]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/systemd.socket.xml
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
doc: update punctuation
[thirdparty/systemd.git] / man / systemd.socket.xml
1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5
6 <!--
7 This file is part of systemd.
8
9 Copyright 2010 Lennart Poettering
10
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
15
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 -->
24
25 <refentry id="systemd.socket">
26 <refentryinfo>
27 <title>systemd.socket</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.socket</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.socket</refname>
47 <refpurpose>Socket unit configuration</refpurpose>
48 </refnamediv>
49
50 <refsynopsisdiv>
51 <para><filename><replaceable>socket</replaceable>.socket</filename></para>
52 </refsynopsisdiv>
53
54 <refsect1>
55 <title>Description</title>
56
57 <para>A unit configuration file whose name ends in
58 <literal>.socket</literal> encodes information about
59 an IPC or network socket or a file system FIFO
60 controlled and supervised by systemd, for socket-based
61 activation.</para>
62
63 <para>This man page lists the configuration options
64 specific to this unit type. See
65 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
66 for the common options of all unit configuration
67 files. The common configuration items are configured
68 in the generic [Unit] and [Install] sections. The
69 socket specific configuration options are configured
70 in the [Socket] section.</para>
71
72 <para>Additional options are listed in
73 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
74 which define the execution environment the
75 <option>ExecStartPre=</option>,
76 <option>ExecStartPost=</option>,
77 <option>ExecStopPre=</option> and
78 <option>ExecStopPost=</option> commands are executed
79 in, and in
80 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
81 which define the way the processes are terminated, and
82 in
83 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
84 which configure resource control settings for the
85 processes of the socket.</para>
86
87 <para>For each socket file, a matching service file
88 must exist, describing the service to start on
89 incoming traffic on the socket (see
90 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
91 for more information about .service files). The name
92 of the .service unit is by default the same as the
93 name of the .socket unit, but can be altered with
94 <option>Service=</option> option described below.
95 Depending on the setting of <option>Accept=</option>
96 option described below, this .service unit must either
97 be named like the .socket unit, but with the suffix
98 replaced, unless overridden with
99 <option>Service=</option>; or it must be a template
100 unit named the same way. Example: a socket file
101 <filename>foo.socket</filename> needs a matching
102 service <filename>foo.service</filename> if
103 <option>Accept=false</option> is set. If
104 <option>Accept=true</option> is set, a service
105 template file <filename>foo@.service</filename> must
106 exist from which services are instantiated for each
107 incoming connection.</para>
108
109 <para>Unless <varname>DefaultDependencies=</varname>
110 is set to <option>false</option>, socket units will
111 implicitly have dependencies of type
112 <varname>Requires=</varname> and
113 <varname>After=</varname> on
114 <filename>sysinit.target</filename> as well as
115 dependencies of type <varname>Conflicts=</varname> and
116 <varname>Before=</varname> on
117 <filename>shutdown.target</filename>. These ensure
118 that socket units pull in basic system
119 initialization, and are terminated cleanly prior to
120 system shutdown. Only sockets involved with early
121 boot or late system shutdown should disable this
122 option.</para>
123
124 <para>Socket units will have a
125 <varname>Before=</varname> dependency on the service
126 which they trigger added implicitly. No implicit
127 <varname>WantedBy=</varname> or
128 <varname>RequiredBy=</varname> dependency from the
129 socket to the service is added. This means that the
130 service may be started without the socket, in which
131 case it must be able to open sockets by itself. To
132 prevent this, an explicit <varname>Requires=</varname>
133 dependency may be added.</para>
134
135 <para>Socket units may be used to implement on-demand
136 starting of services, as well as parallelized starting
137 of services. See the blog stories linked at the end
138 for introduction.</para>
139
140 <para>Note that the daemon software configured for
141 socket activation with socket units needs to be able
142 to accept sockets from systemd, either via systemd's
143 native socket passing interface (see
144 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
145 for details) or via the traditional
146 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>-style
147 socket passing (i.e. sockets passed in via standard input and
148 output, using <varname>StandardInput=socket</varname>
149 in the service file).</para>
150 </refsect1>
151
152 <refsect1>
153 <title>Options</title>
154
155 <para>Socket files must include a [Socket] section,
156 which carries information about the socket or FIFO it
157 supervises. A number of options that may be used in
158 this section are shared with other unit types. These
159 options are documented in
160 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
161 and
162 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
163 options specific to the [Socket] section of socket
164 units are the following:</para>
165
166 <variablelist class='unit-directives'>
167 <varlistentry>
168 <term><varname>ListenStream=</varname></term>
169 <term><varname>ListenDatagram=</varname></term>
170 <term><varname>ListenSequentialPacket=</varname></term>
171 <listitem><para>Specifies an address
172 to listen on for a stream
173 (<constant>SOCK_STREAM</constant>), datagram (<constant>SOCK_DGRAM</constant>),
174 or sequential packet
175 (<constant>SOCK_SEQPACKET</constant>) socket, respectively. The address
176 can be written in various formats:</para>
177
178 <para>If the address starts with a
179 slash (<literal>/</literal>), it is read as file system
180 socket in the <constant>AF_UNIX</constant> socket
181 family.</para>
182
183 <para>If the address starts with an at
184 symbol (<literal>@</literal>), it is read as abstract
185 namespace socket in the
186 <constant>AF_UNIX</constant>
187 family. The <literal>@</literal> is
188 replaced with a
189 <constant>NUL</constant> character
190 before binding. For details, see
191 <citerefentry><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
192
193 <para>If the address string is a
194 single number, it is read as port
195 number to listen on via
196 IPv6. Depending on the value of
197 <varname>BindIPv6Only=</varname> (see below) this
198 might result in the service being
199 available via both IPv6 and IPv4 (default) or
200 just via IPv6.
201 </para>
202
203 <para>If the address string is a
204 string in the format v.w.x.y:z, it is
205 read as IPv4 specifier for listening
206 on an address v.w.x.y on a port
207 z.</para>
208
209 <para>If the address string is a
210 string in the format [x]:y, it is read
211 as IPv6 address x on a port y. Note
212 that this might make the service
213 available via IPv4, too, depending on
214 the <varname>BindIPv6Only=</varname>
215 setting (see below).
216 </para>
217
218 <para>Note that <constant>SOCK_SEQPACKET</constant>
219 (i.e. <varname>ListenSequentialPacket=</varname>)
220 is only available for <constant>AF_UNIX</constant>
221 sockets. <constant>SOCK_STREAM</constant>
222 (i.e. <varname>ListenStream=</varname>)
223 when used for IP sockets refers to TCP
224 sockets, <constant>SOCK_DGRAM</constant>
225 (i.e. <varname>ListenDatagram=</varname>)
226 to UDP.</para>
227
228 <para>These options may be specified
229 more than once in which case incoming
230 traffic on any of the sockets will
231 trigger service activation, and all
232 listed sockets will be passed to the
233 service, regardless of whether there is
234 incoming traffic on them or not. If
235 the empty string is assigned to any of
236 these options, the list of addresses
237 to listen on is reset, all prior uses
238 of any of these options will have no
239 effect.</para>
240
241 <para>It is also possible to have more
242 than one socket unit for the same
243 service when using
244 <varname>Service=</varname>, and the
245 service will receive all the sockets
246 configured in all the socket units.
247 Sockets configured in one unit are
248 passed in the order of configuration,
249 but no ordering between socket units
250 is specified.</para>
251
252 <para>If an IP address is used here,
253 it is often desirable to listen on it
254 before the interface it is configured
255 on is up and running, and even
256 regardless of whether it will be up and
257 running at any point. To deal with this,
258 it is recommended to set the
259 <varname>FreeBind=</varname> option
260 described below.</para></listitem>
261 </varlistentry>
262
263 <varlistentry>
264 <term><varname>ListenFIFO=</varname></term>
265 <listitem><para>Specifies a file
266 system FIFO to listen on. This expects
267 an absolute file system path as
268 argument. Behavior otherwise is very
269 similar to the
270 <varname>ListenDatagram=</varname>
271 directive above.</para></listitem>
272 </varlistentry>
273
274 <varlistentry>
275 <term><varname>ListenSpecial=</varname></term>
276 <listitem><para>Specifies a special
277 file in the file system to listen
278 on. This expects an absolute file
279 system path as argument. Behavior
280 otherwise is very similar to the
281 <varname>ListenFIFO=</varname>
282 directive above. Use this to open
283 character device nodes as well as
284 special files in
285 <filename>/proc</filename> and
286 <filename>/sys</filename>.</para></listitem>
287 </varlistentry>
288
289 <varlistentry>
290 <term><varname>ListenNetlink=</varname></term>
291 <listitem><para>Specifies a Netlink
292 family to create a socket for to
293 listen on. This expects a short string
294 referring to the <constant>AF_NETLINK</constant> family
295 name (such as <varname>audit</varname>
296 or <varname>kobject-uevent</varname>)
297 as argument, optionally suffixed by a
298 whitespace followed by a multicast
299 group integer. Behavior otherwise is
300 very similar to the
301 <varname>ListenDatagram=</varname>
302 directive above.</para></listitem>
303 </varlistentry>
304
305 <varlistentry>
306 <term><varname>ListenMessageQueue=</varname></term>
307 <listitem><para>Specifies a POSIX
308 message queue name to listen on. This
309 expects a valid message queue name
310 (i.e. beginning with /). Behavior
311 otherwise is very similar to the
312 <varname>ListenFIFO=</varname>
313 directive above. On Linux message
314 queue descriptors are actually file
315 descriptors and can be inherited
316 between processes.</para></listitem>
317 </varlistentry>
318
319 <varlistentry>
320 <term><varname>BindIPv6Only=</varname></term>
321 <listitem><para>Takes a one of
322 <option>default</option>,
323 <option>both</option> or
324 <option>ipv6-only</option>. Controls
325 the IPV6_V6ONLY socket option (see
326 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
327 for details). If
328 <option>both</option>, IPv6 sockets
329 bound will be accessible via both IPv4
330 and IPv6. If
331 <option>ipv6-only</option>, they will
332 be accessible via IPv6 only. If
333 <option>default</option> (which is the
334 default, surprise!), the system wide
335 default setting is used, as controlled
336 by
337 <filename>/proc/sys/net/ipv6/bindv6only</filename>,
338 which in turn defaults to the
339 equivalent of
340 <option>both</option>.</para>
341 </listitem>
342 </varlistentry>
343
344 <varlistentry>
345 <term><varname>Backlog=</varname></term>
346 <listitem><para>Takes an unsigned
347 integer argument. Specifies the number
348 of connections to queue that have not
349 been accepted yet. This setting
350 matters only for stream and sequential
351 packet sockets. See
352 <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
353 for details. Defaults to SOMAXCONN
354 (128).</para></listitem>
355 </varlistentry>
356
357 <varlistentry>
358 <term><varname>BindToDevice=</varname></term>
359 <listitem><para>Specifies a network
360 interface name to bind this socket
361 to. If set, traffic will only be
362 accepted from the specified network
363 interfaces. This controls the
364 SO_BINDTODEVICE socket option (see
365 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
366 for details). If this option is used,
367 an automatic dependency from this
368 socket unit on the network interface
369 device unit
370 (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
371 is created.</para></listitem>
372 </varlistentry>
373
374 <varlistentry>
375 <term><varname>DirectoryMode=</varname></term>
376 <listitem><para>If listening on a file
377 system socket or FIFO, the parent
378 directories are automatically created
379 if needed. This option specifies the
380 file system access mode used when
381 creating these directories. Takes an
382 access mode in octal
383 notation. Defaults to
384 0755.</para></listitem>
385 </varlistentry>
386
387 <varlistentry>
388 <term><varname>SocketMode=</varname></term>
389 <listitem><para>If listening on a file
390 system socket or FIFO, this option
391 specifies the file system access mode
392 used when creating the file
393 node. Takes an access mode in octal
394 notation. Defaults to
395 0666.</para></listitem>
396 </varlistentry>
397
398 <varlistentry>
399 <term><varname>Accept=</varname></term>
400 <listitem><para>Takes a boolean
401 argument. If true, a service instance
402 is spawned for each incoming
403 connection and only the connection
404 socket is passed to it. If false, all
405 listening sockets themselves are
406 passed to the started service unit,
407 and only one service unit is spawned
408 for all connections (also see
409 above). This value is ignored for
410 datagram sockets and FIFOs where a
411 single service unit unconditionally
412 handles all incoming traffic. Defaults
413 to <option>false</option>. For
414 performance reasons, it is recommended
415 to write new daemons only in a way
416 that is suitable for
417 <option>Accept=false</option>. A
418 daemon listening on an <constant>AF_UNIX</constant> socket
419 may, but does not need to, call
420 <citerefentry><refentrytitle>close</refentrytitle><manvolnum>2</manvolnum></citerefentry>
421 on the received socket before
422 exiting. However, it must not unlink
423 the socket from a file system. It
424 should not invoke
425 <citerefentry><refentrytitle>shutdown</refentrytitle><manvolnum>2</manvolnum></citerefentry>
426 on sockets it got with
427 <varname>Accept=false</varname>, but
428 it may do so for sockets it got with
429 <varname>Accept=true</varname> set.
430 Setting <varname>Accept=true</varname>
431 is mostly useful to allow daemons
432 designed for usage with
433 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
434 to work unmodified with systemd socket
435 activation.</para></listitem>
436 </varlistentry>
437
438 <varlistentry>
439 <term><varname>MaxConnections=</varname></term>
440 <listitem><para>The maximum number of
441 connections to simultaneously run
442 services instances for, when
443 <option>Accept=true</option> is
444 set. If more concurrent connections
445 are coming in, they will be refused
446 until at least one existing connection
447 is terminated. This setting has no
448 effect on sockets configured with
449 <option>Accept=false</option> or datagram
450 sockets. Defaults to
451 64.</para></listitem>
452 </varlistentry>
453
454 <varlistentry>
455 <term><varname>KeepAlive=</varname></term>
456 <listitem><para>Takes a boolean
457 argument. If true, the TCP/IP stack
458 will send a keep alive message after
459 2h (depending on the configuration of
460 <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
461 for all TCP streams accepted on this
462 socket. This controls the SO_KEEPALIVE
463 socket option (see
464 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
465 and the <ulink
466 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
467 Keepalive HOWTO</ulink> for details.)
468 Defaults to
469 <option>false</option>.</para></listitem>
470 </varlistentry>
471
472 <varlistentry>
473 <term><varname>Priority=</varname></term>
474 <listitem><para>Takes an integer
475 argument controlling the priority for
476 all traffic sent from this
477 socket. This controls the SO_PRIORITY
478 socket option (see
479 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
480 for details.).</para></listitem>
481 </varlistentry>
482
483 <varlistentry>
484 <term><varname>ReceiveBuffer=</varname></term>
485 <term><varname>SendBuffer=</varname></term>
486 <listitem><para>Takes an integer
487 argument controlling the receive
488 or send buffer sizes of this
489 socket, respectively. This controls the SO_RCVBUF
490 and SO_SNDBUF socket options (see
491 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
492 for details.).</para></listitem>
493 </varlistentry>
494
495 <varlistentry>
496 <term><varname>IPTOS=</varname></term>
497 <listitem><para>Takes an integer
498 argument controlling the IP
499 Type-Of-Service field for packets
500 generated from this socket. This
501 controls the IP_TOS socket option (see
502 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
503 for details.). Either a numeric string
504 or one of <option>low-delay</option>,
505 <option>throughput</option>,
506 <option>reliability</option> or
507 <option>low-cost</option> may be
508 specified.</para></listitem>
509 </varlistentry>
510
511 <varlistentry>
512 <term><varname>IPTTL=</varname></term>
513 <listitem><para>Takes an integer
514 argument controlling the IPv4
515 Time-To-Live/IPv6 Hop-Count field for
516 packets generated from this
517 socket. This sets the
518 IP_TTL/IPV6_UNICAST_HOPS socket
519 options (see
520 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
521 and
522 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
523 for details.)</para></listitem>
524 </varlistentry>
525
526 <varlistentry>
527 <term><varname>Mark=</varname></term>
528 <listitem><para>Takes an integer
529 value. Controls the firewall mark of
530 packets generated by this socket. This
531 can be used in the firewall logic to
532 filter packets from this socket. This
533 sets the SO_MARK socket option. See
534 <citerefentry><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
535 for details.</para></listitem>
536 </varlistentry>
537
538 <varlistentry>
539 <term><varname>ReusePort=</varname></term>
540 <listitem><para>Takes a boolean
541 value. If true, allows multiple <citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s
542 to this TCP or UDP port. This
543 controls the SO_REUSEPORT socket
544 option. See
545 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
546 for details.</para></listitem>
547 </varlistentry>
548
549 <varlistentry>
550 <term><varname>SmackLabel=</varname></term>
551 <term><varname>SmackLabelIPIn=</varname></term>
552 <term><varname>SmackLabelIPOut=</varname></term>
553 <listitem><para>Takes a string
554 value. Controls the extended
555 attributes
556 <literal>security.SMACK64</literal>,
557 <literal>security.SMACK64IPIN</literal>
558 and
559 <literal>security.SMACK64IPOUT</literal>,
560 respectively, i.e. the security label
561 of the FIFO, or the security label for
562 the incoming or outgoing connections
563 of the socket, respectively. See
564 <ulink
565 url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink>
566 for details.</para></listitem>
567 </varlistentry>
568
569 <varlistentry>
570 <term><varname>PipeSize=</varname></term>
571 <listitem><para>Takes an integer
572 value. Controls the pipe buffer size
573 of FIFOs configured in this socket
574 unit. See
575 <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
576 for details.</para></listitem>
577 </varlistentry>
578
579 <varlistentry>
580 <term><varname>MessageQueueMaxMessages=</varname>,
581 <varname>MessageQueueMessageSize=</varname></term>
582 <listitem><para>These two settings
583 take integer values and control the
584 mq_maxmsg field or the mq_msgsize field, respectively, when
585 creating the message queue. Note that
586 either none or both of these variables
587 need to be set. See
588 <citerefentry><refentrytitle>mq_setattr</refentrytitle><manvolnum>3</manvolnum></citerefentry>
589 for details.</para></listitem>
590 </varlistentry>
591
592 <varlistentry>
593 <term><varname>FreeBind=</varname></term>
594 <listitem><para>Takes a boolean
595 value. Controls whether the socket can
596 be bound to non-local IP
597 addresses. This is useful to configure
598 sockets listening on specific IP
599 addresses before those IP addresses
600 are successfully configured on a
601 network interface. This sets the
602 IP_FREEBIND socket option. For
603 robustness reasons it is recommended
604 to use this option whenever you bind a
605 socket to a specific IP
606 address. Defaults to <option>false</option>.</para></listitem>
607 </varlistentry>
608
609 <varlistentry>
610 <term><varname>Transparent=</varname></term>
611 <listitem><para>Takes a boolean
612 value. Controls the IP_TRANSPARENT
613 socket option. Defaults to
614 <option>false</option>.</para></listitem>
615 </varlistentry>
616
617 <varlistentry>
618 <term><varname>Broadcast=</varname></term>
619 <listitem><para>Takes a boolean
620 value. This controls the SO_BROADCAST
621 socket option, which allows broadcast
622 datagrams to be sent from this
623 socket. Defaults to
624 <option>false</option>.</para></listitem>
625 </varlistentry>
626
627 <varlistentry>
628 <term><varname>PassCredentials=</varname></term>
629 <listitem><para>Takes a boolean
630 value. This controls the SO_PASSCRED
631 socket option, which allows <constant>AF_UNIX</constant> sockets to
632 receive the credentials of the sending
633 process in an ancillary message.
634 Defaults to
635 <option>false</option>.</para></listitem>
636 </varlistentry>
637
638 <varlistentry>
639 <term><varname>PassSecurity=</varname></term>
640 <listitem><para>Takes a boolean
641 value. This controls the SO_PASSSEC
642 socket option, which allows <constant>AF_UNIX</constant>
643 sockets to receive the security
644 context of the sending process in an
645 ancillary message. Defaults to
646 <option>false</option>.</para></listitem>
647 </varlistentry>
648
649 <varlistentry>
650 <term><varname>TCPCongestion=</varname></term>
651 <listitem><para>Takes a string
652 value. Controls the TCP congestion
653 algorithm used by this socket. Should
654 be one of "westwood", "veno", "cubic",
655 "lp" or any other available algorithm
656 supported by the IP stack. This
657 setting applies only to stream
658 sockets.</para></listitem>
659 </varlistentry>
660
661 <varlistentry>
662 <term><varname>ExecStartPre=</varname></term>
663 <term><varname>ExecStartPost=</varname></term>
664 <listitem><para>Takes one or more
665 command lines, which are executed
666 before or after the listening
667 sockets/FIFOs are created and
668 bound, respectively. The first token of the command
669 line must be an absolute filename,
670 then followed by arguments for the
671 process. Multiple command lines may be
672 specified following the same scheme as
673 used for
674 <varname>ExecStartPre=</varname> of
675 service unit files.</para></listitem>
676 </varlistentry>
677
678 <varlistentry>
679 <term><varname>ExecStopPre=</varname></term>
680 <term><varname>ExecStopPost=</varname></term>
681 <listitem><para>Additional commands
682 that are executed before or after
683 the listening sockets/FIFOs are closed
684 and removed, respectively. Multiple command lines
685 may be specified following the same
686 scheme as used for
687 <varname>ExecStartPre=</varname> of
688 service unit files.</para></listitem>
689 </varlistentry>
690
691 <varlistentry>
692 <term><varname>TimeoutSec=</varname></term>
693 <listitem><para>Configures the time to
694 wait for the commands specified in
695 <varname>ExecStartPre=</varname>,
696 <varname>ExecStartPost=</varname>,
697 <varname>ExecStopPre=</varname> and
698 <varname>ExecStopPost=</varname> to
699 finish. If a command does not exit
700 within the configured time, the socket
701 will be considered failed and be shut
702 down again. All commands still running,
703 will be terminated forcibly via
704 <constant>SIGTERM</constant>, and after another delay of
705 this time with <constant>SIGKILL</constant>. (See
706 <option>KillMode=</option> in <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.)
707 Takes a unit-less value in seconds, or
708 a time span value such as "5min
709 20s". Pass 0 to disable the timeout
710 logic. Defaults to <varname>TimeoutStartSec=</varname> from the
711 manager configuration file.</para></listitem>
712 </varlistentry>
713
714 <varlistentry>
715 <term><varname>Service=</varname></term>
716 <listitem><para>Specifies the service
717 unit name to activate on incoming
718 traffic. This setting is only allowed
719 for sockets with
720 <varname>Accept=no</varname>. It
721 defaults to the service that bears the
722 same name as the socket (with the
723 suffix replaced). In most cases, it
724 should not be necessary to use this
725 option.</para></listitem>
726 </varlistentry>
727
728 </variablelist>
729
730 <para>Check
731 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
732 and
733 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
734 for more settings.</para>
735
736 </refsect1>
737
738 <refsect1>
739 <title>See Also</title>
740 <para>
741 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
742 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
743 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
744 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
745 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
746 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
747 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
748 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
749 </para>
750
751 <para>
752 For more extensive descriptions see the "systemd for Developers" series:
753 <ulink url="http://0pointer.de/blog/projects/socket-activation.html">Socket Activation</ulink>,
754 <ulink url="http://0pointer.de/blog/projects/socket-activation2.html">Socket Activation, part II</ulink>,
755 <ulink url="http://0pointer.de/blog/projects/inetd.html">Converting inetd Services</ulink>,
756 <ulink url="http://0pointer.de/blog/projects/socket-activated-containers.html">Socket Activated Internet Services and OS Containers</ulink>.
757 </para>
758 </refsect1>
759
760 </refentry>
Unnamed repository; edit this file 'description' to name the repository.