X-Git-Url: https://git.librecmc.org/?p=oweals%2Ftinc.git;a=blobdiff_plain;f=doc%2Ftinc.texi;h=f4c866ef97a9478c49c0b874016b63badf5cf835;hp=132a1c42944c57684d70470d872f16e3645e72be;hb=5865fd2676b8c77ac8f71b3fd997593cafbd153f;hpb=07ace0b6481efcc0a058aab7b90b95edd31709da diff --git a/doc/tinc.texi b/doc/tinc.texi index 132a1c4..f4c866e 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -15,7 +15,7 @@ This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. -Copyright @copyright{} 1998-2016 Ivo Timmermans, +Copyright @copyright{} 1998-2017 Ivo Timmermans, Guus Sliepen and Wessel Dankers . @@ -39,7 +39,7 @@ permission notice identical to this one. @vskip 0pt plus 1filll This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. -Copyright @copyright{} 1998-2016 Ivo Timmermans, +Copyright @copyright{} 1998-2017 Ivo Timmermans, Guus Sliepen and Wessel Dankers . @@ -860,7 +860,7 @@ Also note that this can cause decrypted VPN packets to be sent out on a real net @cindex UML @item uml (not compiled in by default) Create a UNIX socket with the filename specified by -@var{Device}, or @file{@value{localstatedir}/run/@var{netname}.umlsocket} +@var{Device}, or @file{@value{runstatedir}/@var{netname}.umlsocket} if not specified. Tinc will wait for a User Mode Linux instance to connect to this socket. @@ -868,7 +868,7 @@ Tinc will wait for a User Mode Linux instance to connect to this socket. @item vde (not compiled in by default) Uses the libvdeplug library to connect to a Virtual Distributed Ethernet switch, using the UNIX socket specified by -@var{Device}, or @file{@value{localstatedir}/run/vde.ctl} +@var{Device}, or @file{@value{runstatedir}/vde.ctl} if not specified. @end table @@ -1730,7 +1730,7 @@ Write log entries to a file instead of to the system logging facility. If @var{file} is omitted, the default is @file{@value{localstatedir}/log/tinc.@var{netname}.log}. @item --pidfile=@var{file} -Write PID to @var{file} instead of @file{@value{localstatedir}/run/tinc.@var{netname}.pid}. +Write PID to @var{file} instead of @file{@value{runstatedir}/tinc.@var{netname}.pid}. @item --bypass-security Disables encryption and authentication. @@ -1743,10 +1743,14 @@ located (@file{@value{sysconfdir}/tinc/@var{netname}/} as determined by The chroot is performed after all the initialization is done, after writing pid files and opening network sockets. -Note that this option alone does not do any good without -U/--user, below. +This option is best used in combination with the -U/--user option described below. -Note also that tinc can't run scripts anymore (such as tinc-down or host-up), -unless it's setup to be runnable inside chroot environment. +You will need to ensure the chroot environment contains all the files necessary +for tinc to run correctly. +Most importantly, for tinc to be able to resolve hostnames inside the chroot environment, +you must copy @file{/etc/resolv.conf} into the chroot directory. +If you want to be able to run scripts other than @file{tinc-up} in the chroot, +you must ensure the appropriate shell is also installed in the chroot, along with all its dependencies. @item -U, --user=@var{user} Switch to the given @var{user} after initialization, at the same time as