Last changes to reviewed smartdocs (#274)

* Apply suggestions from code review

Co-authored-by: Daria Vladykina <daria.vladykina@suse.com>

Author: tbazant

articles/subnet-manager-configuring.asm.xml

@@ -16,6 +16,7 @@
   <resources>
     <resource xml:id="_concept-opensm" href="../concepts/opensm.xml"/>
     <resource xml:id="_task-opensm-configuring" href="../tasks/opensm-configuring.xml"/>
+    <resource xml:id="_glue-opensm-more-info" href="../glues/opensm-more-info.xml"/>
     <resource href="../common/legal.xml" xml:id="_legal"/>
     <resource href="../common/license_gfdl1.2.xml" xml:id="_gfdl"/>
   </resources>
@@ -109,6 +110,7 @@
         </abstract>
       </merge>
     </module>
+    <module resourceref="_glue-opensm-more-info"/>
 <!-- pull in a topic and switch the title -->
     <module resourceref="_legal"/>
     <module resourceref="_gfdl">

articles/systemd-securing.asm.xml

@@ -21,6 +21,7 @@
     <resource href="../concepts/systemd-securing.xml" xml:id="_systemd-securing"/>
     <resource href="../tasks/systemd-analyze-security-service-files.xml" xml:id="_systemd-analyze-security-service-files"/>
     <resource href="../references/systemd-securing-techniques.xml" xml:id="_systemd-securing-techniques"/>
+    <resource href="../glues/systemd-securing-more-info.xml" xml:id="_systemd-securing-more-info"/>
     <resource href="../common/legal.xml" xml:id="_legal"/>
     <resource href="../common/license_gfdl1.2.xml" xml:id="_gfdl"/>
   </resources>
@@ -88,17 +89,19 @@
             <term>WHAT?</term>
             <listitem>
               <para>
-                A &systemd; service file can limit the privileges of the service it is running
-                in several ways.
+                &systemd; service files are most often used to operate one or more &systemd;
+                services, such as starting, stopping or viewing the status of the service. Besides
+                this, the service files can limit the privileges of the service they control.
               </para>
             </listitem>
           </varlistentry>
           <varlistentry>
             <term>WHY?</term>
             <listitem>
               <para>
-                Using security options of &systemd; service files can increase the overall security
-                level of the whole operating system.
+                Using security options of &systemd; service files increases the security of the
+                service they control. This adds another security layer of the whole operating
+                system.
               </para>
             </listitem>
           </varlistentry>
@@ -142,6 +145,7 @@
         <title>Techniques of securing</title>
       </merge>
     </module>
+    <module resourceref="_systemd-securing-more-info"/>
     <module resourceref="_legal"/>
     <module resourceref="_gfdl">
       <output renderas="appendix"/>

articles/virtualization.asm.xml

@@ -15,7 +15,9 @@
   <resources>
     <resource href="../concepts/virtualization.xml" xml:id="_concept-virtualization"/>
     <resource href="../references/virtualization-modes.xml" xml:id="_reference-virtualization-modes"/>
-    <resource href="../references/virtualization-scenarios.xml" xml:id="_reference-virtualization-scenarios"/>
+    <resource href="../references/virtualization-scenarios.xml"
+    xml:id="_reference-virtualization-scenarios"/>
+    <resource href="../glues/virtualization-more-info.xml" xml:id="_glue-virtualization-more-info"/>
     <resource href="../common/legal.xml" xml:id="_legal">
       <description>Legal Notice</description>
     </resource>
@@ -114,6 +116,7 @@
     <module resourceref="_concept-virtualization" renderas="section"/>
     <module resourceref="_reference-virtualization-modes" renderas="section"/>
     <module resourceref="_reference-virtualization-scenarios" renderas="section"/>
+    <module resourceref="_glue-virtualization-more-info"/>
     <module resourceref="_legal"/>
     <module resourceref="_gfdl">
       <output renderas="appendix"/>

articles/vm-assign-pci-device.asm.xml

@@ -22,6 +22,7 @@
     <resource href="../tasks/vm-assign-pci-device-virsh.xml" xml:id="_task-vm-assign-pci-device-virsh"/>
     <resource href="../tasks/vm-assign-pci-device-unmanaged.xml" xml:id="_task-vm-assign-pci-device-unmanaged"/>
     <resource href="../tasks/vm-assign-pci-device-vmm.xml" xml:id="_task-vm-assign-pci-device-vmm"/>
+    <resource href="../tasks/vm-assign-pci-device-troubleshooting.xml" xml:id="_task-vm-assign-pci-device-troubleshooting"/>
     <resource href="../common/legal.xml" xml:id="_legal">
       <description>Legal Notice</description>
     </resource>
@@ -93,7 +94,8 @@
             <term>WHAT?</term>
             <listitem>
               <para>
-                Virtual machines can directly access host PCI or USB devices.
+                Virtual machines can directly access host PCI or USB devices, such as graphics
+                cards or network adapters.
               </para>
             </listitem>
           </varlistentry>
@@ -102,7 +104,8 @@
             <listitem>
               <para>
                 A virtual machine that is assigned direct access to a host device can use all its
-                capabilities.
+                capabilities, bypassing the virtualization layer. Such an approach offers near-native
+                performance or hardware acceleration.
               </para>
             </listitem>
           </varlistentry>
@@ -152,24 +155,24 @@
       </abstract>
     </merge>
     <module resourceref="_glue-vm-assign-pci-device-intro"/>
-    <module resourceref="_task-vm-assign-pci-device-virsh">
+    <module resourceref="_task-vm-assign-pci-device-vmm">
       <merge>
-        <title>Assigning a device using &virsh;</title>
+        <title>Assigning a device using &vmm;</title>
         <abstract>
           <para>
             The following procedure describes how to assign a host device to a &vmguest; using the
-            &virsh; command-line tool.
+            &vmm; GUI application.
           </para>
         </abstract>
       </merge>
     </module>
-    <module resourceref="_task-vm-assign-pci-device-vmm">
+    <module resourceref="_task-vm-assign-pci-device-virsh">
       <merge>
-        <title>Assigning a device using &vmm;</title>
+        <title>Assigning a device using &virsh;</title>
         <abstract>
           <para>
             The following procedure describes how to assign a host device to a &vmguest; using the
-            &vmm; GUI application.
+            &virsh; command-line tool.
           </para>
         </abstract>
       </merge>
@@ -182,6 +185,7 @@
         </abstract>
       </merge>
     </module>
+    <module resourceref="_task-vm-assign-pci-device-troubleshooting"/>
     <module resourceref="_legal"/>
     <module resourceref="_gfdl" renderas="appendix"/>
   </structure>

concepts/systemd-securing.xml

@@ -19,14 +19,14 @@
       <para>
         Linux increases its security by separating privileges between individual components of the
         operating system. System services already have a default level of security. For example,
-        their processes run under their own user ID, which limits the changes they can perform on the
-        system.
+        their processes run under their own user ID, which limits the changes they can perform on
+        the system.
       </para>
 
       <para>
         The default level of privilege separation provides only a basic protection. Services can
-        still perform as many changes as normal local users, though not as many as &rootuser;.
-        A higher level of system security requires limiting what services can perform and prevents
+        still perform as many changes as normal local users, though not as many as &rootuser;. A
+        higher level of system security requires limiting what services can perform and prevents
         them from certain privileges that normal users are allowed to use.
       </para>
     </abstract>
@@ -36,10 +36,10 @@
     <title>How does securing services with &systemd; work?</title>
     <para>
       There are several methods to secure processes and applications that you can use
-      simultaneously. For example, confining with &selnx; or &aa; is recommended. &systemd; can
-      apply additional restrictions to local services by using technologies included in the kernel.
-      These restrictions are activated by adding specific options to the &systemd; service
-      definition and restarting the service.
+      simultaneously. For example, confining with &selnx; <phrase os="sles">or &aa; </phrase>is
+      recommended. &systemd; can apply additional restrictions to local services by using
+      technologies included in the kernel. These restrictions are activated by adding specific
+      options to the &systemd; service definition and restarting the service.
     </para>
   </section>
   <section xml:id="benefits-securing-with-systemd">
@@ -49,45 +49,4 @@
       sensitive data contained on its file system.
     </para>
   </section>
-  <section xml:id="related-securing-with-systemd">
-    <title>Related topics</title>
-    <itemizedlist>
-      <listitem>
-        <para>
-          All security options are described in &systemd;'s man pages. Refer to <command>man 5
-          systemd.exec</command>.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          The list of currently defined kernel capabilities is available in <command>man 7
-          capabilities</command>.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          Enabling and disabling &systemd; services is described in
-          <link xlink:href="https://documentation.suse.com/smart/linux/html/reference-systemctl-enable-disable-services/reference-systemctl-enable-disable-services.html"/>.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          Managing &systemd; targets with <command>systemctl</command> is described in
-          <link xlink:href="https://documentation.suse.com/smart/linux/html/reference-managing-systemd-targets-systemctl/reference-systemctl-managing-targets.html"/>.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          Sending termination signals to &systemd; services is described in
-          <link xlink:href="https://documentation.suse.com/smart/linux/html/task-send-termination-signals-systemd/task-send-termination-signals-systemd.html"/>.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          Starting and stopping &systemd; services is described in
-          <link xlink:href="https://documentation.suse.com/smart/linux/html/reference-systemctl-start-stop-services/reference-systemctl-start-stop-services.html"/>.
-        </para>
-      </listitem>
-    </itemizedlist>
-  </section>
 </topic>

glues/opensm-more-info.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../xml/generic-entities.ent">
+    %entities;
+]>
+<topic xml:id="glue-alp-containers-podman-more-info"
+  role="glue" xml:lang="en"
+  xmlns="http://docbook.org/ns/docbook" version="5.2"
+  xmlns:its="http://www.w3.org/2005/11/its"
+  xmlns:xi="http://www.w3.org/2001/XInclude"
+  xmlns:xlink="http://www.w3.org/1999/xlink"
+  xmlns:trans="http://docbook.org/ns/transclusion">
+  <title>For more information</title>
+  <info>
+    <meta name="maintainer" content="tbazant@suse.com"/>
+  </info>
+  <para>
+    Find detailed information in the following sources:
+  </para>
+  <itemizedlist>
+    <listitem>
+      <para>
+        <link xlink:href="https://www.infinibandta.org/about-infiniband/">&infiniband;</link> home
+        page
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        &nvidia; documentation on
+        <link xlink:href="https://docs.nvidia.com/networking/display/mlnxosv3111014/subnet+manager">&subnetmanager;</link>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        &nvidia; documentation on
+        <link xlink:href="https://docs.nvidia.com/networking/display/mlnxofedv541030/opensm">&opensm;</link>
+      </para>
+    </listitem>
+  </itemizedlist>
+</topic>

glues/systemd-securing-more-info.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../xml/generic-entities.ent">
+    %entities;
+]>
+<topic xml:id="systemd-securing-more-info"
+  role="glue" xml:lang="en"
+  xmlns="http://docbook.org/ns/docbook" version="5.2"
+  xmlns:its="http://www.w3.org/2005/11/its"
+  xmlns:xi="http://www.w3.org/2001/XInclude"
+  xmlns:xlink="http://www.w3.org/1999/xlink"
+  xmlns:trans="http://docbook.org/ns/transclusion">
+  <title>For more information</title>
+  <info>
+    <meta name="maintainer" content="tbazant@suse.com"/>
+  </info>
+  <itemizedlist>
+    <listitem>
+      <para>
+        All security options are described in &systemd;'s man pages. Refer to <command>man 5
+        systemd.exec</command>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The list of currently defined kernel capabilities is available in <command>man 7
+        capabilities</command>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Enabling and disabling &systemd; services is described in
+        <link xlink:href="https://documentation.suse.com/smart/linux/html/reference-systemctl-enable-disable-services/reference-systemctl-enable-disable-services.html"/>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Managing &systemd; targets with <command>systemctl</command> is described in
+        <link xlink:href="https://documentation.suse.com/smart/linux/html/reference-managing-systemd-targets-systemctl/reference-systemctl-managing-targets.html"/>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Sending termination signals to &systemd; services is described in
+        <link xlink:href="https://documentation.suse.com/smart/linux/html/task-send-termination-signals-systemd/task-send-termination-signals-systemd.html"/>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Starting and stopping &systemd; services is described in
+        <link xlink:href="https://documentation.suse.com/smart/linux/html/reference-systemctl-start-stop-services/reference-systemctl-start-stop-services.html"/>.
+      </para>
+    </listitem>
+  </itemizedlist>
+</topic>

glues/virtualization-more-info.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../xml/generic-entities.ent">
+    %entities;
+]>
+<topic xml:id="glue-alp-containers-podman-more-info"
+  role="glue" xml:lang="en"
+  xmlns="http://docbook.org/ns/docbook" version="5.2"
+  xmlns:its="http://www.w3.org/2005/11/its"
+  xmlns:xi="http://www.w3.org/2001/XInclude"
+  xmlns:xlink="http://www.w3.org/1999/xlink"
+  xmlns:trans="http://docbook.org/ns/transclusion">
+  <title>For more information</title>
+  <info>
+    <meta name="maintainer" content="tbazant@suse.com"/>
+  </info>
+  <para>
+    For further steps in virtualization, refer to the following sources:
+  </para>
+  <itemizedlist>
+    <listitem>
+      <para>
+        <link
+        xlink:href="https://documentation.suse.com/smart/virtualization-cloud/html/concept-manage-virtual-machines-libvirt/concept-manage-virtual-machines-libvirt.html">Managing
+        virtual machines with &libvirt;</link>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <link xlink:href="https://documentation.suse.com/smart/virtualization-cloud/html/task-configure-virtual-machine-manager/task-configure-virtual-machine-manager.html">Configuring
+        Virtual Machines with &vmm;</link>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <link xlink:href="https://documentation.suse.com/smart/virtualization-cloud/html/vm-assign-pci-device/vm-assign-pci-device.html">Assigning
+        Host Devices to Virtual Machines</link>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <link xlink:href="https://documentation.suse.com/smart/virtualization-cloud/html/virtual-disk-cache-mode-configure/virtual-disk-cache-mode-configure.html">Configuring
+        a Virtual Disk Cache Mode</link>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <link xlink:href="https://documentation.suse.com/smart/virtualization-cloud/html/virt-scenario-creating-customized-vm-guests/index.html">Creating
+        Customized Virtual Machines Using virt-scenario</link>
+      </para>
+    </listitem>
+  </itemizedlist>
+</topic>

glues/vm-assign-pci-device-intro.xml

@@ -19,9 +19,12 @@
     &libvirt; is a unified interface to multiple virtualization solutions. &libvirt; virtual
     machines are typically managed by either &virsh;, a command-line utility, or &vmm;, an
     application with a graphical user interface. Assigning &vmhost;'s PCI or USB devices to a
-    &vmguest;—also known as &pciback;—dedicates the device's resources to the
-    &vmguest;. After the device is assigned, it cannot be used by the &vmhost; or by any other
-    &vmguest; on the same &vmhost;. This article describes how to assign a &vmhost;'s device to a
-    &vmguest; using both the &virsh; command-line utility and the &vmm; GUI application.
+    &vmguest; dedicates the device's resources to the &vmguest;. The reasons for assigning a host
+    device to a VM are near-native performance of the device, using its hardware acceleration
+    capabilities, or isolating the device from other VMs to increase security.
+  </para>
+  <para>
+    This article describes how to assign a &vmhost;'s device to a &vmguest; using both the &virsh;
+    command-line utility and the &vmm; GUI application.
   </para>
 </topic>