/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 04:24:39 UTC
  • mto: This revision was merged to the branch mainline in revision 410.
  • Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis
Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY CONFNAME "mandos.conf">
6
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
7
 
<!ENTITY TIMESTAMP "2008-09-04">
 
6
<!ENTITY TIMESTAMP "2023-04-30">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
8
9
]>
9
10
 
10
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
13
    <title>Mandos Manual</title>
13
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
15
    <productname>Mandos</productname>
15
 
    <productnumber>&VERSION;</productnumber>
 
16
    <productnumber>&version;</productnumber>
16
17
    <date>&TIMESTAMP;</date>
17
18
    <authorgroup>
18
19
      <author>
19
20
        <firstname>Björn</firstname>
20
21
        <surname>Påhlsson</surname>
21
22
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
23
          <email>belorn@recompile.se</email>
23
24
        </address>
24
25
      </author>
25
26
      <author>
26
27
        <firstname>Teddy</firstname>
27
28
        <surname>Hogeborn</surname>
28
29
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
30
          <email>teddy@recompile.se</email>
30
31
        </address>
31
32
      </author>
32
33
    </authorgroup>
33
34
    <copyright>
34
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2010</year>
 
38
      <year>2011</year>
 
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
 
44
      <year>2017</year>
 
45
      <year>2018</year>
 
46
      <year>2019</year>
35
47
      <holder>Teddy Hogeborn</holder>
36
48
      <holder>Björn Påhlsson</holder>
37
49
    </copyright>
38
50
    <xi:include href="legalnotice.xml"/>
39
51
  </refentryinfo>
40
 
 
 
52
  
41
53
  <refmeta>
42
54
    <refentrytitle>&CONFNAME;</refentrytitle>
43
55
    <manvolnum>5</manvolnum>
49
61
      Configuration file for the Mandos server
50
62
    </refpurpose>
51
63
  </refnamediv>
52
 
 
 
64
  
53
65
  <refsynopsisdiv>
54
66
    <synopsis>&CONFPATH;</synopsis>
55
67
  </refsynopsisdiv>
56
 
 
 
68
  
57
69
  <refsect1 id="description">
58
70
    <title>DESCRIPTION</title>
59
71
    <para>
60
 
      The file &CONFPATH; is a simple configuration file for
 
72
      The file &CONFPATH; is a configuration file for
61
73
      <citerefentry><refentrytitle>mandos</refentrytitle>
62
74
      <manvolnum>8</manvolnum></citerefentry>, and is read by it at
63
75
      startup.  The configuration file starts with <quote><literal
71
83
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
72
84
      to provide comments.
73
85
    </para>
74
 
 
 
86
    
75
87
  </refsect1>
76
88
  <refsect1>
77
89
    <title>OPTIONS</title>
84
96
          <xi:include href="mandos-options.xml" xpointer="interface"/>
85
97
        </listitem>
86
98
      </varlistentry>
87
 
 
 
99
      
88
100
      <varlistentry>
89
101
        <term><option>address<literal> = </literal><replaceable
90
102
          >ADDRESS</replaceable></option></term>
92
104
          <xi:include href="mandos-options.xml" xpointer="address"/>
93
105
        </listitem>
94
106
      </varlistentry>
95
 
 
 
107
      
96
108
      <varlistentry>
97
109
        <term><option>port<literal> = </literal><replaceable
98
110
        >NUMBER</replaceable></option></term>
100
112
          <xi:include href="mandos-options.xml" xpointer="port"/>
101
113
        </listitem>
102
114
      </varlistentry>
103
 
 
 
115
      
104
116
      <varlistentry>
105
117
        <term><option>debug<literal> = </literal>{ <literal
106
118
          >1</literal> | <literal>yes</literal> | <literal
111
123
          <xi:include href="mandos-options.xml" xpointer="debug"/>
112
124
        </listitem>
113
125
      </varlistentry>
114
 
 
 
126
      
115
127
      <varlistentry>
116
128
        <term><option>priority<literal> = </literal><replaceable
117
129
        >STRING</replaceable></option></term>
119
131
          <xi:include href="mandos-options.xml" xpointer="priority"/>
120
132
        </listitem>
121
133
      </varlistentry>
122
 
 
 
134
      
123
135
      <varlistentry>
124
136
        <term><option>servicename<literal> = </literal
125
137
        ><replaceable>NAME</replaceable></option></term>
129
141
        </listitem>
130
142
      </varlistentry>
131
143
      
 
144
      <varlistentry>
 
145
        <term><option>use_dbus<literal> = </literal>{ <literal
 
146
          >1</literal> | <literal>yes</literal> | <literal
 
147
          >true</literal> | <literal>on</literal> | <literal
 
148
          >0</literal> | <literal>no</literal> | <literal
 
149
          >false</literal> | <literal>off</literal> }</option></term>
 
150
        <listitem>
 
151
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
152
        </listitem>
 
153
      </varlistentry>
 
154
      
 
155
      <varlistentry>
 
156
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
157
          >1</literal> | <literal>yes</literal> | <literal
 
158
          >true</literal> | <literal>on</literal> | <literal
 
159
          >0</literal> | <literal>no</literal> | <literal
 
160
          >false</literal> | <literal>off</literal> }</option></term>
 
161
        <listitem>
 
162
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
163
        </listitem>
 
164
      </varlistentry>
 
165
      
 
166
      <varlistentry>
 
167
        <term><option>restore<literal> = </literal>{ <literal
 
168
          >1</literal> | <literal>yes</literal> | <literal
 
169
          >true</literal> | <literal>on</literal> | <literal
 
170
          >0</literal> | <literal>no</literal> | <literal
 
171
          >false</literal> | <literal>off</literal> }</option></term>
 
172
        <listitem>
 
173
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
174
        </listitem>
 
175
      </varlistentry>
 
176
      
 
177
      <varlistentry>
 
178
        <term><option>statedir<literal> = </literal><replaceable
 
179
        >DIRECTORY</replaceable></option></term>
 
180
        <listitem>
 
181
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
182
        </listitem>
 
183
      </varlistentry>
 
184
      
 
185
      <varlistentry>
 
186
        <term><option>socket<literal> = </literal><replaceable
 
187
        >NUMBER</replaceable></option></term>
 
188
        <listitem>
 
189
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
190
        </listitem>
 
191
      </varlistentry>
 
192
      
132
193
    </variablelist>
133
194
  </refsect1>
134
195
  
146
207
      built-in module <systemitem class="library">ConfigParser</systemitem>
147
208
      requires it.
148
209
    </para>
 
210
    <xi:include href="bugs.xml"/>
149
211
  </refsect1>
150
212
  
151
213
  <refsect1 id="example">
165
227
      <programlisting>
166
228
[DEFAULT]
167
229
# A configuration example
168
 
interface = eth0
169
 
address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672
 
230
interface = enp1s0
 
231
address = fe80::aede:48ff:fe71:f6f2
170
232
port = 1025
171
 
debug = true
172
 
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
 
233
debug = True
 
234
priority = SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA
173
235
servicename = Daena
 
236
use_dbus = False
 
237
use_ipv6 = True
 
238
restore = True
 
239
statedir = /var/lib/mandos
174
240
      </programlisting>
175
241
    </informalexample>
176
242
  </refsect1>
178
244
  <refsect1 id="see_also">
179
245
    <title>SEE ALSO</title>
180
246
    <para>
 
247
      <citerefentry><refentrytitle>intro</refentrytitle>
 
248
      <manvolnum>8mandos</manvolnum></citerefentry>,
181
249
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
182
250
      ><manvolnum>3</manvolnum></citerefentry>,
183
251
      <citerefentry><refentrytitle>mandos</refentrytitle>
185
253
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
186
254
      <manvolnum>5</manvolnum></citerefentry>
187
255
    </para>
188
 
 
 
256
    
189
257
    <variablelist>
190
258
      <varlistentry>
191
259
        <term>
211
279
              <para>
212
280
                The clients use IPv6 link-local addresses, which are
213
281
                immediately usable since a link-local addresses is
214
 
                automatically assigned to a network interfaces when it
 
282
                automatically assigned to a network interface when it
215
283
                is brought up.
216
284
              </para>
217
285
            </listitem>