]>
Commit | Line | Data |
---|---|---|
0af20ea2 | 1 | <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> |
f3e219a2 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
12b42c76 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
f3e219a2 LP |
4 | |
5 | <!-- | |
572eb058 ZJS |
6 | SPDX-License-Identifier: LGPL-2.1+ |
7 | ||
f3e219a2 LP |
8 | This file is part of systemd. |
9 | ||
10 | Copyright 2010 Lennart Poettering | |
11 | ||
12 | systemd is free software; you can redistribute it and/or modify it | |
5430f7f2 LP |
13 | under the terms of the GNU Lesser General Public License as published by |
14 | the Free Software Foundation; either version 2.1 of the License, or | |
f3e219a2 LP |
15 | (at your option) any later version. |
16 | ||
17 | systemd is distributed in the hope that it will be useful, but | |
18 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
5430f7f2 | 20 | Lesser General Public License for more details. |
f3e219a2 | 21 | |
5430f7f2 | 22 | You should have received a copy of the GNU Lesser General Public License |
f3e219a2 LP |
23 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
24 | --> | |
25 | ||
1b907b5c | 26 | <refentry id="systemd-system.conf" |
798d3a52 ZJS |
27 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
28 | <refentryinfo> | |
29 | <title>systemd-system.conf</title> | |
30 | <productname>systemd</productname> | |
31 | ||
32 | <authorgroup> | |
33 | <author> | |
34 | <contrib>Developer</contrib> | |
35 | <firstname>Lennart</firstname> | |
36 | <surname>Poettering</surname> | |
37 | <email>lennart@poettering.net</email> | |
38 | </author> | |
39 | </authorgroup> | |
40 | </refentryinfo> | |
41 | ||
42 | <refmeta> | |
43 | <refentrytitle>systemd-system.conf</refentrytitle> | |
44 | <manvolnum>5</manvolnum> | |
45 | </refmeta> | |
46 | ||
47 | <refnamediv> | |
48 | <refname>systemd-system.conf</refname> | |
49 | <refname>system.conf.d</refname> | |
50 | <refname>systemd-user.conf</refname> | |
51 | <refname>user.conf.d</refname> | |
52 | <refpurpose>System and session service manager configuration files</refpurpose> | |
53 | </refnamediv> | |
54 | ||
55 | <refsynopsisdiv> | |
03a7b521 LP |
56 | <para><filename>/etc/systemd/system.conf</filename>, |
57 | <filename>/etc/systemd/system.conf.d/*.conf</filename>, | |
58 | <filename>/run/systemd/system.conf.d/*.conf</filename>, | |
59 | <filename>/usr/lib/systemd/system.conf.d/*.conf</filename></para> | |
60 | <para><filename>/etc/systemd/user.conf</filename>, | |
61 | <filename>/etc/systemd/user.conf.d/*.conf</filename>, | |
62 | <filename>/run/systemd/user.conf.d/*.conf</filename>, | |
63 | <filename>/usr/lib/systemd/user.conf.d/*.conf</filename></para> | |
798d3a52 ZJS |
64 | </refsynopsisdiv> |
65 | ||
66 | <refsect1> | |
67 | <title>Description</title> | |
68 | ||
69 | <para>When run as a system instance, systemd interprets the | |
70 | configuration file <filename>system.conf</filename> and the files | |
71 | in <filename>system.conf.d</filename> directories; when run as a | |
72 | user instance, systemd interprets the configuration file | |
73 | <filename>user.conf</filename> and the files in | |
74 | <filename>user.conf.d</filename> directories. These configuration | |
75 | files contain a few settings controlling basic manager | |
76 | operations.</para> | |
77 | </refsect1> | |
78 | ||
e93549ef | 79 | <xi:include href="standard-conf.xml" xpointer="main-conf" /> |
798d3a52 ZJS |
80 | |
81 | <refsect1> | |
82 | <title>Options</title> | |
83 | ||
84 | <para>All options are configured in the | |
85 | <literal>[Manager]</literal> section:</para> | |
86 | ||
87 | <variablelist class='systemd-directives'> | |
88 | ||
89 | <varlistentry> | |
90 | <term><varname>LogLevel=</varname></term> | |
91 | <term><varname>LogTarget=</varname></term> | |
92 | <term><varname>LogColor=</varname></term> | |
93 | <term><varname>LogLocation=</varname></term> | |
94 | <term><varname>DumpCore=yes</varname></term> | |
b9e74c39 | 95 | <term><varname>CrashChangeVT=no</varname></term> |
798d3a52 | 96 | <term><varname>CrashShell=no</varname></term> |
b9e74c39 | 97 | <term><varname>CrashReboot=no</varname></term> |
798d3a52 | 98 | <term><varname>ShowStatus=yes</varname></term> |
798d3a52 ZJS |
99 | <term><varname>DefaultStandardOutput=journal</varname></term> |
100 | <term><varname>DefaultStandardError=inherit</varname></term> | |
101 | ||
33fc1800 LP |
102 | <listitem><para>Configures various parameters of basic manager operation. These options may be overridden by |
103 | the respective process and kernel command line arguments. See | |
104 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for | |
105 | details.</para></listitem> | |
798d3a52 ZJS |
106 | </varlistentry> |
107 | ||
24dd31c1 LN |
108 | <varlistentry> |
109 | <term><varname>CtrlAltDelBurstAction=</varname></term> | |
110 | ||
111 | <listitem><para>Defines what action will be performed | |
2dd67817 | 112 | if user presses Ctrl-Alt-Delete more than 7 times in 2s. |
ae8c7939 LN |
113 | Can be set to <literal>reboot-force</literal>, <literal>poweroff-force</literal>, |
114 | <literal>reboot-immediate</literal>, <literal>poweroff-immediate</literal> | |
115 | or disabled with <literal>none</literal>. Defaults to | |
24dd31c1 LN |
116 | <literal>reboot-force</literal>. |
117 | </para></listitem> | |
118 | </varlistentry> | |
119 | ||
798d3a52 ZJS |
120 | <varlistentry> |
121 | <term><varname>CPUAffinity=</varname></term> | |
122 | ||
123 | <listitem><para>Configures the initial CPU affinity for the | |
71b1c27a FB |
124 | init process. Takes a list of CPU indices or ranges separated |
125 | by either whitespace or commas. CPU ranges are specified by | |
126 | the lower and upper CPU indices separated by a | |
127 | dash.</para></listitem> | |
798d3a52 ZJS |
128 | </varlistentry> |
129 | ||
130 | <varlistentry> | |
131 | <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term> | |
132 | ||
133 | <listitem><para>Configures controllers that shall be mounted | |
134 | in a single hierarchy. By default, systemd will mount all | |
135 | controllers which are enabled in the kernel in individual | |
136 | hierarchies, with the exception of those listed in this | |
137 | setting. Takes a space-separated list of comma-separated | |
138 | controller names, in order to allow multiple joined | |
139 | hierarchies. Defaults to 'cpu,cpuacct'. Pass an empty string | |
140 | to ensure that systemd mounts all controllers in separate | |
141 | hierarchies.</para> | |
142 | ||
143 | <para>Note that this option is only applied once, at very | |
144 | early boot. If you use an initial RAM disk (initrd) that uses | |
145 | systemd, it might hence be necessary to rebuild the initrd if | |
146 | this option is changed, and make sure the new configuration | |
147 | file is included in it. Otherwise, the initrd might mount the | |
148 | controller hierarchies in a different configuration than | |
149 | intended, and the main system cannot remount them | |
150 | anymore.</para></listitem> | |
151 | </varlistentry> | |
152 | ||
153 | <varlistentry> | |
154 | <term><varname>RuntimeWatchdogSec=</varname></term> | |
155 | <term><varname>ShutdownWatchdogSec=</varname></term> | |
156 | ||
157 | <listitem><para>Configure the hardware watchdog at runtime and | |
158 | at reboot. Takes a timeout value in seconds (or in other time | |
159 | units if suffixed with <literal>ms</literal>, | |
160 | <literal>min</literal>, <literal>h</literal>, | |
161 | <literal>d</literal>, <literal>w</literal>). If | |
162 | <varname>RuntimeWatchdogSec=</varname> is set to a non-zero | |
163 | value, the watchdog hardware | |
c75396c3 EJ |
164 | (<filename>/dev/watchdog</filename> or the path specified with |
165 | <varname>WatchdogDevice=</varname> or the kernel option | |
166 | <varname>systemd.watchdog-device=</varname>) will be programmed | |
167 | to automatically reboot the system if it is not contacted within | |
798d3a52 ZJS |
168 | the specified timeout interval. The system manager will ensure |
169 | to contact it at least once in half the specified timeout | |
170 | interval. This feature requires a hardware watchdog device to | |
171 | be present, as it is commonly the case in embedded and server | |
172 | systems. Not all hardware watchdogs allow configuration of the | |
173 | reboot timeout, in which case the closest available timeout is | |
174 | picked. <varname>ShutdownWatchdogSec=</varname> may be used to | |
175 | configure the hardware watchdog when the system is asked to | |
176 | reboot. It works as a safety net to ensure that the reboot | |
177 | takes place even if a clean reboot attempt times out. By | |
178 | default <varname>RuntimeWatchdogSec=</varname> defaults to 0 | |
179 | (off), and <varname>ShutdownWatchdogSec=</varname> to 10min. | |
180 | These settings have no effect if a hardware watchdog is not | |
181 | available.</para></listitem> | |
182 | </varlistentry> | |
183 | ||
c75396c3 EJ |
184 | <varlistentry> |
185 | <term><varname>WatchdogDevice=</varname></term> | |
186 | ||
187 | <listitem><para>Configure the hardware watchdog device that the | |
188 | runtime and shutdown watchdog timers will open and use. Defaults | |
189 | to <filename>/dev/watchdog</filename>. This setting has no | |
190 | effect if a hardware watchdog is not available.</para></listitem> | |
191 | </varlistentry> | |
192 | ||
798d3a52 ZJS |
193 | <varlistentry> |
194 | <term><varname>CapabilityBoundingSet=</varname></term> | |
195 | ||
196 | <listitem><para>Controls which capabilities to include in the | |
197 | capability bounding set for PID 1 and its children. See | |
198 | <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
199 | for details. Takes a whitespace-separated list of capability | |
200 | names as read by | |
3ba3a79d | 201 | <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>. |
798d3a52 ZJS |
202 | Capabilities listed will be included in the bounding set, all |
203 | others are removed. If the list of capabilities is prefixed | |
204 | with ~, all but the listed capabilities will be included, the | |
205 | effect of the assignment inverted. Note that this option also | |
206 | affects the respective capabilities in the effective, | |
207 | permitted and inheritable capability sets. The capability | |
208 | bounding set may also be individually configured for units | |
209 | using the <varname>CapabilityBoundingSet=</varname> directive | |
210 | for units, but note that capabilities dropped for PID 1 cannot | |
211 | be regained in individual units, they are lost for | |
212 | good.</para></listitem> | |
213 | </varlistentry> | |
214 | ||
215 | <varlistentry> | |
216 | <term><varname>SystemCallArchitectures=</varname></term> | |
217 | ||
218 | <listitem><para>Takes a space-separated list of architecture | |
219 | identifiers. Selects from which architectures system calls may | |
220 | be invoked on this system. This may be used as an effective | |
221 | way to disable invocation of non-native binaries system-wide, | |
222 | for example to prohibit execution of 32-bit x86 binaries on | |
223 | 64-bit x86-64 systems. This option operates system-wide, and | |
224 | acts similar to the | |
225 | <varname>SystemCallArchitectures=</varname> setting of unit | |
226 | files, see | |
227 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
228 | for details. This setting defaults to the empty list, in which | |
229 | case no filtering of system calls based on architecture is | |
230 | applied. Known architecture identifiers are | |
231 | <literal>x86</literal>, <literal>x86-64</literal>, | |
232 | <literal>x32</literal>, <literal>arm</literal> and the special | |
233 | identifier <literal>native</literal>. The latter implicitly | |
234 | maps to the native architecture of the system (or more | |
235 | specifically, the architecture the system manager was compiled | |
236 | for). Set this setting to <literal>native</literal> to | |
237 | prohibit execution of any non-native binaries. When a binary | |
238 | executes a system call of an architecture that is not listed | |
239 | in this setting, it will be immediately terminated with the | |
240 | SIGSYS signal.</para></listitem> | |
241 | </varlistentry> | |
242 | ||
243 | <varlistentry> | |
244 | <term><varname>TimerSlackNSec=</varname></term> | |
245 | ||
246 | <listitem><para>Sets the timer slack in nanoseconds for PID 1, | |
247 | which is inherited by all executed processes, unless | |
248 | overridden individually, for example with the | |
249 | <varname>TimerSlackNSec=</varname> setting in service units | |
250 | (for details see | |
251 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). | |
252 | The timer slack controls the accuracy of wake-ups triggered by | |
253 | system timers. See | |
254 | <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
255 | for more information. Note that in contrast to most other time | |
256 | span definitions this parameter takes an integer value in | |
257 | nano-seconds if no unit is specified. The usual time units are | |
258 | understood too.</para></listitem> | |
259 | </varlistentry> | |
260 | ||
261 | <varlistentry> | |
262 | <term><varname>DefaultTimerAccuracySec=</varname></term> | |
263 | ||
264 | <listitem><para>Sets the default accuracy of timer units. This | |
265 | controls the global default for the | |
266 | <varname>AccuracySec=</varname> setting of timer units, see | |
267 | <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
268 | for details. <varname>AccuracySec=</varname> set in individual | |
269 | units override the global default for the specific unit. | |
270 | Defaults to 1min. Note that the accuracy of timer units is | |
271 | also affected by the configured timer slack for PID 1, see | |
272 | <varname>TimerSlackNSec=</varname> above.</para></listitem> | |
273 | </varlistentry> | |
274 | ||
275 | <varlistentry> | |
276 | <term><varname>DefaultTimeoutStartSec=</varname></term> | |
277 | <term><varname>DefaultTimeoutStopSec=</varname></term> | |
278 | <term><varname>DefaultRestartSec=</varname></term> | |
279 | ||
280 | <listitem><para>Configures the default timeouts for starting | |
281 | and stopping of units, as well as the default time to sleep | |
282 | between automatic restarts of units, as configured per-unit in | |
283 | <varname>TimeoutStartSec=</varname>, | |
284 | <varname>TimeoutStopSec=</varname> and | |
285 | <varname>RestartSec=</varname> (for services, see | |
286 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
287 | for details on the per-unit settings). For non-service units, | |
288 | <varname>DefaultTimeoutStartSec=</varname> sets the default | |
f5a05fb5 LP |
289 | <varname>TimeoutSec=</varname> |
290 | value. <varname>DefaultTimeoutStartSec=</varname> and | |
291 | <varname>DefaultTimeoutStopSec=</varname> default to | |
292 | 90s. <varname>DefaultRestartSec=</varname> defaults to | |
293 | 100ms.</para></listitem> | |
798d3a52 ZJS |
294 | </varlistentry> |
295 | ||
296 | <varlistentry> | |
f0367da7 | 297 | <term><varname>DefaultStartLimitIntervalSec=</varname></term> |
798d3a52 ZJS |
298 | <term><varname>DefaultStartLimitBurst=</varname></term> |
299 | ||
300 | <listitem><para>Configure the default unit start rate | |
301 | limiting, as configured per-service by | |
f0367da7 | 302 | <varname>StartLimitIntervalSec=</varname> and |
798d3a52 ZJS |
303 | <varname>StartLimitBurst=</varname>. See |
304 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
f5a05fb5 | 305 | for details on the per-service settings. |
f0367da7 | 306 | <varname>DefaultStartLimitIntervalSec=</varname> defaults to |
f5a05fb5 LP |
307 | 10s. <varname>DefaultStartLimitBurst=</varname> defaults to |
308 | 5.</para></listitem> | |
798d3a52 ZJS |
309 | </varlistentry> |
310 | ||
311 | <varlistentry> | |
312 | <term><varname>DefaultEnvironment=</varname></term> | |
313 | ||
314 | <listitem><para>Sets manager environment variables passed to | |
315 | all executed processes. Takes a space-separated list of | |
316 | variable assignments. See | |
317 | <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
318 | for details about environment variables.</para> | |
319 | ||
320 | <para>Example: | |
321 | ||
322 | <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting> | |
323 | ||
324 | Sets three variables | |
325 | <literal>VAR1</literal>, | |
326 | <literal>VAR2</literal>, | |
327 | <literal>VAR3</literal>.</para></listitem> | |
328 | </varlistentry> | |
329 | ||
330 | <varlistentry> | |
331 | <term><varname>DefaultCPUAccounting=</varname></term> | |
332 | <term><varname>DefaultBlockIOAccounting=</varname></term> | |
333 | <term><varname>DefaultMemoryAccounting=</varname></term> | |
03a7b521 | 334 | <term><varname>DefaultTasksAccounting=</varname></term> |
8d8631d4 | 335 | <term><varname>DefaultIPAccounting=</varname></term> |
798d3a52 | 336 | |
8d8631d4 DM |
337 | <listitem><para>Configure the default resource accounting settings, as configured per-unit by |
338 | <varname>CPUAccounting=</varname>, <varname>BlockIOAccounting=</varname>, <varname>MemoryAccounting=</varname>, | |
339 | <varname>TasksAccounting=</varname> and <varname>IPAccounting=</varname>. See | |
798d3a52 | 340 | <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
8d8631d4 DM |
341 | for details on the per-unit settings. <varname>DefaultTasksAccounting=</varname> defaults to on, the other |
342 | four settings to off.</para></listitem> | |
798d3a52 ZJS |
343 | </varlistentry> |
344 | ||
0af20ea2 LP |
345 | <varlistentry> |
346 | <term><varname>DefaultTasksMax=</varname></term> | |
347 | ||
79baeeb9 | 348 | <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See |
0af20ea2 | 349 | <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
79baeeb9 LP |
350 | for details. This setting applies to all unit types that support resource control settings, with the exception |
351 | of slice units. Defaults to 15%, which equals 4915 with the kernel's defaults on the host, but might be smaller | |
352 | in OS containers.</para></listitem> | |
0af20ea2 LP |
353 | </varlistentry> |
354 | ||
798d3a52 ZJS |
355 | <varlistentry> |
356 | <term><varname>DefaultLimitCPU=</varname></term> | |
357 | <term><varname>DefaultLimitFSIZE=</varname></term> | |
358 | <term><varname>DefaultLimitDATA=</varname></term> | |
359 | <term><varname>DefaultLimitSTACK=</varname></term> | |
360 | <term><varname>DefaultLimitCORE=</varname></term> | |
361 | <term><varname>DefaultLimitRSS=</varname></term> | |
362 | <term><varname>DefaultLimitNOFILE=</varname></term> | |
363 | <term><varname>DefaultLimitAS=</varname></term> | |
364 | <term><varname>DefaultLimitNPROC=</varname></term> | |
365 | <term><varname>DefaultLimitMEMLOCK=</varname></term> | |
366 | <term><varname>DefaultLimitLOCKS=</varname></term> | |
367 | <term><varname>DefaultLimitSIGPENDING=</varname></term> | |
368 | <term><varname>DefaultLimitMSGQUEUE=</varname></term> | |
369 | <term><varname>DefaultLimitNICE=</varname></term> | |
370 | <term><varname>DefaultLimitRTPRIO=</varname></term> | |
371 | <term><varname>DefaultLimitRTTIME=</varname></term> | |
372 | ||
373 | <listitem><para>These settings control various default | |
374 | resource limits for units. See | |
375 | <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
91518d20 KZ |
376 | for details. The resource limit is possible to specify in two formats, |
377 | <option>value</option> to set soft and hard limits to the same value, | |
378 | or <option>soft:hard</option> to set both limits individually (e.g. DefaultLimitAS=4G:16G). | |
379 | Use the string <varname>infinity</varname> to | |
380 | configure no limit on a specific resource. The multiplicative | |
381 | suffixes K (=1024), M (=1024*1024) and so on for G, T, P and E | |
382 | may be used for resource limits measured in bytes | |
383 | (e.g. DefaultLimitAS=16G). For the limits referring to time values, | |
384 | the usual time units ms, s, min, h and so on may be used (see | |
385 | <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
386 | for details). Note that if no time unit is specified for | |
387 | <varname>DefaultLimitCPU=</varname> the default unit of seconds is | |
388 | implied, while for <varname>DefaultLimitRTTIME=</varname> the default | |
389 | unit of microseconds is implied. Also, note that the effective | |
390 | granularity of the limits might influence their | |
391 | enforcement. For example, time limits specified for | |
392 | <varname>DefaultLimitCPU=</varname> will be rounded up implicitly to | |
393 | multiples of 1s. These settings may be overridden in individual units | |
394 | using the corresponding LimitXXX= directives. Note that these resource | |
395 | limits are only defaults for units, they are not applied to PID 1 | |
798d3a52 ZJS |
396 | itself.</para></listitem> |
397 | </varlistentry> | |
398 | </variablelist> | |
399 | </refsect1> | |
400 | ||
401 | <refsect1> | |
402 | <title>See Also</title> | |
403 | <para> | |
404 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
405 | <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
406 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
407 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
408 | <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
409 | <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
410 | </para> | |
411 | </refsect1> | |
f3e219a2 LP |
412 | |
413 | </refentry> |