/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 04:24:39 UTC
  • Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis
Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?xml version='1.0' encoding='UTF-8'?>
 
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY CONFNAME "mandos.conf">
6
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
7
 
<!ENTITY TIMESTAMP "2008-08-30">
 
6
<!ENTITY TIMESTAMP "2023-04-30">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
8
9
]>
9
10
 
10
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
13
    <title>Mandos Manual</title>
13
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
15
    <productname>Mandos</productname>
15
 
    <productnumber>&VERSION;</productnumber>
 
16
    <productnumber>&version;</productnumber>
16
17
    <date>&TIMESTAMP;</date>
17
18
    <authorgroup>
18
19
      <author>
19
20
        <firstname>Björn</firstname>
20
21
        <surname>Påhlsson</surname>
21
22
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
23
          <email>belorn@recompile.se</email>
23
24
        </address>
24
25
      </author>
25
26
      <author>
26
27
        <firstname>Teddy</firstname>
27
28
        <surname>Hogeborn</surname>
28
29
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
30
          <email>teddy@recompile.se</email>
30
31
        </address>
31
32
      </author>
32
33
    </authorgroup>
33
34
    <copyright>
34
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2010</year>
 
38
      <year>2011</year>
 
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
 
44
      <year>2017</year>
 
45
      <year>2018</year>
 
46
      <year>2019</year>
35
47
      <holder>Teddy Hogeborn</holder>
36
48
      <holder>Björn Påhlsson</holder>
37
49
    </copyright>
38
 
    <legalnotice>
39
 
      <para>
40
 
        This manual page is free software: you can redistribute it
41
 
        and/or modify it under the terms of the GNU General Public
42
 
        License as published by the Free Software Foundation,
43
 
        either version 3 of the License, or (at your option) any
44
 
        later version.
45
 
      </para>
46
 
 
47
 
      <para>
48
 
        This manual page is distributed in the hope that it will
49
 
        be useful, but WITHOUT ANY WARRANTY; without even the
50
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
51
 
        PARTICULAR PURPOSE.  See the GNU General Public License
52
 
        for more details.
53
 
      </para>
54
 
 
55
 
      <para>
56
 
        You should have received a copy of the GNU General Public
57
 
        License along with this program; If not, see
58
 
        <ulink url="http://www.gnu.org/licenses/"/>.
59
 
      </para>
60
 
    </legalnotice>
 
50
    <xi:include href="legalnotice.xml"/>
61
51
  </refentryinfo>
62
 
 
 
52
  
63
53
  <refmeta>
64
54
    <refentrytitle>&CONFNAME;</refentrytitle>
65
55
    <manvolnum>5</manvolnum>
71
61
      Configuration file for the Mandos server
72
62
    </refpurpose>
73
63
  </refnamediv>
74
 
 
 
64
  
75
65
  <refsynopsisdiv>
76
66
    <synopsis>&CONFPATH;</synopsis>
77
67
  </refsynopsisdiv>
78
 
 
 
68
  
79
69
  <refsect1 id="description">
80
70
    <title>DESCRIPTION</title>
81
71
    <para>
82
 
      The file &CONFPATH; is a simple configuration file for
 
72
      The file &CONFPATH; is a configuration file for
83
73
      <citerefentry><refentrytitle>mandos</refentrytitle>
84
74
      <manvolnum>8</manvolnum></citerefentry>, and is read by it at
85
75
      startup.  The configuration file starts with <quote><literal
93
83
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
94
84
      to provide comments.
95
85
    </para>
96
 
 
 
86
    
97
87
  </refsect1>
98
88
  <refsect1>
99
89
    <title>OPTIONS</title>
106
96
          <xi:include href="mandos-options.xml" xpointer="interface"/>
107
97
        </listitem>
108
98
      </varlistentry>
109
 
 
 
99
      
110
100
      <varlistentry>
111
101
        <term><option>address<literal> = </literal><replaceable
112
102
          >ADDRESS</replaceable></option></term>
114
104
          <xi:include href="mandos-options.xml" xpointer="address"/>
115
105
        </listitem>
116
106
      </varlistentry>
117
 
 
 
107
      
118
108
      <varlistentry>
119
109
        <term><option>port<literal> = </literal><replaceable
120
110
        >NUMBER</replaceable></option></term>
122
112
          <xi:include href="mandos-options.xml" xpointer="port"/>
123
113
        </listitem>
124
114
      </varlistentry>
125
 
 
 
115
      
126
116
      <varlistentry>
127
117
        <term><option>debug<literal> = </literal>{ <literal
128
118
          >1</literal> | <literal>yes</literal> | <literal
133
123
          <xi:include href="mandos-options.xml" xpointer="debug"/>
134
124
        </listitem>
135
125
      </varlistentry>
136
 
 
 
126
      
137
127
      <varlistentry>
138
128
        <term><option>priority<literal> = </literal><replaceable
139
129
        >STRING</replaceable></option></term>
141
131
          <xi:include href="mandos-options.xml" xpointer="priority"/>
142
132
        </listitem>
143
133
      </varlistentry>
144
 
 
 
134
      
145
135
      <varlistentry>
146
136
        <term><option>servicename<literal> = </literal
147
137
        ><replaceable>NAME</replaceable></option></term>
151
141
        </listitem>
152
142
      </varlistentry>
153
143
      
 
144
      <varlistentry>
 
145
        <term><option>use_dbus<literal> = </literal>{ <literal
 
146
          >1</literal> | <literal>yes</literal> | <literal
 
147
          >true</literal> | <literal>on</literal> | <literal
 
148
          >0</literal> | <literal>no</literal> | <literal
 
149
          >false</literal> | <literal>off</literal> }</option></term>
 
150
        <listitem>
 
151
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
152
        </listitem>
 
153
      </varlistentry>
 
154
      
 
155
      <varlistentry>
 
156
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
157
          >1</literal> | <literal>yes</literal> | <literal
 
158
          >true</literal> | <literal>on</literal> | <literal
 
159
          >0</literal> | <literal>no</literal> | <literal
 
160
          >false</literal> | <literal>off</literal> }</option></term>
 
161
        <listitem>
 
162
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
163
        </listitem>
 
164
      </varlistentry>
 
165
      
 
166
      <varlistentry>
 
167
        <term><option>restore<literal> = </literal>{ <literal
 
168
          >1</literal> | <literal>yes</literal> | <literal
 
169
          >true</literal> | <literal>on</literal> | <literal
 
170
          >0</literal> | <literal>no</literal> | <literal
 
171
          >false</literal> | <literal>off</literal> }</option></term>
 
172
        <listitem>
 
173
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
174
        </listitem>
 
175
      </varlistentry>
 
176
      
 
177
      <varlistentry>
 
178
        <term><option>statedir<literal> = </literal><replaceable
 
179
        >DIRECTORY</replaceable></option></term>
 
180
        <listitem>
 
181
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
182
        </listitem>
 
183
      </varlistentry>
 
184
      
 
185
      <varlistentry>
 
186
        <term><option>socket<literal> = </literal><replaceable
 
187
        >NUMBER</replaceable></option></term>
 
188
        <listitem>
 
189
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
190
        </listitem>
 
191
      </varlistentry>
 
192
      
154
193
    </variablelist>
155
194
  </refsect1>
156
195
  
166
205
    <para>
167
206
      The <literal>[DEFAULT]</literal> is necessary because the Python
168
207
      built-in module <systemitem class="library">ConfigParser</systemitem>
169
 
      requres it.
 
208
      requires it.
170
209
    </para>
 
210
    <xi:include href="bugs.xml"/>
171
211
  </refsect1>
172
212
  
173
213
  <refsect1 id="example">
187
227
      <programlisting>
188
228
[DEFAULT]
189
229
# A configuration example
190
 
interface = eth0
191
 
address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672
 
230
interface = enp1s0
 
231
address = fe80::aede:48ff:fe71:f6f2
192
232
port = 1025
193
 
debug = true
194
 
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
 
233
debug = True
 
234
priority = SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA
195
235
servicename = Daena
 
236
use_dbus = False
 
237
use_ipv6 = True
 
238
restore = True
 
239
statedir = /var/lib/mandos
196
240
      </programlisting>
197
241
    </informalexample>
198
242
  </refsect1>
200
244
  <refsect1 id="see_also">
201
245
    <title>SEE ALSO</title>
202
246
    <para>
 
247
      <citerefentry><refentrytitle>intro</refentrytitle>
 
248
      <manvolnum>8mandos</manvolnum></citerefentry>,
203
249
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
204
250
      ><manvolnum>3</manvolnum></citerefentry>,
205
251
      <citerefentry><refentrytitle>mandos</refentrytitle>
207
253
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
208
254
      <manvolnum>5</manvolnum></citerefentry>
209
255
    </para>
210
 
 
 
256
    
211
257
    <variablelist>
212
258
      <varlistentry>
213
259
        <term>
233
279
              <para>
234
280
                The clients use IPv6 link-local addresses, which are
235
281
                immediately usable since a link-local addresses is
236
 
                automatically assigned to a network interfaces when it
 
282
                automatically assigned to a network interface when it
237
283
                is brought up.
238
284
              </para>
239
285
            </listitem>