]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.conf.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
main: add configuration option to alter capability bounding set for PID 1
[thirdparty/systemd.git] / man / systemd.conf.xml
CommitLineData
f3e219a2
LP		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5
6<!--
7 This file is part of systemd.
8
9 Copyright 2010 Lennart Poettering
10
11 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
f3e219a2
LP		 14 (at your option) any later version.
15
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 19 Lesser General Public License for more details.
f3e219a2 20
5430f7f2 21 You should have received a copy of the GNU Lesser General Public License
f3e219a2
LP		 22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23-->
24
25<refentry id="systemd.conf">
26 <refentryinfo>
27 <title>systemd.conf</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.conf</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.conf</refname>
47 <refpurpose>systemd manager configuration file</refpurpose>
48 </refnamediv>
49
50 <refsynopsisdiv>
51 <para><filename>system.conf</filename></para>
af2d49f7 52 <para><filename>user.conf</filename></para>
f3e219a2
LP		 53 </refsynopsisdiv>
54
55 <refsect1>
56 <title>Description</title>
57
58 <para>When run as system instance systemd reads the
59 configuration file <filename>system.conf</filename>,
af2d49f7 60 otherwise <filename>user.conf</filename>. These
f3e219a2
LP		 61 configuration files contain a few settings controlling
62 basic manager operations.</para>
63
64 </refsect1>
65
66 <refsect1>
67 <title>Options</title>
68
69 <para>All options are configured in the
70 <literal>[Manager]</literal> section:</para>
71
72 <variablelist>
73
74 <varlistentry>
75 <term><varname>LogLevel=</varname></term>
76 <term><varname>LogTarget=</varname></term>
77 <term><varname>LogColor=</varname></term>
78 <term><varname>LogLocation=</varname></term>
79 <term><varname>DumpCore=yes</varname></term>
80 <term><varname>CrashShell=no</varname></term>
81 <term><varname>ShowStatus=yes</varname></term>
af2d49f7 82 <term><varname>SysVConsole=yes</varname></term>
f3e219a2 83 <term><varname>CrashChVT=1</varname></term>
706343f4 84 <term><varname>DefaultStandardOutput=journal</varname></term>
0a494f1f 85 <term><varname>DefaultStandardError=inherit</varname></term>
f3e219a2
LP		 86
87 <listitem><para>Configures various
88 parameters of basic manager
89 operation. These options may be
5471472d 90 overridden by the respective command
f3e219a2
LP		 91 line arguments. See
92 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
93 for details about these command line
94 arguments.</para></listitem>
95 </varlistentry>
96
97 <varlistentry>
98 <term><varname>CPUAffinity=</varname></term>
99
100 <listitem><para>Configures the initial
101 CPU affinity for the init
96d4ce01 102 process. Takes a space-separated list
f3e219a2 103 of CPU indexes.</para></listitem>
af2d49f7 104 </varlistentry>
06d4c99a
LP		 105
106 <varlistentry>
107 <term><varname>DefaultControllers=cpu</varname></term>
108
109 <listitem><para>Configures in which
110 cgroup controller hierarchies to
111 create per-service cgroups
112 automatically, in addition to the
113 name=systemd named hierarchy. Defaults
5471472d 114 to 'cpu'. Takes a space separated list
06d4c99a
LP		 115 of controller names. Pass an empty
116 string to ensure that systemd does not
5471472d 117 touch any hierarchies but its
06d4c99a
LP		 118 own.</para></listitem>
119 </varlistentry>
0c85a4f3
LP		 120
121 <varlistentry>
122 <term><varname>JoinControllers=cpu,cpuacct</varname></term>
123
124 <listitem><para>Configures controllers
125 that shall be mounted in a single
126 hierarchy. By default systemd will
127 mount all controllers which are
128 enabled in the kernel in individual
129 hierachies, with the exception of
130 those listed in this setting. Takes a
131 space separated list of comma
132 separated controller names, in order
133 to allow multiple joined
134 hierarchies. Defaults to
135 'cpu,cpuacct'. Pass an empty string to
136 ensure that systemd mounts all
137 controllers in separate
138 hierarchies.</para></listitem>
139 </varlistentry>
e96d6be7
LP		 140
141 <varlistentry>
142 <term><varname>RuntimeWatchdogSec=</varname></term>
143 <term><varname>ShutdownWatchdogSec=</varname></term>
144
145 <listitem><para>Configure the hardware
146 watchdog at runtime and at
147 reboot. Takes a timeout value in
148 seconds (or in other time units if
149 suffixed with <literal>ms</literal>,
150 <literal>min</literal>,
151 <literal>h</literal>,
152 <literal>d</literal>,
153 <literal>w</literal>). If
154 <varname>RuntimeWatchdogSec=</varname>
155 is set to a non-zero value the
156 watchdog hardware
157 (<filename>/dev/watchdog</filename>)
158 will be programmed to automatically
159 reboot the system if it is not
160 contacted within the specified timeout
161 interval. The system manager will
162 ensure to contact it at least once in
163 half the specified timeout
164 interval. This feature requires a
165 hardware watchdog device to be
166 present, as it is commonly the case in
167 embedded and server systems. Not all
168 hardware watchdogs allow configuration
169 of the reboot timeout, in which case
170 the closest available timeout is
171 picked. <varname>ShutdownWatchdogSec=</varname>
172 may be used to configure the hardware
173 watchdog when the system is asked to
174 reboot. It works as a safety net to
175 ensure that the reboot takes place
176 even if a clean reboot attempt times
177 out. By default
178 <varname>RuntimeWatchdogSec=</varname>
179 defaults to 0 (off), and
180 <varname>ShutdownWatchdogSec=</varname>
181 to 10min. These settings have no
182 effect if a hardware watchdog is not
183 available.</para></listitem>
184 </varlistentry>
c93ff2e9 185
ec8927ca
LP		 186 <varlistentry>
187 <term><varname>CapabilityBoundingSet=</varname></term>
188
189 <listitem><para>Controls which
190 capabilities to include in the
191 capability bounding set for PID 1 and
192 its children. See
193 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
194 for details. Takes a whitespace
195 separated list of capability names as
196 read by
197 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
198 Capabilities listed will be included
199 in the bounding set, all others are
200 removed. If the list of capabilities
201 is prefixed with ~ all but the listed
202 capabilities will be included, the
203 effect of the assignment
204 inverted. Note that this option also
205 effects the respective capabilities in
206 the effective, permitted and
207 inheritable capability sets. The
208 capability bounding set may also be
209 individually configured for units
210 using the
211 <varname>CapabilityBoundingSet=</varname>
212 directive for units, but note that
213 capabilities dropped for PID 1 cannot
214 be regained in individual units, they
215 are lost for good.</para></listitem>
216 </varlistentry>
217
c93ff2e9
FC		 218 <varlistentry>
219 <term><varname>DefaultLimitCPU=</varname></term>
220 <term><varname>DefaultLimitFSIZE=</varname></term>
221 <term><varname>DefaultLimitDATA=</varname></term>
222 <term><varname>DefaultLimitSTACK=</varname></term>
223 <term><varname>DefaultLimitCORE=</varname></term>
224 <term><varname>DefaultLimitRSS=</varname></term>
225 <term><varname>DefaultLimitNOFILE=</varname></term>
226 <term><varname>DefaultLimitAS=</varname></term>
227 <term><varname>DefaultLimitNPROC=</varname></term>
228 <term><varname>DefaultLimitMEMLOCK=</varname></term>
229 <term><varname>DefaultLimitLOCKS=</varname></term>
230 <term><varname>DefaultLimitSIGPENDING=</varname></term>
231 <term><varname>DefaultLimitMSGQUEUE=</varname></term>
232 <term><varname>DefaultLimitNICE=</varname></term>
233 <term><varname>DefaultLimitRTPRIO=</varname></term>
234 <term><varname>DefaultLimitRTTIME=</varname></term>
ec8927ca 235
c93ff2e9 236 <listitem><para>These settings control
ec8927ca
LP		 237 various default resource limits for
238 units. See
c93ff2e9
FC		 239 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
240 for details. Use the string
241 <varname>infinity</varname> to
242 configure no limit on a specific
ec8927ca
LP		 243 resource. These settings may be
244 overriden in individual units
245 using the corresponding LimitXXX=
246 directives. Note that these resource
247 limits are only defaults for units,
248 they are not applied to PID 1
249 itself.</para></listitem>
c93ff2e9 250 </varlistentry>
f3e219a2
LP		 251 </variablelist>
252 </refsect1>
253
254 <refsect1>
255 <title>See Also</title>
256 <para>
257 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
258 </para>
259 </refsect1>
260
261</refentry>
Unnamed repository; edit this file 'description' to name the repository.