]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.resource-control.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #4046 from pilophae/ideapad500isk
[thirdparty/systemd.git] / man / systemd.resource-control.xml
CommitLineData
3802a3d3 1<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
d868475a 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 3"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
d868475a
ZJS		 4
5<!--
b975b0d5 6 This file is part of systemd.
d868475a 7
b975b0d5 8 Copyright 2013 Zbigniew Jędrzejewski-Szmek
d868475a 9
b975b0d5
ZJS		 10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
d868475a 14
b975b0d5
ZJS		 15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
d868475a 19
b975b0d5
ZJS		 20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
d868475a
ZJS		 22-->
23
3fde5f30 24<refentry id="systemd.resource-control">
d868475a 25 <refentryinfo>
3fde5f30 26 <title>systemd.resource-control</title>
d868475a
ZJS		 27 <productname>systemd</productname>
28
29 <authorgroup>
30 <author>
31 <contrib>Developer</contrib>
32 <firstname>Lennart</firstname>
33 <surname>Poettering</surname>
34 <email>lennart@poettering.net</email>
35 </author>
36 </authorgroup>
37 </refentryinfo>
38
39 <refmeta>
3fde5f30 40 <refentrytitle>systemd.resource-control</refentrytitle>
d868475a
ZJS		 41 <manvolnum>5</manvolnum>
42 </refmeta>
43
44 <refnamediv>
3fde5f30
LP		 45 <refname>systemd.resource-control</refname>
46 <refpurpose>Resource control unit settings</refpurpose>
d868475a
ZJS		 47 </refnamediv>
48
49 <refsynopsisdiv>
50 <para>
51 <filename><replaceable>slice</replaceable>.slice</filename>,
52 <filename><replaceable>scope</replaceable>.scope</filename>,
53 <filename><replaceable>service</replaceable>.service</filename>,
54 <filename><replaceable>socket</replaceable>.socket</filename>,
55 <filename><replaceable>mount</replaceable>.mount</filename>,
56 <filename><replaceable>swap</replaceable>.swap</filename>
57 </para>
58 </refsynopsisdiv>
59
60 <refsect1>
61 <title>Description</title>
62
63 <para>Unit configuration files for services, slices, scopes,
64 sockets, mount points, and swap devices share a subset of
3fde5f30 65 configuration options for resource control of spawned
72f4d966 66 processes. Internally, this relies on the Control Groups
9b0374e9 67 kernel concept for organizing processes in a hierarchical tree of
3fde5f30 68 named groups for the purpose of resource management.</para>
9365b048 69
d868475a
ZJS		 70 <para>This man page lists the configuration options shared by
71 those six unit types. See
72 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
73 for the common options of all unit configuration files, and
74 <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
75 <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
76 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
77 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
78 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
79 and
80 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>
81 for more information on the specific unit configuration files. The
3fde5f30 82 resource control configuration options are configured in the
d868475a
ZJS		 83 [Slice], [Scope], [Service], [Socket], [Mount], or [Swap]
84 sections, depending on the unit type.</para>
ea021cc3
LP		 85
86 <para>See the <ulink
87 url="http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/">New
72f4d966 88 Control Group Interfaces</ulink> for an introduction on how to make
ea021cc3 89 use of resource control APIs from programs.</para>
d868475a
ZJS		 90 </refsect1>
91
c129bd5d
LP		 92 <refsect1>
93 <title>Automatic Dependencies</title>
94
328583db
LP		 95 <para>Units with the <varname>Slice=</varname> setting set automatically acquire <varname>Requires=</varname> and
96 <varname>After=</varname> dependencies on the specified slice unit.</para>
c129bd5d
LP		 97 </refsect1>
98
538b4852
TH		 99 <refsect1>
100 <title>Unified and Legacy Control Group Hierarchies</title>
101
65c1cdb2
MR		 102 <para>The unified control group hierarchy is the new version of kernel control group interface, see <ulink
103 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>. Depending on the resource type,
104 there are differences in resource control capabilities. Also, because of interface changes, some resource types
105 have separate set of options on the unified hierarchy.</para>
538b4852
TH		 106
107 <para>
108 <variablelist>
66ebf6c0 109
538b4852 110 <varlistentry>
66ebf6c0 111 <term><option>CPU</option></term>
538b4852 112 <listitem>
66ebf6c0
TH		 113 <para>Due to the lack of consensus in the kernel community, the CPU controller support on the unified
114 cgroup hierarchy requires out-of-tree kernel patches. See <ulink
115 url="https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git/tree/Documentation/cgroup-v2-cpu.txt?h=cgroup-v2-cpu">cgroup-v2-cpu.txt</ulink>.</para>
116
117 <para><varname>CPUWeight=</varname> and <varname>StartupCPUWeight=</varname> replace
118 <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>, respectively.</para>
119
120 <para>The <literal>cpuacct</literal> controller does not exist separately on the unified hierarchy.</para>
538b4852
TH		 121 </listitem>
122 </varlistentry>
66ebf6c0 123
da4d897e
TH		 124 <varlistentry>
125 <term><option>Memory</option></term>
126 <listitem>
328583db
LP		 127 <para><varname>MemoryMax=</varname> replaces <varname>MemoryLimit=</varname>. <varname>MemoryLow=</varname>
128 and <varname>MemoryHigh=</varname> are effective only on unified hierarchy.</para>
da4d897e
TH		 129 </listitem>
130 </varlistentry>
66ebf6c0
TH		 131
132 <varlistentry>
133 <term><option>IO</option></term>
134 <listitem>
135 <para><varname>IO</varname> prefixed settings are superset of and replace <varname>BlockIO</varname>
136 prefixed ones. On unified hierarchy, IO resource control also applies to buffered writes.</para>
137 </listitem>
138 </varlistentry>
139
538b4852
TH		 140 </variablelist>
141 </para>
142
143 <para>To ease the transition, there is best-effort translation between the two versions of settings. If all
144 settings of a unit for a given resource type are for the other hierarchy type, the settings are translated and
145 applied. If there are any valid settings for the hierarchy in use, all translations are disabled for the resource
146 type. Mixing the two types of settings on a unit can lead to confusing results.</para>
c23b2c70
MR		 147
148 <para>Legacy control group hierarchy (see <ulink
149 url="https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt">cgroups.txt</ulink>), also called cgroup-v1,
0d5299ef 150 doesn't allow safe delegation of controllers to unprivileged processes. If the system uses the legacy control group
c23b2c70
MR		 151 hierarchy, resource control is disabled for systemd user instance, see
152 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
153 </para>
538b4852
TH		 154 </refsect1>
155
d868475a
ZJS		 156 <refsect1>
157 <title>Options</title>
158
159 <para>Units of the types listed above can have settings
3fde5f30 160 for resource control configuration:</para>
d868475a
ZJS		 161
162 <variablelist class='unit-directives'>
d868475a
ZJS		 163
164 <varlistentry>
61ad59b1 165 <term><varname>CPUAccounting=</varname></term>
d868475a
ZJS		 166
167 <listitem>
61ad59b1
LP		 168 <para>Turn on CPU usage accounting for this unit. Takes a
169 boolean argument. Note that turning on CPU accounting for
03a7b521 170 one unit will also implicitly turn it on for all units
085afe36
LP		 171 contained in the same slice and for all its parent slices
172 and the units contained therein. The system default for this
03a7b521 173 setting may be controlled with
085afe36
LP		 174 <varname>DefaultCPUAccounting=</varname> in
175 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
d868475a
ZJS		 176 </listitem>
177 </varlistentry>
178
66ebf6c0
TH		 179 <varlistentry>
180 <term><varname>CPUWeight=<replaceable>weight</replaceable></varname></term>
181 <term><varname>StartupCPUWeight=<replaceable>weight</replaceable></varname></term>
182
183 <listitem>
184 <para>Assign the specified CPU time weight to the processes executed, if the unified control group hierarchy
185 is used on the system. These options take an integer value and control the <literal>cpu.weight</literal>
186 control group attribute. The allowed range is 1 to 10000. Defaults to 100. For details about this control
187 group attribute, see <ulink
188 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink> and <ulink
189 url="https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.
190 The available CPU time is split up among all units within one slice relative to their CPU time weight.</para>
191
192 <para>While <varname>StartupCPUWeight=</varname> only applies to the startup phase of the system,
193 <varname>CPUWeight=</varname> applies to normal runtime of the system, and if the former is not set also to
194 the startup phase. Using <varname>StartupCPUWeight=</varname> allows prioritizing specific services at
195 boot-up differently than during normal runtime.</para>
196
197 <para>Implies <literal>CPUAccounting=true</literal>.</para>
198
199 <para>These settings are supported only if the unified control group hierarchy is used.</para>
200 </listitem>
201 </varlistentry>
202
d868475a
ZJS		 203 <varlistentry>
204 <term><varname>CPUShares=<replaceable>weight</replaceable></varname></term>
db785129 205 <term><varname>StartupCPUShares=<replaceable>weight</replaceable></varname></term>
d868475a
ZJS		 206
207 <listitem>
66ebf6c0
TH		 208 <para>Assign the specified CPU time share weight to the processes executed. These options take an integer
209 value and control the <literal>cpu.shares</literal> control group attribute. The allowed range is 2 to
210 262144. Defaults to 1024. For details about this control group attribute, see <ulink
db785129 211 url="https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.
66ebf6c0
TH		 212 The available CPU time is split up among all units within one slice relative to their CPU time share
213 weight.</para>
214
215 <para>While <varname>StartupCPUShares=</varname> only applies to the startup phase of the system,
216 <varname>CPUShares=</varname> applies to normal runtime of the system, and if the former is not set also to
217 the startup phase. Using <varname>StartupCPUShares=</varname> allows prioritizing specific services at
218 boot-up differently than during normal runtime.</para>
219
220 <para>Implies <literal>CPUAccounting=true</literal>.</para>
221
222 <para>These settings are supported only if the legacy control group hierarchy is used.</para>
b2f8b02e
LP		 223 </listitem>
224 </varlistentry>
225
226 <varlistentry>
227 <term><varname>CPUQuota=</varname></term>
228
229 <listitem>
66ebf6c0
TH		 230 <para>Assign the specified CPU time quota to the processes executed. Takes a percentage value, suffixed with
231 "%". The percentage specifies how much CPU time the unit shall get at maximum, relative to the total CPU time
232 available on one CPU. Use values &gt; 100% for allotting CPU time on more than one CPU. This controls the
233 <literal>cpu.max</literal> attribute on the unified control group hierarchy and
234 <literal>cpu.cfs_quota_us</literal> on legacy. For details about these control group attributes, see <ulink
235 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink> and <ulink
b2f8b02e
LP		 236 url="https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.</para>
237
66ebf6c0
TH		 238 <para>Example: <varname>CPUQuota=20%</varname> ensures that the executed processes will never get more than
239 20% CPU time on one CPU.</para>
b2f8b02e
LP		 240
241 <para>Implies <literal>CPUAccounting=true</literal>.</para>
66ebf6c0
TH		 242
243 <para>This setting is supported on both unified and legacy control group hierarchies.</para>
b2f8b02e
LP		 244 </listitem>
245 </varlistentry>
246
61ad59b1
LP		 247 <varlistentry>
248 <term><varname>MemoryAccounting=</varname></term>
249
250 <listitem>
251 <para>Turn on process and kernel memory accounting for this
252 unit. Takes a boolean argument. Note that turning on memory
03a7b521
LP		 253 accounting for one unit will also implicitly turn it on for
254 all units contained in the same slice and for all its parent
255 slices and the units contained therein. The system default
256 for this setting may be controlled with
085afe36
LP		 257 <varname>DefaultMemoryAccounting=</varname> in
258 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
61ad59b1
LP		 259 </listitem>
260 </varlistentry>
261
da4d897e
TH		 262 <varlistentry>
263 <term><varname>MemoryLow=<replaceable>bytes</replaceable></varname></term>
264
265 <listitem>
266 <para>Specify the best-effort memory usage protection of the executed processes in this unit. If the memory
267 usages of this unit and all its ancestors are below their low boundaries, this unit's memory won't be
268 reclaimed as long as memory can be reclaimed from unprotected units.</para>
269
270 <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
875ae566
LP		 271 parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
272 percentage value may be specified, which is taken relative to the installed physical memory on the
273 system. This controls the <literal>memory.low</literal> control group attribute. For details about this
274 control group attribute, see <ulink
275 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
da4d897e
TH		 276
277 <para>Implies <literal>MemoryAccounting=true</literal>.</para>
278
279 <para>This setting is supported only if the unified control group hierarchy is used.</para>
280 </listitem>
281 </varlistentry>
282
283 <varlistentry>
284 <term><varname>MemoryHigh=<replaceable>bytes</replaceable></varname></term>
285
286 <listitem>
287 <para>Specify the high limit on memory usage of the executed processes in this unit. Memory usage may go
288 above the limit if unavoidable, but the processes are heavily slowed down and memory is taken away
289 aggressively in such cases. This is the main mechanism to control memory usage of a unit.</para>
290
291 <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
875ae566
LP		 292 parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
293 percentage value may be specified, which is taken relative to the installed physical memory on the
294 system. If assigned the
e57c9ce1 295 special value <literal>infinity</literal>, no memory limit is applied. This controls the
da4d897e
TH		 296 <literal>memory.high</literal> control group attribute. For details about this control group attribute, see
297 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
298
299 <para>Implies <literal>MemoryAccounting=true</literal>.</para>
300
301 <para>This setting is supported only if the unified control group hierarchy is used.</para>
302 </listitem>
303 </varlistentry>
304
305 <varlistentry>
306 <term><varname>MemoryMax=<replaceable>bytes</replaceable></varname></term>
307
308 <listitem>
309 <para>Specify the absolute limit on memory usage of the executed processes in this unit. If memory usage
310 cannot be contained under the limit, out-of-memory killer is invoked inside the unit. It is recommended to
311 use <varname>MemoryHigh=</varname> as the main control mechanism and use <varname>MemoryMax=</varname> as the
312 last line of defense.</para>
313
314 <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
875ae566
LP		 315 parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
316 percentage value may be specified, which is taken relative to the installed physical memory on the system. If
317 assigned the special value <literal>infinity</literal>, no memory limit is applied. This controls the
da4d897e
TH		 318 <literal>memory.max</literal> control group attribute. For details about this control group attribute, see
319 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
320
321 <para>Implies <literal>MemoryAccounting=true</literal>.</para>
322
323 <para>This setting is supported only if the unified control group hierarchy is used. Use
324 <varname>MemoryLimit=</varname> on systems using the legacy control group hierarchy.</para>
325 </listitem>
326 </varlistentry>
327
d868475a
ZJS		 328 <varlistentry>
329 <term><varname>MemoryLimit=<replaceable>bytes</replaceable></varname></term>
d868475a
ZJS		 330
331 <listitem>
875ae566
LP		 332 <para>Specify the limit on maximum memory usage of the executed processes. The limit specifies how much
333 process and kernel memory can be used by tasks in this unit. Takes a memory size in bytes. If the value is
334 suffixed with K, M, G or T, the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or
335 Terabytes (with the base 1024), respectively. Alternatively, a percentage value may be specified, which is
336 taken relative to the installed physical memory on the system. If assigned the special value
337 <literal>infinity</literal>, no memory limit is applied. This controls the
338 <literal>memory.limit_in_bytes</literal> control group attribute. For details about this control group
339 attribute, see <ulink
c51fa947 340 url="https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt">memory.txt</ulink>.</para>
d868475a
ZJS		 341
342 <para>Implies <literal>MemoryAccounting=true</literal>.</para>
da4d897e
TH		 343
344 <para>This setting is supported only if the legacy control group hierarchy is used. Use
345 <varname>MemoryMax=</varname> on systems using the unified control group hierarchy.</para>
d868475a
ZJS		 346 </listitem>
347 </varlistentry>
348
03a7b521
LP		 349 <varlistentry>
350 <term><varname>TasksAccounting=</varname></term>
351
352 <listitem>
353 <para>Turn on task accounting for this unit. Takes a
354 boolean argument. If enabled, the system manager will keep
355 track of the number of tasks in the unit. The number of
356 tasks accounted this way includes both kernel threads and
357 userspace processes, with each thread counting
358 individually. Note that turning on tasks accounting for one
359 unit will also implicitly turn it on for all units contained
360 in the same slice and for all its parent slices and the
361 units contained therein. The system default for this setting
362 may be controlled with
363 <varname>DefaultTasksAccounting=</varname> in
364 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
365 </listitem>
366 </varlistentry>
367
368 <varlistentry>
369 <term><varname>TasksMax=<replaceable>N</replaceable></varname></term>
370
371 <listitem>
83f8e808
LP		 372 <para>Specify the maximum number of tasks that may be created in the unit. This ensures that the number of
373 tasks accounted for the unit (see above) stays below a specific limit. This either takes an absolute number
374 of tasks or a percentage value that is taken relative to the configured maximum number of tasks on the
375 system. If assigned the special value <literal>infinity</literal>, no tasks limit is applied. This controls
376 the <literal>pids.max</literal> control group attribute. For details about this control group attribute, see
377 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/pids.txt">pids.txt</ulink>.</para>
03a7b521 378
0af20ea2
LP		 379 <para>Implies <literal>TasksAccounting=true</literal>. The
380 system default for this setting may be controlled with
381 <varname>DefaultTasksMax=</varname> in
382 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
03a7b521
LP		 383 </listitem>
384 </varlistentry>
385
13c31542
TH		 386 <varlistentry>
387 <term><varname>IOAccounting=</varname></term>
388
389 <listitem>
0069a0dd
LP		 390 <para>Turn on Block I/O accounting for this unit, if the unified control group hierarchy is used on the
391 system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly
392 turn it on for all units contained in the same slice and all for its parent slices and the units contained
393 therein. The system default for this setting may be controlled with <varname>DefaultIOAccounting=</varname>
394 in
13c31542 395 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
0069a0dd
LP		 396
397 <para>This setting is supported only if the unified control group hierarchy is used. Use
398 <varname>BlockIOAccounting=</varname> on systems using the legacy control group hierarchy.</para>
13c31542
TH		 399 </listitem>
400 </varlistentry>
401
402 <varlistentry>
403 <term><varname>IOWeight=<replaceable>weight</replaceable></varname></term>
404 <term><varname>StartupIOWeight=<replaceable>weight</replaceable></varname></term>
405
406 <listitem>
0069a0dd
LP		 407 <para>Set the default overall block I/O weight for the executed processes, if the unified control group
408 hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the default block
409 I/O weight. This controls the <literal>io.weight</literal> control group attribute, which defaults to
410 100. For details about this control group attribute, see <ulink
411 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>. The available I/O
412 bandwidth is split up among all units within one slice relative to their block I/O weight.</para>
13c31542
TH		 413
414 <para>While <varname>StartupIOWeight=</varname> only applies
415 to the startup phase of the system,
416 <varname>IOWeight=</varname> applies to the later runtime of
417 the system, and if the former is not set also to the startup
418 phase. This allows prioritizing specific services at boot-up
419 differently than during runtime.</para>
420
421 <para>Implies <literal>IOAccounting=true</literal>.</para>
0069a0dd
LP		 422
423 <para>This setting is supported only if the unified control group hierarchy is used. Use
424 <varname>BlockIOWeight=</varname> and <varname>StartupBlockIOWeight=</varname> on systems using the legacy
425 control group hierarchy.</para>
13c31542
TH		 426 </listitem>
427 </varlistentry>
428
429 <varlistentry>
430 <term><varname>IODeviceWeight=<replaceable>device</replaceable> <replaceable>weight</replaceable></varname></term>
431
432 <listitem>
0069a0dd
LP		 433 <para>Set the per-device overall block I/O weight for the executed processes, if the unified control group
434 hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify
435 the device specific weight value, between 1 and 10000. (Example: "/dev/sda 1000"). The file path may be
436 specified as path to a block device node or as any other file, in which case the backing block device of the
437 file system of the file is determined. This controls the <literal>io.weight</literal> control group
438 attribute, which defaults to 100. Use this option multiple times to set weights for multiple devices. For
439 details about this control group attribute, see <ulink
13c31542
TH		 440 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
441
442 <para>Implies <literal>IOAccounting=true</literal>.</para>
0069a0dd
LP		 443
444 <para>This setting is supported only if the unified control group hierarchy is used. Use
445 <varname>BlockIODeviceWeight=</varname> on systems using the legacy control group hierarchy.</para>
13c31542
TH		 446 </listitem>
447 </varlistentry>
448
449 <varlistentry>
450 <term><varname>IOReadBandwidthMax=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
451 <term><varname>IOWriteBandwidthMax=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
452
453 <listitem>
0069a0dd
LP		 454 <para>Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified
455 control group hierarchy is used on the system. This limit is not work-conserving and the executed processes
456 are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file
457 path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may
458 be a path to a block device node, or as any other file in which case the backing block device of the file
459 system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is
460 parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
461 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the <literal>io.max</literal> control
462 group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details
463 about this control group attribute, see <ulink
13c31542
TH		 464 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.
465 </para>
466
467 <para>Implies <literal>IOAccounting=true</literal>.</para>
0069a0dd
LP		 468
469 <para>This setting is supported only if the unified control group hierarchy is used. Use
470 <varname>BlockIOAccounting=</varname> on systems using the legacy control group hierarchy.</para>
13c31542
TH		 471 </listitem>
472 </varlistentry>
473
ac06a0cf
TH		 474 <varlistentry>
475 <term><varname>IOReadIOPSMax=<replaceable>device</replaceable> <replaceable>IOPS</replaceable></varname></term>
476 <term><varname>IOWriteIOPSMax=<replaceable>device</replaceable> <replaceable>IOPS</replaceable></varname></term>
477
478 <listitem>
479 <para>Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the
480 unified control group hierarchy is used on the system. This limit is not work-conserving and the executed
481 processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of
482 a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block
483 device node, or as any other file in which case the backing block device of the file system of the file is
484 used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS,
485 GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example:
486 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the <literal>io.max</literal> control
487 group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about
488 this control group attribute, see <ulink
489 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.
490 </para>
491
492 <para>Implies <literal>IOAccounting=true</literal>.</para>
493
494 <para>This setting is supported only if the unified control group hierarchy is used.</para>
495 </listitem>
496 </varlistentry>
497
61ad59b1
LP		 498 <varlistentry>
499 <term><varname>BlockIOAccounting=</varname></term>
500
501 <listitem>
0069a0dd
LP		 502 <para>Turn on Block I/O accounting for this unit, if the legacy control group hierarchy is used on the
503 system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly
504 turn it on for all units contained in the same slice and all for its parent slices and the units contained
505 therein. The system default for this setting may be controlled with
085afe36
LP		 506 <varname>DefaultBlockIOAccounting=</varname> in
507 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
0069a0dd
LP		 508
509 <para>This setting is supported only if the legacy control group hierarchy is used. Use
510 <varname>IOAccounting=</varname> on systems using the unified control group hierarchy.</para>
61ad59b1
LP		 511 </listitem>
512 </varlistentry>
513
d868475a
ZJS		 514 <varlistentry>
515 <term><varname>BlockIOWeight=<replaceable>weight</replaceable></varname></term>
db785129 516 <term><varname>StartupBlockIOWeight=<replaceable>weight</replaceable></varname></term>
d868475a 517
0069a0dd
LP		 518 <listitem><para>Set the default overall block I/O weight for the executed processes, if the legacy control
519 group hierarchy is used on the system. Takes a single weight value (between 10 and 1000) to set the default
520 block I/O weight. This controls the <literal>blkio.weight</literal> control group attribute, which defaults to
521 500. For details about this control group attribute, see <ulink
c51fa947 522 url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>.
0069a0dd
LP		 523 The available I/O bandwidth is split up among all units within one slice relative to their block I/O
524 weight.</para>
db785129
LP		 525
526 <para>While <varname>StartupBlockIOWeight=</varname> only
527 applies to the startup phase of the system,
528 <varname>BlockIOWeight=</varname> applies to the later runtime
529 of the system, and if the former is not set also to the
9b0374e9 530 startup phase. This allows prioritizing specific services at
db785129 531 boot-up differently than during runtime.</para>
61ad59b1
LP		 532
533 <para>Implies
534 <literal>BlockIOAccounting=true</literal>.</para>
0069a0dd
LP		 535
536 <para>This setting is supported only if the legacy control group hierarchy is used. Use
537 <varname>IOWeight=</varname> and <varname>StartupIOWeight=</varname> on systems using the unified control group
538 hierarchy.</para>
539
540 </listitem>
d868475a
ZJS		 541 </varlistentry>
542
543 <varlistentry>
544 <term><varname>BlockIODeviceWeight=<replaceable>device</replaceable> <replaceable>weight</replaceable></varname></term>
545
546 <listitem>
0069a0dd
LP		 547 <para>Set the per-device overall block I/O weight for the executed processes, if the legacy control group
548 hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify
549 the device specific weight value, between 10 and 1000. (Example: "/dev/sda 500"). The file path may be
550 specified as path to a block device node or as any other file, in which case the backing block device of the
551 file system of the file is determined. This controls the <literal>blkio.weight_device</literal> control group
552 attribute, which defaults to 1000. Use this option multiple times to set weights for multiple devices. For
553 details about this control group attribute, see <ulink
c51fa947 554 url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>.</para>
61ad59b1
LP		 555
556 <para>Implies
557 <literal>BlockIOAccounting=true</literal>.</para>
0069a0dd
LP		 558
559 <para>This setting is supported only if the legacy control group hierarchy is used. Use
560 <varname>IODeviceWeight=</varname> on systems using the unified control group hierarchy.</para>
d868475a
ZJS		 561 </listitem>
562 </varlistentry>
563
564 <varlistentry>
565 <term><varname>BlockIOReadBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
566 <term><varname>BlockIOWriteBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
567
568 <listitem>
0069a0dd
LP		 569 <para>Set the per-device overall block I/O bandwidth limit for the executed processes, if the legacy control
570 group hierarchy is used on the system. Takes a space-separated pair of a file path and a bandwidth value (in
571 bytes per second) to specify the device specific bandwidth. The file path may be a path to a block device
572 node, or as any other file in which case the backing block device of the file system of the file is used. If
573 the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is parsed as Kilobytes, Megabytes,
574 Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
575 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the
576 <literal>blkio.throttle.read_bps_device</literal> and <literal>blkio.throttle.write_bps_device</literal>
577 control group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For
578 details about these control group attributes, see <ulink
c51fa947 579 url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>.
d868475a 580 </para>
61ad59b1
LP		 581
582 <para>Implies
583 <literal>BlockIOAccounting=true</literal>.</para>
0069a0dd
LP		 584
585 <para>This setting is supported only if the legacy control group hierarchy is used. Use
586 <varname>IOReadBandwidthMax=</varname> and <varname>IOWriteBandwidthMax=</varname> on systems using the
587 unified control group hierarchy.</para>
d868475a
ZJS		 588 </listitem>
589 </varlistentry>
590
591 <varlistentry>
592 <term><varname>DeviceAllow=</varname></term>
593
594 <listitem>
595 <para>Control access to specific device nodes by the
596 executed processes. Takes two space-separated strings: a
90060676
LP		 597 device node specifier followed by a combination of
598 <constant>r</constant>, <constant>w</constant>,
599 <constant>m</constant> to control
d868475a 600 <emphasis>r</emphasis>eading, <emphasis>w</emphasis>riting,
90060676 601 or creation of the specific device node(s) by the unit
d868475a
ZJS		 602 (<emphasis>m</emphasis>knod), respectively. This controls
603 the <literal>devices.allow</literal> and
604 <literal>devices.deny</literal> control group
90060676
LP		 605 attributes. For details about these control group
606 attributes, see <ulink
c51fa947 607 url="https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt">devices.txt</ulink>.</para>
90060676
LP		 608
609 <para>The device node specifier is either a path to a device
610 node in the file system, starting with
611 <filename>/dev/</filename>, or a string starting with either
612 <literal>char-</literal> or <literal>block-</literal>
613 followed by a device group name, as listed in
614 <filename>/proc/devices</filename>. The latter is useful to
615 whitelist all current and future devices belonging to a
e41969e3
LP		 616 specific device group at once. The device group is matched
617 according to file name globbing rules, you may hence use the
618 <literal>*</literal> and <literal>?</literal>
619 wildcards. Examples: <filename>/dev/sda5</filename> is a
620 path to a device node, referring to an ATA or SCSI block
90060676
LP		 621 device. <literal>char-pts</literal> and
622 <literal>char-alsa</literal> are specifiers for all pseudo
e41969e3
LP		 623 TTYs and all ALSA sound devices,
624 respectively. <literal>char-cpu/*</literal> is a specifier
625 matching all CPU related device groups.</para>
d868475a
ZJS		 626 </listitem>
627 </varlistentry>
628
629 <varlistentry>
630 <term><varname>DevicePolicy=auto|closed|strict</varname></term>
631
632 <listitem>
633 <para>
634 Control the policy for allowing device access:
635 </para>
636 <variablelist>
637 <varlistentry>
638 <term><option>strict</option></term>
639 <listitem>
640 <para>means to only allow types of access that are
641 explicitly specified.</para>
642 </listitem>
643 </varlistentry>
644
645 <varlistentry>
646 <term><option>closed</option></term>
647 <listitem>
6a75304e 648 <para>in addition, allows access to standard pseudo
d868475a
ZJS		 649 devices including
650 <filename>/dev/null</filename>,
651 <filename>/dev/zero</filename>,
652 <filename>/dev/full</filename>,
653 <filename>/dev/random</filename>, and
654 <filename>/dev/urandom</filename>.
655 </para>
656 </listitem>
657 </varlistentry>
658
659 <varlistentry>
660 <term><option>auto</option></term>
661 <listitem>
662 <para>
6a75304e 663 in addition, allows access to all devices if no
d868475a
ZJS		 664 explicit <varname>DeviceAllow=</varname> is present.
665 This is the default.
666 </para>
667 </listitem>
668 </varlistentry>
669 </variablelist>
670 </listitem>
671 </varlistentry>
61ad59b1
LP		 672
673 <varlistentry>
674 <term><varname>Slice=</varname></term>
675
676 <listitem>
677 <para>The name of the slice unit to place the unit
678 in. Defaults to <filename>system.slice</filename> for all
dc7adf20
LP		 679 non-instantiated units of all unit types (except for slice
680 units themselves see below). Instance units are by default
681 placed in a subslice of <filename>system.slice</filename>
682 that is named after the template name.</para>
683
684 <para>This option may be used to arrange systemd units in a
685 hierarchy of slices each of which might have resource
686 settings applied.</para>
61ad59b1 687
fbce1139 688 <para>For units of type slice, the only accepted value for
61ad59b1 689 this setting is the parent slice. Since the name of a slice
fbce1139 690 unit implies the parent slice, it is hence redundant to ever
61ad59b1 691 set this parameter directly for slice units.</para>
ae0a5fb1
LP		 692
693 <para>Special care should be taken when relying on the default slice assignment in templated service units
694 that have <varname>DefaultDependencies=no</varname> set, see
695 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, section
696 "Automatic Dependencies" for details.</para>
697
61ad59b1
LP		 698 </listitem>
699 </varlistentry>
700
a931ad47
LP		 701 <varlistentry>
702 <term><varname>Delegate=</varname></term>
703
704 <listitem>
705 <para>Turns on delegation of further resource control
9b0374e9 706 partitioning to processes of the unit. For unprivileged
a931ad47 707 services (i.e. those using the <varname>User=</varname>
b938cb90 708 setting), this allows processes to create a subhierarchy
9b0374e9 709 beneath its control group path. For privileged services and
b938cb90 710 scopes, this ensures the processes will have all control
a931ad47
LP		 711 group controllers enabled.</para>
712 </listitem>
713 </varlistentry>
714
d868475a
ZJS		 715 </variablelist>
716 </refsect1>
717
718 <refsect1>
719 <title>See Also</title>
720 <para>
721 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
722 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
723 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
724 <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
725 <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
726 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
727 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
728 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
729 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
61ad59b1 730 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
d868475a 731 The documentation for control groups and specific controllers in the Linux kernel:
c51fa947
MP		 732 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt">cgroups.txt</ulink>,
733 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/cpuacct.txt">cpuacct.txt</ulink>,
734 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt">memory.txt</ulink>,
735 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>.
d868475a
ZJS		 736 </para>
737 </refsect1>
738</refentry>
Unnamed repository; edit this file 'description' to name the repository.