/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

  • Committer: Teddy Hogeborn
  • Date: 2017-08-20 14:14:14 UTC
  • Revision ID: teddy@recompile.se-20170820141414-m034xuebg7ccaeui
Add some more restrictions to the systemd service file.

* mandos.service ([Service]/ProtectKernelTunables): New; set to "yes".
  ([Service]/ProtectControlGroups): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-ctl">
5
 
<!ENTITY TIMESTAMP "2019-03-09">
 
5
<!ENTITY TIMESTAMP "2017-02-23">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
39
39
      <year>2015</year>
40
40
      <year>2016</year>
41
41
      <year>2017</year>
42
 
      <year>2018</year>
43
 
      <year>2019</year>
44
42
      <holder>Teddy Hogeborn</holder>
45
43
      <holder>Björn Påhlsson</holder>
46
44
    </copyright>
62
60
  <refsynopsisdiv>
63
61
    <cmdsynopsis>
64
62
      <command>&COMMANDNAME;</command>
65
 
      <group>
66
 
          <arg choice="plain"><option>--verbose</option></arg>
67
 
          <arg choice="plain"><option>-v</option></arg>
68
 
          <sbr/>
69
 
          <arg choice="plain"><option>--dump-json</option></arg>
70
 
          <arg choice="plain"><option>-j</option></arg>
71
 
      </group>
72
 
      <arg><option>--debug</option></arg>
73
 
      <group>
74
 
        <arg rep='repeat' choice='plain'>
75
 
          <replaceable>CLIENT</replaceable>
76
 
        </arg>
77
 
      </group>
78
 
    </cmdsynopsis>
79
 
    <cmdsynopsis>
80
 
      <command>&COMMANDNAME;</command>
81
63
      <group choice="req">
82
64
        <group>
83
65
          <arg choice="plain"><option>--enable</option></arg>
94
76
        <sbr/>
95
77
        <group>
96
78
          <arg choice="plain"><option>--start-checker</option></arg>
 
79
        </group>
 
80
        <sbr/>
 
81
        <group>
97
82
          <arg choice="plain"><option>--stop-checker</option></arg>
98
83
        </group>
99
84
        <sbr/>
100
85
        <group>
 
86
          <arg choice="plain"><option>--remove</option></arg>
 
87
          <arg choice="plain"><option>-r</option></arg>
 
88
        </group>
 
89
        <sbr/>
 
90
        <group>
101
91
          <arg choice="plain"><option>--checker
102
92
          <replaceable>COMMAND</replaceable></option></arg>
103
93
          <arg choice="plain"><option>-c
141
131
        </group>
142
132
        <sbr/>
143
133
        <group>
 
134
          <arg choice="plain"><option>--interval
 
135
          <replaceable>TIME</replaceable></option></arg>
 
136
          <arg choice="plain"><option>-i
 
137
          <replaceable>TIME</replaceable></option></arg>
 
138
        </group>
 
139
        <sbr/>
 
140
        <group>
144
141
          <arg choice="plain"><option>--host
145
142
          <replaceable>STRING</replaceable></option></arg>
146
143
          <arg choice="plain"><option>-H
163
160
        </group>
164
161
      </group>
165
162
      <sbr/>
166
 
      <arg><option>--debug</option></arg>
167
163
      <group choice="req">
168
164
        <arg choice="plain"><option>--all</option></arg>
169
165
        <arg choice="plain"><option>-a</option></arg>
175
171
    <cmdsynopsis>
176
172
      <command>&COMMANDNAME;</command>
177
173
      <group>
178
 
        <arg choice="plain"><option>--deny</option></arg>
179
 
        <arg choice="plain"><option>-D</option></arg>
180
 
      </group>
181
 
      <group choice="req">
182
 
          <arg choice="plain"><option>--remove</option></arg>
183
 
          <arg choice="plain"><option>-r</option></arg>
184
 
      </group>
185
 
      <sbr/>
186
 
      <arg><option>--debug</option></arg>
187
 
      <group choice="req">
188
 
        <arg choice="plain"><option>--all</option></arg>
189
 
        <arg choice="plain"><option>-a</option></arg>
 
174
          <arg choice="plain"><option>--verbose</option></arg>
 
175
          <arg choice="plain"><option>-v</option></arg>
 
176
          <sbr/>
 
177
          <arg choice="plain"><option>--dump-json</option></arg>
 
178
          <arg choice="plain"><option>-j</option></arg>
 
179
      </group>
 
180
      <group>
190
181
        <arg rep='repeat' choice='plain'>
191
182
          <replaceable>CLIENT</replaceable>
192
183
        </arg>
198
189
        <arg choice="plain"><option>--is-enabled</option></arg>
199
190
        <arg choice="plain"><option>-V</option></arg>
200
191
      </group>
201
 
      <arg><option>--debug</option></arg>
202
192
      <arg choice='plain'><replaceable>CLIENT</replaceable></arg>
203
193
    </cmdsynopsis>
204
194
    <cmdsynopsis>
512
502
      </varlistentry>
513
503
      
514
504
      <varlistentry>
515
 
        <term><option>--debug</option></term>
516
 
        <listitem>
517
 
          <para>
518
 
            Show debug output; currently, this means show D-Bus calls.
519
 
          </para>
520
 
        </listitem>
521
 
      </varlistentry>
522
 
      
523
 
      <varlistentry>
524
505
        <term><option>--check</option></term>
525
506
        <listitem>
526
507
          <para>
598
579
      <para>
599
580
 
600
581
<!-- do not wrap this line -->
601
 
<userinput>&COMMANDNAME; --timeout="PT5M" --interval="PT1M" foo1.example.org foo2.example.org</userinput>
 
582
<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>
602
583
 
603
584
      </para>
604
585
    </informalexample>