the container shall be able to make changes to the DNS configuration on its own, deviating from the - host's settings. Otherwise bind is preferable, as it means direct changes to + host's settings. Otherwise, bind is preferable, as it means direct changes to /etc/resolv.conf in the container are not allowed, as it is a read-only bind mount (but note that if the container has enough privileges, it might simply go ahead and unmount the bind mount anyway). Note that both if the file is bind mounted and if it is copied no further @@ -1601,7 +1601,7 @@ After=sys-subsystem-net-devices-ens1.device Note that the user record propagated from the host into the container will contain the UNIX password hash of the user, so that seamless logins in the container are possible. If the container is - less trusted than the host it's hence important to use a strong UNIX password hash function + less trusted than the host it is hence important to use a strong UNIX password hash function (e.g. yescrypt or similar, with the $y$ hash prefix). When binding a user from the host into the container checks are executed to ensure that the diff --git a/man/systemd-pcrlock.xml b/man/systemd-pcrlock.xml index b3a8320f8f..89b989ea2d 100644 --- a/man/systemd-pcrlock.xml +++ b/man/systemd-pcrlock.xml @@ -453,7 +453,7 @@ Specifies the NV index to store the policy in. Honoured by - make-policy. If not specified the command will automatically pick a free NV + make-policy. If not specified, the command will automatically pick a free NV index. @@ -464,7 +464,7 @@ Takes a path to read *.pcrlock and *.pcrlock.d/*.pcrlock files from. May be used more than once to specify multiple - such directories. If not specified defaults to /etc/pcrlock.d/, + such directories. If not specified, defaults to /etc/pcrlock.d/, /run/pcrlock.d/, /var/lib/pcrlock.d/, /usr/local/pcrlock.d/, /usr/lib/pcrlock.d/. @@ -534,7 +534,7 @@ Takes a file system path as argument. If specified, configures where to write pcrlock - policy metadata to. If not specified defaults to + policy metadata to. If not specified, defaults to /var/lib/systemd/pcrlock.json. diff --git a/man/systemd-pcrphase.service.xml b/man/systemd-pcrphase.service.xml index 2dc9c8ada0..675683d876 100644 --- a/man/systemd-pcrphase.service.xml +++ b/man/systemd-pcrphase.service.xml @@ -141,7 +141,7 @@ - Takes the PCR banks to extend the specified word into. If not specified the tool + Takes the PCR banks to extend the specified word into. If not specified, the tool automatically determines all enabled PCR banks and measures the word into all of them. @@ -173,7 +173,7 @@ If no TPM2 firmware, kernel subsystem, kernel driver or device support is found, exit - with exit status 0 (i.e. indicate success). If this is not specified any attempt to measure without a + with exit status 0 (i.e. indicate success). If this is not specified, any attempt to measure without a TPM2 device will cause the invocation to fail. diff --git a/man/systemd-repart.xml b/man/systemd-repart.xml index d1740af5a2..fba81cd24b 100644 --- a/man/systemd-repart.xml +++ b/man/systemd-repart.xml @@ -168,7 +168,7 @@ - Takes a boolean. If this switch is not specified is + Takes a boolean. If this switch is not specified, is the implied default. Controls whether systemd-repart executes the requested re-partition operations or whether it should only show what it would do. Unless is specified systemd-repart will not actually @@ -183,7 +183,7 @@ Takes one of refuse, allow, require, force or create. Controls how to operate on block devices that are entirely empty, i.e. carry no partition table/disk label yet. If - this switch is not specified the implied default is refuse. + this switch is not specified, the implied default is refuse. If refuse systemd-repart requires that the block device it shall operate on already carries a partition table and refuses operation if none is found. If @@ -202,9 +202,9 @@ - Takes a boolean. If this switch is not specified is + Takes a boolean. If this switch is not specified , is the implied default. Controls whether to issue the BLKDISCARD I/O control - command on the space taken up by any added partitions or on the space in between them. Usually, it's + command on the space taken up by any added partitions or on the space in between them. Usually, it is a good idea to issue this request since it tells the underlying hardware that the covered blocks shall be considered empty, improving performance. If operating on a regular file instead of a block device node, a sparse file is generated. @@ -242,7 +242,7 @@ - Takes boolean. If this switch is not specified is + Takes boolean. If this switch is not specified, is the implied default. Controls whether to operate in "factory reset" mode, see above. If set to true this will remove all existing partitions marked with FactoryReset= set to yes early while executing the re-partitioning algorithm. Use with care, this is a great way to lose all @@ -299,7 +299,7 @@ Takes a UUID as argument or the special value random. If a UUID is specified the UUIDs to assign to partitions and the partition table itself are derived via - cryptographic hashing from it. If not specified it is attempted to read the machine ID from the host + cryptographic hashing from it. If not specified, it is attempted to read the machine ID from the host (or more precisely, the root directory configured via ) and use it as seed instead, falling back to a randomized seed otherwise. Use to force a randomized seed. Explicitly specifying the seed may be used to generated strictly reproducible @@ -337,8 +337,8 @@ Takes a file system path. Configures the encryption key to use when setting up LUKS2 volumes configured with the Encrypt=key-file setting in partition files. Should refer to a regular file containing the key, or an AF_UNIX stream socket in the - file system. In the latter case a connection is made to it and the key read from it. If this switch - is not specified the empty key (i.e. zero length key) is used. This behaviour is useful for setting + file system. In the latter case, a connection is made to it and the key read from it. If this switch + is not specified, the empty key (i.e. zero length key) is used. This behaviour is useful for setting up encrypted partitions during early first boot that receive their user-supplied password only in a later setup step. @@ -455,7 +455,7 @@ These options specify which partition types systemd-repart should - operate on. If is used, all partitions that aren't specified + operate on. If is used, all partitions that are not specified are excluded. If is used, all partitions that are specified are excluded. Both options take a comma separated list of GPT partition type UUIDs or identifiers (see Type= in @@ -470,7 +470,7 @@ This option specifies for which partition types systemd-repart should defer. All partitions that are deferred using this option are still taken into account when - calculating the sizes and offsets of other partitions, but aren't actually written to the disk image. + calculating the sizes and offsets of other partitions, but are not actually written to the disk image. The net effect of this option is that if you run systemd-repart again without this option, the missing partitions will be added as if they had not been deferred the first time systemd-repart was executed. diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml index 2578eb0073..3bc3a01ab7 100644 --- a/man/systemd-resolved.service.xml +++ b/man/systemd-resolved.service.xml @@ -178,7 +178,7 @@ DNS servers, unless the domain is specified explicitly as routing or search domain for the DNS server and interface. This means that on networks where the .local domain is defined in a site-specific DNS server, explicit search or routing domains need to be configured to make lookups work - within this DNS domain. Note that these days, it's generally recommended to avoid defining + within this DNS domain. Note that these days, it is generally recommended to avoid defining .local in a DNS server, as RFC6762 reserves this domain for exclusive MulticastDNS use. @@ -213,7 +213,7 @@ In case of single-label names, when search domains are defined, the same logic applies, except that the name is first suffixed by each of the search domains in turn. Note that this search logic - doesn't apply to any names with at least one dot. Also see the discussion about compatibility with + does not apply to any names with at least one dot. Also see the discussion about compatibility with the traditional glibc resolver below. If a query does not match any configured routing domain (either per-link or global), it @@ -224,7 +224,7 @@ and no global DNS server configured, one of the compiled-in fallback DNS servers is used. - Otherwise the unicast DNS query fails, as no suitable DNS servers can be determined. + Otherwise, the unicast DNS query fails, as no suitable DNS servers can be determined. diff --git a/man/systemd-run.xml b/man/systemd-run.xml index df31e2b168..eeefe901dc 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -314,7 +314,7 @@ This option will result in systemd-run synchronously waiting for the transient service to terminate, similar to specifying . If specified - along with , systemd-run won't exit when manually disconnecting + along with , systemd-run will not exit when manually disconnecting from the pseudo TTY device. Note that @@ -475,7 +475,7 @@ all units that ran and failed are kept in memory until the user explicitly resets their failure state with systemctl reset-failed or an equivalent command. On the other hand, units that ran successfully are unloaded immediately. If this option is turned on the "garbage collection" of units is more - aggressive, and unloads units regardless if they exited successfully or failed. This option is a shortcut for + aggressive, and unloads units regardless of whether they exited successfully or failed. This option is a shortcut for --property=CollectMode=inactive-or-failed, see the explanation for CollectMode= in systemd.unit5 for further @@ -652,7 +652,7 @@ There is a screen on: <>, <${INVOCATION_ID}>] as the argument array, and then systemd1 generates ${INVOCATION_ID} and substitutes it in the command-line. This substitution - could not be done on the client side, because the target ID that will be set for the service isn't + could not be done on the client side, because the target ID that will be set for the service is not known before the call is made. @@ -675,7 +675,7 @@ There is a screen on: bash1 shell which is started by the service unit. The shell expands $SHELL to the path of the shell, and $$ to its process number, and then those strings are passed to the - echo built-in and printed to standard output (which in this case is connected to the + echo built-in and printed to standard output (which, in this case, is connected to the calling terminal). diff --git a/man/systemd-sbsign.xml b/man/systemd-sbsign.xml index ef30cb0d67..3c0bcf13ee 100644 --- a/man/systemd-sbsign.xml +++ b/man/systemd-sbsign.xml @@ -43,7 +43,7 @@ Signs the given PE binary for EFI Secure Boot. Takes a path to a PE binary as its argument. If the PE binary already has a certificate table, the new signature will be added to it. - Otherwise a new certificate table will be created. The signed PE binary will be written to the path + Otherwise, a new certificate table will be created. The signed PE binary will be written to the path specified with . diff --git a/man/systemd-sleep.conf.xml b/man/systemd-sleep.conf.xml index c02b44f3de..dee442b01e 100644 --- a/man/systemd-sleep.conf.xml +++ b/man/systemd-sleep.conf.xml @@ -139,7 +139,7 @@ AllowHybridSleep= AllowSuspendThenHibernate= - By default any power-saving mode is advertised if possible (i.e. + By default, any power-saving mode is advertised if possible (i.e. the kernel supports that mode, the necessary resources are available). Those switches can be used to disable specific modes. diff --git a/man/systemd-soft-reboot.service.xml b/man/systemd-soft-reboot.service.xml index 7a15982c09..a72aecb05f 100644 --- a/man/systemd-soft-reboot.service.xml +++ b/man/systemd-soft-reboot.service.xml @@ -58,7 +58,7 @@ The initrd initialization. - However this form of reboot comes with drawbacks as well: + However, this form of reboot comes with drawbacks as well: The OS update remains incomplete, as the kernel is not reset and continues @@ -149,7 +149,7 @@ DefaultDependencies=no Even though passing resources from one soft reboot cycle to the next is possible this way, we strongly suggest to use this functionality sparingly only, as it creates a more fragile system as resources from different versions of the OS and applications might be mixed with unforeseen - consequences. In particular it's recommended to avoid allowing processes to survive + consequences. In particular it is recommended to avoid allowing processes to survive the soft reboot operation, as this means code updates will necessarily be incomplete, and processes typically pin various other resources (such as the file system they are backed by), thus increasing memory usage (as two versions of the OS/application/file system might be kept in memory). Leaving diff --git a/man/systemd-ssh-proxy.xml b/man/systemd-ssh-proxy.xml index 97e8bcb96b..786d16b3ee 100644 --- a/man/systemd-ssh-proxy.xml +++ b/man/systemd-ssh-proxy.xml @@ -65,13 +65,13 @@ Host .host must be of type SOCK_STREAM. Similar, SSH connections to vsock/ followed by an AF_VSOCK CID will result in an SSH connection made to that CID. vsock-mux/ followed by an absolute AF_UNIX file system - path to a socket is similar but for cloud-hypervisor/firecracker which don't allow + path to a socket is similar but for cloud-hypervisor/firecracker which do not allow direct AF_VSOCK communication between the host and guests, and provide their own multiplexer over AF_UNIX sockets. See cloud-hypervisor VSOCK support and Using the Firecracker Virtio-vsock Device. - Moreover connecting to .host will connect to the local host via SSH, without + Moreover, connecting to .host will connect to the local host via SSH, without involving networking. This tool is supposed to be used together with diff --git a/man/systemd-storagetm.service.xml b/man/systemd-storagetm.service.xml index 25c5c4e4fc..6172190157 100644 --- a/man/systemd-storagetm.service.xml +++ b/man/systemd-storagetm.service.xml @@ -70,7 +70,7 @@ url="https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-2.0c-2022.10.04-Ratified.pdf">NVM Express Base Specification 2.0c, section 4.5 "NVMe Qualified Names". Note that the NQN specified here will be suffixed with a dot and the block device name before it is exposed on the - NVMe target. If not specified defaults to + NVMe target. If not specified, defaults to nqn.2023-10.io.systemd:storagetm.ID, where ID is replaced by a 128bit ID derived from machine-id5. diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml index 902b4013a0..764fd32ddd 100644 --- a/man/systemd-stub.xml +++ b/man/systemd-stub.xml @@ -127,7 +127,7 @@ multi-profile UKIs, see below. If UEFI SecureBoot is enabled and the .cmdline section is present in the executed image, any attempts to override the kernel command line by passing one as invocation parameters to the EFI binary are ignored. Thus, in order to - allow overriding the kernel command line, either disable UEFI SecureBoot, or don't include a kernel + allow overriding the kernel command line, either disable UEFI SecureBoot, or do not include a kernel command line PE section in the kernel image file. If a command line is accepted via EFI invocation parameters to the EFI binary it is measured into TPM PCR 12 (if a TPM is present). If a DeviceTree is embedded in the .dtb section, it replaces an existing DeviceTree in the @@ -345,12 +345,12 @@ The section list above would define three profiles. The first four sections make up the base - profile. A .profile section then introduces profile @0. It doesn't override any + profile. A .profile section then introduces profile @0. It does not override any sections (or add any) from the base section, hence it is immediately followed by another .profile section that then introduces section @1. This profile overrides the kernel command line. Finally, the last two sections define section @2, again overriding the command line. (Note that in this example the first .cmdline could also moved behind the first - .profile with equivalent effect. To keep things nicely extensible, it's probably a + .profile with equivalent effect. To keep things nicely extensible, it is probably a good idea to keep the generic command line in the base section instead of profile 0, in case later added profiles might want to reuse it.) @@ -526,7 +526,7 @@ Similar to LoaderDevicePartUUID and StubImageIdentifier, but indicates the location of the unified kernel image EFI - binary rather than the location of the boot loader binary, regardless if booted via a boot loader + binary rather than the location of the boot loader binary, regardless of whether booted via a boot loader or not. @@ -597,7 +597,7 @@ Note that some of the variables above may also be set by the boot loader. The stub will only set - them if they aren't set already. Some of these variables are defined by the Boot Loader Interface. diff --git a/man/systemd-sysext.xml b/man/systemd-sysext.xml index bf47e7ca55..43b5575a7d 100644 --- a/man/systemd-sysext.xml +++ b/man/systemd-sysext.xml @@ -204,8 +204,8 @@ component over the immutable OS image without doing a full OS rebuild or modifying the nominally immutable image. (e.g. "install" a locally built package with DESTDIR=/var/lib/extensions/mytest make install && systemd-sysext refresh, making it available in - /usr/ as if it was installed in the OS image itself.) This case works regardless if - the underlying host /usr/ is managed as immutable disk image or is a traditional + /usr/ as if it was installed in the OS image itself.) This case works regardless of + whether the underlying host /usr/ is managed as immutable disk image or is a traditional package manager controlled (i.e. writable) tree. With systemd-confext one can perform runtime reconfiguration of OS services. @@ -371,7 +371,7 @@ Takes an image policy string as argument, as per systemd.image-policy7. The - policy is enforced when operating on system extension disk images. If not specified defaults to + policy is enforced when operating on system extension disk images. If not specified, defaults to root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent for system extensions, i.e. only the root and /usr/ file systems in the image are used. For configuration extensions defaults to diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml index 580da9d75f..9bfd212a45 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml @@ -192,7 +192,7 @@ NUMAMask= Configures the NUMA node mask that will be associated with the selected NUMA policy. Note that - and NUMA policies don't require explicit NUMA node mask and + and NUMA policies do not require explicit NUMA node mask and value of the option can be empty. Similarly to NUMAPolicy=, value can be overridden by individual services in unit files, see systemd.exec5. @@ -371,7 +371,7 @@ running and hence RuntimeWatchdogSec= is still honoured. In order to define a timeout on this first phase of system shutdown, configure JobTimeoutSec= and JobTimeoutAction= in the [Unit] section of the - shutdown.target unit. By default RuntimeWatchdogSec= defaults + shutdown.target unit. By default, RuntimeWatchdogSec= defaults to 0 (off), and RebootWatchdogSec= to 10min. KExecWatchdogSec= may be used to additionally enable the watchdog when kexec diff --git a/man/systemd-sysusers.xml b/man/systemd-sysusers.xml index 8ace9a8048..29d02f26e0 100644 --- a/man/systemd-sysusers.xml +++ b/man/systemd-sysusers.xml @@ -124,7 +124,7 @@ - Process the configuration and figure out what entries would be created, but don't + Process the configuration and figure out what entries would be created, but do not actually write anything. diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml index b7b4d0dca6..e4794c3f16 100644 --- a/man/systemd-tmpfiles.xml +++ b/man/systemd-tmpfiles.xml @@ -204,7 +204,7 @@ - Process the configuration and print what operations would be performed, but don't + Process the configuration and print what operations would be performed, but do not actually change anything in the file system. diff --git a/man/systemd-tpm2-generator.xml b/man/systemd-tpm2-generator.xml index 6a85b78f1c..44d33cf68c 100644 --- a/man/systemd-tpm2-generator.xml +++ b/man/systemd-tpm2-generator.xml @@ -41,7 +41,7 @@ The kernel command line option may be used to override behaviour of the generator. It accepts a boolean value: if true then tpm2.target will be added as synchronization point even if the firmware has not detected a TPM2 device. If false, the - target will not be inserted even if firmware reported a device but the OS kernel doesn't expose a device + target will not be inserted even if firmware reported a device but the OS kernel does not expose a device for it yet. The latter might be useful in environments where a suitable TPM2 driver for the available hardware is not available. diff --git a/man/systemd-tpm2-setup.service.xml b/man/systemd-tpm2-setup.service.xml index 71b5de387c..52ed6acf92 100644 --- a/man/systemd-tpm2-setup.service.xml +++ b/man/systemd-tpm2-setup.service.xml @@ -33,7 +33,7 @@ systemd-tpm2-setup.service and systemd-tpm2-setup-early.service are services that generate the Storage Root Key - (SRK) if it hasn't been generated yet, and stores it in the TPM. + (SRK) if it has not been generated yet, and stores it in the TPM. The services will store the public key of the SRK key pair in a PEM file in /run/systemd/tpm2-srk-public-key.pem and diff --git a/man/systemd-vmspawn.xml b/man/systemd-vmspawn.xml index f349c71218..dfd3bbd7b4 100644 --- a/man/systemd-vmspawn.xml +++ b/man/systemd-vmspawn.xml @@ -131,7 +131,7 @@ - If is not specified KVM support will be + If is not specified, KVM support will be detected automatically. If true, KVM is always used, and if false, KVM is never used. @@ -140,7 +140,7 @@ - If is not specified VSOCK networking support will be + If is not specified, VSOCK networking support will be detected automatically. If true, VSOCK networking is always used, and if false, VSOCK networking is never used. @@ -152,7 +152,7 @@ Sets the specific CID to use for the guest. Valid CIDs are in the range 3 to 4294967294 (0xFFFF_FFFE). - CIDs outside of this range are reserved. By default vmspawn will attempt to derive a CID for the guest derived from the machine name, + CIDs outside of this range are reserved. By default, vmspawn will attempt to derive a CID for the guest derived from the machine name, falling back to a random CID if this CID is taken. @@ -163,7 +163,7 @@ - If is not specified vmspawn will detect the presence of + If is not specified, vmspawn will detect the presence of swtpm8 and use it if available. If yes is specified swtpm8 is always used, and if no is set swtpm @@ -238,7 +238,7 @@ Takes an absolute path, or a relative path beginning with ./. Specifies a JSON firmware definition file, which allows selecting the - firmware to boot in the VM. If not specified a suitable firmware is automatically discovered. If the + firmware to boot in the VM. If not specified, a suitable firmware is automatically discovered. If the special string list is specified lists all discovered firmwares. @@ -259,9 +259,9 @@ Configure whether to search for firmware which supports Secure Boot. - If the option is not specified the first firmware which is detected will be used. - If the option is set to yes then the first firmware with Secure Boot support will be selected. - If no is specified then the first firmware without Secure Boot will be selected. + If the option is not specified, the first firmware which is detected will be used. + If the option is set to yes, then the first firmware with Secure Boot support will be selected. + If no is specified, then the first firmware without Secure Boot will be selected. @@ -402,7 +402,7 @@ - By default an SSH key is generated to allow systemd-vmspawn to open + By default, an SSH key is generated to allow systemd-vmspawn to open a D-Bus connection to the VM's systemd bus. Setting this to "no" will disable SSH key generation. The generated keys are ephemeral. That is they are valid only for the current invocation of systemd-vmspawn, @@ -419,7 +419,7 @@ ssh-keygen1 for more information. - By default ed25519 keys are generated, however rsa keys + By default, ed25519 keys are generated, however rsa keys may also be useful if the VM has a particularly old version of sshd8. @@ -540,7 +540,7 @@ $ systemd-vmspawn \ enforcing=0 - Note: this example also uses a kernel command line argument to ensure SELinux isn't started in + Note: this example also uses a kernel command line argument to ensure SELinux is not started in enforcing mode. @@ -566,7 +566,7 @@ $ ssh root@vsock/$my_vsock_cid -i /run/user/$UID/systemd/vmspawn/machine-*-syste If an error occurred the value errno is propagated to the return code. If EXIT_STATUS is supplied by the running image that is returned. - Otherwise EXIT_SUCCESS is returned. + Otherwise, EXIT_SUCCESS is returned. diff --git a/man/systemd-vpick.xml b/man/systemd-vpick.xml index eb067148df..010701637e 100644 --- a/man/systemd-vpick.xml +++ b/man/systemd-vpick.xml @@ -81,7 +81,7 @@ Explicitly configures the architecture to select. If specified, a filename with the - specified architecture identifier will be looked for. If not specified only filenames with a locally + specified architecture identifier will be looked for. If not specified, only filenames with a locally supported architecture are considered, or those without any architecture identifier. @@ -117,7 +117,7 @@ - Configures what precisely to write to standard output. If not specified prints the + Configures what precisely to write to standard output. If not specified, prints the full, resolved path of the newest matching file in the .v/ directory. This switch can be set to one of the following: diff --git a/man/systemd.device.xml b/man/systemd.device.xml index 9e53a46a06..0a998e7c9e 100644 --- a/man/systemd.device.xml +++ b/man/systemd.device.xml @@ -108,8 +108,8 @@ SYSTEMD_READY= (see below) to configure when a udev device shall be considered active, and thus when to trigger the dependencies. - + The specified property value should be a space-separated list of valid unit names. If a unit template name is specified (that is, a unit name containing an @ character indicating a unit name to diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index f4917f59c1..b1fcfecd74 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -79,7 +79,7 @@ - + Paths @@ -407,7 +407,7 @@ cannot be used for services that need to access metainformation about other users' processes. This option implies MountAPIVFS=. - If the kernel doesn't support per-mount point mount options this + If the kernel does not support per-mount point mount options this setting remains without effect, and the unit's processes will be able to access and see other process as if the option was not used. @@ -458,14 +458,14 @@ is already marked read-only), while BindReadOnlyPaths= creates read-only bind mounts. These settings may be used more than once, each usage appends to the unit's list of bind mounts. If the empty string is assigned to either of these two options the entire list of bind mounts defined prior to this is reset. Note - that in this case both read-only and regular bind mounts are reset, regardless which of the two settings is + that, in this case, both read-only and regular bind mounts are reset, regardless which of the two settings is used. Using this option implies that a mount namespace is allocated for the unit, i.e. it implies the effect of PrivateMounts= (see below). This option is particularly useful when RootDirectory=/RootImage= - is used. In this case the source path refers to a path on the host file system, while the destination path + is used. In this case, the source path refers to a path on the host file system, while the destination path refers to a path below the root directory of the unit. Note that the destination directory must exist or systemd must be able to create it. Thus, it @@ -697,11 +697,11 @@ leave files around after unit termination. Furthermore NoNewPrivileges= and RestrictSUIDSGID= are implicitly enabled (and cannot be disabled), to ensure that processes invoked cannot take benefit or create SUID/SGID - files or directories. Moreover ProtectSystem=strict and + files or directories. Moreover, ProtectSystem=strict and ProtectHome=read-only are implied, thus prohibiting the service to write to arbitrary file system locations. In order to allow the service to write to certain directories, they have to be allow-listed using ReadWritePaths=, but care must be taken so that - UID/GID recycling doesn't create security issues involving files created by the service. Use + UID/GID recycling does not create security issues involving files created by the service. Use RuntimeDirectory= (see below) in order to assign a writable runtime directory to a service, owned by the dynamic user/group and removed automatically when the unit is terminated. Use StateDirectory=, CacheDirectory= and @@ -835,7 +835,7 @@ CapabilityBoundingSet=~CAP_B CAP_C capabilities to the ambient capability set adds them to the process's inherited capability set. Ambient capability sets are useful if you want to execute a process as a non-privileged user but - still want to give it some capabilities. Note that in this case option keep-caps + still want to give it some capabilities. Note that, in this case, option keep-caps is automatically added to SecureBits= to retain the capabilities over the user change. AmbientCapabilities= does not affect commands prefixed with +. @@ -902,8 +902,8 @@ CapabilityBoundingSet=~CAP_B CAP_C Set the SELinux security context of the executed process. If set, this will override the automated domain transition. However, the policy still needs to authorize the transition. This directive is ignored if SELinux is disabled. If prefixed by -, failing to set the SELinux - security context will be ignored, but it's still possible that the subsequent - execve() may fail if the policy doesn't allow the transition for the + security context will be ignored, but it is still possible that the subsequent + execve() may fail if the policy does not allow the transition for the non-overridden context. This does not affect commands prefixed with +. See setexeccon3 @@ -1059,7 +1059,7 @@ CapabilityBoundingSet=~CAP_B CAP_C LimitDATA= ulimit -d Bytes - Don't use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see MemoryMax= in systemd.resource-control5. + Do not use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see MemoryMax= in systemd.resource-control5. LimitSTACK= @@ -1077,25 +1077,25 @@ CapabilityBoundingSet=~CAP_B CAP_C LimitRSS= ulimit -m Bytes - Don't use. No effect on Linux. + Do not use. No effect on Linux. LimitNOFILE= ulimit -n Number of File Descriptors - Don't use. Be careful when raising the soft limit above 1024, since select2 cannot function with file descriptors above 1023 on Linux. Nowadays, the hard limit defaults to 524288, a very high value compared to historical defaults. Typically applications should increase their soft limit to the hard limit on their own, if they are OK with working with file descriptors above 1023, i.e. do not use select2. Note that file descriptors are nowadays accounted like any other form of memory, thus there should not be any need to lower the hard limit. Use MemoryMax= to control overall service memory use, including file descriptor memory. + Do not use. Be careful when raising the soft limit above 1024, since select2 cannot function with file descriptors above 1023 on Linux. Nowadays, the hard limit defaults to 524288, a very high value compared to historical defaults. Typically applications should increase their soft limit to the hard limit on their own, if they are OK with working with file descriptors above 1023, i.e. do not use select2. Note that file descriptors are nowadays accounted like any other form of memory, thus there should not be any need to lower the hard limit. Use MemoryMax= to control overall service memory use, including file descriptor memory. LimitAS= ulimit -v Bytes - Don't use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see MemoryMax= in systemd.resource-control5. + Do not use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see MemoryMax= in systemd.resource-control5. LimitNPROC= ulimit -u Number of Processes - This limit is enforced based on the number of processes belonging to the user. Typically it's better to track processes per service, i.e. use TasksMax=, see systemd.resource-control5. + This limit is enforced based on the number of processes belonging to the user. Typically it is better to track processes per service, i.e. use TasksMax=, see systemd.resource-control5. LimitMEMLOCK= @@ -1219,7 +1219,7 @@ CapabilityBoundingSet=~CAP_B CAP_C executed processes. Takes an integer between -1000 (to disable OOM killing of processes of this unit) and 1000 (to make killing of processes of this unit under memory pressure very likely). See The /proc Filesystem for - details. If not specified defaults to the OOM score adjustment level of the service manager itself, + details. If not specified, defaults to the OOM score adjustment level of the service manager itself, which is normally at 0. Use the OOMPolicy= setting of service units to configure how the service @@ -1805,7 +1805,7 @@ BindReadOnlyPaths=/var/lib/systemd ReadOnlyPaths= and related calls, see above. If set to true (as opposed to disconnected), this has the side effect of adding Requires= and After= dependencies on all mount units necessary - to access /tmp/ and /var/tmp/ on the host. Moreover an + to access /tmp/ and /var/tmp/ on the host. Moreover, an implicitly After= ordering on systemd-tmpfiles-setup.service8 is added. @@ -1976,7 +1976,7 @@ BindReadOnlyPaths=/var/lib/systemd kernel documentation. Note that this functionality might not be available, for example if KSM is disabled in the - kernel, or the kernel doesn't support controlling KSM at the process level through + kernel, or the kernel does not support controlling KSM at the process level through prctl2. @@ -2035,7 +2035,7 @@ BindReadOnlyPaths=/var/lib/systemd process capability isolation. If this mode is enabled, all unit processes are run without privileges in the host user - namespace (regardless if the unit's own user/group is root or not). Specifically + namespace (regardless of whether the unit's own user/group is root or not). Specifically this means that the process will have zero process capabilities on the host's user namespace, but full capabilities within the service's user namespace. Settings such as CapabilityBoundingSet= will affect only the latter, and there's no way to acquire @@ -2522,7 +2522,7 @@ RestrictNamespaces=~cgroup net It is not recommended to use mount propagation for units, as this means temporary mounts (such as removable media) of the host will stay mounted and thus indefinitely busy in forked - off processes, as unmount propagation events won't be received by the file system namespace of the unit. + off processes, as unmount propagation events will not be received by the file system namespace of the unit. Usually, it is best to leave this setting unmodified, and use higher level file system namespacing options instead, in particular PrivateMounts=, see above. @@ -3096,7 +3096,7 @@ SystemCallErrorNumber=EPERM The option may be used to connect a specific file system object to standard output. The semantics are similar to the same option of StandardInput=, see above. If path refers to a regular file - on the filesystem, it is opened (created if it doesn't exist yet using privileges of the user executing the + on the filesystem, it is opened (created if it does not exist yet using privileges of the user executing the systemd process) for writing at the beginning of the file, but without truncating it. If standard input and output are directed to the same file path, it is opened only once — for reading as well as writing — and duplicated. This is particularly useful when the specified path refers to an @@ -3140,7 +3140,7 @@ SystemCallErrorNumber=EPERM If the standard output (or error output, see below) of a unit is connected to the journal or the kernel log buffer, the unit will implicitly gain a dependency of type After= on systemd-journald.socket (also see the "Implicit Dependencies" section - above). Also note that in this case stdout (or stderr, see below) will be an + above). Also note that, in this case, stdout (or stderr, see below) will be an AF_UNIX stream socket, and not a pipe or FIFO that can be reopened. This means when executing shell scripts the construct echo "hello" > /dev/stderr for writing text to stderr will not work. To mitigate this use the construct echo "hello" @@ -3225,7 +3225,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX , , (highest log level, also lowest priority messages). See syslog3 for - details. By default no filtering is applied (i.e. the default maximum log level is ). Use + details. By default, no filtering is applied (i.e. the default maximum log level is ). Use this option to configure the logging system to drop log messages of a specific service above the specified level. For example, set LogLevelMax= in order to turn off debug logging of a particularly chatty unit. Note that the configured level is applied to any log messages written by any @@ -3310,7 +3310,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX Filtering is based on the unit for which LogFilterPatterns= is defined, meaning log messages coming from systemd1 about the - unit are not taken into account. Filtered log messages won't be forwarded to traditional syslog daemons, + unit are not taken into account. Filtered log messages will not be forwarded to traditional syslog daemons, the kernel log buffer (kmsg), the systemd console, or sent as wall messages to all logged-in users. @@ -3327,7 +3327,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX user-defined string identifying the namespace. If not used the processes of the service are run in the default journal namespace, i.e. their log stream is collected and processed by systemd-journald.service. If this option is used any log data generated by - processes of this unit (regardless if via the syslog(), journal native logging + processes of this unit (regardless of whether via the syslog(), journal native logging or stdout/stderr logging) is collected and processed by an instance of the systemd-journald@.service template unit, which manages the specified namespace. The log data is stored in a data store independent from the default log namespace's data @@ -3544,7 +3544,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX specific user or the system as a whole, and it is ensured that per-user service managers cannot decrypt secrets intended for the system or for other users. - The credential files/IPC sockets must be accessible to the service manager, but don't have to + The credential files/IPC sockets must be accessible to the service manager, but do not have to be directly accessible to the unit's processes: the credential data is read and copied into separate, read-only copies for the unit that are accessible to appropriately privileged processes. This is particularly useful in combination with DynamicUser= as this way privileged data @@ -3571,7 +3571,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX url="https://www.dmtf.org/standards/smbios">DMI/SMBIOS OEM string table entries (field type 11) with a prefix of io.systemd.credential: or io.systemd.credential.binary:. In both cases a key/value pair separated by - = is expected, in the latter case the right-hand side is Base64 decoded when + = is expected. In the latter case, the right-hand side is Base64 decoded when parsed (thus permitting binary data to be passed in). Example qemu switch: -smbios type=11,value=io.systemd.credential:xx=yy, or -smbios @@ -3612,7 +3612,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX ImportCredential=GLOB - Pass one or more credentials to the unit. Takes a credential name for which we'll + Pass one or more credentials to the unit. Takes a credential name for which we will attempt to find a credential that the service manager itself received under the specified name — which may be used to propagate credentials from an invoking environment (e.g. a container manager that invoked the service manager) into a service. If the credential name is a glob, all credentials @@ -3673,7 +3673,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX LoadCredential=, LoadCredentialEncrypted= and ImportCredential= take priority over credentials found by SetCredential=. As such, SetCredential= will act as default if - no credentials are found by any of the former. In this case not being able to retrieve the credential + no credentials are found by any of the former. In this case, not being able to retrieve the credential from the path specified in LoadCredential= or LoadCredentialEncrypted= is not considered fatal. @@ -4690,7 +4690,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX 71 EX_OSERR - System error (e.g., can't fork) + System error (e.g., cannot fork) 72 @@ -4700,7 +4700,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX 73 EX_CANTCREAT - Can't create (user) output file + Cannot create (user) output file 74 diff --git a/man/systemd.generator.xml b/man/systemd.generator.xml index ce09a6648f..589c057dd9 100644 --- a/man/systemd.generator.xml +++ b/man/systemd.generator.xml @@ -99,7 +99,7 @@ Output directories Generators are invoked with three arguments: paths to directories where generators can place their - generated unit files or symlinks. By default those paths are runtime directories that are included in the + generated unit files or symlinks. By default, those paths are runtime directories that are included in the search path of systemd, but a generator may be called with different paths for debugging purposes. If only one argument is provided, the generator should use the same directory as the three output paths. diff --git a/man/systemd.image-policy.xml b/man/systemd.image-policy.xml index ed4af463b6..36a8395bf0 100644 --- a/man/systemd.image-policy.xml +++ b/man/systemd.image-policy.xml @@ -149,7 +149,7 @@ included in the image, regardless whether the configured image policy would allow access to it or not. Similar, systemd-nspawn1 is not - going to make use of any discovered swap device, regardless if the policy would allow that or not. + going to make use of any discovered swap device, regardless of whether the policy would allow that or not. Use the image-policy command of the systemd-analyze1 tool @@ -172,7 +172,7 @@ root=encrypted+read-only-off:srv=encrypted+absent:swap=absent The following image policy string dictates a single root partition that may be encrypted, but - doesn't have to be, and ignores swap partitions, and uses all other partitions if they are available, possibly with encryption. + does not have to be, and ignores swap partitions, and uses all other partitions if they are available, possibly with encryption. root=unprotected+encrypted:swap=absent+unused:=unprotected+encrypted+absent diff --git a/man/systemd.link.xml b/man/systemd.link.xml index 81d54cdc39..ae478b555d 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -604,7 +604,7 @@ Interface names must have a minimum length of 1 character and a maximum length of 15 characters, and may contain any 7bit ASCII character, with the exception of control characters, :, / and %. While . is - an allowed character, it's recommended to avoid it when naming interfaces as various tools (such as + an allowed character, it is recommended to avoid it when naming interfaces as various tools (such as resolvconf1) use it as separator character. Also, fully numeric interface names are not allowed (in order to avoid ambiguity with interface specification by numeric indexes), nor are the special strings @@ -889,7 +889,7 @@ - By default this is unset, i.e. all possible modes will be advertised. + By default, this is unset, i.e. all possible modes will be advertised. This option may be specified more than once, in which case all specified speeds and modes are advertised. If the empty string is assigned to this option, the list is reset, and all prior assignments have no effect. @@ -1435,7 +1435,7 @@ Config file /etc/systemd/network/10-eth0.link applies to device hub0 link_config: autonegotiation is unset or enabled, the speed and duplex are not writable. hub0: Device has name_assign_type=4 Using default interface naming scheme 'v240'. -hub0: Policies didn't yield a name, using specified Name=hub0. +hub0: Policies did not yield a name, using specified Name=hub0. ID_NET_LINK_FILE=/etc/systemd/network/10-eth0.link ID_NET_NAME=hub0 … diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index 20e724d540..3043e90499 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -471,7 +471,7 @@ With , this mount will be only wanted, not required, by - local-fs.target or remote-fs.target. Moreover the mount unit is not + local-fs.target or remote-fs.target. Moreover, the mount unit is not ordered before these target units. This means that the boot will continue without waiting for the mount unit and regardless whether the mount point can be mounted successfully. @@ -556,7 +556,7 @@ for details. This setting is optional. If the type is overlay, and upperdir= or - workdir= are specified as options and the directories don't exist, they will be created. + workdir= are specified as options and the directories do not exist, they will be created. diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml index 19967af880..6e77af9929 100644 --- a/man/systemd.net-naming-scheme.xml +++ b/man/systemd.net-naming-scheme.xml @@ -243,7 +243,7 @@ name and the bus number are ignored. In some configurations a parent PCI bridge of a given network controller may be associated - with a slot. In such case we don't generate this device property to avoid possible naming conflicts. + with a slot. In such case we do not generate this device property to avoid possible naming conflicts. @@ -431,7 +431,7 @@ When a PCI slot is associated with a PCI bridge that has multiple child network controllers, the same value of the ID_NET_NAME_SLOT property might be derived for those controllers. This would cause a naming conflict if the property is selected as the device - name. Now, we detect this situation and don't produce the ID_NET_NAME_SLOT + name. Now, we detect this situation and do not produce the ID_NET_NAME_SLOT property. diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 4e65885295..d072501a45 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -834,7 +834,7 @@ to provide protocol typing, OAM, and versioning capabilities. For details about the VXLAN GPE Header, see the Generic Protocol Extension for VXLAN document. If destination port is not specified and - Generic Protocol Extension is set then default port of 4790 is used. Defaults to false. + Generic Protocol Extension is set, the default port of 4790 is used. Defaults to false. @@ -842,7 +842,7 @@ DestinationPort= - Configures the default destination UDP port. If the destination port is not specified then + Configures the default destination UDP port. If the destination port is not specified, the Linux kernel default will be used. Set to 4789 to get the IANA assigned value. @@ -1102,7 +1102,7 @@ UDPSourcePort= Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected - it's mandatory. Ignored when IP encapsulation is selected. + it is mandatory. Ignored when IP encapsulation is selected. @@ -1110,7 +1110,7 @@ UDPDestinationPort= - Specifies destination port. When UDP encapsulation is selected it's mandatory. Ignored when IP + Specifies destination port. When UDP encapsulation is selected it is mandatory. Ignored when IP encapsulation is selected. @@ -1945,7 +1945,7 @@ I.e. for 50-foobar.netdev, network.wireguard.private.50-foobar is tried. - Note that because this information is secret, it's strongly recommended to use an (encrypted) + Note that because this information is secret, it is strongly recommended to use an (encrypted) credential. Alternatively, you may want to set the permissions of the .netdev file to be owned by root:systemd-network with a 0640 file mode. @@ -2055,7 +2055,7 @@ This option honors the @ prefix in the same way as the setting of the section. - Note that because this information is secret, it's strongly recommended to use an (encrypted) + Note that because this information is secret, it is strongly recommended to use an (encrypted) credential. Alternatively, you may want to set the permissions of the .netdev file to be owned by root:systemd-network with a 0640 file mode. diff --git a/man/systemd.network.xml b/man/systemd.network.xml index e2d698285e..6ed4dde4df 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -811,7 +811,7 @@ DuplicateAddressDetection=none resolving domain names that do not match any link's configured Domains= setting. If false, this link's configured DNS servers are never used for such domains, and are exclusively used for resolving names that match at least one of the domains configured on - this link. If not specified defaults to an automatic mode: queries not matching any link's + this link. If not specified, defaults to an automatic mode: queries not matching any link's configured domains will be routed to this link if it has no routing-only domains configured. @@ -994,7 +994,7 @@ DuplicateAddressDetection=none route to the source on that interface, the machine will drop the packet. Takes one of no, strict, or loose. When no, no source validation will be done. When strict, each incoming packet is tested against the FIB and - if the incoming interface is not the best reverse path, the packet check will fail. By default failed packets are discarded. + if the incoming interface is not the best reverse path, the packet check will fail. By default, failed packets are discarded. When loose, each incoming packet's source address is tested against the FIB. The packet is dropped only if the source address is not reachable via any interface on that router. See RFC 3704. @@ -1080,7 +1080,7 @@ DuplicateAddressDetection=none Takes a boolean. Configures proxy NDP for IPv6. Proxy NDP (Neighbor Discovery Protocol) is a technique for IPv6 to allow routing of addresses to a different destination when peers - expect them to be present on a certain physical link. In this case a router answers Neighbour + expect them to be present on a certain physical link. In this case, a router answers Neighbour Advertisement messages intended for another machine by offering its own MAC address as destination. Unlike proxy ARP for IPv4, it is not enabled globally, but will only send Neighbour Advertisement messages for addresses in the IPv6 neighbor proxy table, which can @@ -1511,7 +1511,7 @@ DuplicateAddressDetection=none Once labeling is enabled for network traffic, a lot of LSM access control points in Linux networking stack go from dormant to active. Care should be taken to avoid getting into a - situation where for example remote connectivity is broken, when the security policy hasn't been + situation where for example remote connectivity is broken, when the security policy has not been updated to consider LSM per-packet access controls and no rules would allow any network traffic. Also note that additional configuration with netlabelctl8 @@ -2100,7 +2100,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix - nowhere means the destination doesn't exist. + nowhere means the destination does not exist. @@ -2720,7 +2720,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix added to the routing table with a metric of 1024, and a scope of , or , depending on the route's destination and gateway. If the destination is on the local host, e.g., 127.x.x.x, or the same as the link's - own address, the scope will be set to . Otherwise if the gateway is null + own address, the scope will be set to . Otherwise, if the gateway is null (a direct route), a scope will be used. For anything else, scope defaults to . @@ -4177,7 +4177,7 @@ ServerAddress=192.168.0.1/24 Configures the time, used in the Neighbor Unreachability Detection algorithm, for which clients can assume a neighbor is reachable after having received a reachability confirmation. Takes - a time span in the range 0…4294967295 ms. When 0, clients will handle it as if the value wasn't + a time span in the range 0…4294967295 ms. When 0, clients will handle it as if the value was not specified. Defaults to 0. @@ -4667,7 +4667,7 @@ ServerAddress=192.168.0.1/24 indicate to the kernel that the fdb entry is in use. self means the address is associated with the port drivers fdb. Usually hardware. master means the address is associated with master devices fdb. router means - the destination address is associated with a router. Note that it's valid if the referenced + the destination address is associated with a router. Note that it is valid if the referenced device is a VXLAN type device and has route shortcircuit enabled. Defaults to self. @@ -4828,7 +4828,7 @@ ServerAddress=192.168.0.1/24 triggered automatically in case of a bus-off condition after the specified delay time. Subsecond delays can be specified using decimals (e.g. 0.1s) or a ms or us postfix. Using infinity or 0 will turn the - automatic restart off. By default automatic restart is disabled. + automatic restart off. By default, automatic restart is disabled. @@ -6546,7 +6546,7 @@ Bond=bond1 Add the bond1 interface to the VRF master interface vrf1. This will redirect routes generated on this interface to be within the routing table defined during VRF creation. For kernels before 4.8 traffic - won't be redirected towards the VRFs routing table unless specific ip-rules are added. + will not be redirected towards the VRFs routing table unless specific ip-rules are added. # /etc/systemd/network/25-vrf.network [Match] diff --git a/man/systemd.offline-updates.xml b/man/systemd.offline-updates.xml index 0195022a29..1d084a47a4 100644 --- a/man/systemd.offline-updates.xml +++ b/man/systemd.offline-updates.xml @@ -98,7 +98,7 @@ After a reboot, now that the /system-update and - /etc/system-update symlink is gone, the generator won't redirect + /etc/system-update symlink is gone, the generator will not redirect default.target anymore and the system now boots into the default target again. diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index 5ad9793c7a..a2f1bc02ba 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -73,7 +73,7 @@ MemoryAccounting=/TasksAccounting=/IOAccounting= settings. Because of how the cgroup hierarchy works, controllers will be automatically enabled for all parent units and for any sibling units starting with the lowest level at which a controller is enabled. - Units for which a controller is enabled may be subject to resource control even if they don't have any + Units for which a controller is enabled may be subject to resource control even if they do not have any explicit configuration. Setting Delegate= enables any delegated controllers for that unit (see below). @@ -172,7 +172,7 @@ CPUWeight=20 DisableControllers=cpu / \ - + Options @@ -304,7 +304,7 @@ CPUWeight=20 DisableControllers=cpu / \ Restrict processes to be executed on specific CPUs. Takes a list of CPU indices or ranges separated by either whitespace or commas. CPU ranges are specified by the lower and upper CPU indices separated by a dash. - Setting AllowedCPUs= or StartupAllowedCPUs= doesn't guarantee that all + Setting AllowedCPUs= or StartupAllowedCPUs= does not guarantee that all of the CPUs will be used by the processes as it may be limited by parent units. The effective configuration is reported as EffectiveCPUs=. @@ -533,7 +533,7 @@ CPUWeight=20 DisableControllers=cpu / \ or ranges separated by either whitespace or commas. Memory NUMA nodes ranges are specified by the lower and upper NUMA nodes indices separated by a dash. - Setting AllowedMemoryNodes= or StartupAllowedMemoryNodes= doesn't + Setting AllowedMemoryNodes= or StartupAllowedMemoryNodes= does not guarantee that all of the memory NUMA nodes will be used by the processes as it may be limited by parent units. The effective configuration is reported as EffectiveMemoryNodes=. @@ -797,7 +797,7 @@ CPUWeight=20 DisableControllers=cpu / \ The access lists configured with this option are applied to all sockets created by processes of this unit (or in the case of socket units, associated with it). The lists are implicitly combined with any lists configured for any of the parent slice units this unit might be a member - of. By default both access lists are empty. Both ingress and egress traffic is filtered by these + of. By default, both access lists are empty. Both ingress and egress traffic is filtered by these settings. In case of ingress traffic the source IP address is checked against these access lists, in case of egress traffic the destination IP address is checked. The following rules are applied in turn: @@ -998,7 +998,7 @@ SocketBindDeny=any Takes a list of space-separated network interface names. This option restricts the network - interfaces that processes of this unit can use. By default processes can only use the network interfaces + interfaces that processes of this unit can use. By default, processes can only use the network interfaces listed (allow-list). If the first character of the rule is ~, the effect is inverted: the processes can only use network interfaces not listed (deny-list). @@ -1150,7 +1150,7 @@ NFTSet=cgroup:inet:filter:my_service user:inet:filter:serviceuser of this unit (or in the case of socket units, associated with it). The filters are loaded in addition to filters any of the parent slice units this unit might be a member of as well as any IPAddressAllow= and IPAddressDeny= filters in any of these units. - By default there are no filters specified. + By default, there are no filters specified. If these settings are used multiple times in the same unit all the specified programs are attached. If an empty string is assigned to these settings the program list is reset and all previous specified programs ignored. @@ -1429,7 +1429,7 @@ DeviceAllow=/dev/loop-control Not all of these controllers are available on all kernels however, and some are specific to the unified hierarchy while others are specific to the legacy hierarchy. Also note that the kernel - might support further controllers, which aren't covered here yet as delegation is either not + might support further controllers, which are not covered here yet, as delegation is either not supported at all for them or not defined cleanly. Note that because of the hierarchical nature of cgroup hierarchy, any controllers that are @@ -1459,7 +1459,7 @@ DeviceAllow=/dev/loop-control ownership is passed to the unit's configured user/group) when a process is started in it. This option is useful to avoid manually moving the invoked process into a subgroup after it - has been started. Since no processes should live in inner nodes of the control group tree it's + has been started. Since no processes should live in inner nodes of the control group tree it is almost always necessary to run the main ("supervising") process of a unit that has delegation turned on in a subgroup. @@ -1625,7 +1625,7 @@ DeviceAllow=/dev/loop-control disabled otherwise. If set to skip the logic is neither enabled, nor disabled and the two environment variables are not set. - Note that services are free to use the two environment variables, but it's unproblematic if + Note that services are free to use the two environment variables, but it is unproblematic if they ignore them. Memory pressure handling must be implemented individually in each service, and usually means different things for different software. For further details on memory pressure handling see Memory Pressure Handling in @@ -1647,7 +1647,7 @@ DeviceAllow=/dev/loop-control Sets the memory pressure threshold time for memory pressure monitor as configured via MemoryPressureWatch=. Specifies the maximum allocation latency before a memory - pressure event is signalled to the service, per 2s window. If not specified defaults to the + pressure event is signalled to the service, per 2s window. If not specified, defaults to the DefaultMemoryPressureThresholdSec= setting in systemd-system.conf5 (which in turn defaults to 200ms). The specified value expects a time unit such as diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 8c90198e23..061fb5fcd2 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -176,7 +176,7 @@ proceed starting follow-up units, right after creating the main service process, and before executing the service's binary. Note that this means systemctl start command lines for services will report success even if the service's binary - cannot be invoked successfully (for example because the selected User= doesn't + cannot be invoked successfully (for example because the selected User= does not exist, or the service binary is missing). The type is similar to , but the @@ -187,7 +187,7 @@ fork() and execve() in the service process succeeded.) Note that this means systemctl start command lines for services will report failure when the service's binary cannot be invoked successfully (for - example because the selected User= doesn't exist, or the service binary is + example because the selected User= does not exist, or the service binary is missing). This type is implied if credentials are used (refer to LoadCredential= in systemd.exec5 for details). @@ -274,9 +274,9 @@ It is recommended to use Type= for long-running services, as it ensures that process setup errors (e.g. errors such as a missing service - executable, or missing user) are properly tracked. However, as this service type won't propagate + executable, or missing user) are properly tracked. However, as this service type will not propagate the failures in the service's own startup code (as opposed to failures in the preparatory steps the - service manager executes before execve()) and doesn't allow ordering of other + service manager executes before execve()) and does not allow ordering of other units against completion of initialization of the service code itself (which for example is useful if clients need to connect to the service through some form of IPC, and the IPC channel is only established by the service itself — in contrast to doing this ahead of time through socket or bus @@ -286,7 +286,7 @@ precisely schedule when to consider the service started up successfully and when to proceed with follow-up units. The / service types require explicit support in the service codebase (as sd_notify() or an equivalent API - needs to be invoked by the service at the appropriate time) — if it's not supported, then + needs to be invoked by the service at the appropriate time) — if it is not supported, then is an alternative: it supports the traditional heavy-weight UNIX service start-up protocol. Note that using any type other than possibly delays the boot process, as the service manager needs to wait for at least some service initialization to @@ -525,7 +525,7 @@ Note that the commands specified in ExecStop= are only executed when the service started successfully first. They are not invoked if the service was never started at all, or in case its start-up failed, for example because any of the commands specified in ExecStart=, - ExecStartPre= or ExecStartPost= failed (and weren't prefixed with + ExecStartPre= or ExecStartPost= failed (and were not prefixed with -, see above) or timed out. Use ExecStopPost= to invoke commands when a service failed to start up correctly and is shut down again. Also note that the stop operation is always performed if the service started successfully, even if the processes in the service terminated on their @@ -620,7 +620,7 @@ sd_notify3). - Note that the start timeout is also applied to service reloads, regardless if implemented + Note that the start timeout is also applied to service reloads, regardless of whether implemented through ExecReload= or via the reload logic enabled via Type=notify-reload. If the reload does not complete within the configured time, the reload will be considered failed and the service will continue running with the old configuration. This will not affect the running service, @@ -636,7 +636,7 @@ are skipped and the service will be terminated by SIGTERM. If no ExecStop= commands are specified, the service gets the SIGTERM immediately. This default behavior can be changed by the TimeoutStopFailureMode= option. Second, it configures the time - to wait for the service itself to stop. If it doesn't terminate in the specified time, it will be forcibly terminated + to wait for the service itself to stop. If it does not terminate in the specified time, it will be forcibly terminated by SIGKILL (see KillMode= in systemd.kill5). Takes a unit-less value in seconds, or a time span value such @@ -945,7 +945,7 @@ ExecStopPost= is still invoked. OnSuccess= and OnFailure= are skipped. - This option is useful in cases where a dependency can fail temporarily but we don't + This option is useful in cases where a dependency can fail temporarily but we do not want these temporary failures to make the dependent units fail. Dependent units are not notified of these temporary failures. @@ -1309,7 +1309,7 @@ See sd_listen_fds3 for more details on how to retrieve these file descriptors. - This setting is useful to allow services to access files/sockets that they can't access themselves + This setting is useful to allow services to access files/sockets that they cannot access themselves (due to running in a separate mount namespace, not having privileges, ...). This setting can be specified multiple times, in which case all the specified paths are opened and the file descriptors passed to the service. diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index bbcd7f051a..f20c5fc2ef 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -432,7 +432,7 @@ For AF_UNIX socket connections, the $REMOTE_ADDR environment variable will contain either the remote socket's file system path starting with a slash (/) or its address in the abstract namespace starting with an at symbol - (@). If the socket is unnamed, $REMOTE_ADDR won't be set. + (@). If the socket is unnamed, $REMOTE_ADDR will not be set. It is recommended to set CollectMode=inactive-or-failed for service instances activated via Accept=yes, to ensure that failed connection services are @@ -455,7 +455,7 @@ . If yes, the socket's buffers are cleared after the triggered service exited. This causes any pending data to be flushed and any pending incoming connections to be rejected. If no, the - socket's buffers won't be cleared, permitting the service to handle any + socket's buffers will not be cleared, permitting the service to handle any pending connections after restart, which is the usually expected behaviour. Defaults to . @@ -905,7 +905,7 @@ If the polling limit is hit polling is temporarily disabled on it until the specified time window passes. The polling limit hence slows down connection attempts if hit, but unlike the trigger - limit won't cause permanent failures. It's the recommended mechanism to deal with DoS attempts + limit will not cause permanent failures. It's the recommended mechanism to deal with DoS attempts through packet flooding. The polling limit is enforced per file descriptor to listen on, as opposed to the trigger limit diff --git a/man/systemd.special.xml b/man/systemd.special.xml index b344775137..6093761b8f 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -724,7 +724,7 @@ A special target unit that sets up all slice units (see systemd.slice5 - for details) that shall always be active after boot. By default the generic + for details) that shall always be active after boot. By default, the generic system.slice slice unit as well as the root slice unit -.slice are pulled in and ordered before this unit (see below). @@ -1187,7 +1187,7 @@ milestone indicating if and when SSH access into the system is available. It should only become active when an SSH port is bound for remote clients (i.e. if SSH is used as a local privilege escalation mechanism, it should not involve this target unit), regardless of - the protocol choices, i.e. regardless if IPv4, IPv6 or AF_VSOCK is + the protocol choices, i.e. regardless of whether IPv4, IPv6 or AF_VSOCK is used. diff --git a/man/systemd.system-credentials.xml b/man/systemd.system-credentials.xml index b8612aa8a5..aa974837cd 100644 --- a/man/systemd.system-credentials.xml +++ b/man/systemd.system-credentials.xml @@ -81,7 +81,7 @@ login.issue The data of this credential is written to - /etc/issue.d/50-provision.conf, if the file doesn't exist yet. + /etc/issue.d/50-provision.conf, if the file does not exist yet. agetty8 reads this file and shows its contents at the login prompt of terminal logins. See issue5 @@ -98,7 +98,7 @@ login.motd The data of this credential is written to /etc/motd.d/50-provision.conf, - if the file doesn't exist yet. + if the file does not exist yet. pam_motd8 reads this file and shows its contents as "message of the day" during terminal logins. See motd5 @@ -115,7 +115,7 @@ network.hosts The data of this credential is written to /etc/hosts, if the file - doesn't exist yet. See + does not exist yet. See hosts5 for details. @@ -154,7 +154,7 @@ of a credential network.link.50-foobar will be copied into a file 50-foobar.link. - Note that the resulting files are created world-readable, it's hence recommended to not include + Note that the resulting files are created world-readable, it is hence recommended to not include secrets in these credentials, but supply them via separate credentials directly to systemd-networkd.service, e.g. network.wireguard.* as described below. @@ -209,7 +209,7 @@ ssh.authorized_keys.root The data of this credential is written to /root/.ssh/authorized_keys, if - the file doesn't exist yet. This allows provisioning SSH access for the system's root user. + the file does not exist yet. This allows provisioning SSH access for the system's root user. Consumed by /usr/lib/tmpfiles.d/provision.conf, see tmpfiles.d5. diff --git a/man/systemd.target.xml b/man/systemd.target.xml index 37f5857eaa..19dabe4497 100644 --- a/man/systemd.target.xml +++ b/man/systemd.target.xml @@ -113,7 +113,7 @@ Requires=emergency.target systemd-networkd.service After=emergency.target systemd-networkd.service AllowIsolate=yes - When adding dependencies to other units, it's important to check if they set + When adding dependencies to other units, it is important to check if they set DefaultDependencies=. Service units, unless they set DefaultDependencies=no, automatically get a dependency on sysinit.target. In this case, both diff --git a/man/systemd.time.xml b/man/systemd.time.xml index f7cf97625b..820e5e499e 100644 --- a/man/systemd.time.xml +++ b/man/systemd.time.xml @@ -101,7 +101,7 @@ In some cases timestamps are shown in the UTC timezone instead of the local timezone, which is indicated via the UTC timezone specifier in the output. - In some cases timestamps are shown with microsecond granularity. In this case the sub-second remainder is + In some cases timestamps are shown with microsecond granularity. In this case, the sub-second remainder is separated by a full stop from the seconds component. @@ -139,7 +139,7 @@ A timestamp can start with a field containing a weekday, which can be in an abbreviated (Wed) or non-abbreviated (Wednesday) English language form (case does not matter), regardless of the locale. - However, if a weekday is specified and doesn't match the date, the timestamp is rejected. + However, if a weekday is specified and does not match the date, the timestamp is rejected. If the date is omitted, it defaults to today. If the time is omitted, it defaults to 00:00:00. Fractional seconds can be specified down to 1µs precision. The seconds field can also be omitted, defaulting to 0. diff --git a/man/systemd.timer.xml b/man/systemd.timer.xml index 2ea56d687f..f2035a541f 100644 --- a/man/systemd.timer.xml +++ b/man/systemd.timer.xml @@ -198,7 +198,7 @@ it is subject to the AccuracySec= setting below. May be specified more than once, in which case the timer unit will trigger whenever any of the - specified expressions elapse. Moreover calendar timers and monotonic timers (see above) may be + specified expressions elapse. Moreover, calendar timers and monotonic timers (see above) may be combined within the same timer unit. If the empty string is assigned to any of these options, the list of timers is reset (both diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 33ac732ebf..986505e29f 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -208,7 +208,7 @@ section headers. For instantiated units, this logic will first look for the instance .d/ subdirectory (e.g. foo@bar.service.d/) and read its .conf files, followed by the template .d/ subdirectory (e.g. - foo@.service.d/) and the .conf files there. Moreover for unit + foo@.service.d/) and the .conf files there. Moreover, for unit names containing dashes (-), the set of directories generated by repeatedly truncating the unit name after all dashes is searched too. Specifically, for a unit name foo-bar-baz.service not only the regular drop-in directory @@ -533,7 +533,7 @@ It is important to distinguish "linked unit files" from "unit file aliases": any symlink where the symlink target is within the unit load path becomes an alias: the source name and the target file name must satisfy specific constraints listed above in the discussion of aliases, but the - symlink target doesn't have to exist, and in fact the symlink target path is not used, except to check + symlink target does not have to exist, and in fact the symlink target path is not used, except to check whether the target is within the unit load path. In contrast, a symlink which goes outside of the unit load path signifies a linked unit file. The symlink is followed when loading the file, but the destination name is otherwise unused (and may even not be a valid unit file name). For example, symlinks @@ -582,7 +582,7 @@ signals, resource consumption and other statistics are lost, except for what is stored in the log subsystem. Use systemctl daemon-reload or an equivalent command to reload unit configuration while - the unit is already loaded. In this case all configuration settings are flushed out and replaced with the new + the unit is already loaded. In this case, all configuration settings are flushed out and replaced with the new configuration (which however might not be in effect immediately), however all runtime state is saved/restored. @@ -599,7 +599,7 @@ Description= A short human readable title of the unit. This may be used by systemd (and other UIs) as a user-visible label for the unit, so this string - should identify the unit rather than describe it, despite the name. This string also shouldn't just + should identify the unit rather than describe it, despite the name. This string also should not just repeat the unit name. Apache2 Web Server is a good example. Bad examples are high-performance lightweight HTTP server (too generic) or Apache2 (meaningless for people who do not know Apache, duplicates the unit @@ -789,7 +789,7 @@ Note that this setting does not imply an ordering dependency, similarly to the Wants= and Requires= dependencies described above. This means that to ensure that the conflicting unit is stopped before the other unit is started, an - After= or Before= dependency must be declared. It doesn't + After= or Before= dependency must be declared. It does not matter which of the two ordering dependencies is used, because stop jobs are always ordered before start jobs, see the discussion in Before=/After= below. @@ -824,8 +824,8 @@ start-up order is applied. I.e. if a unit is configured with After= on another unit, the former is stopped before the latter if both are shut down. Given two units with any ordering dependency between them, if one unit is shut down and the other is started up, the shutdown - is ordered before the start-up. It doesn't matter if the ordering dependency is - After= or Before=, in this case. It also doesn't matter which + is ordered before the start-up. It does not matter if the ordering dependency is + After= or Before=, in this case. It also does not matter which of the two is shut down, as long as one is shut down and the other is started up; the shutdown is ordered before the start-up in all cases. If two units have no ordering dependencies between them, they are shut down or started up simultaneously, and no ordering takes place. It depends on the unit @@ -1066,7 +1066,7 @@ is not unloaded if it is in the failed state. In mode, failed units are not unloaded until the user invoked systemctl reset-failed on them to reset the failed state, or an equivalent command. This behaviour is altered if this option is set to - : in this case the unit is unloaded even if the unit is in a + : in this case, the unit is unloaded even if the unit is in a failed state, and thus an explicitly resetting of the failed state is not necessary. Note that if this mode is used unit results (such as exit codes, exit signals, consumed resources, …) are flushed out immediately after the unit completed, except for what is stored in the logging @@ -1122,7 +1122,7 @@ Controls the exit status to propagate back to an invoking container manager (in case of a system service) or service manager (in case of a user manager) when the FailureAction=/SuccessAction= are set to or - and the action is triggered. By default the exit status of the main process of the + and the action is triggered. By default, the exit status of the main process of the triggering unit (if this applies) is propagated. Takes a value in the range 0…255 or the empty string to request default behaviour. @@ -1265,7 +1265,7 @@ unit was successfully activated, and the conditions and asserts are executed the precise moment the unit would normally start and thus can validate system state after the units ordered before completed initialization. Use condition expressions for skipping units that do not apply to the local system, for - example because the kernel or runtime environment doesn't require their functionality. + example because the kernel or runtime environment does not require their functionality. If multiple conditions are specified, the unit will be executed if all of them apply (i.e. a @@ -1833,7 +1833,7 @@ for use on the system or whether the legacy v1 cgroup or the modern v2 cgroup hierarchy is used. - Multiple controllers may be passed with a space separating them; in this case the condition + Multiple controllers may be passed with a space separating them; in this case, the condition will only pass if all listed controllers are available for use. Controllers unknown to systemd are ignored. Valid controllers are cpu, io, memory, and pids. Even if available in the kernel, a @@ -2173,7 +2173,7 @@ implicitly along with their reverses and cannot be specified directly. Note: Triggers= is created implicitly between a socket, - path unit, or an automount unit, and the unit they activate. By default a unit + path unit, or an automount unit, and the unit they activate. By default, a unit with the same name is triggered, but this can be overridden using Sockets=, Service=, and Unit= settings. See @@ -2463,7 +2463,7 @@ Note that this setting is not influenced by the Us %y The path to the fragment - This is the path where the main part of the unit file is located. For linked unit files, the real path outside of the unit search directories is used. For units that don't have a fragment file, this specifier will raise an error. + This is the path where the main part of the unit file is located. For linked unit files, the real path outside of the unit search directories is used. For units that do not have a fragment file, this specifier will raise an error. %Y @@ -2657,7 +2657,7 @@ OnFailure=failure-handler@%N.service in the creation of a recursive dependency chain. systemd will try to detect these recursive dependency chains where a template unit directly and recursively depends on itself and will remove such dependencies - automatically if it finds them. If systemd doesn't detect the recursive + automatically if it finds them. If systemd does not detect the recursive dependency chain, we can break the chain ourselves by disabling the drop-in for the template instance units via a symlink to /dev/null: diff --git a/man/systemd.v.xml b/man/systemd.v.xml index a340d1e4b7..cee351448c 100644 --- a/man/systemd.v.xml +++ b/man/systemd.v.xml @@ -143,7 +143,7 @@ /var/lib/machines/mymachine.raw.v/mymachine_7.5.14_x86-64.raw. Explanation: even though mymachine_7.7.0_x86-64+0-5.raw has the newest version, it is not preferred because its tries left counter is zero. And even though mymachine_7.6.0_arm64.raw - has the second newest version it is also not considered, in this case because we operate on an x86_64 + has the second newest version it is also not considered in this case, because we operate on an x86_64 system and the image is intended for arm64 CPUs. Finally, the mymachine_7.5.13.raw image is not considered because it is older than mymachine_7.5.14_x86-64.raw. diff --git a/man/sysupdate.d.xml b/man/sysupdate.d.xml index 5c9a7428ba..f9ad7cb64a 100644 --- a/man/sysupdate.d.xml +++ b/man/sysupdate.d.xml @@ -617,7 +617,7 @@ optional. If the source type is regular-file or directory, the - pattern may contain slash characters. In this case it will match the file or directory in + pattern may contain slash characters. In this case, it will match the file or directory in corresponding subdirectory. For example MatchPattern=foo_@v/bar.efi will match bar.efi in directory foo_1. @@ -713,7 +713,7 @@ naming newly installed versions. If the target type is regular-file or directory, the - pattern may contain slash characters. In this case it will match the file or directory in + pattern may contain slash characters. In this case, it will match the file or directory in corresponding subdirectory. For example MatchPattern=foo_@v/bar.efi will match bar.efi in directory foo_1. Directories in the path will be created when file is installed. Empty directories will be removed when file is removed. diff --git a/man/threads-aware.xml b/man/threads-aware.xml index bb39266626..8492ca398f 100644 --- a/man/threads-aware.xml +++ b/man/threads-aware.xml @@ -7,9 +7,9 @@ <para id="strict">All functions listed here are thread-agnostic and only a single specific thread may operate on a - given object during its entire lifetime. It's safe to allocate multiple independent objects and use each from a - specific thread in parallel. However, it's not safe to allocate such an object in one thread, and operate or free it - from any other, even if locking is used to ensure these threads don't operate on it at the very same time.</para> + given object during its entire lifetime. It is safe to allocate multiple independent objects and use each from a + specific thread in parallel. However, it is not safe to allocate such an object in one thread, and operate or free it + from any other, even if locking is used to ensure these threads do not operate on it at the very same time.</para> <para id="safe">All functions listed here are thread-safe and may be called in parallel from multiple threads.</para> diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 8fb7aca7c6..c29c514b5e 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -512,7 +512,7 @@ r! /tmp/.X[0-9]*-lock</programlisting> an error.</para> <para>For example: - <programlisting># Modify sysfs but don't fail if we are in a container with a read-only /proc + <programlisting># Modify sysfs but do not fail if we are in a container with a read-only /proc w- /proc/sys/vm/swappiness - - - - 10</programlisting></para> <para>If the equals sign (<literal>=</literal>) is used, the file types of existing objects in the specified path @@ -575,7 +575,7 @@ w- /proc/sys/vm/swappiness - - - - 10</programlisting></para> removed unless applied to a directory. This functionality is particularly useful in conjunction with <varname>Z</varname>.</para> - <para>By default the access mode of listed inodes is set to the specified mode regardless if it is + <para>By default, the access mode of listed inodes is set to the specified mode regardless of whether it is created anew, or already existed. Optionally, if prefixed with <literal>:</literal>, the configured access mode is only applied when creating new inodes, and if the inode the line refers to already exists, its access mode is left in place unmodified.</para> @@ -601,7 +601,7 @@ w- /proc/sys/vm/swappiness - - - - 10</programlisting></para> Resolvability of User and Group Names</ulink> for more information on requirements on system user/group definitions.</para> - <para>By default the ownership of listed inodes is set to the specified user/group regardless if it is + <para>By default, the ownership of listed inodes is set to the specified user/group regardless of whether it is created anew, or already existed. Optionally, if prefixed with <literal>:</literal>, the configured user/group information is only applied when creating new inodes, and if the inode the line refers to already exists, its user/group is left in place unmodified.</para> diff --git a/man/tpm2-crypttab.sh b/man/tpm2-crypttab.sh index f22a0b445e..aff0c9b62a 100644 --- a/man/tpm2-crypttab.sh +++ b/man/tpm2-crypttab.sh @@ -8,7 +8,7 @@ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sdXn sudo systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=auto # If that worked, let's now add the same line persistently to /etc/crypttab, -# for the future. We don't want to use the (unstable) /dev/sdX name, so let's +# for the future. We do not want to use the (unstable) /dev/sdX name, so let's # figure out a stable link: udevadm info -q symlink -r /dev/sdXn diff --git a/man/udev.xml b/man/udev.xml index e6c0e23ed4..72e7475852 100644 --- a/man/udev.xml +++ b/man/udev.xml @@ -86,7 +86,7 @@ <varlistentry> <term><literal>!=</literal></term> <listitem> - <para>Compare for inequality. (The specified key doesn't have the specified value, or the + <para>Compare for inequality. (The specified key does not have the specified value, or the specified key is not present at all.) </para> </listitem> diff --git a/man/udevadm.xml b/man/udevadm.xml index ca6fa0353a..8923bc70fe 100644 --- a/man/udevadm.xml +++ b/man/udevadm.xml @@ -581,7 +581,7 @@ <term><option>--include-parents</option></term> <listitem> <para>Trigger parent devices of found devices even if the parents - won't match the filter condition. + will not match the filter condition. This is useful if we are interested to limit the coldplug activities to some devices or subsystems.</para> @@ -1151,7 +1151,7 @@ <title>Format a File System Take a lock on the backing block device while creating a file system, to ensure that - systemd-udevd doesn't probe or announce the new superblock before it is + systemd-udevd does not probe or announce the new superblock before it is comprehensively written: # udevadm lock --device=/dev/sda1 mkfs.ext4 /dev/sda1 @@ -1169,7 +1169,7 @@ Copy in a File System Take a lock on the backing block device while copying in a prepared file system image, to ensure - that systemd-udevd doesn't probe or announce the new superblock before it is fully + that systemd-udevd does not probe or announce the new superblock before it is fully written: # udevadm lock -d /dev/sda1 dd if=fs.raw of=/dev/sda1 diff --git a/man/user@.service.xml b/man/user@.service.xml index e9cbda4833..cc078d2d3c 100644 --- a/man/user@.service.xml +++ b/man/user@.service.xml @@ -173,7 +173,7 @@ After=systemd-user-sessions.service [Slice] TasksMax=33% - The user-UID.slice units by default don't + The user-UID.slice units by default do not have a unit file. The resource limits are set through a drop-in, which can be easily replaced or extended following standard drop-in mechanisms discussed in the first section. diff --git a/man/userdbctl.xml b/man/userdbctl.xml index 268da7ac3d..56d0068e73 100644 --- a/man/userdbctl.xml +++ b/man/userdbctl.xml @@ -55,12 +55,12 @@ - Choose the output mode, takes one of classic, - friendly, table, json. If + Chooses the output mode. Takes one of classic, + friendly, table or json. If classic, an output very close to the format of /etc/passwd or - /etc/group is generated. If friendly a more comprehensive and - user friendly, human readable output is generated; if table a minimal, tabular - output is generated; if json a JSON formatted output is generated. Defaults to + /etc/group is generated. If friendly, a more comprehensive and + user friendly, human readable output is generated. If table, a minimal, tabular + output is generated. If json, a JSON formatted output is generated. Defaults to friendly if a user/group is specified on the command line, table otherwise. @@ -91,7 +91,7 @@ Controls which services to query for users/groups. Takes a list of one or more service names, separated by :. See below for a list of well-known service - names. If not specified all available services are queried at once. + names. If not specified, all available services are queried at once. @@ -100,8 +100,8 @@ Controls whether to include classic glibc/NSS user/group lookups in the output. If - is used any attempts to resolve or enumerate users/groups provided - only via glibc NSS is suppressed. If is specified such users/groups + is used, any attempts to resolve or enumerate users/groups provided + only via glibc NSS is suppressed. If is specified, such users/groups are included in the output (which is the default). @@ -112,9 +112,9 @@ Controls whether to include Varlink user/group lookups in the output, i.e. those done via the User/Group Record Lookup API via - Varlink. If is used any attempts to resolve or enumerate + Varlink. If is used, any attempts to resolve or enumerate users/groups provided only via Varlink are suppressed. If is - specified such users/groups are included in the output (which is the default). + specified, such users/groups are included in the output (which is the default). @@ -125,8 +125,8 @@ Controls whether to include user/group lookups in the output that are defined using drop-in files in /etc/userdb/, /run/userdb/, /run/host/userdb/, /usr/lib/userdb/. If - is used these records are suppressed. If - is specified such users/groups are included in the output (which + is used, these records are suppressed. If + is specified, such users/groups are included in the output (which is the default). @@ -136,9 +136,9 @@ Controls whether to synthesize records for the root and nobody users/groups if they - aren't defined otherwise. By default (or yes) such records are implicitly + are not defined otherwise. By default (or with yes), such records are implicitly synthesized if otherwise missing since they have special significance to the OS. When - no this synthesizing is turned off. + no, this synthesizing is turned off. @@ -216,11 +216,11 @@ When used with the user or group command, - filters the output by UID/GID ranges. Takes numeric minimum resp. maximum UID/GID values. Shows only - records within the specified range. When applied to the user command matches - against UIDs, when applied to the group command against GIDs (despite the name of - the switch). If unspecified defaults to 0 (for the minimum) and 4294967294 (for the maximum), i.e. by - default no filtering is applied as the whole UID/GID range is covered. + filters the output by UID/GID ranges. Takes numeric minimum or maximum UID/GID values, respectively. Shows only + records within the specified range. When applied to the user command, it matches + against UIDs. When applied to the group command, matches against GIDs (despite the name of + the switch). If unspecified, defaults to 0 (for the minimum) and 4294967294 (for the maximum), i.e. by + default, no filtering is applied, as the whole UID/GID range is covered. @@ -270,7 +270,7 @@ group GROUP List all known group records or show details of one or more specified group - records. Use to tweak output mode. + records. Use to tweak the output mode. @@ -278,8 +278,8 @@ users-in-group GROUP - List users that are members of the specified groups. If no groups are specified list - all user/group memberships defined. Use to tweak output + List users that are members of the specified groups. If no groups are specified, list + all user/group memberships defined. Use to tweak the output mode. @@ -288,9 +288,9 @@ groups-of-user USER - List groups that the specified users are members of. If no users are specified list - all user/group memberships defined (in this case groups-of-user and - users-in-group are equivalent). Use to tweak output + Lists groups that the specified users are members of. If no users are specified, lists + all user/group memberships defined (in this case, groups-of-user and + users-in-group are equivalent). Use to tweak the output mode. @@ -364,7 +364,7 @@ This service is provided by systemd-userdbd.service8 and multiplexes user/group look-ups to all other running lookup services. This is the primary entry point - for user/group record clients, as it simplifies client side implementation substantially since they + for user/group record clients, as it simplifies client side implementation substantially, since they can ask a single service for lookups instead of asking all running services in parallel. userdbctl uses this service preferably, too, unless or are used, in which case finer control over the services to talk to is @@ -406,7 +406,7 @@ Note that userdbctl has internal support for NSS-based lookups too. This means that if neither io.systemd.Multiplexer nor - io.systemd.NameServiceSwitch are running look-ups into the basic user/group + io.systemd.NameServiceSwitch are running, look-ups into the basic user/group databases will still work. @@ -414,7 +414,7 @@ Integration with SSH The userdbctl tool may be used to make the list of SSH authorized keys possibly - contained in a user record available to the SSH daemon for authentication. For that configure the + contained in a user record available to the SSH daemon for authentication. For that, configure the following in sshd_config5: @@ -423,10 +423,10 @@ AuthorizedKeysCommand /usr/bin/userdbctl ssh-authorized-keys %u AuthorizedKeysCommandUser root … - Sometimes it's useful to allow chain invocation of another program to list SSH authorized keys. By - using the such a tool may be chain executed by userdbctl - ssh-authorized-keys once a lookup completes (regardless if an SSH key was found or - not). Example: + Sometimes, it is useful to allow chain invocation of another program to list SSH authorized keys. By + using the option, such a tool may be chain executed by userdbctl + ssh-authorized-keys once a lookup completes, regardless of whether an SSH key was found or + not. Example: … AuthorizedKeysCommand /usr/bin/userdbctl ssh-authorized-keys %u --chain /usr/bin/othertool %u @@ -440,7 +440,7 @@ AuthorizedKeysCommandUser root Exit status - On success, 0 is returned, a non-zero failure code otherwise. + On success, 0 is returned, and a non-zero failure code otherwise. diff --git a/man/varlinkctl.xml b/man/varlinkctl.xml index 1e0562682f..41d911c511 100644 --- a/man/varlinkctl.xml +++ b/man/varlinkctl.xml @@ -80,25 +80,25 @@ A Varlink service reference starting with the unix: string, followed by an absolute AF_UNIX socket path, or by @ and an arbitrary - string (the latter for referencing sockets in the abstract namespace). In this case a stream socket + string (the latter for referencing sockets in the abstract namespace). In this case, a stream socket connection is made to the specified socket. A Varlink service reference starting with the exec: string, followed - by an absolute path of a binary to execute. In this case the specified process is forked off locally, + by an absolute path of a binary to execute. In this case, the specified process is forked off locally, with a connected stream socket passed in. A Varlink service reference starting with the ssh-unix: string, followed by an SSH host specification, followed by :, followed by an absolute AF_UNIX socket path. (This requires OpenSSH 9.4 or newer on the server side, - abstract namespace sockets are not supported.) + and abstract namespace sockets are not supported.) A Varlink service reference starting with the ssh-exec: string, followed by an SSH host specification, followed by :, followed by a command line. In - this case the command is invoked and the Varlink protocol is spoken on the standard input and output of + this case, the command is invoked and the Varlink protocol is spoken on the standard input and output of the invoked command. - For convenience these two simpler (redundant) service address syntaxes are also supported: + For convenience, these two simpler (redundant) service address syntaxes are also supported: A file system path to an AF_UNIX socket, either absolute @@ -106,7 +106,7 @@ ./). A file system path to an executable, either absolute or relative (as above, must begin - with /, resp. ./). + with / or ./, respectively). @@ -119,7 +119,7 @@ info ADDRESS - Show brief information about the specified service, including vendor name and list of + Shows brief information about the specified service, including vendor name and list of implemented interfaces. Expects a service address in one of the formats described above. @@ -128,7 +128,7 @@ list-interfaces ADDRESS - Show list of interfaces implemented by the specified service. Expects a service + Shows a list of interfaces implemented by the specified service. Expects a service address in one of the formats described above. @@ -137,7 +137,7 @@ list-methods ADDRESS [INTERFACE…] - Show list of methods implemented by the specified service. Expects a service address + Shows a list of methods implemented by the specified service. Expects a service address in one of the formats described above as well as one or more interface names. If no interface name is specified, lists all methods of all interfaces implemented by the service, otherwise just the methods in the specified interfaces. @@ -148,7 +148,7 @@ introspect ADDRESS [INTERFACE…] - Show the interface definitions of the specified interfaces provided by the specified + Shows the interface definitions of the specified interfaces provided by the specified service. Expects a service address in one of the formats described above and optionally one or more Varlink interface names. If no interface names are specified, shows all provided interfaces by the service. @@ -159,12 +159,12 @@ call ADDRESS METHOD [ARGUMENTS] - Call the specified method of the specified service. Expects a service address in the + Calls the specified method of the specified service. Expects a service address in the format described above, a fully qualified Varlink method name, and a JSON arguments object. If the arguments object is not specified, it is read from STDIN instead. To pass an empty list of parameters, specify the empty object {}. - The reply parameters are written as JSON object to STDOUT. + The reply parameters are written as JSON objects to STDOUT. @@ -174,7 +174,7 @@ Reads a Varlink interface definition file, parses and validates it, then outputs it with syntax highlighting. This checks for syntax and internal consistency of the interface. Expects a - file name to read the interface definition from. If omitted reads the interface definition from + file name to read the interface definition from. If omitted, reads the interface definition from STDIN. @@ -183,7 +183,7 @@ help - Show command syntax help. + Shows command syntax help. @@ -200,20 +200,20 @@ When used with call: expect multiple method replies. If this flag - is set the method call is sent with the more flag set, which tells the service + is set, the method call is sent with the more flag set, which tells the service to generate multiple replies, if needed. The command remains running until the service sends a reply message that indicates it is the last in the series (or if the configured timeout is reached, see below). This flag should be set only for method calls that support this mechanism. - If this mode is enabled output is automatically switched to JSON-SEQ mode, so that individual + If this mode is enabled, output is automatically switched to JSON-SEQ mode, so that individual reply objects can be easily discerned. - This switch has no effect on the method call timeout applied by default: regardless if - is specified or not, the default timeout will be 45s. Use + This switch has no effect on the method call timeout applied by default. Regardless of + whether is specified or not, the default timeout will be 45s. Use (see below) to change or disable the timeout. When invoking a method - call that continuously returns updates it is typically desirable to disable the timeout with + call that continuously returns updates, it is typically desirable to disable the timeout with . On the other hand, when invoking a - method call for the purpose of enumerating objects (which likely will complete quickly) it is + method call for the purpose of enumerating objects (which likely will complete quickly), it is typically beneficial to leave the timeout logic enabled, for robustness reasons. @@ -231,8 +231,8 @@ - This is similar to but collects all responses in a JSON - array, and prints it, rather than in JSON_SEQ mode. + This is similar to , but collects all responses in a JSON + array, and prints it, rather than in JSON-SEQ mode. @@ -241,7 +241,7 @@ When used with call: do not expect a method reply. If this flag - is set the method call is sent with the oneway flag set (the command exits + is set, the method call is sent with the oneway flag set (the command exits immediately after), which tells the service not to generate a reply. @@ -251,9 +251,9 @@ - Selects the JSON output formatting, one of pretty (for nicely indented, - colorized output) or short (for terse output with minimal whitespace and no - newlines), defaults to short. + Selects the JSON output formatting, either pretty for nicely indented, + colorized output, or short for terse output with minimal whitespace and no + newlines. Defaults to short. @@ -263,8 +263,8 @@ - Equivalent to when invoked interactively from a terminal. Otherwise - equivalent to , in particular when the output is piped to some other + Equivalent to when invoked interactively from a terminal. Otherwise, + it is equivalent to , in particular when the output is piped to some other program. @@ -286,9 +286,9 @@ - Takes a qualified Varlink error name (i.e. an interface name, suffixed by an error name, - separated by a dot; e.g. org.varlink.service.InvalidParameter). Ensures that if - a method call fails with the specified error this will be treated as success, i.e. will cause the + Takes a qualified Varlink error name, i.e. an interface name, suffixed by an error name, + separated by a dot, e.g. org.varlink.service.InvalidParameter. Ensures that, if + a method call fails with the specified error, this will be treated as success, i.e. will cause the varlinkctl invocation to exit with a zero exit status. This option may be used more than once in order to treat multiple different errors as successes. @@ -300,8 +300,8 @@ - Expects a timeout in seconds as parameter. By default a timeout of 45s is enforced. To turn - off the timeout specify infinity or an empty string. + Expects a timeout in seconds as parameter. By default, a timeout of 45s is enforced. To turn + off the timeout, specify infinity or an empty string. diff --git a/man/veritytab.xml b/man/veritytab.xml index 19b26e9b37..7d17e80b0b 100644 --- a/man/veritytab.xml +++ b/man/veritytab.xml @@ -187,7 +187,7 @@ This is based on crypttab(5). Use forward error correction (FEC) to recover from corruption if hash verification fails. Use encoding data from the specified device. The fec device argument can be block device or file image. - If fec device path doesn't exist, it will be created as file. Note: block sizes for data and hash devices must + If fec device path does not exist, it will be created as file. Note: block sizes for data and hash devices must match. Also, if the verity data_device is encrypted the fec_device should be too. @@ -279,10 +279,10 @@ This is based on crypttab(5). systemd.mount5 units marked with . - Although it's not necessary to mark the mount entry for the root file system with + Although it is not necessary to mark the mount entry for the root file system with , is still recommended with the verity protected block device containing the root file system as otherwise systemd - will attempt to detach the device during the regular system shutdown while it's still in + will attempt to detach the device during the regular system shutdown while it is still in use. With this option the device will still be detached but later after the root file system is unmounted. diff --git a/man/yubikey-crypttab.sh b/man/yubikey-crypttab.sh index 00de2702e3..291ec42e32 100644 --- a/man/yubikey-crypttab.sh +++ b/man/yubikey-crypttab.sh @@ -12,7 +12,7 @@ ykman piv generate-key -a RSA2048 9d pubkey.pem # the token with. ykman piv generate-certificate --subject "Knobelei" 9d pubkey.pem -# We don't need the public key anymore, let's remove it. Since it is not +# We do not need the public key anymore, let's remove it. Since it is not # security sensitive we just do a regular "rm" here. rm pubkey.pem @@ -24,7 +24,7 @@ sudo systemd-cryptenroll --pkcs11-token-uri=auto /dev/sdXn sudo systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=auto # If that worked, let's now add the same line persistently to /etc/crypttab, -# for the future. We don't want to use the (unstable) /dev/sdX name, so let's +# for the future. We do not want to use the (unstable) /dev/sdX name, so let's # figure out a stable link: udevadm info -q symlink -r /dev/sdXn