]>
Commit | Line | Data |
---|---|---|
514094f9 | 1 | <?xml version='1.0'?> |
3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
798d3a52 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ |
1a13e31d ZJS |
4 | <!ENTITY % entities SYSTEM "custom-entities.ent" > |
5 | %entities; | |
6 | ]> | |
db9ecf05 | 7 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
d1ab0ca0 | 8 | |
503298b7 LP |
9 | <refentry id="systemd.unit" |
10 | xmlns:xi="http://www.w3.org/2001/XInclude"> | |
d1ab0ca0 | 11 | |
798d3a52 ZJS |
12 | <refentryinfo> |
13 | <title>systemd.unit</title> | |
14 | <productname>systemd</productname> | |
798d3a52 ZJS |
15 | </refentryinfo> |
16 | ||
17 | <refmeta> | |
18 | <refentrytitle>systemd.unit</refentrytitle> | |
19 | <manvolnum>5</manvolnum> | |
20 | </refmeta> | |
21 | ||
22 | <refnamediv> | |
23 | <refname>systemd.unit</refname> | |
24 | <refpurpose>Unit configuration</refpurpose> | |
25 | </refnamediv> | |
26 | ||
27 | <refsynopsisdiv> | |
28 | <para><filename><replaceable>service</replaceable>.service</filename>, | |
29 | <filename><replaceable>socket</replaceable>.socket</filename>, | |
30 | <filename><replaceable>device</replaceable>.device</filename>, | |
31 | <filename><replaceable>mount</replaceable>.mount</filename>, | |
32 | <filename><replaceable>automount</replaceable>.automount</filename>, | |
33 | <filename><replaceable>swap</replaceable>.swap</filename>, | |
34 | <filename><replaceable>target</replaceable>.target</filename>, | |
35 | <filename><replaceable>path</replaceable>.path</filename>, | |
36 | <filename><replaceable>timer</replaceable>.timer</filename>, | |
798d3a52 ZJS |
37 | <filename><replaceable>slice</replaceable>.slice</filename>, |
38 | <filename><replaceable>scope</replaceable>.scope</filename></para> | |
39 | ||
2ace445d LP |
40 | <refsect2> |
41 | <title>System Unit Search Path</title> | |
42 | ||
43 | <para><literallayout><filename>/etc/systemd/system.control/*</filename> | |
b82f27e7 ZJS |
44 | <filename>/run/systemd/system.control/*</filename> |
45 | <filename>/run/systemd/transient/*</filename> | |
46 | <filename>/run/systemd/generator.early/*</filename> | |
47 | <filename>/etc/systemd/system/*</filename> | |
e4d54220 | 48 | <filename>/etc/systemd/system.attached/*</filename> |
13219b7f | 49 | <filename>/run/systemd/system/*</filename> |
e4d54220 | 50 | <filename>/run/systemd/system.attached/*</filename> |
b82f27e7 | 51 | <filename>/run/systemd/generator/*</filename> |
f8b68539 | 52 | <filename index='false'>…</filename> |
b82f27e7 | 53 | <filename>/usr/lib/systemd/system/*</filename> |
2ace445d LP |
54 | <filename>/run/systemd/generator.late/*</filename></literallayout></para> |
55 | </refsect2> | |
13219b7f | 56 | |
2ace445d LP |
57 | <refsect2> |
58 | <title>User Unit Search Path</title> | |
59 | <para><literallayout><filename>~/.config/systemd/user.control/*</filename> | |
b82f27e7 ZJS |
60 | <filename>$XDG_RUNTIME_DIR/systemd/user.control/*</filename> |
61 | <filename>$XDG_RUNTIME_DIR/systemd/transient/*</filename> | |
62 | <filename>$XDG_RUNTIME_DIR/systemd/generator.early/*</filename> | |
aa96ef86 | 63 | <filename>~/.config/systemd/user/*</filename> |
e3820eea | 64 | <filename>$XDG_CONFIG_DIRS/systemd/user/*</filename> |
12b42c76 | 65 | <filename>/etc/systemd/user/*</filename> |
aa08982d | 66 | <filename>$XDG_RUNTIME_DIR/systemd/user/*</filename> |
13219b7f | 67 | <filename>/run/systemd/user/*</filename> |
b82f27e7 | 68 | <filename>$XDG_RUNTIME_DIR/systemd/generator/*</filename> |
e3820eea PATS |
69 | <filename>$XDG_DATA_HOME/systemd/user/*</filename> |
70 | <filename>$XDG_DATA_DIRS/systemd/user/*</filename> | |
f8b68539 | 71 | <filename index='false'>…</filename> |
b82f27e7 | 72 | <filename>/usr/lib/systemd/user/*</filename> |
2ace445d LP |
73 | <filename>$XDG_RUNTIME_DIR/systemd/generator.late/*</filename></literallayout></para> |
74 | </refsect2> | |
75 | ||
798d3a52 ZJS |
76 | </refsynopsisdiv> |
77 | ||
78 | <refsect1> | |
79 | <title>Description</title> | |
80 | ||
0f943ae4 ZJS |
81 | <para>A unit file is a plain text ini-style file that encodes information about a service, a |
82 | socket, a device, a mount point, an automount point, a swap file or partition, a start-up | |
83 | target, a watched file system path, a timer controlled and supervised by | |
84 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, a | |
85 | resource management slice or a group of externally created processes. See | |
675fa6ea | 86 | <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
0f943ae4 | 87 | for a general description of the syntax.</para> |
798d3a52 ZJS |
88 | |
89 | <para>This man page lists the common configuration options of all | |
90 | the unit types. These options need to be configured in the [Unit] | |
91 | or [Install] sections of the unit files.</para> | |
92 | ||
93 | <para>In addition to the generic [Unit] and [Install] sections | |
94 | described here, each unit may have a type-specific section, e.g. | |
95 | [Service] for a service unit. See the respective man pages for | |
96 | more information: | |
97 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
98 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
99 | <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
100 | <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
101 | <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
102 | <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
103 | <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
104 | <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
105 | <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
36b4a7ba | 106 | <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
798d3a52 ZJS |
107 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>. |
108 | </para> | |
109 | ||
13dcc96f ZJS |
110 | <para>Unit files are loaded from a set of paths determined during compilation, described in the next |
111 | section.</para> | |
112 | ||
113 | <para>Valid unit names consist of a "name prefix" and a dot and a suffix specifying the unit type. The | |
114 | "unit prefix" must consist of one or more valid characters (ASCII letters, digits, <literal>:</literal>, | |
115 | <literal>-</literal>, <literal>_</literal>, <literal>.</literal>, and <literal>\</literal>). The total | |
116 | length of the unit name including the suffix must not exceed 256 characters. The type suffix must be one | |
117 | of <literal>.service</literal>, <literal>.socket</literal>, <literal>.device</literal>, | |
118 | <literal>.mount</literal>, <literal>.automount</literal>, <literal>.swap</literal>, | |
119 | <literal>.target</literal>, <literal>.path</literal>, <literal>.timer</literal>, | |
120 | <literal>.slice</literal>, or <literal>.scope</literal>.</para> | |
121 | ||
122 | <para>Units names can be parameterized by a single argument called the "instance name". The unit is then | |
123 | constructed based on a "template file" which serves as the definition of multiple services or other | |
124 | units. A template unit must have a single <literal>@</literal> at the end of the name (right before the | |
125 | type suffix). The name of the full unit is formed by inserting the instance name between | |
126 | <literal>@</literal> and the unit type suffix. In the unit file itself, the instance parameter may be | |
127 | referred to using <literal>%i</literal> and other specifiers, see below.</para> | |
75695fb7 | 128 | |
798d3a52 ZJS |
129 | <para>Unit files may contain additional options on top of those |
130 | listed here. If systemd encounters an unknown option, it will | |
131 | write a warning log message but continue loading the unit. If an | |
132 | option or section name is prefixed with <option>X-</option>, it is | |
133 | ignored completely by systemd. Options within an ignored section | |
134 | do not need the prefix. Applications may use this to include | |
135 | additional information in the unit files.</para> | |
136 | ||
b5328434 ZJS |
137 | <para>Units can be aliased (have an alternative name), by creating a symlink from the new name to the |
138 | existing name in one of the unit search paths. For example, <filename>systemd-networkd.service</filename> | |
139 | has the alias <filename>dbus-org.freedesktop.network1.service</filename>, created during installation as | |
140 | a symlink, so when <command>systemd</command> is asked through D-Bus to load | |
141 | <filename>dbus-org.freedesktop.network1.service</filename>, it'll load | |
2e93770f ZJS |
142 | <filename>systemd-networkd.service</filename>. As another example, <filename>default.target</filename> — |
143 | the default system target started at boot — is commonly symlinked (aliased) to either | |
144 | <filename>multi-user.target</filename> or <filename>graphical.target</filename> to select what is started | |
145 | by default. Alias names may be used in commands like <command>disable</command>, | |
146 | <command>start</command>, <command>stop</command>, <command>status</command>, and similar, and in all | |
147 | unit dependency directives, including <varname>Wants=</varname>, <varname>Requires=</varname>, | |
148 | <varname>Before=</varname>, <varname>After=</varname>. Aliases cannot be used with the | |
149 | <command>preset</command> command.</para> | |
150 | ||
151 | <para>Aliases obey the following restrictions: a unit of a certain type (<literal>.service</literal>, | |
152 | <literal>.socket</literal>, …) can only be aliased by a name with the same type suffix. A plain unit (not | |
153 | a template or an instance), may only be aliased by a plain name. A template instance may only be aliased | |
154 | by another template instance, and the instance part must be identical. A template may be aliased by | |
155 | another template (in which case the alias applies to all instances of the template). As a special case, a | |
156 | template instance (e.g. <literal>alias@inst.service</literal>) may be a symlink to different template | |
157 | (e.g. <literal>template@inst.service</literal>). In that case, just this specific instance is aliased, | |
158 | while other instances of the template (e.g. <literal>alias@foo.service</literal>, | |
159 | <literal>alias@bar.service</literal>) are not aliased. Those rule preserve the requirement that the | |
160 | instance (if any) is always uniquely defined for a given unit and all its aliases.</para> | |
b5328434 ZJS |
161 | |
162 | <para>Unit files may specify aliases through the <varname>Alias=</varname> directive in the [Install] | |
163 | section. When the unit is enabled, symlinks will be created for those names, and removed when the unit is | |
164 | disabled. For example, <filename>reboot.target</filename> specifies | |
165 | <varname>Alias=ctrl-alt-del.target</varname>, so when enabled, the symlink | |
57733518 | 166 | <filename>/etc/systemd/system/ctrl-alt-del.service</filename> pointing to the |
b5328434 ZJS |
167 | <filename>reboot.target</filename> file will be created, and when |
168 | <keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Del</keycap></keycombo> is invoked, | |
169 | <command>systemd</command> will look for the <filename>ctrl-alt-del.service</filename> and execute | |
170 | <filename>reboot.service</filename>. <command>systemd</command> does not look at the [Install] section at | |
171 | all during normal operation, so any directives in that section only have an effect through the symlinks | |
172 | created during enablement.</para> | |
bac150e9 ZJS |
173 | |
174 | <para>Along with a unit file <filename>foo.service</filename>, the directory | |
b5328434 ZJS |
175 | <filename>foo.service.wants/</filename> may exist. All unit files symlinked from such a directory are |
176 | implicitly added as dependencies of type <varname>Wants=</varname> to the unit. Similar functionality | |
177 | exists for <varname>Requires=</varname> type dependencies as well, the directory suffix is | |
178 | <filename>.requires/</filename> in this case. This functionality is useful to hook units into the | |
179 | start-up of other units, without having to modify their unit files. For details about the semantics of | |
180 | <varname>Wants=</varname>, see below. The preferred way to create symlinks in the | |
181 | <filename>.wants/</filename> or <filename>.requires/</filename> directory of a unit file is by embedding | |
182 | the dependency in [Install] section of the target unit, and creating the symlink in the file system with | |
ff7cfff0 | 183 | the <command>enable</command> or <command>preset</command> commands of |
b5328434 | 184 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para> |
798d3a52 | 185 | |
be73bb48 | 186 | <para>Along with a unit file <filename>foo.service</filename>, a "drop-in" directory |
e6655fbe YW |
187 | <filename>foo.service.d/</filename> may exist. All files with the suffix |
188 | <literal>.conf</literal> from this directory will be merged in the alphanumeric order and parsed | |
189 | after the main unit file itself has been parsed. This is useful to alter or add configuration | |
190 | settings for a unit, without having to modify unit files. Each drop-in file must contain appropriate | |
191 | section headers. For instantiated units, this logic will first look for the instance | |
192 | <literal>.d/</literal> subdirectory (e.g. <literal>foo@bar.service.d/</literal>) and read its | |
193 | <literal>.conf</literal> files, followed by the template <literal>.d/</literal> subdirectory (e.g. | |
194 | <literal>foo@.service.d/</literal>) and the <literal>.conf</literal> files there. Moreover for unit | |
195 | names containing dashes (<literal>-</literal>), the set of directories generated by repeatedly | |
196 | truncating the unit name after all dashes is searched too. Specifically, for a unit name | |
1b2ad5d9 | 197 | <filename>foo-bar-baz.service</filename> not only the regular drop-in directory |
6c0a7795 LP |
198 | <filename>foo-bar-baz.service.d/</filename> is searched but also both <filename>foo-bar-.service.d/</filename> and |
199 | <filename>foo-.service.d/</filename>. This is useful for defining common drop-ins for a set of related units, whose | |
200 | names begin with a common prefix. This scheme is particularly useful for mount, automount and slice units, whose | |
201 | systematic naming structure is built around dashes as component separators. Note that equally named drop-in files | |
202 | further down the prefix hierarchy override those further up, | |
203 | i.e. <filename>foo-bar-.service.d/10-override.conf</filename> overrides | |
204 | <filename>foo-.service.d/10-override.conf</filename>.</para> | |
205 | ||
2e93770f ZJS |
206 | <para>In cases of unit aliases (described above), dropins for the aliased name and all aliases are |
207 | loaded. In the example of <filename>default.target</filename> aliasing | |
208 | <filename>graphical.target</filename>, <filename>default.target.d/</filename>, | |
209 | <filename>default.target.wants/</filename>, <filename>default.target.requires/</filename>, | |
210 | <filename>graphical.target.d/</filename>, <filename>graphical.target.wants/</filename>, | |
211 | <filename>graphical.target.requires/</filename> would all be read. For templates, dropins for the | |
212 | template, any template aliases, the template instance, and all alias instances are read. When just a | |
213 | specific template instance is aliased, then the dropins for the target template, the target template | |
214 | instance, and the alias template instance are read.</para> | |
6c0a7795 LP |
215 | |
216 | <para>In addition to <filename>/etc/systemd/system</filename>, the drop-in <literal>.d/</literal> | |
bac150e9 | 217 | directories for system services can be placed in <filename>/usr/lib/systemd/system</filename> or |
3b121157 ZJS |
218 | <filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc/</filename> |
219 | take precedence over those in <filename>/run/</filename> which in turn take precedence over those | |
220 | in <filename>/usr/lib/</filename>. Drop-in files under any of these directories take precedence | |
8331eaab LW |
221 | over unit files wherever located. Multiple drop-in files with different names are applied in |
222 | lexicographic order, regardless of which of the directories they reside in.</para> | |
bac150e9 | 223 | |
3e1db806 AZ |
224 | <para>Units also support a top-level drop-in with <filename><replaceable>type</replaceable>.d/</filename>, |
225 | where <replaceable>type</replaceable> may be e.g. <literal>service</literal> or <literal>socket</literal>, | |
226 | that allows altering or adding to the settings of all corresponding unit files on the system. | |
227 | The formatting and precedence of applying drop-in configurations follow what is defined above. | |
90a404f5 PM |
228 | Files in <filename><replaceable>type</replaceable>.d/</filename> have lower precedence compared |
229 | to files in name-specific override directories. The usual rules apply: multiple drop-in files | |
230 | with different names are applied in lexicographic order, regardless of which of the directories | |
231 | they reside in, so a file in <filename><replaceable>type</replaceable>.d/</filename> applies | |
232 | to a unit only if there are no drop-ins or masks with that name in directories with higher | |
233 | precedence. See Examples.</para> | |
d2724678 | 234 | |
bbe0b4a8 JL |
235 | <para>Note that while systemd offers a flexible dependency system |
236 | between units it is recommended to use this functionality only | |
237 | sparingly and instead rely on techniques such as bus-based or | |
238 | socket-based activation which make dependencies implicit, | |
239 | resulting in a both simpler and more flexible system.</para> | |
240 | ||
75695fb7 ZJS |
241 | <para>As mentioned above, a unit may be instantiated from a template file. This allows creation |
242 | of multiple units from a single configuration file. If systemd looks for a unit configuration | |
243 | file, it will first search for the literal unit name in the file system. If that yields no | |
244 | success and the unit name contains an <literal>@</literal> character, systemd will look for a | |
245 | unit template that shares the same name but with the instance string (i.e. the part between the | |
246 | <literal>@</literal> character and the suffix) removed. Example: if a service | |
247 | <filename>getty@tty3.service</filename> is requested and no file by that name is found, systemd | |
248 | will look for <filename>getty@.service</filename> and instantiate a service from that | |
249 | configuration file if it is found.</para> | |
798d3a52 ZJS |
250 | |
251 | <para>To refer to the instance string from within the | |
252 | configuration file you may use the special <literal>%i</literal> | |
253 | specifier in many of the configuration options. See below for | |
254 | details.</para> | |
255 | ||
256 | <para>If a unit file is empty (i.e. has the file size 0) or is | |
257 | symlinked to <filename>/dev/null</filename>, its configuration | |
258 | will not be loaded and it appears with a load state of | |
259 | <literal>masked</literal>, and cannot be activated. Use this as an | |
260 | effective way to fully disable a unit, making it impossible to | |
261 | start it even manually.</para> | |
262 | ||
263 | <para>The unit file format is covered by the | |
f856778b | 264 | <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface |
265 | Portability and Stability Promise</ulink>.</para> | |
798d3a52 ZJS |
266 | |
267 | </refsect1> | |
268 | ||
2651d037 LP |
269 | <refsect1> |
270 | <title>String Escaping for Inclusion in Unit Names</title> | |
271 | ||
272 | <para>Sometimes it is useful to convert arbitrary strings into unit names. To facilitate this, a method of string | |
6b44ad0b YW |
273 | escaping is used, in order to map strings containing arbitrary byte values (except <constant>NUL</constant>) into |
274 | valid unit names and their restricted character set. A common special case are unit names that reflect paths to | |
275 | objects in the file system hierarchy. Example: a device unit <filename>dev-sda.device</filename> refers to a device | |
276 | with the device node <filename index="false">/dev/sda</filename> in the file system.</para> | |
2651d037 | 277 | |
aa6dc3ec LP |
278 | <para>The escaping algorithm operates as follows: given a string, any <literal>/</literal> character is |
279 | replaced by <literal>-</literal>, and all other characters which are not ASCII alphanumerics, | |
280 | <literal>:</literal>, <literal>_</literal> or <literal>.</literal> are replaced by C-style | |
281 | <literal>\x2d</literal> escapes. In addition, <literal>.</literal> is replaced with such a C-style escape | |
282 | when it would appear as the first character in the escaped string.</para> | |
2651d037 LP |
283 | |
284 | <para>When the input qualifies as absolute file system path, this algorithm is extended slightly: the path to the | |
285 | root directory <literal>/</literal> is encoded as single dash <literal>-</literal>. In addition, any leading, | |
286 | trailing or duplicate <literal>/</literal> characters are removed from the string before transformation. Example: | |
211c99c7 | 287 | <filename index="false">/foo//bar/baz/</filename> becomes <literal>foo-bar-baz</literal>.</para> |
2651d037 LP |
288 | |
289 | <para>This escaping is fully reversible, as long as it is known whether the escaped string was a path (the | |
290 | unescaping results are different for paths and non-path strings). The | |
291 | <citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry> command may be | |
292 | used to apply and reverse escaping on arbitrary strings. Use <command>systemd-escape --path</command> to escape | |
293 | path strings, and <command>systemd-escape</command> without <option>--path</option> otherwise.</para> | |
294 | </refsect1> | |
295 | ||
c129bd5d | 296 | <refsect1> |
aed5cb03 ZJS |
297 | <title>Automatic dependencies</title> |
298 | ||
299 | <refsect2> | |
300 | <title>Implicit Dependencies</title> | |
301 | ||
302 | <para>A number of unit dependencies are implicitly established, depending on unit type and | |
303 | unit configuration. These implicit dependencies can make unit configuration file cleaner. For | |
304 | the implicit dependencies in each unit type, please refer to section "Implicit Dependencies" | |
305 | in respective man pages.</para> | |
306 | ||
307 | <para>For example, service units with <varname>Type=dbus</varname> automatically acquire | |
308 | dependencies of type <varname>Requires=</varname> and <varname>After=</varname> on | |
309 | <filename>dbus.socket</filename>. See | |
310 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
311 | for details.</para> | |
312 | </refsect2> | |
313 | ||
314 | <refsect2> | |
315 | <title>Default Dependencies</title> | |
316 | ||
317 | <para>Default dependencies are similar to implicit dependencies, but can be turned on and off | |
318 | by setting <varname>DefaultDependencies=</varname> to <varname>yes</varname> (the default) and | |
319 | <varname>no</varname>, while implicit dependencies are always in effect. See section "Default | |
320 | Dependencies" in respective man pages for the effect of enabling | |
321 | <varname>DefaultDependencies=</varname> in each unit types.</para> | |
322 | ||
323 | <para>For example, target units will complement all configured dependencies of type | |
324 | <varname>Wants=</varname> or <varname>Requires=</varname> with dependencies of type | |
325 | <varname>After=</varname> unless <varname>DefaultDependencies=no</varname> is set in the | |
326 | specified units. See | |
327 | <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
328 | for details. Note that this behavior can be turned off by setting | |
329 | <varname>DefaultDependencies=no</varname>.</para> | |
330 | </refsect2> | |
45f09f93 JL |
331 | </refsect1> |
332 | ||
798d3a52 | 333 | <refsect1> |
f757855e | 334 | <title>Unit File Load Path</title> |
798d3a52 ZJS |
335 | |
336 | <para>Unit files are loaded from a set of paths determined during | |
337 | compilation, described in the two tables below. Unit files found | |
338 | in directories listed earlier override files with the same name in | |
339 | directories lower in the list.</para> | |
340 | ||
aa3e4400 EV |
341 | <para>When the variable <varname>$SYSTEMD_UNIT_PATH</varname> is set, |
342 | the contents of this variable overrides the unit load path. If | |
798d3a52 ZJS |
343 | <varname>$SYSTEMD_UNIT_PATH</varname> ends with an empty component |
344 | (<literal>:</literal>), the usual unit load path will be appended | |
345 | to the contents of the variable.</para> | |
346 | ||
347 | <table> | |
348 | <title> | |
349 | Load path when running in system mode (<option>--system</option>). | |
350 | </title> | |
351 | ||
352 | <tgroup cols='2'> | |
353 | <colspec colname='path' /> | |
354 | <colspec colname='expl' /> | |
355 | <thead> | |
356 | <row> | |
5a15caf4 ZJS |
357 | <entry>Path</entry> |
358 | <entry>Description</entry> | |
798d3a52 ZJS |
359 | </row> |
360 | </thead> | |
361 | <tbody> | |
b82f27e7 ZJS |
362 | <row> |
363 | <entry><filename>/etc/systemd/system.control</filename></entry> | |
364 | <entry morerows="1">Persistent and transient configuration created using the dbus API</entry> | |
365 | </row> | |
366 | <row> | |
367 | <entry><filename>/run/systemd/system.control</filename></entry> | |
368 | </row> | |
369 | <row> | |
370 | <entry><filename>/run/systemd/transient</filename></entry> | |
371 | <entry>Dynamic configuration for transient units</entry> | |
372 | </row> | |
373 | <row> | |
374 | <entry><filename>/run/systemd/generator.early</filename></entry> | |
375 | <entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry | |
631e393a | 376 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
b82f27e7 | 377 | </row> |
798d3a52 | 378 | <row> |
5a15caf4 | 379 | <entry><filename>/etc/systemd/system</filename></entry> |
565026b4 | 380 | <entry>System units created by the administrator</entry> |
798d3a52 ZJS |
381 | </row> |
382 | <row> | |
5a15caf4 ZJS |
383 | <entry><filename>/run/systemd/system</filename></entry> |
384 | <entry>Runtime units</entry> | |
798d3a52 | 385 | </row> |
b82f27e7 ZJS |
386 | <row> |
387 | <entry><filename>/run/systemd/generator</filename></entry> | |
388 | <entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry | |
631e393a | 389 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
b82f27e7 ZJS |
390 | </row> |
391 | <row> | |
392 | <entry><filename>/usr/local/lib/systemd/system</filename></entry> | |
565026b4 | 393 | <entry>System units installed by the administrator </entry> |
b82f27e7 | 394 | </row> |
798d3a52 | 395 | <row> |
5a15caf4 | 396 | <entry><filename>/usr/lib/systemd/system</filename></entry> |
565026b4 | 397 | <entry>System units installed by the distribution package manager</entry> |
b82f27e7 ZJS |
398 | </row> |
399 | <row> | |
400 | <entry><filename>/run/systemd/generator.late</filename></entry> | |
401 | <entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry | |
631e393a | 402 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
798d3a52 ZJS |
403 | </row> |
404 | </tbody> | |
405 | </tgroup> | |
406 | </table> | |
407 | ||
408 | <table> | |
409 | <title> | |
410 | Load path when running in user mode (<option>--user</option>). | |
411 | </title> | |
412 | ||
413 | <tgroup cols='2'> | |
414 | <colspec colname='path' /> | |
415 | <colspec colname='expl' /> | |
416 | <thead> | |
417 | <row> | |
5a15caf4 ZJS |
418 | <entry>Path</entry> |
419 | <entry>Description</entry> | |
798d3a52 ZJS |
420 | </row> |
421 | </thead> | |
422 | <tbody> | |
423 | <row> | |
b82f27e7 ZJS |
424 | <entry><filename>$XDG_CONFIG_HOME/systemd/user.control</filename> or <filename |
425 | >~/.config/systemd/user.control</filename></entry> | |
426 | <entry morerows="1">Persistent and transient configuration created using the dbus API (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry> | |
427 | </row> | |
428 | <row> | |
429 | <entry><filename>$XDG_RUNTIME_DIR/systemd/user.control</filename></entry> | |
430 | </row> | |
431 | <row> | |
432 | <entry><filename>/run/systemd/transient</filename></entry> | |
433 | <entry>Dynamic configuration for transient units</entry> | |
434 | </row> | |
435 | <row> | |
436 | <entry><filename>/run/systemd/generator.early</filename></entry> | |
437 | <entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry | |
631e393a | 438 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
798d3a52 ZJS |
439 | </row> |
440 | <row> | |
b82f27e7 ZJS |
441 | <entry><filename>$XDG_CONFIG_HOME/systemd/user</filename> or <filename>$HOME/.config/systemd/user</filename></entry> |
442 | <entry>User configuration (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry> | |
798d3a52 | 443 | </row> |
e3820eea PATS |
444 | <row> |
445 | <entry><filename>$XDG_CONFIG_DIRS/systemd/user</filename> or <filename>/etc/xdg/systemd/user</filename></entry> | |
446 | <entry>Additional configuration directories as specified by the XDG base directory specification (<varname>$XDG_CONFIG_DIRS</varname> is used if set, <filename>/etc/xdg</filename> otherwise)</entry> | |
447 | </row> | |
798d3a52 | 448 | <row> |
5a15caf4 | 449 | <entry><filename>/etc/systemd/user</filename></entry> |
565026b4 | 450 | <entry>User units created by the administrator</entry> |
798d3a52 ZJS |
451 | </row> |
452 | <row> | |
5a15caf4 ZJS |
453 | <entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry> |
454 | <entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry> | |
798d3a52 ZJS |
455 | </row> |
456 | <row> | |
5a15caf4 ZJS |
457 | <entry><filename>/run/systemd/user</filename></entry> |
458 | <entry>Runtime units</entry> | |
798d3a52 ZJS |
459 | </row> |
460 | <row> | |
b82f27e7 ZJS |
461 | <entry><filename>$XDG_RUNTIME_DIR/systemd/generator</filename></entry> |
462 | <entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry | |
631e393a | 463 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
798d3a52 ZJS |
464 | </row> |
465 | <row> | |
b82f27e7 ZJS |
466 | <entry><filename>$XDG_DATA_HOME/systemd/user</filename> or <filename>$HOME/.local/share/systemd/user</filename></entry> |
467 | <entry>Units of packages that have been installed in the home directory (<varname>$XDG_DATA_HOME</varname> is used if set, <filename>~/.local/share</filename> otherwise)</entry> | |
468 | </row> | |
e3820eea PATS |
469 | <row> |
470 | <entry><filename>$XDG_DATA_DIRS/systemd/user</filename> or <filename>/usr/local/share/systemd/user</filename> and <filename>/usr/share/systemd/user</filename></entry> | |
471 | <entry>Additional data directories as specified by the XDG base directory specification (<varname>$XDG_DATA_DIRS</varname> is used if set, <filename>/usr/local/share</filename> and <filename>/usr/share</filename> otherwise)</entry> | |
472 | </row> | |
b82f27e7 | 473 | <row> |
b0343f8c | 474 | <entry><filename>$dir/systemd/user</filename> for each <varname index="false">$dir</varname> in <varname>$XDG_DATA_DIRS</varname></entry> |
b82f27e7 ZJS |
475 | <entry>Additional locations for installed user units, one for each entry in <varname>$XDG_DATA_DIRS</varname></entry> |
476 | </row> | |
477 | <row> | |
478 | <entry><filename>/usr/local/lib/systemd/user</filename></entry> | |
565026b4 | 479 | <entry>User units installed by the administrator</entry> |
798d3a52 ZJS |
480 | </row> |
481 | <row> | |
5a15caf4 | 482 | <entry><filename>/usr/lib/systemd/user</filename></entry> |
565026b4 | 483 | <entry>User units installed by the distribution package manager</entry> |
b82f27e7 ZJS |
484 | </row> |
485 | <row> | |
486 | <entry><filename>$XDG_RUNTIME_DIR/systemd/generator.late</filename></entry> | |
487 | <entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry | |
631e393a | 488 | ><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry> |
798d3a52 ZJS |
489 | </row> |
490 | </tbody> | |
491 | </tgroup> | |
492 | </table> | |
493 | ||
b82f27e7 ZJS |
494 | <para>The set of load paths for the user manager instance may be augmented or |
495 | changed using various environment variables. And environment variables may in | |
496 | turn be set using environment generators, see | |
930362ab | 497 | <citerefentry><refentrytitle>systemd.environment-generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>. |
b82f27e7 ZJS |
498 | In particular, <varname>$XDG_DATA_HOME</varname> and |
499 | <varname>$XDG_DATA_DIRS</varname> may be easily set using | |
500 | <citerefentry><refentrytitle>systemd-environment-d-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
501 | Thus, directories listed here are just the defaults. To see the actual list that | |
502 | would be used based on compilation options and current environment use | |
503 | <programlisting>systemd-analyze --user unit-paths</programlisting> | |
504 | </para> | |
505 | ||
b63c88b6 HD |
506 | <para>Moreover, additional units might be loaded into systemd from |
507 | directories not on the unit load path by creating a symlink pointing to a | |
508 | unit file in the directories. You can use <command>systemctl link</command> | |
509 | for this operation. See | |
510 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
511 | for its usage and precaution. | |
798d3a52 ZJS |
512 | </para> |
513 | </refsect1> | |
514 | ||
5afe510c LP |
515 | <refsect1> |
516 | <title>Unit Garbage Collection</title> | |
517 | ||
518 | <para>The system and service manager loads a unit's configuration automatically when a unit is referenced for the | |
519 | first time. It will automatically unload the unit configuration and state again when the unit is not needed anymore | |
520 | ("garbage collection"). A unit may be referenced through a number of different mechanisms:</para> | |
521 | ||
522 | <orderedlist> | |
523 | <listitem><para>Another loaded unit references it with a dependency such as <varname>After=</varname>, | |
524 | <varname>Wants=</varname>, …</para></listitem> | |
525 | ||
526 | <listitem><para>The unit is currently starting, running, reloading or stopping.</para></listitem> | |
527 | ||
528 | <listitem><para>The unit is currently in the <constant>failed</constant> state. (But see below.)</para></listitem> | |
529 | ||
530 | <listitem><para>A job for the unit is pending.</para></listitem> | |
531 | ||
532 | <listitem><para>The unit is pinned by an active IPC client program.</para></listitem> | |
533 | ||
534 | <listitem><para>The unit is a special "perpetual" unit that is always active and loaded. Examples for perpetual | |
535 | units are the root mount unit <filename>-.mount</filename> or the scope unit <filename>init.scope</filename> that | |
536 | the service manager itself lives in.</para></listitem> | |
537 | ||
538 | <listitem><para>The unit has running processes associated with it.</para></listitem> | |
539 | </orderedlist> | |
540 | ||
541 | <para>The garbage collection logic may be altered with the <varname>CollectMode=</varname> option, which allows | |
542 | configuration whether automatic unloading of units that are in <constant>failed</constant> state is permissible, | |
543 | see below.</para> | |
544 | ||
545 | <para>Note that when a unit's configuration and state is unloaded, all execution results, such as exit codes, exit | |
546 | signals, resource consumption and other statistics are lost, except for what is stored in the log subsystem.</para> | |
547 | ||
548 | <para>Use <command>systemctl daemon-reload</command> or an equivalent command to reload unit configuration while | |
549 | the unit is already loaded. In this case all configuration settings are flushed out and replaced with the new | |
550 | configuration (which however might not be in effect immediately), however all runtime state is | |
551 | saved/restored.</para> | |
552 | </refsect1> | |
553 | ||
798d3a52 ZJS |
554 | <refsect1> |
555 | <title>[Unit] Section Options</title> | |
556 | ||
a8eaaee7 | 557 | <para>The unit file may include a [Unit] section, which carries |
798d3a52 ZJS |
558 | generic information about the unit that is not dependent on the |
559 | type of unit:</para> | |
560 | ||
561 | <variablelist class='unit-directives'> | |
798d3a52 ZJS |
562 | <varlistentry> |
563 | <term><varname>Description=</varname></term> | |
04d232d8 ZJS |
564 | <listitem><para>A short human readable title of the unit. This may be used by |
565 | <command>systemd</command> (and other UIs) as a user-visible label for the unit, so this string | |
566 | should identify the unit rather than describe it, despite the name. This string also shouldn't just | |
567 | repeat the unit name. <literal>Apache2 Web Server</literal> is a good example. Bad examples are | |
568 | <literal>high-performance light-weight HTTP server</literal> (too generic) or | |
569 | <literal>Apache2</literal> (meaningless for people who do not know Apache, duplicates the unit | |
570 | name). <command>systemd</command> may use this string as a noun in status messages (<literal>Starting | |
c43acf69 ZJS |
571 | <replaceable>description</replaceable>...</literal>, <literal>Started |
572 | <replaceable>description</replaceable>.</literal>, <literal>Reached target | |
573 | <replaceable>description</replaceable>.</literal>, <literal>Failed to start | |
04d232d8 ZJS |
574 | <replaceable>description</replaceable>.</literal>), so it should be capitalized, and should not be a |
575 | full sentence, or a phrase with a continuous verb. Bad examples include <literal>exiting the | |
576 | container</literal> or <literal>updating the database once per day.</literal>.</para> | |
c43acf69 | 577 | </listitem> |
798d3a52 ZJS |
578 | </varlistentry> |
579 | ||
580 | <varlistentry> | |
581 | <term><varname>Documentation=</varname></term> | |
582 | <listitem><para>A space-separated list of URIs referencing | |
583 | documentation for this unit or its configuration. Accepted are | |
584 | only URIs of the types <literal>http://</literal>, | |
585 | <literal>https://</literal>, <literal>file:</literal>, | |
586 | <literal>info:</literal>, <literal>man:</literal>. For more | |
587 | information about the syntax of these URIs, see <citerefentry | |
588 | project='man-pages'><refentrytitle>uri</refentrytitle><manvolnum>7</manvolnum></citerefentry>. | |
589 | The URIs should be listed in order of relevance, starting with | |
590 | the most relevant. It is a good idea to first reference | |
591 | documentation that explains what the unit's purpose is, | |
592 | followed by how it is configured, followed by any other | |
593 | related documentation. This option may be specified more than | |
594 | once, in which case the specified list of URIs is merged. If | |
595 | the empty string is assigned to this option, the list is reset | |
596 | and all prior assignments will have no | |
597 | effect.</para></listitem> | |
598 | </varlistentry> | |
599 | ||
d19cd71a ZJS |
600 | <varlistentry> |
601 | <term><varname>Wants=</varname></term> | |
602 | ||
c024f320 LP |
603 | <listitem><para>Configures (weak) requirement dependencies on other units. This option may be |
604 | specified more than once or multiple space-separated units may be specified in one option in which | |
605 | case dependencies for all listed names will be created. Dependencies of this type may also be | |
606 | configured outside of the unit configuration file by adding a symlink to a | |
607 | <filename>.wants/</filename> directory accompanying the unit file. For details, see above.</para> | |
d19cd71a ZJS |
608 | |
609 | <para>Units listed in this option will be started if the configuring unit is. However, if the listed | |
610 | units fail to start or cannot be added to the transaction, this has no impact on the validity of the | |
611 | transaction as a whole, and this unit will still be started. This is the recommended way to hook | |
1ad44867 | 612 | the start-up of one unit to the start-up of another unit.</para> |
d19cd71a ZJS |
613 | |
614 | <para>Note that requirement dependencies do not influence the order in which services are started or | |
615 | stopped. This has to be configured independently with the <varname>After=</varname> or | |
616 | <varname>Before=</varname> options. If unit <filename>foo.service</filename> pulls in unit | |
617 | <filename>bar.service</filename> as configured with <varname>Wants=</varname> and no ordering is | |
618 | configured with <varname>After=</varname> or <varname>Before=</varname>, then both units will be | |
619 | started simultaneously and without any delay between them if <filename>foo.service</filename> is | |
620 | activated.</para></listitem> | |
621 | </varlistentry> | |
622 | ||
798d3a52 ZJS |
623 | <varlistentry> |
624 | <term><varname>Requires=</varname></term> | |
625 | ||
c024f320 | 626 | <listitem><para>Similar to <varname>Wants=</varname>, but declares a stronger requirement |
d19cd71a ZJS |
627 | dependency. Dependencies of this type may also be configured by adding a symlink to a |
628 | <filename>.requires/</filename> directory accompanying the unit file.</para> | |
629 | ||
630 | <para>If this unit gets activated, the units listed will be activated as well. If one of | |
631 | the other units fails to activate, and an ordering dependency <varname>After=</varname> on the | |
632 | failing unit is set, this unit will not be started. Besides, with or without specifying | |
633 | <varname>After=</varname>, this unit will be stopped if one of the other units is explicitly | |
634 | stopped.</para> | |
635 | ||
636 | <para>Often, it is a better choice to use <varname>Wants=</varname> instead of | |
637 | <varname>Requires=</varname> in order to achieve a system that is more robust when dealing with | |
62d3ca24 LP |
638 | failing services.</para> |
639 | ||
640 | <para>Note that this dependency type does not imply that the other unit always has to be in active state when | |
641 | this unit is running. Specifically: failing condition checks (such as <varname>ConditionPathExists=</varname>, | |
6b5bb2f9 | 642 | <varname>ConditionPathIsSymbolicLink=</varname>, … — see below) do not cause the start job of a unit with a |
62d3ca24 LP |
643 | <varname>Requires=</varname> dependency on it to fail. Also, some unit types may deactivate on their own (for |
644 | example, a service process may decide to exit cleanly, or a device may be unplugged by the user), which is not | |
645 | propagated to units having a <varname>Requires=</varname> dependency. Use the <varname>BindsTo=</varname> | |
646 | dependency type together with <varname>After=</varname> to ensure that a unit may never be in active state | |
d19cd71a | 647 | without a specific other unit also in active state (see below).</para></listitem> |
798d3a52 ZJS |
648 | </varlistentry> |
649 | ||
798d3a52 ZJS |
650 | <varlistentry> |
651 | <term><varname>Requisite=</varname></term> | |
798d3a52 | 652 | |
706a3df4 ZJS |
653 | <listitem><para>Similar to <varname>Requires=</varname>. However, if the units listed here |
654 | are not started already, they will not be started and the starting of this unit will fail | |
655 | immediately. <varname>Requisite=</varname> does not imply an ordering dependency, even if | |
656 | both units are started in the same transaction. Hence this setting should usually be | |
657 | combined with <varname>After=</varname>, to ensure this unit is not started before the other | |
658 | unit.</para> | |
b2920668 ZJS |
659 | |
660 | <para>When <varname>Requisite=b.service</varname> is used on | |
661 | <filename>a.service</filename>, this dependency will show as | |
662 | <varname>RequisiteOf=a.service</varname> in property listing of | |
663 | <filename>b.service</filename>. <varname>RequisiteOf=</varname> | |
664 | dependency cannot be specified directly.</para> | |
665 | </listitem> | |
798d3a52 ZJS |
666 | </varlistentry> |
667 | ||
798d3a52 ZJS |
668 | <varlistentry> |
669 | <term><varname>BindsTo=</varname></term> | |
670 | ||
62d3ca24 LP |
671 | <listitem><para>Configures requirement dependencies, very similar in style to |
672 | <varname>Requires=</varname>. However, this dependency type is stronger: in addition to the effect of | |
673 | <varname>Requires=</varname> it declares that if the unit bound to is stopped, this unit will be stopped | |
674 | too. This means a unit bound to another unit that suddenly enters inactive state will be stopped too. | |
675 | Units can suddenly, unexpectedly enter inactive state for different reasons: the main process of a service unit | |
676 | might terminate on its own choice, the backing device of a device unit might be unplugged or the mount point of | |
677 | a mount unit might be unmounted without involvement of the system and service manager.</para> | |
678 | ||
679 | <para>When used in conjunction with <varname>After=</varname> on the same unit the behaviour of | |
680 | <varname>BindsTo=</varname> is even stronger. In this case, the unit bound to strictly has to be in active | |
681 | state for this unit to also be in active state. This not only means a unit bound to another unit that suddenly | |
682 | enters inactive state, but also one that is bound to another unit that gets skipped due to a failed condition | |
683 | check (such as <varname>ConditionPathExists=</varname>, <varname>ConditionPathIsSymbolicLink=</varname>, … — | |
684 | see below) will be stopped, should it be running. Hence, in many cases it is best to combine | |
b2920668 ZJS |
685 | <varname>BindsTo=</varname> with <varname>After=</varname>.</para> |
686 | ||
687 | <para>When <varname>BindsTo=b.service</varname> is used on | |
688 | <filename>a.service</filename>, this dependency will show as | |
689 | <varname>BoundBy=a.service</varname> in property listing of | |
690 | <filename>b.service</filename>. <varname>BoundBy=</varname> | |
691 | dependency cannot be specified directly.</para> | |
692 | </listitem> | |
798d3a52 ZJS |
693 | </varlistentry> |
694 | ||
695 | <varlistentry> | |
696 | <term><varname>PartOf=</varname></term> | |
697 | ||
698 | <listitem><para>Configures dependencies similar to | |
699 | <varname>Requires=</varname>, but limited to stopping and | |
700 | restarting of units. When systemd stops or restarts the units | |
701 | listed here, the action is propagated to this unit. Note that | |
702 | this is a one-way dependency — changes to this unit do not | |
b2920668 ZJS |
703 | affect the listed units.</para> |
704 | ||
705 | <para>When <varname>PartOf=b.service</varname> is used on | |
706 | <filename>a.service</filename>, this dependency will show as | |
707 | <varname>ConsistsOf=a.service</varname> in property listing of | |
708 | <filename>b.service</filename>. <varname>ConsistsOf=</varname> | |
709 | dependency cannot be specified directly.</para> | |
710 | </listitem> | |
798d3a52 ZJS |
711 | </varlistentry> |
712 | ||
0bc488c9 LP |
713 | <varlistentry> |
714 | <term><varname>Upholds=</varname></term> | |
715 | ||
d844b033 | 716 | <listitem><para>Configures dependencies similar to <varname>Wants=</varname>, but as long as this unit |
0bc488c9 LP |
717 | is up, all units listed in <varname>Upholds=</varname> are started whenever found to be inactive or |
718 | failed, and no job is queued for them. While a <varname>Wants=</varname> dependency on another unit | |
719 | has a one-time effect when this units started, a <varname>Upholds=</varname> dependency on it has a | |
720 | continuous effect, constantly restarting the unit if necessary. This is an alternative to the | |
721 | <varname>Restart=</varname> setting of service units, to ensure they are kept running whatever | |
722 | happens.</para> | |
723 | ||
724 | <para>When <varname>Upholds=b.service</varname> is used on <filename>a.service</filename>, this | |
725 | dependency will show as <varname>UpheldBy=a.service</varname> in the property listing of | |
726 | <filename>b.service</filename>. The <varname>UpheldBy=</varname> dependency cannot be specified | |
727 | directly.</para> | |
728 | </listitem> | |
729 | </varlistentry> | |
730 | ||
798d3a52 ZJS |
731 | <varlistentry> |
732 | <term><varname>Conflicts=</varname></term> | |
733 | ||
38c432b3 ZJS |
734 | <listitem><para>A space-separated list of unit names. Configures negative requirement |
735 | dependencies. If a unit has a <varname>Conflicts=</varname> setting on another unit, starting the | |
736 | former will stop the latter and vice versa.</para> | |
737 | ||
738 | <para>Note that this setting does not imply an ordering dependency, similarly to the | |
739 | <varname>Wants=</varname> and <varname>Requires=</varname> dependencies described above. This means | |
740 | that to ensure that the conflicting unit is stopped before the other unit is started, an | |
741 | <varname>After=</varname> or <varname>Before=</varname> dependency must be declared. It doesn't | |
742 | matter which of the two ordering dependencies is used, because stop jobs are always ordered before | |
743 | start jobs, see the discussion in <varname>Before=</varname>/<varname>After=</varname> below.</para> | |
798d3a52 | 744 | |
d19cd71a | 745 | <para>If unit A that conflicts with unit B is scheduled to |
798d3a52 | 746 | be started at the same time as B, the transaction will either |
46054ac0 | 747 | fail (in case both are required parts of the transaction) or be |
798d3a52 ZJS |
748 | modified to be fixed (in case one or both jobs are not a |
749 | required part of the transaction). In the latter case, the job | |
46054ac0 | 750 | that is not required will be removed, or in case both are |
798d3a52 ZJS |
751 | not required, the unit that conflicts will be started and the |
752 | unit that is conflicted is stopped.</para></listitem> | |
753 | </varlistentry> | |
754 | ||
755 | <varlistentry> | |
756 | <term><varname>Before=</varname></term> | |
757 | <term><varname>After=</varname></term> | |
758 | ||
d19cd71a ZJS |
759 | <listitem><para>These two settings expect a space-separated list of unit names. They may be specified |
760 | more than once, in which case dependencies for all listed names are created.</para> | |
761 | ||
d5d5b3f4 | 762 | <para>Those two settings configure ordering dependencies between units. If unit |
d19cd71a ZJS |
763 | <filename>foo.service</filename> contains the setting <option>Before=bar.service</option> and both |
764 | units are being started, <filename>bar.service</filename>'s start-up is delayed until | |
765 | <filename>foo.service</filename> has finished starting up. <varname>After=</varname> is the inverse | |
766 | of <varname>Before=</varname>, i.e. while <varname>Before=</varname> ensures that the configured unit | |
767 | is started before the listed unit begins starting up, <varname>After=</varname> ensures the opposite, | |
768 | that the listed unit is fully started up before the configured unit is started.</para> | |
769 | ||
770 | <para>When two units with an ordering dependency between them are shut down, the inverse of the | |
e9dd6984 | 771 | start-up order is applied. I.e. if a unit is configured with <varname>After=</varname> on another |
d19cd71a ZJS |
772 | unit, the former is stopped before the latter if both are shut down. Given two units with any |
773 | ordering dependency between them, if one unit is shut down and the other is started up, the shutdown | |
774 | is ordered before the start-up. It doesn't matter if the ordering dependency is | |
775 | <varname>After=</varname> or <varname>Before=</varname>, in this case. It also doesn't matter which | |
776 | of the two is shut down, as long as one is shut down and the other is started up; the shutdown is | |
777 | ordered before the start-up in all cases. If two units have no ordering dependencies between them, | |
778 | they are shut down or started up simultaneously, and no ordering takes place. It depends on the unit | |
779 | type when precisely a unit has finished starting up. Most importantly, for service units start-up is | |
780 | considered completed for the purpose of <varname>Before=</varname>/<varname>After=</varname> when all | |
781 | its configured start-up commands have been invoked and they either failed or reported start-up | |
a1db42eb LB |
782 | success. Note that this does includes <varname>ExecStartPost=</varname> (or |
783 | <varname>ExecStopPost=</varname> for the shutdown case).</para> | |
d19cd71a ZJS |
784 | |
785 | <para>Note that those settings are independent of and orthogonal to the requirement dependencies as | |
786 | configured by <varname>Requires=</varname>, <varname>Wants=</varname>, <varname>Requisite=</varname>, | |
787 | or <varname>BindsTo=</varname>. It is a common pattern to include a unit name in both the | |
788 | <varname>After=</varname> and <varname>Wants=</varname> options, in which case the unit listed will | |
eec68a1a LP |
789 | be started before the unit that is configured with these options.</para> |
790 | ||
791 | <para>Note that <varname>Before=</varname> dependencies on device units have no effect and are not | |
792 | supported. Devices generally become available as a result of an external hotplug event, and systemd | |
793 | creates the corresponding device unit without delay.</para></listitem> | |
798d3a52 ZJS |
794 | </varlistentry> |
795 | ||
796 | <varlistentry> | |
797 | <term><varname>OnFailure=</varname></term> | |
798 | ||
294446dc LP |
799 | <listitem><para>A space-separated list of one or more units that are activated when this unit enters |
800 | the <literal>failed</literal> state. A service unit using <varname>Restart=</varname> enters the | |
801 | failed state only after the start limits are reached.</para></listitem> | |
802 | </varlistentry> | |
803 | ||
804 | <varlistentry> | |
805 | <term><varname>OnSuccess=</varname></term> | |
806 | ||
807 | <listitem><para>A space-separated list of one or more units that are activated when this unit enters | |
808 | the <literal>inactive</literal> state.</para></listitem> | |
798d3a52 ZJS |
809 | </varlistentry> |
810 | ||
811 | <varlistentry> | |
812 | <term><varname>PropagatesReloadTo=</varname></term> | |
813 | <term><varname>ReloadPropagatedFrom=</varname></term> | |
814 | ||
ffec78c0 LP |
815 | <listitem><para>A space-separated list of one or more units to which reload requests from this unit |
816 | shall be propagated to, or units from which reload requests shall be propagated to this unit, | |
817 | respectively. Issuing a reload request on a unit will automatically also enqueue reload requests on | |
818 | all units that are linked to it using these two settings.</para></listitem> | |
819 | </varlistentry> | |
820 | ||
821 | <varlistentry> | |
822 | <term><varname>PropagatesStopTo=</varname></term> | |
823 | <term><varname>StopPropagatedFrom=</varname></term> | |
824 | ||
825 | <listitem><para>A space-separated list of one or more units to which stop requests from this unit | |
826 | shall be propagated to, or units from which stop requests shall be propagated to this unit, | |
827 | respectively. Issuing a stop request on a unit will automatically also enqueue stop requests on all | |
828 | units that are linked to it using these two settings.</para></listitem> | |
798d3a52 ZJS |
829 | </varlistentry> |
830 | ||
831 | <varlistentry> | |
832 | <term><varname>JoinsNamespaceOf=</varname></term> | |
833 | ||
4107452e LP |
834 | <listitem><para>For units that start processes (such as service units), lists one or more other units |
835 | whose network and/or temporary file namespace to join. This only applies to unit types which support | |
a70581ff XR |
836 | the <varname>PrivateNetwork=</varname>, <varname>NetworkNamespacePath=</varname>, |
837 | <varname>PrivateIPC=</varname>, <varname>IPCNamespacePath=</varname>, and | |
798d3a52 | 838 | <varname>PrivateTmp=</varname> directives (see |
4107452e LP |
839 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for |
840 | details). If a unit that has this setting set is started, its processes will see the same | |
a70581ff XR |
841 | <filename>/tmp/</filename>, <filename>/var/tmp/</filename>, IPC namespace and network namespace as |
842 | one listed unit that is started. If multiple listed units are already started, it is not defined | |
843 | which namespace is joined. Note that this setting only has an effect if | |
844 | <varname>PrivateNetwork=</varname>/<varname>NetworkNamespacePath=</varname>, | |
845 | <varname>PrivateIPC=</varname>/<varname>IPCNamespacePath=</varname> and/or | |
4107452e LP |
846 | <varname>PrivateTmp=</varname> is enabled for both the unit that joins the namespace and the unit |
847 | whose namespace is joined.</para></listitem> | |
798d3a52 ZJS |
848 | </varlistentry> |
849 | ||
850 | <varlistentry> | |
851 | <term><varname>RequiresMountsFor=</varname></term> | |
852 | ||
853 | <listitem><para>Takes a space-separated list of absolute | |
854 | paths. Automatically adds dependencies of type | |
855 | <varname>Requires=</varname> and <varname>After=</varname> for | |
856 | all mount units required to access the specified path.</para> | |
857 | ||
858 | <para>Mount points marked with <option>noauto</option> are not | |
88e328fd ZJS |
859 | mounted automatically through <filename>local-fs.target</filename>, |
860 | but are still honored for the purposes of this option, i.e. they | |
861 | will be pulled in by this unit.</para></listitem> | |
798d3a52 ZJS |
862 | </varlistentry> |
863 | ||
864 | <varlistentry> | |
865 | <term><varname>OnFailureJobMode=</varname></term> | |
866 | ||
867 | <listitem><para>Takes a value of | |
868 | <literal>fail</literal>, | |
869 | <literal>replace</literal>, | |
870 | <literal>replace-irreversibly</literal>, | |
871 | <literal>isolate</literal>, | |
872 | <literal>flush</literal>, | |
873 | <literal>ignore-dependencies</literal> or | |
874 | <literal>ignore-requirements</literal>. Defaults to | |
875 | <literal>replace</literal>. Specifies how the units listed in | |
876 | <varname>OnFailure=</varname> will be enqueued. See | |
877 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s | |
878 | <option>--job-mode=</option> option for details on the | |
879 | possible values. If this is set to <literal>isolate</literal>, | |
880 | only a single unit may be listed in | |
e9dd6984 | 881 | <varname>OnFailure=</varname>.</para></listitem> |
798d3a52 ZJS |
882 | </varlistentry> |
883 | ||
884 | <varlistentry> | |
885 | <term><varname>IgnoreOnIsolate=</varname></term> | |
886 | ||
68dd195c LP |
887 | <listitem><para>Takes a boolean argument. If <option>true</option>, this unit will not be stopped |
888 | when isolating another unit. Defaults to <option>false</option> for service, target, socket, timer, | |
889 | and path units, and <option>true</option> for slice, scope, device, swap, mount, and automount | |
890 | units.</para></listitem> | |
798d3a52 ZJS |
891 | </varlistentry> |
892 | ||
798d3a52 ZJS |
893 | <varlistentry> |
894 | <term><varname>StopWhenUnneeded=</varname></term> | |
895 | ||
896 | <listitem><para>Takes a boolean argument. If | |
897 | <option>true</option>, this unit will be stopped when it is no | |
b938cb90 | 898 | longer used. Note that, in order to minimize the work to be |
798d3a52 ZJS |
899 | executed, systemd will not stop units by default unless they |
900 | are conflicting with other units, or the user explicitly | |
901 | requested their shut down. If this option is set, a unit will | |
902 | be automatically cleaned up if no other active unit requires | |
903 | it. Defaults to <option>false</option>.</para></listitem> | |
904 | </varlistentry> | |
905 | ||
906 | <varlistentry> | |
907 | <term><varname>RefuseManualStart=</varname></term> | |
908 | <term><varname>RefuseManualStop=</varname></term> | |
909 | ||
910 | <listitem><para>Takes a boolean argument. If | |
911 | <option>true</option>, this unit can only be activated or | |
912 | deactivated indirectly. In this case, explicit start-up or | |
913 | termination requested by the user is denied, however if it is | |
914 | started or stopped as a dependency of another unit, start-up | |
915 | or termination will succeed. This is mostly a safety feature | |
916 | to ensure that the user does not accidentally activate units | |
917 | that are not intended to be activated explicitly, and not | |
918 | accidentally deactivate units that are not intended to be | |
919 | deactivated. These options default to | |
920 | <option>false</option>.</para></listitem> | |
921 | </varlistentry> | |
922 | ||
923 | <varlistentry> | |
924 | <term><varname>AllowIsolate=</varname></term> | |
925 | ||
926 | <listitem><para>Takes a boolean argument. If | |
927 | <option>true</option>, this unit may be used with the | |
928 | <command>systemctl isolate</command> command. Otherwise, this | |
929 | will be refused. It probably is a good idea to leave this | |
930 | disabled except for target units that shall be used similar to | |
931 | runlevels in SysV init systems, just as a precaution to avoid | |
932 | unusable system states. This option defaults to | |
933 | <option>false</option>.</para></listitem> | |
934 | </varlistentry> | |
935 | ||
936 | <varlistentry> | |
937 | <term><varname>DefaultDependencies=</varname></term> | |
938 | ||
939 | <listitem><para>Takes a boolean argument. If | |
c13fb257 | 940 | <option>yes</option>, (the default), a few default |
798d3a52 ZJS |
941 | dependencies will implicitly be created for the unit. The |
942 | actual dependencies created depend on the unit type. For | |
943 | example, for service units, these dependencies ensure that the | |
944 | service is started only after basic system initialization is | |
945 | completed and is properly terminated on system shutdown. See | |
946 | the respective man pages for details. Generally, only services | |
947 | involved with early boot or late shutdown should set this | |
c13fb257 | 948 | option to <option>no</option>. It is highly recommended to |
798d3a52 | 949 | leave this option enabled for the majority of common units. If |
c13fb257 | 950 | set to <option>no</option>, this option does not disable |
798d3a52 ZJS |
951 | all implicit dependencies, just non-essential |
952 | ones.</para></listitem> | |
953 | </varlistentry> | |
954 | ||
5afe510c LP |
955 | <varlistentry> |
956 | <term><varname>CollectMode=</varname></term> | |
957 | ||
958 | <listitem><para>Tweaks the "garbage collection" algorithm for this unit. Takes one of <option>inactive</option> | |
959 | or <option>inactive-or-failed</option>. If set to <option>inactive</option> the unit will be unloaded if it is | |
960 | in the <constant>inactive</constant> state and is not referenced by clients, jobs or other units — however it | |
961 | is not unloaded if it is in the <constant>failed</constant> state. In <option>failed</option> mode, failed | |
962 | units are not unloaded until the user invoked <command>systemctl reset-failed</command> on them to reset the | |
963 | <constant>failed</constant> state, or an equivalent command. This behaviour is altered if this option is set to | |
964 | <option>inactive-or-failed</option>: in this case the unit is unloaded even if the unit is in a | |
965 | <constant>failed</constant> state, and thus an explicitly resetting of the <constant>failed</constant> state is | |
966 | not necessary. Note that if this mode is used unit results (such as exit codes, exit signals, consumed | |
967 | resources, …) are flushed out immediately after the unit completed, except for what is stored in the logging | |
968 | subsystem. Defaults to <option>inactive</option>.</para> | |
969 | </listitem> | |
970 | </varlistentry> | |
971 | ||
454dd6ce ZJS |
972 | <varlistentry> |
973 | <term><varname>FailureAction=</varname></term> | |
974 | <term><varname>SuccessAction=</varname></term> | |
975 | ||
54fcb619 ZJS |
976 | <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive state. |
977 | Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>, | |
978 | <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>, | |
979 | <option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode, | |
a400bd8c ZJS |
980 | all options are allowed. In user mode, only <option>none</option>, <option>exit</option>, and |
981 | <option>exit-force</option> are allowed. Both options default to <option>none</option>.</para> | |
54fcb619 ZJS |
982 | |
983 | <para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot | |
984 | following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>). | |
985 | <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should | |
986 | cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and | |
987 | <option>reboot-immediate</option> causes immediate execution of the | |
454dd6ce | 988 | <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which |
6a4e939d LP |
989 | might result in data loss (i.e. equivalent to <command>systemctl reboot -ff</command>). Similarly, |
990 | <option>poweroff</option>, <option>poweroff-force</option>, <option>poweroff-immediate</option> have the effect | |
991 | of powering down the system with similar semantics. <option>exit</option> causes the manager to exit following | |
992 | the normal shutdown procedure, and <option>exit-force</option> causes it terminate without shutting down | |
993 | services. When <option>exit</option> or <option>exit-force</option> is used by default the exit status of the | |
5238e957 | 994 | main process of the unit (if this applies) is returned from the service manager. However, this may be overridden |
6a4e939d LP |
995 | with <varname>FailureActionExitStatus=</varname>/<varname>SuccessActionExitStatus=</varname>, see |
996 | below.</para></listitem> | |
997 | </varlistentry> | |
998 | ||
999 | <varlistentry> | |
1000 | <term><varname>FailureActionExitStatus=</varname></term> | |
1001 | <term><varname>SuccessActionExitStatus=</varname></term> | |
1002 | ||
1003 | <listitem><para>Controls the exit status to propagate back to an invoking container manager (in case of a | |
1004 | system service) or service manager (in case of a user manager) when the | |
1005 | <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> are set to <option>exit</option> or | |
1006 | <option>exit-force</option> and the action is triggered. By default the exit status of the main process of the | |
1007 | triggering unit (if this applies) is propagated. Takes a value in the range 0…255 or the empty string to | |
1008 | request default behaviour.</para></listitem> | |
454dd6ce ZJS |
1009 | </varlistentry> |
1010 | ||
798d3a52 ZJS |
1011 | <varlistentry> |
1012 | <term><varname>JobTimeoutSec=</varname></term> | |
a2df3ea4 | 1013 | <term><varname>JobRunningTimeoutSec=</varname></term> |
798d3a52 | 1014 | |
fc070a25 ZJS |
1015 | <listitem><para><varname>JobTimeoutSec=</varname> specifies a timeout for the whole job that starts |
1016 | running when the job is queued. <varname>JobRunningTimeoutSec=</varname> specifies a timeout that | |
1017 | starts running when the queued job is actually started. If either limit is reached, the job will be | |
1018 | cancelled, the unit however will not change state or even enter the <literal>failed</literal> mode. | |
1019 | </para> | |
1020 | ||
1021 | <para>Both settings take a time span with the default unit of seconds, but other units may be | |
1022 | specified, see | |
1023 | <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>. | |
1024 | The default is <literal>infinity</literal> (job timeouts disabled), except for device units where | |
1025 | <varname>JobRunningTimeoutSec=</varname> defaults to <varname>DefaultTimeoutStartSec=</varname>. | |
1026 | </para> | |
1027 | ||
1028 | <para>Note: these timeouts are independent from any unit-specific timeouts (for example, the timeout | |
1029 | set with <varname>TimeoutStartSec=</varname> in service units). The job timeout has no effect on the | |
1030 | unit itself. Or in other words: unit-specific timeouts are useful to abort unit state changes, and | |
1031 | revert them. The job timeout set with this option however is useful to abort only the job waiting for | |
1032 | the unit state to change.</para> | |
de597248 ZJS |
1033 | </listitem> |
1034 | </varlistentry> | |
1035 | ||
1036 | <varlistentry> | |
1037 | <term><varname>JobTimeoutAction=</varname></term> | |
1038 | <term><varname>JobTimeoutRebootArgument=</varname></term> | |
798d3a52 | 1039 | |
fc070a25 ZJS |
1040 | <listitem><para><varname>JobTimeoutAction=</varname> optionally configures an additional action to |
1041 | take when the timeout is hit, see description of <varname>JobTimeoutSec=</varname> and | |
de597248 | 1042 | <varname>JobRunningTimeoutSec=</varname> above. It takes the same values as |
fc070a25 ZJS |
1043 | <varname>StartLimitAction=</varname>. Defaults to <option>none</option>.</para> |
1044 | ||
1045 | <para><varname>JobTimeoutRebootArgument=</varname> configures an optional reboot string to pass to | |
1046 | the <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system | |
1047 | call.</para></listitem> | |
798d3a52 ZJS |
1048 | </varlistentry> |
1049 | ||
6bf0f408 | 1050 | <varlistentry> |
fc5ffacd ZJS |
1051 | <term><varname>StartLimitIntervalSec=<replaceable>interval</replaceable></varname></term> |
1052 | <term><varname>StartLimitBurst=<replaceable>burst</replaceable></varname></term> | |
6bf0f408 | 1053 | |
fc5ffacd | 1054 | <listitem><para>Configure unit start rate limiting. Units which are started more than |
fc070a25 ZJS |
1055 | <replaceable>burst</replaceable> times within an <replaceable>interval</replaceable> time span are |
1056 | not permitted to start any more. Use <varname>StartLimitIntervalSec=</varname> to configure the | |
1057 | checking interval and <varname>StartLimitBurst=</varname> to configure how many starts per interval | |
1058 | are allowed.</para> | |
1059 | ||
1060 | <para><replaceable>interval</replaceable> is a time span with the default unit of seconds, but other | |
1061 | units may be specified, see | |
1062 | <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>. | |
1063 | Defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file, and may | |
1064 | be set to 0 to disable any kind of rate limiting. <replaceable>burst</replaceable> is a number and | |
1065 | defaults to <varname>DefaultStartLimitBurst=</varname> in manager configuration file.</para> | |
1066 | ||
1067 | <para>These configuration options are particularly useful in conjunction with the service setting | |
b94f4313 | 1068 | <varname>Restart=</varname> (see |
fc070a25 ZJS |
1069 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>); |
1070 | however, they apply to all kinds of starts (including manual), not just those triggered by the | |
1071 | <varname>Restart=</varname> logic.</para> | |
1072 | ||
1073 | <para>Note that units which are configured for <varname>Restart=</varname>, and which reach the start | |
3babb816 CH |
1074 | limit are not attempted to be restarted anymore; however, they may still be restarted manually or |
1075 | from a timer or socket at a later point, after the <replaceable>interval</replaceable> has passed. | |
1076 | From that point on, the restart logic is activated again. <command>systemctl reset-failed</command> | |
1077 | will cause the restart rate counter for a service to be flushed, which is useful if the administrator | |
1078 | wants to manually start a unit and the start limit interferes with that. Rate-limiting is enforced | |
1079 | after any unit condition checks are executed, and hence unit activations with failing conditions do | |
1080 | not count towards the rate limit.</para> | |
fc070a25 ZJS |
1081 | |
1082 | <para>When a unit is unloaded due to the garbage collection logic (see above) its rate limit counters | |
1083 | are flushed out too. This means that configuring start rate limiting for a unit that is not | |
1084 | referenced continuously has no effect.</para> | |
1085 | ||
1086 | <para>This setting does not apply to slice, target, device, and scope units, since they are unit | |
1087 | types whose activation may either never fail, or may succeed only a single time.</para></listitem> | |
6bf0f408 LP |
1088 | </varlistentry> |
1089 | ||
1090 | <varlistentry> | |
1091 | <term><varname>StartLimitAction=</varname></term> | |
1092 | ||
454dd6ce | 1093 | <listitem><para>Configure an additional action to take if the rate limit configured with |
e9dd6984 ZJS |
1094 | <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same |
1095 | values as the <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings. If | |
1096 | <option>none</option> is set, hitting the rate limit will trigger no action except that | |
454dd6ce | 1097 | the start will not be permitted. Defaults to <option>none</option>.</para></listitem> |
6bf0f408 LP |
1098 | </varlistentry> |
1099 | ||
1100 | <varlistentry> | |
1101 | <term><varname>RebootArgument=</varname></term> | |
1102 | <listitem><para>Configure the optional argument for the | |
1103 | <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call if | |
53c35a76 | 1104 | <varname>StartLimitAction=</varname> or <varname>FailureAction=</varname> is a reboot action. This |
6bf0f408 LP |
1105 | works just like the optional argument to <command>systemctl reboot</command> command.</para></listitem> |
1106 | </varlistentry> | |
1107 | ||
798d3a52 ZJS |
1108 | <varlistentry> |
1109 | <term><varname>SourcePath=</varname></term> | |
1110 | <listitem><para>A path to a configuration file this unit has | |
1111 | been generated from. This is primarily useful for | |
1112 | implementation of generator tools that convert configuration | |
1113 | from an external configuration file format into native unit | |
1114 | files. This functionality should not be used in normal | |
1115 | units.</para></listitem> | |
1116 | </varlistentry> | |
1117 | </variablelist> | |
337b7334 ZJS |
1118 | |
1119 | <refsect2> | |
1120 | <title>Conditions and Asserts</title> | |
1121 | ||
0a6aa7a2 LP |
1122 | <para>Unit files may also include a number of <varname index="false">Condition…=</varname> and <varname |
1123 | index="false">Assert…=</varname> settings. Before the unit is started, systemd will verify that the | |
1124 | specified conditions and asserts are true. If not, the starting of the unit will be (mostly silently) | |
1125 | skipped (in case of conditions), or aborted with an error message (in case of asserts). Failing | |
1126 | conditions or asserts will not result in the unit being moved into the <literal>failed</literal> | |
1127 | state. The conditions and asserts are checked at the time the queued start job is to be executed. The | |
1128 | ordering dependencies are still respected, so other units are still pulled in and ordered as if this | |
1129 | unit was successfully activated, and the conditions and asserts are executed the precise moment the | |
1130 | unit would normally start and thus can validate system state after the units ordered before completed | |
1131 | initialization. Use condition expressions for skipping units that do not apply to the local system, for | |
1132 | example because the kernel or runtime environment doesn't require their functionality. | |
337b7334 ZJS |
1133 | </para> |
1134 | ||
1135 | <para>If multiple conditions are specified, the unit will be executed if all of them apply (i.e. a | |
54166cee | 1136 | logical AND is applied). Condition checks can use a pipe symbol (<literal>|</literal>) after the equals |
0a6aa7a2 LP |
1137 | sign (<literal>Condition…=|…</literal>), which causes the condition to become a |
1138 | <emphasis>triggering</emphasis> condition. If at least one triggering condition is defined for a unit, | |
1139 | then the unit will be started if at least one of the triggering conditions of the unit applies and all | |
1140 | of the regular (i.e. non-triggering) conditions apply. If you prefix an argument with the pipe symbol | |
1141 | and an exclamation mark, the pipe symbol must be passed first, the exclamation second. If any of these | |
1142 | options is assigned the empty string, the list of conditions is reset completely, all previous | |
1143 | condition settings (of any kind) will have no effect.</para> | |
337b7334 ZJS |
1144 | |
1145 | <para>The <varname>AssertArchitecture=</varname>, <varname>AssertVirtualization=</varname>, … options | |
0a6aa7a2 LP |
1146 | are similar to conditions but cause the start job to fail (instead of being skipped). The failed check |
1147 | is logged. Units with failed conditions are considered to be in a clean state and will be garbage | |
337b7334 ZJS |
1148 | collected if they are not referenced. This means that when queried, the condition failure may or may |
1149 | not show up in the state of the unit.</para> | |
1150 | ||
1151 | <para>Note that neither assertion nor condition expressions result in unit state changes. Also note | |
1152 | that both are checked at the time the job is to be executed, i.e. long after depending jobs and it | |
1153 | itself were queued. Thus, neither condition nor assertion expressions are suitable for conditionalizing | |
1154 | unit dependencies.</para> | |
1155 | ||
1156 | <para>The <command>condition</command> verb of | |
1157 | <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> can | |
1158 | be used to test condition and assert expressions.</para> | |
1159 | ||
1160 | <para>Except for <varname>ConditionPathIsSymbolicLink=</varname>, all path checks follow symlinks.</para> | |
1161 | ||
1162 | <variablelist class='unit-directives'> | |
337b7334 ZJS |
1163 | <varlistentry> |
1164 | <term><varname>ConditionArchitecture=</varname></term> | |
1165 | ||
1166 | <listitem><para>Check whether the system is running on a specific architecture. Takes one of | |
1167 | <literal>x86</literal>, | |
1168 | <literal>x86-64</literal>, | |
1169 | <literal>ppc</literal>, | |
1170 | <literal>ppc-le</literal>, | |
1171 | <literal>ppc64</literal>, | |
1172 | <literal>ppc64-le</literal>, | |
1173 | <literal>ia64</literal>, | |
1174 | <literal>parisc</literal>, | |
1175 | <literal>parisc64</literal>, | |
1176 | <literal>s390</literal>, | |
1177 | <literal>s390x</literal>, | |
1178 | <literal>sparc</literal>, | |
1179 | <literal>sparc64</literal>, | |
1180 | <literal>mips</literal>, | |
1181 | <literal>mips-le</literal>, | |
1182 | <literal>mips64</literal>, | |
1183 | <literal>mips64-le</literal>, | |
1184 | <literal>alpha</literal>, | |
1185 | <literal>arm</literal>, | |
1186 | <literal>arm-be</literal>, | |
1187 | <literal>arm64</literal>, | |
1188 | <literal>arm64-be</literal>, | |
1189 | <literal>sh</literal>, | |
1190 | <literal>sh64</literal>, | |
1191 | <literal>m68k</literal>, | |
1192 | <literal>tilegx</literal>, | |
1193 | <literal>cris</literal>, | |
1194 | <literal>arc</literal>, | |
1195 | <literal>arc-be</literal>, or | |
1196 | <literal>native</literal>.</para> | |
1197 | ||
1198 | <para>The architecture is determined from the information returned by | |
1199 | <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
1200 | and is thus subject to | |
1201 | <citerefentry><refentrytitle>personality</refentrytitle><manvolnum>2</manvolnum></citerefentry>. | |
1202 | Note that a <varname>Personality=</varname> setting in the same unit file has no effect on this | |
1203 | condition. A special architecture name <literal>native</literal> is mapped to the architecture the | |
1204 | system manager itself is compiled for. The test may be negated by prepending an exclamation | |
1205 | mark.</para> | |
1206 | </listitem> | |
1207 | </varlistentry> | |
1208 | ||
cbcdcaaa UKK |
1209 | <varlistentry> |
1210 | <term><varname>ConditionFirmware=</varname></term> | |
1211 | ||
1212 | <listitem><para>Check whether the system's firmware is of a certain type. Possible values are: | |
1213 | <literal>uefi</literal> (for systems with EFI), | |
1214 | <literal>device-tree</literal> (for systems with a device tree) and | |
1215 | <literal>device-tree-compatible(xyz)</literal> (for systems with a device tree that is compatible to <literal>xyz</literal>).</para> | |
1216 | </listitem> | |
1217 | </varlistentry> | |
1218 | ||
337b7334 | 1219 | <varlistentry> |
81a41081 | 1220 | <term><varname>ConditionVirtualization=</varname></term> |
337b7334 ZJS |
1221 | |
1222 | <listitem><para>Check whether the system is executed in a virtualized environment and optionally | |
1223 | test whether it is a specific implementation. Takes either boolean value to check if being executed | |
1224 | in any virtualized environment, or one of | |
1225 | <literal>vm</literal> and | |
1226 | <literal>container</literal> to test against a generic type of virtualization solution, or one of | |
1227 | <literal>qemu</literal>, | |
1228 | <literal>kvm</literal>, | |
b6eca373 | 1229 | <literal>amazon</literal>, |
337b7334 ZJS |
1230 | <literal>zvm</literal>, |
1231 | <literal>vmware</literal>, | |
1232 | <literal>microsoft</literal>, | |
1233 | <literal>oracle</literal>, | |
3224e38b | 1234 | <literal>powervm</literal>, |
337b7334 ZJS |
1235 | <literal>xen</literal>, |
1236 | <literal>bochs</literal>, | |
1237 | <literal>uml</literal>, | |
1238 | <literal>bhyve</literal>, | |
1239 | <literal>qnx</literal>, | |
1240 | <literal>openvz</literal>, | |
1241 | <literal>lxc</literal>, | |
1242 | <literal>lxc-libvirt</literal>, | |
1243 | <literal>systemd-nspawn</literal>, | |
1244 | <literal>docker</literal>, | |
1245 | <literal>podman</literal>, | |
1246 | <literal>rkt</literal>, | |
1247 | <literal>wsl</literal>, | |
80cc3e3e | 1248 | <literal>proot</literal>, |
abac810b | 1249 | <literal>pouch</literal>, |
337b7334 ZJS |
1250 | <literal>acrn</literal> to test |
1251 | against a specific implementation, or | |
1252 | <literal>private-users</literal> to check whether we are running in a user namespace. See | |
1253 | <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
1254 | for a full list of known virtualization technologies and their identifiers. If multiple | |
1255 | virtualization technologies are nested, only the innermost is considered. The test may be negated | |
1256 | by prepending an exclamation mark.</para> | |
1257 | </listitem> | |
1258 | </varlistentry> | |
1259 | ||
1260 | <varlistentry> | |
1261 | <term><varname>ConditionHost=</varname></term> | |
1262 | ||
1263 | <listitem><para><varname>ConditionHost=</varname> may be used to match against the hostname or | |
1264 | machine ID of the host. This either takes a hostname string (optionally with shell style globs) | |
1265 | which is tested against the locally set hostname as returned by | |
1266 | <citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>, or | |
1267 | a machine ID formatted as string (see | |
1268 | <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>). | |
1269 | The test may be negated by prepending an exclamation mark.</para> | |
1270 | </listitem> | |
1271 | </varlistentry> | |
1272 | ||
1273 | <varlistentry> | |
1274 | <term><varname>ConditionKernelCommandLine=</varname></term> | |
1275 | ||
1276 | <listitem><para><varname>ConditionKernelCommandLine=</varname> may be used to check whether a | |
1277 | specific kernel command line option is set (or if prefixed with the exclamation mark — unset). The | |
1278 | argument must either be a single word, or an assignment (i.e. two words, separated by | |
1279 | <literal>=</literal>). In the former case the kernel command line is searched for the word | |
1280 | appearing as is, or as left hand side of an assignment. In the latter case, the exact assignment is | |
af4b8f80 LP |
1281 | looked for with right and left hand side matching. This operates on the kernel command line |
1282 | communicated to userspace via <filename>/proc/cmdline</filename>, except when the service manager | |
1283 | is invoked as payload of a container manager, in which case the command line of <filename>PID | |
1284 | 1</filename> is used instead (i.e. <filename>/proc/1/cmdline</filename>).</para> | |
337b7334 ZJS |
1285 | </listitem> |
1286 | </varlistentry> | |
1287 | ||
1288 | <varlistentry> | |
1289 | <term><varname>ConditionKernelVersion=</varname></term> | |
1290 | ||
1291 | <listitem><para><varname>ConditionKernelVersion=</varname> may be used to check whether the kernel | |
1292 | version (as reported by <command>uname -r</command>) matches a certain expression (or if prefixed | |
1293 | with the exclamation mark does not match it). The argument must be a list of (potentially quoted) | |
1294 | expressions. For each of the expressions, if it starts with one of <literal><</literal>, | |
1295 | <literal><=</literal>, <literal>=</literal>, <literal>!=</literal>, <literal>>=</literal>, | |
1296 | <literal>></literal> a relative version comparison is done, otherwise the specified string is | |
1297 | matched with shell-style globs.</para> | |
1298 | ||
1299 | <para>Note that using the kernel version string is an unreliable way to determine which features | |
1300 | are supported by a kernel, because of the widespread practice of backporting drivers, features, and | |
1301 | fixes from newer upstream kernels into older versions provided by distributions. Hence, this check | |
1302 | is inherently unportable and should not be used for units which may be used on different | |
1303 | distributions.</para> | |
1304 | </listitem> | |
1305 | </varlistentry> | |
1306 | ||
410abf83 LP |
1307 | <varlistentry> |
1308 | <term><varname>ConditionEnvironment=</varname></term> | |
1309 | ||
1310 | <listitem><para><varname>ConditionEnvironment=</varname> may be used to check whether a specific | |
1311 | environment variable is set (or if prefixed with the exclamation mark — unset) in the service | |
1312 | manager's environment block. | |
1313 | ||
1314 | The argument may be a single word, to check if the variable with this name is defined in the | |
1315 | environment block, or an assignment | |
1316 | (<literal><replaceable>name</replaceable>=<replaceable>value</replaceable></literal>), to check if | |
1317 | the variable with this exact value is defined. Note that the environment block of the service | |
1318 | manager itself is checked, i.e. not any variables defined with <varname>Environment=</varname> or | |
1319 | <varname>EnvironmentFile=</varname>, as described above. This is particularly useful when the | |
1320 | service manager runs inside a containerized environment or as per-user service manager, in order to | |
1321 | check for variables passed in by the enclosing container manager or PAM.</para> | |
1322 | </listitem> | |
1323 | </varlistentry> | |
1324 | ||
337b7334 ZJS |
1325 | <varlistentry> |
1326 | <term><varname>ConditionSecurity=</varname></term> | |
1327 | ||
1328 | <listitem><para><varname>ConditionSecurity=</varname> may be used to check whether the given | |
1329 | security technology is enabled on the system. Currently, the recognized values are | |
1330 | <literal>selinux</literal>, <literal>apparmor</literal>, <literal>tomoyo</literal>, | |
bce334a3 LP |
1331 | <literal>ima</literal>, <literal>smack</literal>, <literal>audit</literal>, |
1332 | <literal>uefi-secureboot</literal> and <literal>tpm2</literal>. The test may be negated by prepending | |
1333 | an exclamation mark.</para> | |
337b7334 ZJS |
1334 | </listitem> |
1335 | </varlistentry> | |
1336 | ||
1337 | <varlistentry> | |
1338 | <term><varname>ConditionCapability=</varname></term> | |
1339 | ||
1340 | <listitem><para>Check whether the given capability exists in the capability bounding set of the | |
1341 | service manager (i.e. this does not check whether capability is actually available in the permitted | |
1342 | or effective sets, see | |
1343 | <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
1344 | for details). Pass a capability name such as <literal>CAP_MKNOD</literal>, possibly prefixed with | |
1345 | an exclamation mark to negate the check.</para> | |
1346 | </listitem> | |
1347 | </varlistentry> | |
1348 | ||
1349 | <varlistentry> | |
1350 | <term><varname>ConditionACPower=</varname></term> | |
1351 | ||
1352 | <listitem><para>Check whether the system has AC power, or is exclusively battery powered at the | |
1353 | time of activation of the unit. This takes a boolean argument. If set to <literal>true</literal>, | |
1354 | the condition will hold only if at least one AC connector of the system is connected to a power | |
1355 | source, or if no AC connectors are known. Conversely, if set to <literal>false</literal>, the | |
1356 | condition will hold only if there is at least one AC connector known and all AC connectors are | |
1357 | disconnected from a power source.</para> | |
1358 | </listitem> | |
1359 | </varlistentry> | |
1360 | ||
1361 | <varlistentry> | |
1362 | <term><varname>ConditionNeedsUpdate=</varname></term> | |
1363 | ||
3b121157 | 1364 | <listitem><para>Takes one of <filename>/var/</filename> or <filename>/etc/</filename> as argument, |
bf1abf1a | 1365 | possibly prefixed with a <literal>!</literal> (to invert the condition). This condition may be |
337b7334 | 1366 | used to conditionalize units on whether the specified directory requires an update because |
3b121157 | 1367 | <filename>/usr/</filename>'s modification time is newer than the stamp file |
337b7334 | 1368 | <filename>.updated</filename> in the specified directory. This is useful to implement offline |
3b121157 ZJS |
1369 | updates of the vendor operating system resources in <filename>/usr/</filename> that require updating |
1370 | of <filename>/etc/</filename> or <filename>/var/</filename> on the next following boot. Units making | |
337b7334 ZJS |
1371 | use of this condition should order themselves before |
1372 | <citerefentry><refentrytitle>systemd-update-done.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
1373 | to make sure they run before the stamp file's modification time gets reset indicating a completed | |
1374 | update.</para> | |
f8b4ae29 LP |
1375 | |
1376 | <para>If the <varname>systemd.condition-needs-update=</varname> option is specified on the kernel | |
1377 | command line (taking a boolean), it will override the result of this condition check, taking | |
f75420a4 | 1378 | precedence over any file modification time checks. If the kernel command line option is used, |
f8b4ae29 LP |
1379 | <filename>systemd-update-done.service</filename> will not have immediate effect on any following |
1380 | <varname>ConditionNeedsUpdate=</varname> checks, until the system is rebooted where the kernel | |
1381 | command line option is not specified anymore.</para> | |
f75420a4 ZJS |
1382 | |
1383 | <para>Note that to make this scheme effective, the timestamp of <filename>/usr/</filename> should | |
1384 | be explicitly updated after its contents are modified. The kernel will automatically update | |
1385 | modification timestamp on a directory only when immediate children of a directory are modified; an | |
1386 | modification of nested files will not automatically result in mtime of <filename>/usr/</filename> | |
1387 | being updated.</para> | |
1388 | ||
1389 | <para>Also note that if the update method includes a call to execute appropriate post-update steps | |
1390 | itself, it should not touch the timestamp of <filename>/usr/</filename>. In a typical distribution | |
1391 | packaging scheme, packages will do any required update steps as part of the installation or | |
1392 | upgrade, to make package contents immediately usable. <varname>ConditionNeedsUpdate=</varname> | |
1393 | should be used with other update mechanisms where such an immediate update does not | |
1394 | happen.</para></listitem> | |
337b7334 ZJS |
1395 | </varlistentry> |
1396 | ||
1397 | <varlistentry> | |
1398 | <term><varname>ConditionFirstBoot=</varname></term> | |
1399 | ||
1400 | <listitem><para>Takes a boolean argument. This condition may be used to conditionalize units on | |
a48627ef HS |
1401 | whether the system is booting up for the first time. This roughly means that <filename>/etc/</filename> |
1402 | is unpopulated (for details, see "First Boot Semantics" in | |
1403 | <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>). | |
1404 | This may be used to populate <filename>/etc/</filename> on the first boot after factory reset, or | |
1405 | when a new system instance boots up for the first time.</para> | |
1406 | ||
1407 | <para>For robustness, units with <varname>ConditionFirstBoot=yes</varname> should order themselves | |
1408 | before <filename>first-boot-complete.target</filename> and pull in this passive target with | |
1409 | <varname>Wants=</varname>. This ensures that in a case of an aborted first boot, these units will | |
1410 | be re-run during the next system startup.</para> | |
814872e9 LP |
1411 | |
1412 | <para>If the <varname>systemd.condition-first-boot=</varname> option is specified on the kernel | |
1413 | command line (taking a boolean), it will override the result of this condition check, taking | |
1414 | precedence over <filename>/etc/machine-id</filename> existence checks.</para> | |
337b7334 ZJS |
1415 | </listitem> |
1416 | </varlistentry> | |
1417 | ||
1418 | <varlistentry> | |
1419 | <term><varname>ConditionPathExists=</varname></term> | |
1420 | ||
d0fd1149 | 1421 | <listitem><para>Check for the existence of a file. If the specified absolute path name does not exist, |
337b7334 ZJS |
1422 | the condition will fail. If the absolute path name passed to |
1423 | <varname>ConditionPathExists=</varname> is prefixed with an exclamation mark | |
1424 | (<literal>!</literal>), the test is negated, and the unit is only started if the path does not | |
1425 | exist.</para> | |
1426 | </listitem> | |
1427 | </varlistentry> | |
1428 | ||
1429 | <varlistentry> | |
1430 | <term><varname>ConditionPathExistsGlob=</varname></term> | |
1431 | ||
1432 | <listitem><para><varname>ConditionPathExistsGlob=</varname> is similar to | |
1433 | <varname>ConditionPathExists=</varname>, but checks for the existence of at least one file or | |
1434 | directory matching the specified globbing pattern.</para> | |
1435 | </listitem> | |
1436 | </varlistentry> | |
1437 | ||
1438 | <varlistentry> | |
1439 | <term><varname>ConditionPathIsDirectory=</varname></term> | |
1440 | ||
1441 | <listitem><para><varname>ConditionPathIsDirectory=</varname> is similar to | |
1442 | <varname>ConditionPathExists=</varname> but verifies that a certain path exists and is a | |
1443 | directory.</para> | |
1444 | </listitem> | |
1445 | </varlistentry> | |
1446 | ||
1447 | <varlistentry> | |
1448 | <term><varname>ConditionPathIsSymbolicLink=</varname></term> | |
1449 | ||
1450 | <listitem><para><varname>ConditionPathIsSymbolicLink=</varname> is similar to | |
1451 | <varname>ConditionPathExists=</varname> but verifies that a certain path exists and is a symbolic | |
1452 | link.</para> | |
1453 | </listitem> | |
1454 | </varlistentry> | |
1455 | ||
1456 | <varlistentry> | |
1457 | <term><varname>ConditionPathIsMountPoint=</varname></term> | |
1458 | ||
1459 | <listitem><para><varname>ConditionPathIsMountPoint=</varname> is similar to | |
1460 | <varname>ConditionPathExists=</varname> but verifies that a certain path exists and is a mount | |
1461 | point.</para> | |
1462 | </listitem> | |
1463 | </varlistentry> | |
1464 | ||
1465 | <varlistentry> | |
1466 | <term><varname>ConditionPathIsReadWrite=</varname></term> | |
1467 | ||
1468 | <listitem><para><varname>ConditionPathIsReadWrite=</varname> is similar to | |
1469 | <varname>ConditionPathExists=</varname> but verifies that the underlying file system is readable | |
1470 | and writable (i.e. not mounted read-only).</para> | |
1471 | </listitem> | |
1472 | </varlistentry> | |
1473 | ||
410abf83 LP |
1474 | <varlistentry> |
1475 | <term><varname>ConditionPathIsEncrypted=</varname></term> | |
1476 | ||
1477 | <listitem><para><varname>ConditionPathIsEncrypted=</varname> is similar to | |
1478 | <varname>ConditionPathExists=</varname> but verifies that the underlying file system's backing | |
1479 | block device is encrypted using dm-crypt/LUKS. Note that this check does not cover ext4 | |
1480 | per-directory encryption, and only detects block level encryption. Moreover, if the specified path | |
1481 | resides on a file system on top of a loopback block device, only encryption above the loopback device is | |
1482 | detected. It is not detected whether the file system backing the loopback block device is encrypted.</para> | |
1483 | </listitem> | |
1484 | </varlistentry> | |
1485 | ||
337b7334 ZJS |
1486 | <varlistentry> |
1487 | <term><varname>ConditionDirectoryNotEmpty=</varname></term> | |
1488 | ||
1489 | <listitem><para><varname>ConditionDirectoryNotEmpty=</varname> is similar to | |
1490 | <varname>ConditionPathExists=</varname> but verifies that a certain path exists and is a non-empty | |
1491 | directory.</para> | |
1492 | </listitem> | |
1493 | </varlistentry> | |
1494 | ||
1495 | <varlistentry> | |
1496 | <term><varname>ConditionFileNotEmpty=</varname></term> | |
1497 | ||
1498 | <listitem><para><varname>ConditionFileNotEmpty=</varname> is similar to | |
1499 | <varname>ConditionPathExists=</varname> but verifies that a certain path exists and refers to a | |
1500 | regular file with a non-zero size.</para> | |
1501 | </listitem> | |
1502 | </varlistentry> | |
1503 | ||
1504 | <varlistentry> | |
1505 | <term><varname>ConditionFileIsExecutable=</varname></term> | |
1506 | ||
1507 | <listitem><para><varname>ConditionFileIsExecutable=</varname> is similar to | |
1508 | <varname>ConditionPathExists=</varname> but verifies that a certain path exists, is a regular file, | |
1509 | and marked executable.</para> | |
1510 | </listitem> | |
1511 | </varlistentry> | |
1512 | ||
1513 | <varlistentry> | |
1514 | <term><varname>ConditionUser=</varname></term> | |
1515 | ||
1516 | <listitem><para><varname>ConditionUser=</varname> takes a numeric <literal>UID</literal>, a UNIX | |
1517 | user name, or the special value <literal>@system</literal>. This condition may be used to check | |
1518 | whether the service manager is running as the given user. The special value | |
1519 | <literal>@system</literal> can be used to check if the user id is within the system user | |
1520 | range. This option is not useful for system services, as the system manager exclusively runs as the | |
1521 | root user, and thus the test result is constant.</para> | |
1522 | </listitem> | |
1523 | </varlistentry> | |
1524 | ||
1525 | <varlistentry> | |
1526 | <term><varname>ConditionGroup=</varname></term> | |
1527 | ||
1528 | <listitem><para><varname>ConditionGroup=</varname> is similar to <varname>ConditionUser=</varname> | |
1529 | but verifies that the service manager's real or effective group, or any of its auxiliary groups, | |
1530 | match the specified group or GID. This setting does not support the special value | |
1531 | <literal>@system</literal>.</para> | |
1532 | </listitem> | |
1533 | </varlistentry> | |
1534 | ||
1535 | <varlistentry> | |
1536 | <term><varname>ConditionControlGroupController=</varname></term> | |
1537 | ||
be0d27ee | 1538 | <listitem><para>Check whether given cgroup controllers (e.g. <literal>cpu</literal>) are available |
8ebfd50a ZJS |
1539 | for use on the system or whether the legacy v1 cgroup or the modern v2 cgroup hierarchy is used. |
1540 | </para> | |
1541 | ||
1542 | <para>Multiple controllers may be passed with a space separating them; in this case the condition | |
1543 | will only pass if all listed controllers are available for use. Controllers unknown to systemd are | |
1544 | ignored. Valid controllers are <literal>cpu</literal>, <literal>cpuacct</literal>, | |
1545 | <literal>io</literal>, <literal>blkio</literal>, <literal>memory</literal>, | |
1546 | <literal>devices</literal>, and <literal>pids</literal>. Even if available in the kernel, a | |
1547 | particular controller may not be available if it was disabled on the kernel command line with | |
1548 | <varname>cgroup_disable=controller</varname>.</para> | |
1549 | ||
1550 | <para>Alternatively, two special strings <literal>v1</literal> and <literal>v2</literal> may be | |
1551 | specified (without any controller names). <literal>v2</literal> will pass if the unified v2 cgroup | |
b49bb286 | 1552 | hierarchy is used, and <literal>v1</literal> will pass if the legacy v1 hierarchy or the hybrid |
8ebfd50a ZJS |
1553 | hierarchy are used (see the discussion of <varname>systemd.unified_cgroup_hierarchy</varname> and |
1554 | <varname>systemd.legacy_systemd_cgroup_controller</varname> in | |
1555 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
1556 | for more information).</para> | |
337b7334 ZJS |
1557 | </listitem> |
1558 | </varlistentry> | |
1559 | ||
1560 | <varlistentry> | |
1561 | <term><varname>ConditionMemory=</varname></term> | |
1562 | ||
1563 | <listitem><para>Verify that the specified amount of system memory is available to the current | |
1564 | system. Takes a memory size in bytes as argument, optionally prefixed with a comparison operator | |
1565 | <literal><</literal>, <literal><=</literal>, <literal>=</literal>, <literal>!=</literal>, | |
1566 | <literal>>=</literal>, <literal>></literal>. On bare-metal systems compares the amount of | |
1567 | physical memory in the system with the specified size, adhering to the specified comparison | |
1568 | operator. In containers compares the amount of memory assigned to the container instead.</para> | |
1569 | </listitem> | |
1570 | </varlistentry> | |
1571 | ||
1572 | <varlistentry> | |
1573 | <term><varname>ConditionCPUs=</varname></term> | |
1574 | ||
1575 | <listitem><para>Verify that the specified number of CPUs is available to the current system. Takes | |
1576 | a number of CPUs as argument, optionally prefixed with a comparison operator | |
1577 | <literal><</literal>, <literal><=</literal>, <literal>=</literal>, <literal>!=</literal>, | |
1578 | <literal>>=</literal>, <literal>></literal>. Compares the number of CPUs in the CPU affinity | |
1579 | mask configured of the service manager itself with the specified number, adhering to the specified | |
1580 | comparison operator. On physical systems the number of CPUs in the affinity mask of the service | |
1581 | manager usually matches the number of physical CPUs, but in special and virtual environments might | |
1582 | differ. In particular, in containers the affinity mask usually matches the number of CPUs assigned | |
1583 | to the container and not the physically available ones.</para></listitem> | |
1584 | </varlistentry> | |
1585 | ||
68337e55 GS |
1586 | <varlistentry> |
1587 | <term><varname>ConditionCPUFeature=</varname></term> | |
1588 | ||
1589 | <listitem><para>Verify that a given CPU feature is available via the <literal>CPUID</literal> | |
1590 | instruction. This condition only does something on i386 and x86-64 processors. On other | |
1591 | processors it is assumed that the CPU does not support the given feature. It checks the leaves | |
1592 | <literal>1</literal>, <literal>7</literal>, <literal>0x80000001</literal>, and | |
1593 | <literal>0x80000007</literal>. Valid values are: | |
1594 | <literal>fpu</literal>, | |
1595 | <literal>vme</literal>, | |
1596 | <literal>de</literal>, | |
1597 | <literal>pse</literal>, | |
1598 | <literal>tsc</literal>, | |
1599 | <literal>msr</literal>, | |
1600 | <literal>pae</literal>, | |
1601 | <literal>mce</literal>, | |
1602 | <literal>cx8</literal>, | |
1603 | <literal>apic</literal>, | |
1604 | <literal>sep</literal>, | |
1605 | <literal>mtrr</literal>, | |
1606 | <literal>pge</literal>, | |
1607 | <literal>mca</literal>, | |
1608 | <literal>cmov</literal>, | |
1609 | <literal>pat</literal>, | |
1610 | <literal>pse36</literal>, | |
1611 | <literal>clflush</literal>, | |
1612 | <literal>mmx</literal>, | |
1613 | <literal>fxsr</literal>, | |
1614 | <literal>sse</literal>, | |
1615 | <literal>sse2</literal>, | |
1616 | <literal>ht</literal>, | |
1617 | <literal>pni</literal>, | |
1618 | <literal>pclmul</literal>, | |
1619 | <literal>monitor</literal>, | |
1620 | <literal>ssse3</literal>, | |
1621 | <literal>fma3</literal>, | |
1622 | <literal>cx16</literal>, | |
1623 | <literal>sse4_1</literal>, | |
1624 | <literal>sse4_2</literal>, | |
1625 | <literal>movbe</literal>, | |
1626 | <literal>popcnt</literal>, | |
1627 | <literal>aes</literal>, | |
1628 | <literal>xsave</literal>, | |
1629 | <literal>osxsave</literal>, | |
1630 | <literal>avx</literal>, | |
1631 | <literal>f16c</literal>, | |
1632 | <literal>rdrand</literal>, | |
1633 | <literal>bmi1</literal>, | |
1634 | <literal>avx2</literal>, | |
1635 | <literal>bmi2</literal>, | |
1636 | <literal>rdseed</literal>, | |
1637 | <literal>adx</literal>, | |
1638 | <literal>sha_ni</literal>, | |
1639 | <literal>syscall</literal>, | |
1640 | <literal>rdtscp</literal>, | |
1641 | <literal>lm</literal>, | |
1642 | <literal>lahf_lm</literal>, | |
1643 | <literal>abm</literal>, | |
1644 | <literal>constant_tsc</literal>.</para> | |
1645 | </listitem> | |
1646 | </varlistentry> | |
1647 | ||
1e26f8a6 LB |
1648 | <varlistentry> |
1649 | <term><varname>ConditionOSRelease=</varname></term> | |
1650 | ||
1651 | <listitem><para>Verify that a specific <literal>key=value</literal> pair is set in the host's | |
1652 | <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> | |
1653 | ||
1654 | <para>Other than exact matching with <literal>=</literal>, and <literal>!=</literal>, relative | |
1655 | comparisons are supported for versioned parameters (e.g. <literal>VERSION_ID</literal>). The | |
1656 | comparator can be one of <literal><</literal>, <literal><=</literal>, <literal>=</literal>, | |
1657 | <literal>!=</literal>, <literal>>=</literal> and <literal>></literal>.</para> | |
1658 | </listitem> | |
1659 | </varlistentry> | |
1660 | ||
337b7334 ZJS |
1661 | <varlistentry> |
1662 | <term><varname>AssertArchitecture=</varname></term> | |
1663 | <term><varname>AssertVirtualization=</varname></term> | |
1664 | <term><varname>AssertHost=</varname></term> | |
1665 | <term><varname>AssertKernelCommandLine=</varname></term> | |
1666 | <term><varname>AssertKernelVersion=</varname></term> | |
7d27d39a | 1667 | <term><varname>AssertEnvironment=</varname></term> |
337b7334 ZJS |
1668 | <term><varname>AssertSecurity=</varname></term> |
1669 | <term><varname>AssertCapability=</varname></term> | |
1670 | <term><varname>AssertACPower=</varname></term> | |
1671 | <term><varname>AssertNeedsUpdate=</varname></term> | |
1672 | <term><varname>AssertFirstBoot=</varname></term> | |
1673 | <term><varname>AssertPathExists=</varname></term> | |
1674 | <term><varname>AssertPathExistsGlob=</varname></term> | |
1675 | <term><varname>AssertPathIsDirectory=</varname></term> | |
1676 | <term><varname>AssertPathIsSymbolicLink=</varname></term> | |
1677 | <term><varname>AssertPathIsMountPoint=</varname></term> | |
1678 | <term><varname>AssertPathIsReadWrite=</varname></term> | |
7d27d39a | 1679 | <term><varname>AssertPathIsEncrypted=</varname></term> |
337b7334 ZJS |
1680 | <term><varname>AssertDirectoryNotEmpty=</varname></term> |
1681 | <term><varname>AssertFileNotEmpty=</varname></term> | |
1682 | <term><varname>AssertFileIsExecutable=</varname></term> | |
1683 | <term><varname>AssertUser=</varname></term> | |
1684 | <term><varname>AssertGroup=</varname></term> | |
1685 | <term><varname>AssertControlGroupController=</varname></term> | |
7d27d39a SR |
1686 | <term><varname>AssertMemory=</varname></term> |
1687 | <term><varname>AssertCPUs=</varname></term> | |
1e26f8a6 | 1688 | <term><varname>AssertOSRelease=</varname></term> |
337b7334 ZJS |
1689 | |
1690 | <listitem><para>Similar to the <varname>ConditionArchitecture=</varname>, | |
1691 | <varname>ConditionVirtualization=</varname>, …, condition settings described above, these settings | |
1692 | add assertion checks to the start-up of the unit. However, unlike the conditions settings, any | |
1693 | assertion setting that is not met results in failure of the start job (which means this is logged | |
1694 | loudly). Note that hitting a configured assertion does not cause the unit to enter the | |
1695 | <literal>failed</literal> state (or in fact result in any state change of the unit), it affects | |
1696 | only the job queued for it. Use assertion expressions for units that cannot operate when specific | |
1697 | requirements are not met, and when this is something the administrator or user should look | |
1698 | into.</para> | |
1699 | </listitem> | |
1700 | </varlistentry> | |
1701 | </variablelist> | |
1702 | </refsect2> | |
2bf92506 ZJS |
1703 | </refsect1> |
1704 | ||
1705 | <refsect1> | |
1706 | <title>Mapping of unit properties to their inverses</title> | |
1707 | ||
1708 | <para>Unit settings that create a relationship with a second unit usually show up | |
1709 | in properties of both units, for example in <command>systemctl show</command> | |
1710 | output. In some cases the name of the property is the same as the name of the | |
2116134b | 1711 | configuration setting, but not always. This table lists the properties |
2bf92506 ZJS |
1712 | that are shown on two units which are connected through some dependency, and shows |
1713 | which property on "source" unit corresponds to which property on the "target" unit. | |
1714 | </para> | |
1715 | ||
1716 | <table> | |
1717 | <title> | |
1718 | "Forward" and "reverse" unit properties | |
1719 | </title> | |
1720 | ||
2eca7635 | 1721 | <tgroup cols='4'> |
2bf92506 ZJS |
1722 | <colspec colname='forward' /> |
1723 | <colspec colname='reverse' /> | |
2eca7635 ZJS |
1724 | <colspec colname='fuse' /> |
1725 | <colspec colname='ruse' /> | |
2bf92506 ZJS |
1726 | <thead> |
1727 | <row> | |
1728 | <entry>"Forward" property</entry> | |
1729 | <entry>"Reverse" property</entry> | |
2eca7635 | 1730 | <entry namest='fuse' nameend='ruse' valign='middle'>Where used</entry> |
2bf92506 ZJS |
1731 | </row> |
1732 | </thead> | |
1733 | <tbody> | |
1734 | <row> | |
1735 | <entry><varname>Before=</varname></entry> | |
1736 | <entry><varname>After=</varname></entry> | |
2eca7635 | 1737 | <entry morerows='1' namest='fuse' nameend='ruse' valign='middle'>[Unit] section</entry> |
2bf92506 ZJS |
1738 | </row> |
1739 | <row> | |
1740 | <entry><varname>After=</varname></entry> | |
1741 | <entry><varname>Before=</varname></entry> | |
1742 | </row> | |
1743 | <row> | |
1744 | <entry><varname>Requires=</varname></entry> | |
1745 | <entry><varname>RequiredBy=</varname></entry> | |
2eca7635 ZJS |
1746 | <entry>[Unit] section</entry> |
1747 | <entry>[Install] section</entry> | |
2bf92506 ZJS |
1748 | </row> |
1749 | <row> | |
1750 | <entry><varname>Wants=</varname></entry> | |
1751 | <entry><varname>WantedBy=</varname></entry> | |
2eca7635 ZJS |
1752 | <entry>[Unit] section</entry> |
1753 | <entry>[Install] section</entry> | |
2bf92506 ZJS |
1754 | </row> |
1755 | <row> | |
1756 | <entry><varname>PartOf=</varname></entry> | |
1757 | <entry><varname>ConsistsOf=</varname></entry> | |
2eca7635 ZJS |
1758 | <entry>[Unit] section</entry> |
1759 | <entry>an automatic property</entry> | |
2bf92506 ZJS |
1760 | </row> |
1761 | <row> | |
1762 | <entry><varname>BindsTo=</varname></entry> | |
1763 | <entry><varname>BoundBy=</varname></entry> | |
2eca7635 ZJS |
1764 | <entry>[Unit] section</entry> |
1765 | <entry>an automatic property</entry> | |
2bf92506 ZJS |
1766 | </row> |
1767 | <row> | |
1768 | <entry><varname>Requisite=</varname></entry> | |
1769 | <entry><varname>RequisiteOf=</varname></entry> | |
2eca7635 ZJS |
1770 | <entry>[Unit] section</entry> |
1771 | <entry>an automatic property</entry> | |
2bf92506 ZJS |
1772 | </row> |
1773 | <row> | |
1774 | <entry><varname>Triggers=</varname></entry> | |
1775 | <entry><varname>TriggeredBy=</varname></entry> | |
2eca7635 | 1776 | <entry namest='fuse' nameend='ruse' valign='middle'>Automatic properties, see notes below</entry> |
2bf92506 ZJS |
1777 | </row> |
1778 | <row> | |
1779 | <entry><varname>Conflicts=</varname></entry> | |
1780 | <entry><varname>ConflictedBy=</varname></entry> | |
2eca7635 ZJS |
1781 | <entry>[Unit] section</entry> |
1782 | <entry>an automatic property</entry> | |
2bf92506 ZJS |
1783 | </row> |
1784 | <row> | |
1785 | <entry><varname>PropagatesReloadTo=</varname></entry> | |
1786 | <entry><varname>ReloadPropagatedFrom=</varname></entry> | |
2eca7635 | 1787 | <entry morerows='1' namest='fuse' nameend='ruse' valign='middle'>[Unit] section</entry> |
2bf92506 ZJS |
1788 | </row> |
1789 | <row> | |
1790 | <entry><varname>ReloadPropagatedFrom=</varname></entry> | |
1791 | <entry><varname>PropagatesReloadTo=</varname></entry> | |
1792 | </row> | |
2116134b ZJS |
1793 | <row> |
1794 | <entry><varname>Following=</varname></entry> | |
1795 | <entry>n/a</entry> | |
1796 | <entry>An automatic property</entry> | |
1797 | </row> | |
2bf92506 ZJS |
1798 | </tbody> |
1799 | </tgroup> | |
1800 | </table> | |
798d3a52 | 1801 | |
2bf92506 ZJS |
1802 | <para>Note: <varname>WantedBy=</varname> and <varname>RequiredBy=</varname> are |
1803 | used in the [Install] section to create symlinks in <filename>.wants/</filename> | |
1804 | and <filename>.requires/</filename> directories. They cannot be used directly as a | |
1805 | unit configuration setting.</para> | |
1806 | ||
1807 | <para>Note: <varname>ConsistsOf=</varname>, <varname>BoundBy=</varname>, | |
1808 | <varname>RequisiteOf=</varname>, <varname>ConflictedBy=</varname> are created | |
95522092 | 1809 | implicitly along with their reverses and cannot be specified directly.</para> |
2bf92506 ZJS |
1810 | |
1811 | <para>Note: <varname>Triggers=</varname> is created implicitly between a socket, | |
1812 | path unit, or an automount unit, and the unit they activate. By default a unit | |
1b2ad5d9 | 1813 | with the same name is triggered, but this can be overridden using |
2bf92506 ZJS |
1814 | <varname>Sockets=</varname>, <varname>Service=</varname>, and <varname>Unit=</varname> |
1815 | settings. See | |
1816 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1817 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1818 | <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1819 | and | |
1820 | <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
95522092 | 1821 | for details. <varname>TriggeredBy=</varname> is created implicitly on the |
2bf92506 | 1822 | triggered unit.</para> |
2116134b ZJS |
1823 | |
1824 | <para>Note: <varname>Following=</varname> is used to group device aliases and points to the | |
1825 | "primary" device unit that systemd is using to track device state, usually corresponding to a | |
1826 | sysfs path. It does not show up in the "target" unit.</para> | |
798d3a52 ZJS |
1827 | </refsect1> |
1828 | ||
1829 | <refsect1> | |
1830 | <title>[Install] Section Options</title> | |
1831 | ||
bdac5608 | 1832 | <para>Unit files may include an [Install] section, which carries installation information for |
be73bb48 LP |
1833 | the unit. This section is not interpreted by |
1834 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is | |
1835 | used by the <command>enable</command> and <command>disable</command> commands of the | |
1836 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool during | |
caa45f5b | 1837 | installation of a unit.</para> |
798d3a52 ZJS |
1838 | |
1839 | <variablelist class='unit-directives'> | |
1840 | <varlistentry> | |
1841 | <term><varname>Alias=</varname></term> | |
1842 | ||
f4bf8d2f | 1843 | <listitem><para>A space-separated list of additional names this unit shall be installed under. The names listed |
1245e413 | 1844 | here must have the same suffix (i.e. type) as the unit filename. This option may be specified more than once, |
f4bf8d2f LP |
1845 | in which case all listed names are used. At installation time, <command>systemctl enable</command> will create |
1846 | symlinks from these names to the unit filename. Note that not all unit types support such alias names, and this | |
1847 | setting is not supported for them. Specifically, mount, slice, swap, and automount units do not support | |
1848 | aliasing.</para></listitem> | |
798d3a52 ZJS |
1849 | </varlistentry> |
1850 | ||
1851 | <varlistentry> | |
1852 | <term><varname>WantedBy=</varname></term> | |
1853 | <term><varname>RequiredBy=</varname></term> | |
1854 | ||
1855 | <listitem><para>This option may be used more than once, or a | |
1856 | space-separated list of unit names may be given. A symbolic | |
1857 | link is created in the <filename>.wants/</filename> or | |
1858 | <filename>.requires/</filename> directory of each of the | |
1859 | listed units when this unit is installed by <command>systemctl | |
1860 | enable</command>. This has the effect that a dependency of | |
1861 | type <varname>Wants=</varname> or <varname>Requires=</varname> | |
1862 | is added from the listed unit to the current unit. The primary | |
1863 | result is that the current unit will be started when the | |
1864 | listed unit is started. See the description of | |
1865 | <varname>Wants=</varname> and <varname>Requires=</varname> in | |
1866 | the [Unit] section for details.</para> | |
1867 | ||
1868 | <para><command>WantedBy=foo.service</command> in a service | |
1869 | <filename>bar.service</filename> is mostly equivalent to | |
1870 | <command>Alias=foo.service.wants/bar.service</command> in the | |
1871 | same file. In case of template units, <command>systemctl | |
1872 | enable</command> must be called with an instance name, and | |
1873 | this instance will be added to the | |
1874 | <filename>.wants/</filename> or | |
1875 | <filename>.requires/</filename> list of the listed unit. E.g. | |
1876 | <command>WantedBy=getty.target</command> in a service | |
1877 | <filename>getty@.service</filename> will result in | |
1878 | <command>systemctl enable getty@tty2.service</command> | |
1879 | creating a | |
1880 | <filename>getty.target.wants/getty@tty2.service</filename> | |
1881 | link to <filename>getty@.service</filename>. | |
1882 | </para></listitem> | |
1883 | </varlistentry> | |
1884 | ||
1885 | <varlistentry> | |
1886 | <term><varname>Also=</varname></term> | |
1887 | ||
1888 | <listitem><para>Additional units to install/deinstall when | |
1889 | this unit is installed/deinstalled. If the user requests | |
1890 | installation/deinstallation of a unit with this option | |
1891 | configured, <command>systemctl enable</command> and | |
1892 | <command>systemctl disable</command> will automatically | |
1893 | install/uninstall units listed in this option as well.</para> | |
1894 | ||
1895 | <para>This option may be used more than once, or a | |
1896 | space-separated list of unit names may be | |
1897 | given.</para></listitem> | |
1898 | </varlistentry> | |
1899 | ||
1900 | <varlistentry> | |
1901 | <term><varname>DefaultInstance=</varname></term> | |
1902 | ||
1903 | <listitem><para>In template unit files, this specifies for | |
1904 | which instance the unit shall be enabled if the template is | |
1905 | enabled without any explicitly set instance. This option has | |
1906 | no effect in non-template unit files. The specified string | |
1907 | must be usable as instance identifier.</para></listitem> | |
1908 | </varlistentry> | |
1909 | </variablelist> | |
1910 | ||
46a3adee YW |
1911 | <para>The following specifiers are interpreted in the Install section: |
1912 | %a, %b, %B, %g, %G, %H, %i, %j, %l, %m, %n, %N, %o, %p, %u, %U, %v, %w, %W, %%. | |
1913 | For their meaning see the next section.</para> | |
798d3a52 ZJS |
1914 | </refsect1> |
1915 | ||
1916 | <refsect1> | |
1917 | <title>Specifiers</title> | |
1918 | ||
1919 | <para>Many settings resolve specifiers which may be used to write | |
1920 | generic unit files referring to runtime or unit parameters that | |
751223fe ZJS |
1921 | are replaced when the unit files are loaded. Specifiers must be known |
1922 | and resolvable for the setting to be valid. The following | |
798d3a52 ZJS |
1923 | specifiers are understood:</para> |
1924 | ||
0d525a3e | 1925 | <table class='specifiers'> |
798d3a52 ZJS |
1926 | <title>Specifiers available in unit files</title> |
1927 | <tgroup cols='3' align='left' colsep='1' rowsep='1'> | |
1928 | <colspec colname="spec" /> | |
1929 | <colspec colname="mean" /> | |
1930 | <colspec colname="detail" /> | |
1931 | <thead> | |
1932 | <row> | |
5a15caf4 ZJS |
1933 | <entry>Specifier</entry> |
1934 | <entry>Meaning</entry> | |
1935 | <entry>Details</entry> | |
798d3a52 ZJS |
1936 | </row> |
1937 | </thead> | |
1938 | <tbody> | |
503298b7 | 1939 | <row> |
0d525a3e ZJS |
1940 | <!-- We do not use the common definition from standard-specifiers.xml here since it includes a |
1941 | reference onto our own man page, which would make the rendered version self-referential. --> | |
503298b7 LP |
1942 | <entry><literal>%a</literal></entry> |
1943 | <entry>Architecture</entry> | |
1944 | <entry>A short string identifying the architecture of the local system. A string such as <constant>x86</constant>, <constant>x86-64</constant> or <constant>arm64</constant>. See the architectures defined for <varname>ConditionArchitecture=</varname> above for a full list.</entry> | |
1945 | </row> | |
9a515f0a | 1946 | <xi:include href="standard-specifiers.xml" xpointer="A"/> |
c83347b4 | 1947 | <xi:include href="standard-specifiers.xml" xpointer="b"/> |
503298b7 | 1948 | <xi:include href="standard-specifiers.xml" xpointer="B"/> |
798d3a52 | 1949 | <row> |
709f4c47 LP |
1950 | <entry><literal>%C</literal></entry> |
1951 | <entry>Cache directory root</entry> | |
1952 | <entry>This is either <filename>/var/cache</filename> (for the system manager) or the path <literal>$XDG_CACHE_HOME</literal> resolves to (for user managers).</entry> | |
798d3a52 | 1953 | </row> |
969309c2 YW |
1954 | <row> |
1955 | <entry><literal>%E</literal></entry> | |
1956 | <entry>Configuration directory root</entry> | |
3b121157 | 1957 | <entry>This is either <filename>/etc/</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry> |
969309c2 | 1958 | </row> |
798d3a52 | 1959 | <row> |
709f4c47 LP |
1960 | <entry><literal>%f</literal></entry> |
1961 | <entry>Unescaped filename</entry> | |
1962 | <entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>. This implements unescaping according to the rules for escaping absolute file system paths discussed above.</entry> | |
798d3a52 | 1963 | </row> |
55318801 YW |
1964 | <row> |
1965 | <entry><literal>%g</literal></entry> | |
1966 | <entry>User group</entry> | |
1967 | <entry>This is the name of the group running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry> | |
1968 | </row> | |
1969 | <row> | |
1970 | <entry><literal>%G</literal></entry> | |
1971 | <entry>User GID</entry> | |
1972 | <entry>This is the numeric GID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry> | |
1973 | </row> | |
798d3a52 | 1974 | <row> |
709f4c47 LP |
1975 | <entry><literal>%h</literal></entry> |
1976 | <entry>User home directory</entry> | |
b4e24077 ZJS |
1977 | <entry>This is the home directory of the <emphasis>user running the service manager instance</emphasis>. In case of the system manager this resolves to <literal>/root</literal>. |
1978 | ||
1979 | Note that this setting is <emphasis>not</emphasis> influenced by the <varname>User=</varname> setting configurable in the [Service] section of the service unit.</entry> | |
709f4c47 LP |
1980 | </row> |
1981 | <row> | |
0d525a3e ZJS |
1982 | <!-- We do not use the common definition from standard-specifiers.xml here since we want a |
1983 | slightly more verbose explanation here, referring to the reload cycle. --> | |
709f4c47 LP |
1984 | <entry><literal>%H</literal></entry> |
1985 | <entry>Host name</entry> | |
1986 | <entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry> | |
798d3a52 ZJS |
1987 | </row> |
1988 | <row> | |
5a15caf4 ZJS |
1989 | <entry><literal>%i</literal></entry> |
1990 | <entry>Instance name</entry> | |
e1a7f622 | 1991 | <entry>For instantiated units this is the string between the first <literal>@</literal> character and the type suffix. Empty for non-instantiated units.</entry> |
798d3a52 ZJS |
1992 | </row> |
1993 | <row> | |
5a15caf4 ZJS |
1994 | <entry><literal>%I</literal></entry> |
1995 | <entry>Unescaped instance name</entry> | |
e1a7f622 | 1996 | <entry>Same as <literal>%i</literal>, but with escaping undone.</entry> |
798d3a52 | 1997 | </row> |
250e9fad ZJS |
1998 | <row> |
1999 | <entry><literal>%j</literal></entry> | |
2000 | <entry>Final component of the prefix</entry> | |
2001 | <entry>This is the string between the last <literal>-</literal> and the end of the prefix name. If there is no <literal>-</literal>, this is the same as <literal>%p</literal>.</entry> | |
2002 | </row> | |
2003 | <row> | |
2004 | <entry><literal>%J</literal></entry> | |
2005 | <entry>Unescaped final component of the prefix</entry> | |
2006 | <entry>Same as <literal>%j</literal>, but with escaping undone.</entry> | |
2007 | </row> | |
55318801 YW |
2008 | <row> |
2009 | <entry><literal>%l</literal></entry> | |
2010 | <entry>Short host name</entry> | |
2011 | <entry>The hostname of the running system at the point in time the unit configuration is loaded, truncated at the first dot to remove any domain component.</entry> | |
2012 | </row> | |
798d3a52 | 2013 | <row> |
709f4c47 LP |
2014 | <entry><literal>%L</literal></entry> |
2015 | <entry>Log directory root</entry> | |
b0343f8c | 2016 | <entry>This is either <filename>/var/log</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to with <filename index="false">/log</filename> appended (for user managers).</entry> |
14068e17 | 2017 | </row> |
c83347b4 | 2018 | <xi:include href="standard-specifiers.xml" xpointer="m"/> |
9a515f0a | 2019 | <xi:include href="standard-specifiers.xml" xpointer="M"/> |
14068e17 | 2020 | <row> |
709f4c47 LP |
2021 | <entry><literal>%n</literal></entry> |
2022 | <entry>Full unit name</entry> | |
2023 | <entry></entry> | |
14068e17 LP |
2024 | </row> |
2025 | <row> | |
709f4c47 LP |
2026 | <entry><literal>%N</literal></entry> |
2027 | <entry>Full unit name</entry> | |
2028 | <entry>Same as <literal>%n</literal>, but with the type suffix removed.</entry> | |
798d3a52 | 2029 | </row> |
55318801 | 2030 | <xi:include href="standard-specifiers.xml" xpointer="o"/> |
798d3a52 | 2031 | <row> |
709f4c47 LP |
2032 | <entry><literal>%p</literal></entry> |
2033 | <entry>Prefix name</entry> | |
2034 | <entry>For instantiated units, this refers to the string before the first <literal>@</literal> character of the unit name. For non-instantiated units, same as <literal>%N</literal>.</entry> | |
798d3a52 ZJS |
2035 | </row> |
2036 | <row> | |
709f4c47 LP |
2037 | <entry><literal>%P</literal></entry> |
2038 | <entry>Unescaped prefix name</entry> | |
2039 | <entry>Same as <literal>%p</literal>, but with escaping undone.</entry> | |
798d3a52 ZJS |
2040 | </row> |
2041 | <row> | |
5a15caf4 ZJS |
2042 | <entry><literal>%s</literal></entry> |
2043 | <entry>User shell</entry> | |
2044 | <entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry> | |
798d3a52 ZJS |
2045 | </row> |
2046 | <row> | |
709f4c47 LP |
2047 | <entry><literal>%S</literal></entry> |
2048 | <entry>State directory root</entry> | |
2049 | <entry>This is either <filename>/var/lib</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry> | |
798d3a52 ZJS |
2050 | </row> |
2051 | <row> | |
709f4c47 LP |
2052 | <entry><literal>%t</literal></entry> |
2053 | <entry>Runtime directory root</entry> | |
3b121157 | 2054 | <entry>This is either <filename>/run/</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry> |
b294e594 | 2055 | </row> |
806d919c | 2056 | <xi:include href="standard-specifiers.xml" xpointer="T"/> |
798d3a52 | 2057 | <row> |
709f4c47 LP |
2058 | <entry><literal>%u</literal></entry> |
2059 | <entry>User name</entry> | |
b4e24077 ZJS |
2060 | <entry>This is the name of the <emphasis>user running the service manager instance</emphasis>. In case of the system manager this resolves to <literal>root</literal>. |
2061 | ||
2062 | Note that this setting is <emphasis>not</emphasis> influenced by the <varname>User=</varname> setting configurable in the [Service] section of the service unit.</entry> | |
709f4c47 LP |
2063 | </row> |
2064 | <row> | |
2065 | <entry><literal>%U</literal></entry> | |
2066 | <entry>User UID</entry> | |
b4e24077 ZJS |
2067 | <entry>This is the numeric UID of the <emphasis>user running the service manager instance</emphasis>. In case of the system manager this resolves to <literal>0</literal>. |
2068 | ||
2069 | Note that this setting is <emphasis>not</emphasis> influenced by the <varname>User=</varname> setting configurable in the [Service] section of the service unit.</entry> | |
798d3a52 | 2070 | </row> |
c83347b4 | 2071 | <xi:include href="standard-specifiers.xml" xpointer="v"/> |
806d919c | 2072 | <xi:include href="standard-specifiers.xml" xpointer="V"/> |
503298b7 LP |
2073 | <xi:include href="standard-specifiers.xml" xpointer="w"/> |
2074 | <xi:include href="standard-specifiers.xml" xpointer="W"/> | |
c83347b4 | 2075 | <xi:include href="standard-specifiers.xml" xpointer="percent"/> |
798d3a52 ZJS |
2076 | </tbody> |
2077 | </tgroup> | |
2078 | </table> | |
798d3a52 ZJS |
2079 | </refsect1> |
2080 | ||
2081 | <refsect1> | |
2082 | <title>Examples</title> | |
2083 | ||
2084 | <example> | |
2085 | <title>Allowing units to be enabled</title> | |
2086 | ||
2087 | <para>The following snippet (highlighted) allows a unit (e.g. | |
2088 | <filename>foo.service</filename>) to be enabled via | |
2089 | <command>systemctl enable</command>:</para> | |
2090 | ||
2091 | <programlisting>[Unit] | |
92b1e225 CS |
2092 | Description=Foo |
2093 | ||
2094 | [Service] | |
2095 | ExecStart=/usr/sbin/foo-daemon | |
2096 | ||
2097 | <emphasis>[Install]</emphasis> | |
2098 | <emphasis>WantedBy=multi-user.target</emphasis></programlisting> | |
2099 | ||
798d3a52 ZJS |
2100 | <para>After running <command>systemctl enable</command>, a |
2101 | symlink | |
211c99c7 | 2102 | <filename index="false">/etc/systemd/system/multi-user.target.wants/foo.service</filename> |
798d3a52 ZJS |
2103 | linking to the actual unit will be created. It tells systemd to |
2104 | pull in the unit when starting | |
2105 | <filename>multi-user.target</filename>. The inverse | |
2106 | <command>systemctl disable</command> will remove that symlink | |
2107 | again.</para> | |
2108 | </example> | |
2109 | ||
2110 | <example> | |
2111 | <title>Overriding vendor settings</title> | |
2112 | ||
2113 | <para>There are two methods of overriding vendor settings in | |
2114 | unit files: copying the unit file from | |
12b42c76 TG |
2115 | <filename>/usr/lib/systemd/system</filename> to |
2116 | <filename>/etc/systemd/system</filename> and modifying the | |
798d3a52 ZJS |
2117 | chosen settings. Alternatively, one can create a directory named |
2118 | <filename><replaceable>unit</replaceable>.d/</filename> within | |
12b42c76 | 2119 | <filename>/etc/systemd/system</filename> and place a drop-in |
798d3a52 ZJS |
2120 | file <filename><replaceable>name</replaceable>.conf</filename> |
2121 | there that only changes the specific settings one is interested | |
2122 | in. Note that multiple such drop-in files are read if | |
8331eaab | 2123 | present, processed in lexicographic order of their filename.</para> |
798d3a52 ZJS |
2124 | |
2125 | <para>The advantage of the first method is that one easily | |
2126 | overrides the complete unit, the vendor unit is not parsed at | |
2127 | all anymore. It has the disadvantage that improvements to the | |
2128 | unit file by the vendor are not automatically incorporated on | |
2129 | updates.</para> | |
2130 | ||
2131 | <para>The advantage of the second method is that one only | |
2132 | overrides the settings one specifically wants, where updates to | |
2133 | the unit by the vendor automatically apply. This has the | |
2134 | disadvantage that some future updates by the vendor might be | |
2135 | incompatible with the local changes.</para> | |
2136 | ||
798d3a52 ZJS |
2137 | <para>This also applies for user instances of systemd, but with |
2138 | different locations for the unit files. See the section on unit | |
2139 | load paths for further details.</para> | |
2140 | ||
2141 | <para>Suppose there is a vendor-supplied unit | |
12b42c76 | 2142 | <filename>/usr/lib/systemd/system/httpd.service</filename> with |
798d3a52 ZJS |
2143 | the following contents:</para> |
2144 | ||
2145 | <programlisting>[Unit] | |
92b1e225 CS |
2146 | Description=Some HTTP server |
2147 | After=remote-fs.target sqldb.service | |
2148 | Requires=sqldb.service | |
2149 | AssertPathExists=/srv/webserver | |
2150 | ||
2151 | [Service] | |
2152 | Type=notify | |
2153 | ExecStart=/usr/sbin/some-fancy-httpd-server | |
2154 | Nice=5 | |
2155 | ||
2156 | [Install] | |
2157 | WantedBy=multi-user.target</programlisting> | |
2158 | ||
798d3a52 ZJS |
2159 | <para>Now one wants to change some settings as an administrator: |
2160 | firstly, in the local setup, <filename>/srv/webserver</filename> | |
e2acdb6b | 2161 | might not exist, because the HTTP server is configured to use |
798d3a52 ZJS |
2162 | <filename>/srv/www</filename> instead. Secondly, the local |
2163 | configuration makes the HTTP server also depend on a memory | |
2164 | cache service, <filename>memcached.service</filename>, that | |
2165 | should be pulled in (<varname>Requires=</varname>) and also be | |
2166 | ordered appropriately (<varname>After=</varname>). Thirdly, in | |
2167 | order to harden the service a bit more, the administrator would | |
2168 | like to set the <varname>PrivateTmp=</varname> setting (see | |
912f003f | 2169 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
798d3a52 ZJS |
2170 | for details). And lastly, the administrator would like to reset |
2171 | the niceness of the service to its default value of 0.</para> | |
2172 | ||
2173 | <para>The first possibility is to copy the unit file to | |
12b42c76 | 2174 | <filename>/etc/systemd/system/httpd.service</filename> and |
798d3a52 ZJS |
2175 | change the chosen settings:</para> |
2176 | ||
2177 | <programlisting>[Unit] | |
92b1e225 CS |
2178 | Description=Some HTTP server |
2179 | After=remote-fs.target sqldb.service <emphasis>memcached.service</emphasis> | |
2180 | Requires=sqldb.service <emphasis>memcached.service</emphasis> | |
2181 | AssertPathExists=<emphasis>/srv/www</emphasis> | |
2182 | ||
2183 | [Service] | |
2184 | Type=notify | |
2185 | ExecStart=/usr/sbin/some-fancy-httpd-server | |
2186 | <emphasis>Nice=0</emphasis> | |
2187 | <emphasis>PrivateTmp=yes</emphasis> | |
2188 | ||
2189 | [Install] | |
2190 | WantedBy=multi-user.target</programlisting> | |
2191 | ||
798d3a52 ZJS |
2192 | <para>Alternatively, the administrator could create a drop-in |
2193 | file | |
12b42c76 | 2194 | <filename>/etc/systemd/system/httpd.service.d/local.conf</filename> |
798d3a52 | 2195 | with the following contents:</para> |
92b1e225 | 2196 | |
798d3a52 | 2197 | <programlisting>[Unit] |
92b1e225 CS |
2198 | After=memcached.service |
2199 | Requires=memcached.service | |
2200 | # Reset all assertions and then re-add the condition we want | |
2201 | AssertPathExists= | |
2202 | AssertPathExists=/srv/www | |
2203 | ||
2204 | [Service] | |
2205 | Nice=0 | |
2206 | PrivateTmp=yes</programlisting> | |
2207 | ||
afbc75e6 DB |
2208 | <para>Note that for drop-in files, if one wants to remove |
2209 | entries from a setting that is parsed as a list (and is not a | |
2210 | dependency), such as <varname>AssertPathExists=</varname> (or | |
2211 | e.g. <varname>ExecStart=</varname> in service units), one needs | |
2212 | to first clear the list before re-adding all entries except the | |
2213 | one that is to be removed. Dependencies (<varname>After=</varname>, etc.) | |
798d3a52 ZJS |
2214 | cannot be reset to an empty list, so dependencies can only be |
2215 | added in drop-ins. If you want to remove dependencies, you have | |
2216 | to override the entire unit.</para> | |
0cf4c0d1 | 2217 | |
798d3a52 | 2218 | </example> |
90a404f5 PM |
2219 | |
2220 | <example> | |
2221 | <title>Top level drop-ins with template units</title> | |
2222 | ||
dbb8b5bc PM |
2223 | <para>Top level per-type drop-ins can be used to change some aspect of |
2224 | all units of a particular type. For example by creating the | |
2225 | <filename index='false'>/etc/systemd/system/service.d/</filename> | |
90a404f5 PM |
2226 | directory with a drop-in file, the contents of the drop-in file can be |
2227 | applied to all service units. We can take this further by having the | |
2228 | top-level drop-in instantiate a secondary helper unit. Consider for | |
2229 | example the following set of units and drop-in files where we install | |
dbb8b5bc | 2230 | an <varname>OnFailure=</varname> dependency for all service units.</para> |
90a404f5 PM |
2231 | |
2232 | <para> | |
2233 | <filename index='false'>/etc/systemd/system/failure-handler@.service</filename>:</para> | |
2234 | ||
2235 | <programlisting>[Unit] | |
2236 | Description=My failure handler for %i | |
2237 | ||
2238 | [Service] | |
2239 | Type=oneshot | |
2240 | # Perform some special action for when %i exits unexpectedly. | |
2241 | ExecStart=/usr/sbin/myfailurehandler %i | |
90a404f5 PM |
2242 | </programlisting> |
2243 | ||
dbb8b5bc | 2244 | <para>We can then add an instance of |
90a404f5 PM |
2245 | <filename index='false'>failure-handler@.service</filename> as an |
2246 | <varname>OnFailure=</varname> dependency for all service units.</para> | |
2247 | ||
2248 | <para> | |
2249 | <filename index='false'>/etc/systemd/system/service.d/10-all.conf</filename>:</para> | |
2250 | ||
2251 | <programlisting>[Unit] | |
dbb8b5bc | 2252 | OnFailure=failure-handler@%N.service |
90a404f5 PM |
2253 | </programlisting> |
2254 | ||
2255 | <para>Now, after running <command>systemctl daemon-reload</command> all | |
2256 | services will have acquired an <varname>OnFailure=</varname> dependency on | |
dbb8b5bc | 2257 | <filename index='false'>failure-handler@%N.service</filename>. The |
90a404f5 PM |
2258 | template instance units will also have gained the dependency which results |
2259 | in the creation of a recursive dependency chain. We can break the chain by | |
2260 | disabling the drop-in for the template instance units via a symlink to | |
2261 | <filename index='false'>/dev/null</filename>:</para> | |
2262 | ||
2263 | <programlisting> | |
dbb8b5bc | 2264 | <command>mkdir /etc/systemd/system/failure-handler@.service.d/</command> |
90a404f5 PM |
2265 | <command>ln -s /dev/null /etc/systemd/system/failure-handler@.service.d/10-all.conf</command> |
2266 | <command>systemctl daemon-reload</command> | |
2267 | </programlisting> | |
2268 | ||
2269 | <para>This ensures that if a <filename index='false'>failure-handler@.service</filename> instance fails it will not trigger an instance named | |
dbb8b5bc | 2270 | <filename index='false'>failure-handler@failure-handler.service</filename>.</para> |
90a404f5 PM |
2271 | |
2272 | </example> | |
2273 | ||
798d3a52 ZJS |
2274 | </refsect1> |
2275 | ||
2276 | <refsect1> | |
2277 | <title>See Also</title> | |
2278 | <para> | |
2279 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
2280 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
d1698b82 | 2281 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
798d3a52 ZJS |
2282 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
2283 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
2284 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
2285 | <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
2286 | <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
2287 | <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
2288 | <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
2289 | <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
2290 | <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
2291 | <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
798d3a52 ZJS |
2292 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
2293 | <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
2294 | <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
2295 | <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
2296 | <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
2297 | <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
3ba3a79d | 2298 | <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
798d3a52 ZJS |
2299 | </para> |
2300 | </refsect1> | |
d1ab0ca0 LP |
2301 | |
2302 | </refentry> |