]>
Commit | Line | Data |
---|---|---|
f3e219a2 LP |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?> | |
3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | |
4 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
5 | ||
6 | <!-- | |
7 | This file is part of systemd. | |
8 | ||
9 | Copyright 2010 Lennart Poettering | |
10 | ||
11 | systemd is free software; you can redistribute it and/or modify it | |
5430f7f2 LP |
12 | under the terms of the GNU Lesser General Public License as published by |
13 | the Free Software Foundation; either version 2.1 of the License, or | |
f3e219a2 LP |
14 | (at your option) any later version. |
15 | ||
16 | systemd is distributed in the hope that it will be useful, but | |
17 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
5430f7f2 | 19 | Lesser General Public License for more details. |
f3e219a2 | 20 | |
5430f7f2 | 21 | You should have received a copy of the GNU Lesser General Public License |
f3e219a2 LP |
22 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
23 | --> | |
24 | ||
5f9cfd4c | 25 | <refentry id="systemd-system.conf"> |
f3e219a2 | 26 | <refentryinfo> |
5f9cfd4c | 27 | <title>systemd-system.conf</title> |
f3e219a2 LP |
28 | <productname>systemd</productname> |
29 | ||
30 | <authorgroup> | |
31 | <author> | |
32 | <contrib>Developer</contrib> | |
33 | <firstname>Lennart</firstname> | |
34 | <surname>Poettering</surname> | |
35 | <email>lennart@poettering.net</email> | |
36 | </author> | |
37 | </authorgroup> | |
38 | </refentryinfo> | |
39 | ||
40 | <refmeta> | |
5f9cfd4c | 41 | <refentrytitle>systemd-system.conf</refentrytitle> |
f3e219a2 LP |
42 | <manvolnum>5</manvolnum> |
43 | </refmeta> | |
44 | ||
45 | <refnamediv> | |
5f9cfd4c ZJS |
46 | <refname>systemd-system.conf</refname> |
47 | <refname>systemd-user.conf</refname> | |
48 | <refpurpose>System and session service manager configuration file</refpurpose> | |
f3e219a2 LP |
49 | </refnamediv> |
50 | ||
51 | <refsynopsisdiv> | |
4aa6e778 LP |
52 | <para><filename>/etc/systemd/system.conf</filename></para> |
53 | <para><filename>/etc/systemd/user.conf</filename></para> | |
f3e219a2 LP |
54 | </refsynopsisdiv> |
55 | ||
56 | <refsect1> | |
57 | <title>Description</title> | |
58 | ||
59 | <para>When run as system instance systemd reads the | |
60 | configuration file <filename>system.conf</filename>, | |
af2d49f7 | 61 | otherwise <filename>user.conf</filename>. These |
f3e219a2 LP |
62 | configuration files contain a few settings controlling |
63 | basic manager operations.</para> | |
f3e219a2 LP |
64 | </refsect1> |
65 | ||
66 | <refsect1> | |
67 | <title>Options</title> | |
68 | ||
69 | <para>All options are configured in the | |
70 | <literal>[Manager]</literal> section:</para> | |
71 | ||
ffafe91b | 72 | <variablelist class='systemd-directives'> |
f3e219a2 LP |
73 | |
74 | <varlistentry> | |
75 | <term><varname>LogLevel=</varname></term> | |
76 | <term><varname>LogTarget=</varname></term> | |
77 | <term><varname>LogColor=</varname></term> | |
78 | <term><varname>LogLocation=</varname></term> | |
79 | <term><varname>DumpCore=yes</varname></term> | |
80 | <term><varname>CrashShell=no</varname></term> | |
81 | <term><varname>ShowStatus=yes</varname></term> | |
82 | <term><varname>CrashChVT=1</varname></term> | |
706343f4 | 83 | <term><varname>DefaultStandardOutput=journal</varname></term> |
0a494f1f | 84 | <term><varname>DefaultStandardError=inherit</varname></term> |
f3e219a2 LP |
85 | |
86 | <listitem><para>Configures various | |
87 | parameters of basic manager | |
88 | operation. These options may be | |
5471472d | 89 | overridden by the respective command |
f3e219a2 LP |
90 | line arguments. See |
91 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
92 | for details about these command line | |
93 | arguments.</para></listitem> | |
94 | </varlistentry> | |
95 | ||
96 | <varlistentry> | |
97 | <term><varname>CPUAffinity=</varname></term> | |
98 | ||
99 | <listitem><para>Configures the initial | |
100 | CPU affinity for the init | |
96d4ce01 | 101 | process. Takes a space-separated list |
66f756d4 | 102 | of CPU indices.</para></listitem> |
af2d49f7 | 103 | </varlistentry> |
06d4c99a LP |
104 | |
105 | <varlistentry> | |
7ac80732 | 106 | <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term> |
0c85a4f3 LP |
107 | |
108 | <listitem><para>Configures controllers | |
109 | that shall be mounted in a single | |
79640424 | 110 | hierarchy. By default, systemd will |
0c85a4f3 LP |
111 | mount all controllers which are |
112 | enabled in the kernel in individual | |
49f43d5f | 113 | hierarchies, with the exception of |
0c85a4f3 | 114 | those listed in this setting. Takes a |
e9dd9f95 JSJ |
115 | space-separated list of comma-separated |
116 | controller names, in order | |
0c85a4f3 LP |
117 | to allow multiple joined |
118 | hierarchies. Defaults to | |
119 | 'cpu,cpuacct'. Pass an empty string to | |
120 | ensure that systemd mounts all | |
121 | controllers in separate | |
e5e991a1 LP |
122 | hierarchies.</para> |
123 | ||
124 | <para>Note that this option is only | |
125 | applied once, at very early boot. If | |
126 | you use an initial RAM disk (initrd) | |
e9dd9f95 | 127 | that uses systemd, it might hence be |
e5e991a1 LP |
128 | necessary to rebuild the initrd if |
129 | this option is changed, and make sure | |
130 | the new configuration file is included | |
79640424 | 131 | in it. Otherwise, the initrd might |
ab06eef8 | 132 | mount the controller hierarchies in a |
b02a01dc LP |
133 | different configuration than intended, |
134 | and the main system cannot remount | |
135 | them anymore.</para></listitem> | |
0c85a4f3 | 136 | </varlistentry> |
e96d6be7 LP |
137 | |
138 | <varlistentry> | |
139 | <term><varname>RuntimeWatchdogSec=</varname></term> | |
140 | <term><varname>ShutdownWatchdogSec=</varname></term> | |
141 | ||
142 | <listitem><para>Configure the hardware | |
143 | watchdog at runtime and at | |
144 | reboot. Takes a timeout value in | |
145 | seconds (or in other time units if | |
146 | suffixed with <literal>ms</literal>, | |
147 | <literal>min</literal>, | |
148 | <literal>h</literal>, | |
149 | <literal>d</literal>, | |
150 | <literal>w</literal>). If | |
151 | <varname>RuntimeWatchdogSec=</varname> | |
79640424 | 152 | is set to a non-zero value, the |
e96d6be7 LP |
153 | watchdog hardware |
154 | (<filename>/dev/watchdog</filename>) | |
155 | will be programmed to automatically | |
156 | reboot the system if it is not | |
157 | contacted within the specified timeout | |
158 | interval. The system manager will | |
159 | ensure to contact it at least once in | |
160 | half the specified timeout | |
161 | interval. This feature requires a | |
162 | hardware watchdog device to be | |
163 | present, as it is commonly the case in | |
164 | embedded and server systems. Not all | |
165 | hardware watchdogs allow configuration | |
166 | of the reboot timeout, in which case | |
167 | the closest available timeout is | |
168 | picked. <varname>ShutdownWatchdogSec=</varname> | |
169 | may be used to configure the hardware | |
170 | watchdog when the system is asked to | |
171 | reboot. It works as a safety net to | |
172 | ensure that the reboot takes place | |
173 | even if a clean reboot attempt times | |
174 | out. By default | |
175 | <varname>RuntimeWatchdogSec=</varname> | |
176 | defaults to 0 (off), and | |
177 | <varname>ShutdownWatchdogSec=</varname> | |
178 | to 10min. These settings have no | |
179 | effect if a hardware watchdog is not | |
180 | available.</para></listitem> | |
181 | </varlistentry> | |
c93ff2e9 | 182 | |
ec8927ca LP |
183 | <varlistentry> |
184 | <term><varname>CapabilityBoundingSet=</varname></term> | |
185 | ||
186 | <listitem><para>Controls which | |
187 | capabilities to include in the | |
188 | capability bounding set for PID 1 and | |
189 | its children. See | |
190 | <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
e9dd9f95 JSJ |
191 | for details. Takes a whitespace-separated |
192 | list of capability names as read by | |
ec8927ca LP |
193 | <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>. |
194 | Capabilities listed will be included | |
195 | in the bounding set, all others are | |
196 | removed. If the list of capabilities | |
79640424 | 197 | is prefixed with ~, all but the listed |
ec8927ca LP |
198 | capabilities will be included, the |
199 | effect of the assignment | |
200 | inverted. Note that this option also | |
bb31a4ac | 201 | affects the respective capabilities in |
ec8927ca LP |
202 | the effective, permitted and |
203 | inheritable capability sets. The | |
204 | capability bounding set may also be | |
205 | individually configured for units | |
206 | using the | |
207 | <varname>CapabilityBoundingSet=</varname> | |
208 | directive for units, but note that | |
209 | capabilities dropped for PID 1 cannot | |
210 | be regained in individual units, they | |
211 | are lost for good.</para></listitem> | |
212 | </varlistentry> | |
213 | ||
d3b1c508 LP |
214 | <varlistentry> |
215 | <term><varname>SystemCallArchitectures=</varname></term> | |
216 | ||
217 | <listitem><para>Takes a | |
218 | space-separated list of architecture | |
66f756d4 | 219 | identifiers. Selects from which |
d3b1c508 LP |
220 | architectures system calls may be |
221 | invoked on this system. This may be | |
222 | used as an effective way to disable | |
223 | invocation of non-native binaries | |
224 | system-wide, for example to prohibit | |
73e231ab JE |
225 | execution of 32-bit x86 binaries on |
226 | 64-bit x86-64 systems. This option | |
227 | operates system-wide, and acts | |
d3b1c508 LP |
228 | similar to the |
229 | <varname>SystemCallArchitectures=</varname> | |
230 | setting of unit files, see | |
231 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
232 | for details. This setting defaults to | |
73e231ab | 233 | the empty list, in which case no |
d3b1c508 LP |
234 | filtering of system calls based on |
235 | architecture is applied. Known | |
236 | architecture identifiers are | |
237 | <literal>x86</literal>, | |
238 | <literal>x86-64</literal>, | |
239 | <literal>x32</literal>, | |
240 | <literal>arm</literal> and the special | |
241 | identifier | |
242 | <literal>native</literal>. The latter | |
243 | implicitly maps to the native | |
244 | architecture of the system (or more | |
245 | specifically, the architecture the | |
246 | system manager was compiled for). Set | |
247 | this setting to | |
248 | <literal>native</literal> to prohibit | |
249 | execution of any non-native | |
250 | binaries. When a binary executes a | |
251 | system call of an architecture that is | |
73e231ab | 252 | not listed in this setting, it will be |
d3b1c508 LP |
253 | immediately terminated with the SIGSYS |
254 | signal.</para></listitem> | |
255 | </varlistentry> | |
256 | ||
257 | ||
aa0f64ac LP |
258 | <varlistentry> |
259 | <term><varname>TimerSlackNSec=</varname></term> | |
260 | ||
261 | <listitem><para>Sets the timer slack | |
262 | in nanoseconds for PID 1 which is then | |
263 | inherited to all executed processes, | |
bb31a4ac | 264 | unless overridden individually, for |
aa0f64ac LP |
265 | example with the |
266 | <varname>TimerSlackNSec=</varname> | |
267 | setting in service units (for details | |
268 | see | |
269 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The | |
270 | timer slack controls the accuracy of | |
271 | wake-ups triggered by timers. See | |
272 | <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
273 | for more information. Note that in | |
274 | contrast to most other time span | |
275 | definitions this parameter takes an | |
276 | integer value in nano-seconds if no | |
277 | unit is specified. The usual time | |
278 | units are understood | |
279 | too.</para></listitem> | |
280 | </varlistentry> | |
281 | ||
d3b1c508 LP |
282 | <varlistentry> |
283 | <term><varname>DefaultTimeoutStartSec=</varname></term> | |
284 | <term><varname>DefaultTimeoutStopSec=</varname></term> | |
285 | <term><varname>DefaultRestartSec=</varname></term> | |
286 | ||
287 | <listitem><para>Configures the default | |
73e231ab | 288 | timeouts for starting and stopping of |
d3b1c508 LP |
289 | units, as well as the default time to |
290 | sleep between automatic restarts of | |
291 | units, as configured per-unit in | |
292 | <varname>TimeoutStartSec=</varname>, | |
293 | <varname>TimeoutStopSec=</varname> and | |
294 | <varname>RestartSec=</varname> (for | |
295 | service units, see | |
296 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
297 | for details on the per-unit | |
298 | settings). For non-service units, | |
299 | <varname>DefaultTimeoutStartSec=</varname> | |
300 | sets the default | |
301 | <varname>TimeoutSec=</varname> value. | |
302 | </para></listitem> | |
303 | </varlistentry> | |
304 | <varlistentry> | |
305 | <term><varname>DefaultStartLimitInterval=</varname></term> | |
306 | <term><varname>DefaultStartLimitBurst=</varname></term> | |
307 | ||
308 | <listitem><para>Configure the default start rate | |
309 | limiting, as configured per-service by | |
310 | <varname>StartLimitInterval=</varname> and | |
311 | <varname>StartLimitBurst=</varname>. See | |
312 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
313 | for details on the per-service | |
314 | settings). | |
315 | </para></listitem> | |
316 | </varlistentry> | |
317 | ||
97d0e5f8 UTL |
318 | <varlistentry> |
319 | <term><varname>DefaultEnvironment=</varname></term> | |
320 | ||
78894537 LP |
321 | <listitem><para>Sets manager |
322 | environment variables passed to all | |
323 | executed processes. Takes a | |
324 | space-separated list of variable | |
325 | assignments. See | |
326 | <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
327 | for details about environment | |
328 | variables.</para> | |
97d0e5f8 UTL |
329 | |
330 | <para>Example: | |
97d0e5f8 | 331 | |
78894537 LP |
332 | <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting> |
333 | ||
334 | Sets three variables | |
335 | <literal>VAR1</literal>, | |
336 | <literal>VAR2</literal>, | |
337 | <literal>VAR3</literal>.</para></listitem> | |
97d0e5f8 UTL |
338 | </varlistentry> |
339 | ||
c93ff2e9 FC |
340 | <varlistentry> |
341 | <term><varname>DefaultLimitCPU=</varname></term> | |
342 | <term><varname>DefaultLimitFSIZE=</varname></term> | |
343 | <term><varname>DefaultLimitDATA=</varname></term> | |
344 | <term><varname>DefaultLimitSTACK=</varname></term> | |
345 | <term><varname>DefaultLimitCORE=</varname></term> | |
346 | <term><varname>DefaultLimitRSS=</varname></term> | |
347 | <term><varname>DefaultLimitNOFILE=</varname></term> | |
348 | <term><varname>DefaultLimitAS=</varname></term> | |
349 | <term><varname>DefaultLimitNPROC=</varname></term> | |
350 | <term><varname>DefaultLimitMEMLOCK=</varname></term> | |
351 | <term><varname>DefaultLimitLOCKS=</varname></term> | |
352 | <term><varname>DefaultLimitSIGPENDING=</varname></term> | |
353 | <term><varname>DefaultLimitMSGQUEUE=</varname></term> | |
354 | <term><varname>DefaultLimitNICE=</varname></term> | |
355 | <term><varname>DefaultLimitRTPRIO=</varname></term> | |
356 | <term><varname>DefaultLimitRTTIME=</varname></term> | |
ec8927ca | 357 | |
c93ff2e9 | 358 | <listitem><para>These settings control |
ec8927ca LP |
359 | various default resource limits for |
360 | units. See | |
c93ff2e9 FC |
361 | <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> |
362 | for details. Use the string | |
363 | <varname>infinity</varname> to | |
364 | configure no limit on a specific | |
ec8927ca | 365 | resource. These settings may be |
bb31a4ac | 366 | overridden in individual units |
ec8927ca LP |
367 | using the corresponding LimitXXX= |
368 | directives. Note that these resource | |
369 | limits are only defaults for units, | |
370 | they are not applied to PID 1 | |
371 | itself.</para></listitem> | |
c93ff2e9 | 372 | </varlistentry> |
f3e219a2 LP |
373 | </variablelist> |
374 | </refsect1> | |
375 | ||
376 | <refsect1> | |
377 | <title>See Also</title> | |
378 | <para> | |
9cc2c8b7 | 379 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
78894537 | 380 | <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
d3b1c508 LP |
381 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
382 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
383 | <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>, | |
384 | <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
f3e219a2 LP |
385 | </para> |
386 | </refsect1> | |
387 | ||
388 | </refentry> |