]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.exec.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
systemctl: fix assertion hit by incorrect comparison
[thirdparty/systemd.git] / man / systemd.exec.xml
CommitLineData
dd1eb43b
LP		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5
6<!--
7 This file is part of systemd.
8
9 Copyright 2010 Lennart Poettering
10
11 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
dd1eb43b
LP		 14 (at your option) any later version.
15
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 19 Lesser General Public License for more details.
dd1eb43b 20
5430f7f2 21 You should have received a copy of the GNU Lesser General Public License
dd1eb43b
LP		 22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23-->
24
25<refentry id="systemd.exec">
26 <refentryinfo>
27 <title>systemd.exec</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.exec</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.exec</refname>
34511ca7 47 <refpurpose>Execution environment configuration</refpurpose>
dd1eb43b
LP		 48 </refnamediv>
49
50 <refsynopsisdiv>
51 <para><filename>systemd.service</filename>,
52 <filename>systemd.socket</filename>,
2292707d
LP		 53 <filename>systemd.mount</filename>,
54 <filename>systemd.swap</filename></para>
dd1eb43b
LP		 55 </refsynopsisdiv>
56
57 <refsect1>
58 <title>Description</title>
59
9a666408 60 <para>Unit configuration files for services, sockets,
2292707d
LP		 61 mount points and swap devices share a subset of
62 configuration options which define the execution
63 environment of spawned processes.</para>
dd1eb43b
LP		 64
65 <para>This man page lists the configuration options
9a666408 66 shared by these four unit types. See
dd1eb43b
LP		 67 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
68 for the common options of all unit configuration
69 files, and
2292707d
LP		 70 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
71 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
72 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>
dd1eb43b
LP		 73 and
74 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
75 for more information on the specific unit
76 configuration files. The execution specific
77 configuration options are configured in the [Service],
16dad32e 78 [Socket], [Mount], or [Swap] sections, depending on the unit
dd1eb43b
LP		 79 type.</para>
80 </refsect1>
81
82 <refsect1>
83 <title>Options</title>
84
85 <variablelist>
86
87 <varlistentry>
88 <term><varname>WorkingDirectory=</varname></term>
89
90 <listitem><para>Takes an absolute
91 directory path. Sets the working
e06c73cc
LP		 92 directory for executed processes. If
93 not set defaults to the root directory
94 when systemd is running as a system
95 instance and the respective user's
96 home directory if run as
97 user.</para></listitem>
dd1eb43b
LP		 98 </varlistentry>
99
100 <varlistentry>
101 <term><varname>RootDirectory=</varname></term>
102
103 <listitem><para>Takes an absolute
104 directory path. Sets the root
105 directory for executed processes, with
106 the
107 <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
108 system call. If this is used it must
109 be ensured that the process and all
110 its auxiliary files are available in
111 the <function>chroot()</function>
112 jail.</para></listitem>
113 </varlistentry>
114
115 <varlistentry>
116 <term><varname>User=</varname></term>
117 <term><varname>Group=</varname></term>
118
119 <listitem><para>Sets the Unix user
16dad32e
AE		 120 or group that the processes are executed
121 as, respectively. Takes a single user or group
dd1eb43b 122 name or ID as argument. If no group is
16dad32e 123 set, the default group of the user is
dd1eb43b
LP		 124 chosen.</para></listitem>
125 </varlistentry>
126
127 <varlistentry>
128 <term><varname>SupplementaryGroups=</varname></term>
129
130 <listitem><para>Sets the supplementary
131 Unix groups the processes are executed
96d4ce01 132 as. This takes a space separated list
dd1eb43b
LP		 133 of group names or IDs. This option may
134 be specified more than once in which
135 case all listed groups are set as
136 supplementary groups. This option does
f8553ccb 137 not override but extends the list of
dd1eb43b
LP		 138 supplementary groups configured in the
139 system group database for the
140 user.</para></listitem>
141 </varlistentry>
142
143 <varlistentry>
144 <term><varname>Nice=</varname></term>
145
146 <listitem><para>Sets the default nice
147 level (scheduling priority) for
148 executed processes. Takes an integer
149 between -20 (highest priority) and 19
150 (lowest priority). See
151 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
152 for details.</para></listitem>
153 </varlistentry>
154
155 <varlistentry>
dd6c17b1 156 <term><varname>OOMScoreAdjust=</varname></term>
dd1eb43b
LP		 157
158 <listitem><para>Sets the adjustment
159 level for the Out-Of-Memory killer for
160 executed processes. Takes an integer
dd6c17b1
LP		 161 between -1000 (to disable OOM killing
162 for this process) and 1000 (to make
dd1eb43b
LP		 163 killing of this process under memory
164 pressure very likely). See <ulink
165 url="http://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
166 for details.</para></listitem>
167 </varlistentry>
168
169 <varlistentry>
170 <term><varname>IOSchedulingClass=</varname></term>
171
172 <listitem><para>Sets the IO scheduling
173 class for executed processes. Takes an
174 integer between 0 and 3 or one of the
175 strings <option>none</option>,
176 <option>realtime</option>,
177 <option>best-effort</option> or
178 <option>idle</option>. See
179 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
180 for details.</para></listitem>
181 </varlistentry>
182
183 <varlistentry>
184 <term><varname>IOSchedulingPriority=</varname></term>
185
186 <listitem><para>Sets the IO scheduling
187 priority for executed processes. Takes
188 an integer between 0 (highest
189 priority) and 7 (lowest priority). The
190 available priorities depend on the
191 selected IO scheduling class (see
192 above). See
193 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
194 for details.</para></listitem>
195 </varlistentry>
196
197 <varlistentry>
198 <term><varname>CPUSchedulingPolicy=</varname></term>
199
200 <listitem><para>Sets the CPU
201 scheduling policy for executed
202 processes. Takes one of
203 <option>other</option>,
204 <option>batch</option>,
205 <option>idle</option>,
206 <option>fifo</option> or
207 <option>rr</option>. See
208 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
209 for details.</para></listitem>
210 </varlistentry>
211
212 <varlistentry>
213 <term><varname>CPUSchedulingPriority=</varname></term>
214
215 <listitem><para>Sets the CPU
216 scheduling priority for executed
bb112710 217 processes. The available priority
dd1eb43b 218 range depends on the selected CPU
bb112710
HHPF		 219 scheduling policy (see above). For
220 real-time scheduling policies an
221 integer between 1 (lowest priority)
222 and 99 (highest priority) can be used.
223 See <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
224 for details.
225 </para></listitem>
dd1eb43b
LP		 226 </varlistentry>
227
228 <varlistentry>
229 <term><varname>CPUSchedulingResetOnFork=</varname></term>
230
231 <listitem><para>Takes a boolean
232 argument. If true elevated CPU
233 scheduling priorities and policies
234 will be reset when the executed
235 processes fork, and can hence not leak
236 into child processes. See
237 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
238 for details. Defaults to false.</para></listitem>
239 </varlistentry>
240
241 <varlistentry>
242 <term><varname>CPUAffinity=</varname></term>
243
244 <listitem><para>Controls the CPU
245 affinity of the executed
96d4ce01 246 processes. Takes a space-separated
dd1eb43b
LP		 247 list of CPU indexes. See
248 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
249 for details.</para></listitem>
250 </varlistentry>
251
252 <varlistentry>
253 <term><varname>UMask=</varname></term>
254
255 <listitem><para>Controls the file mode
256 creation mask. Takes an access mode in
257 octal notation. See
258 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
259 for details. Defaults to
260d3708 260 0022.</para></listitem>
dd1eb43b
LP		 261 </varlistentry>
262
263 <varlistentry>
264 <term><varname>Environment=</varname></term>
265
266 <listitem><para>Sets environment
267 variables for executed
96d4ce01 268 processes. Takes a space-separated
dd1eb43b
LP		 269 list of variable assignments. This
270 option may be specified more than once
271 in which case all listed variables
272 will be set. If the same variable is
273 set twice the later setting will
274 override the earlier setting. See
275 <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
276 for details.</para></listitem>
277 </varlistentry>
278 <varlistentry>
279 <term><varname>EnvironmentFile=</varname></term>
280 <listitem><para>Similar to
281 <varname>Environment=</varname> but
282 reads the environment variables from a
283 text file. The text file should
96d4ce01 284 contain new-line separated variable
dd1eb43b
LP		 285 assignments. Empty lines and lines
286 starting with ; or # will be ignored,
afe4bfe2 287 which may be used for commenting. The
7734f773
BS		 288 parser strips leading and
289 trailing whitespace from the values
290 of assignments, unless you use
291 double quotes (").
292 The
afe4bfe2 293 argument passed should be an absolute
2bef10ab 294 file name or wildcard expression, optionally prefixed with
afe4bfe2
LP		 295 "-", which indicates that if the file
296 does not exist it won't be read and no
297 error or warning message is
f1779fd2
LP		 298 logged. The files listed with this
299 directive will be read shortly before
300 the process is executed. Settings from
301 these files override settings made
302 with
303 <varname>Environment=</varname>. If
304 the same variable is set twice from
305 these files the files will be read in
306 the order they are specified and the
307 later setting will override the
308 earlier setting. </para></listitem>
dd1eb43b
LP		 309 </varlistentry>
310
311 <varlistentry>
312 <term><varname>StandardInput=</varname></term>
313 <listitem><para>Controls where file
314 descriptor 0 (STDIN) of the executed
315 processes is connected to. Takes one
316 of <option>null</option>,
317 <option>tty</option>,
318 <option>tty-force</option>,
319 <option>tty-fail</option> or
320 <option>socket</option>. If
321 <option>null</option> is selected
322 standard input will be connected to
323 <filename>/dev/null</filename>,
324 i.e. all read attempts by the process
325 will result in immediate EOF. If
326 <option>tty</option> is selected
327 standard input is connected to a TTY
328 (as configured by
329 <varname>TTYPath=</varname>, see
330 below) and the executed process
331 becomes the controlling process of the
332 terminal. If the terminal is already
f8553ccb
AE		 333 being controlled by another process the
334 executed process waits until the current
335 controlling process releases the
336 terminal.
337 <option>tty-force</option>
dd1eb43b
LP		 338 is similar to <option>tty</option>,
339 but the executed process is forcefully
340 and immediately made the controlling
341 process of the terminal, potentially
342 removing previous controlling
343 processes from the
344 terminal. <option>tty-fail</option> is
345 similar to <option>tty</option> but if
346 the terminal already has a controlling
347 process start-up of the executed
348 process fails. The
349 <option>socket</option> option is only
350 valid in socket-activated services,
351 and only when the socket configuration
352 file (see
353 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
354 for details) specifies a single socket
355 only. If this option is set standard
356 input will be connected to the socket
357 the service was activated from, which
358 is primarily useful for compatibility
359 with daemons designed for use with the
360 traditional
361 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
362 daemon. This setting defaults to
363 <option>null</option>.</para></listitem>
364 </varlistentry>
365 <varlistentry>
366 <term><varname>StandardOutput=</varname></term>
367 <listitem><para>Controls where file
368 descriptor 1 (STDOUT) of the executed
369 processes is connected to. Takes one
370 of <option>inherit</option>,
371 <option>null</option>,
372 <option>tty</option>,
373 <option>syslog</option>,
28dbc1e8 374 <option>kmsg</option>,
706343f4
LP		 375 <option>journal</option>,
376 <option>syslog+console</option>,
28dbc1e8 377 <option>kmsg+console</option>,
706343f4 378 <option>journal+console</option> or
dd1eb43b
LP		 379 <option>socket</option>. If set to
380 <option>inherit</option> the file
381 descriptor of standard input is
382 duplicated for standard output. If set
383 to <option>null</option> standard
384 output will be connected to
385 <filename>/dev/null</filename>,
386 i.e. everything written to it will be
387 lost. If set to <option>tty</option>
388 standard output will be connected to a
389 tty (as configured via
390 <varname>TTYPath=</varname>, see
391 below). If the TTY is used for output
392 only the executed process will not
393 become the controlling process of the
394 terminal, and will not fail or wait
395 for other processes to release the
396 terminal. <option>syslog</option>
397 connects standard output to the
398 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
346bce1f
LP		 399 system syslog
400 service. <option>kmsg</option>
dd1eb43b
LP		 401 connects it with the kernel log buffer
402 which is accessible via
706343f4
LP		 403 <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>journal</option>
404 connects it with the journal which is
405 accessible via
169c4f65 406 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
706343f4
LP		 407 (Note that everything that is written
408 to syslog or kmsg is implicitly stored
409 in the journal as well, those options
410 are hence supersets of this
411 one). <option>syslog+console</option>,
412 <option>journal+console</option> and
413 <option>kmsg+console</option> work
28dbc1e8
LP		 414 similarly but copy the output to the
415 system console as
416 well. <option>socket</option> connects
417 standard output to a socket from
418 socket activation, semantics are
dd1eb43b
LP		 419 similar to the respective option of
420 <varname>StandardInput=</varname>.
de6c78f8
LP		 421 This setting defaults to the value set
422 with
423 <option>DefaultStandardOutput=</option>
424 in
425 <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
426 which defaults to
706343f4 427 <option>journal</option>.</para></listitem>
dd1eb43b
LP		 428 </varlistentry>
429 <varlistentry>
ad678a06 430 <term><varname>StandardError=</varname></term>
dd1eb43b
LP		 431 <listitem><para>Controls where file
432 descriptor 2 (STDERR) of the executed
433 processes is connected to. The
434 available options are identical to
435 those of
ad678a06 436 <varname>StandardOutput=</varname>,
5471472d 437 with one exception: if set to
dd1eb43b
LP		 438 <option>inherit</option> the file
439 descriptor used for standard output is
440 duplicated for standard error. This
de6c78f8
LP		 441 setting defaults to the value set with
442 <option>DefaultStandardError=</option>
443 in
444 <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
445 which defaults to
dd1eb43b
LP		 446 <option>inherit</option>.</para></listitem>
447 </varlistentry>
448 <varlistentry>
449 <term><varname>TTYPath=</varname></term>
450 <listitem><para>Sets the terminal
451 device node to use if standard input,
452 output or stderr are connected to a
453 TTY (see above). Defaults to
454 <filename>/dev/console</filename>.</para></listitem>
455 </varlistentry>
6ea832a2
LP		 456 <varlistentry>
457 <term><varname>TTYReset=</varname></term>
458 <listitem><para>Reset the terminal
459 device specified with
460 <varname>TTYPath=</varname> before and
461 after execution. Defaults to
462 <literal>no</literal>.</para></listitem>
463 </varlistentry>
464 <varlistentry>
465 <term><varname>TTYVHangup=</varname></term>
466 <listitem><para>Disconnect all clients
467 which have opened the terminal device
468 specified with
469 <varname>TTYPath=</varname>
470 before and after execution. Defaults
471 to
472 <literal>no</literal>.</para></listitem>
473 </varlistentry>
474 <varlistentry>
475 <term><varname>TTYVTDisallocate=</varname></term>
c5315881 476 <listitem><para>If the terminal
6ea832a2
LP		 477 device specified with
478 <varname>TTYPath=</varname> is a
479 virtual console terminal try to
480 deallocate the TTY before and after
481 execution. This ensures that the
482 screen and scrollback buffer is
483 cleared. Defaults to
484 <literal>no</literal>.</para></listitem>
485 </varlistentry>
dd1eb43b 486 <varlistentry>
48c4fad9 487 <term><varname>SyslogIdentifier=</varname></term>
dd1eb43b
LP		 488 <listitem><para>Sets the process name
489 to prefix log lines sent to syslog or
490 the kernel log buffer with. If not set
491 defaults to the process name of the
492 executed process. This option is only
493 useful when
494 <varname>StandardOutput=</varname> or
495 <varname>StandardError=</varname> are
496 set to <option>syslog</option> or
497 <option>kmsg</option>.</para></listitem>
498 </varlistentry>
499 <varlistentry>
500 <term><varname>SyslogFacility=</varname></term>
501 <listitem><para>Sets the syslog
502 facility to use when logging to
503 syslog. One of <option>kern</option>,
504 <option>user</option>,
505 <option>mail</option>,
506 <option>daemon</option>,
507 <option>auth</option>,
508 <option>syslog</option>,
509 <option>lpr</option>,
510 <option>news</option>,
511 <option>uucp</option>,
512 <option>cron</option>,
513 <option>authpriv</option>,
514 <option>ftp</option>,
515 <option>local0</option>,
516 <option>local1</option>,
517 <option>local2</option>,
518 <option>local3</option>,
519 <option>local4</option>,
520 <option>local5</option>,
521 <option>local6</option> or
522 <option>local7</option>. See
523 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
524 for details. This option is only
525 useful when
526 <varname>StandardOutput=</varname> or
527 <varname>StandardError=</varname> are
528 set to <option>syslog</option>.
529 Defaults to
530 <option>daemon</option>.</para></listitem>
531 </varlistentry>
532 <varlistentry>
533 <term><varname>SyslogLevel=</varname></term>
534 <listitem><para>Default syslog level
535 to use when logging to syslog or the
536 kernel log buffer. One of
537 <option>emerg</option>,
538 <option>alert</option>,
539 <option>crit</option>,
540 <option>err</option>,
541 <option>warning</option>,
542 <option>notice</option>,
543 <option>info</option>,
544 <option>debug</option>. See
545 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
546 for details. This option is only
547 useful when
548 <varname>StandardOutput=</varname> or
549 <varname>StandardError=</varname> are
550 set to <option>syslog</option> or
551 <option>kmsg</option>. Note that
552 individual lines output by the daemon
553 might be prefixed with a different log
554 level which can be used to override
555 the default log level specified
556 here. The interpretation of these
557 prefixes may be disabled with
74922904 558 <varname>SyslogLevelPrefix=</varname>,
dd1eb43b 559 see below. For details see
cb07866b 560 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
dd1eb43b
LP		 561
562 Defaults to
563 <option>info</option>.</para></listitem>
564 </varlistentry>
565
566 <varlistentry>
74922904 567 <term><varname>SyslogLevelPrefix=</varname></term>
dd1eb43b 568 <listitem><para>Takes a boolean
74922904 569 argument. If true and
dd1eb43b
LP		 570 <varname>StandardOutput=</varname> or
571 <varname>StandardError=</varname> are
df688b23
LP		 572 set to <option>syslog</option>,
573 <option>kmsg</option> or
574 <option>journal</option>, log lines
dd1eb43b
LP		 575 written by the executed process that
576 are prefixed with a log level will be
577 passed on to syslog with this log
578 level set but the prefix removed. If
74922904 579 set to false, the interpretation of
dd1eb43b
LP		 580 these prefixes is disabled and the
581 logged lines are passed on as-is. For
582 details about this prefixing see
cb07866b 583 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
74922904 584 Defaults to true.</para></listitem>
dd1eb43b
LP		 585 </varlistentry>
586
587 <varlistentry>
03fae018 588 <term><varname>TimerSlackNSec=</varname></term>
dd1eb43b
LP		 589 <listitem><para>Sets the timer slack
590 in nanoseconds for the executed
d88a251b
LP		 591 processes. The timer slack controls
592 the accuracy of wake-ups triggered by
03fae018 593 timers. See
dd1eb43b 594 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
03fae018
LP		 595 for more information. Note that in
596 contrast to most other time span
f8553ccb 597 definitions this parameter takes an
d88a251b
LP		 598 integer value in nano-seconds if no
599 unit is specified. The usual time
600 units are understood
601 too.</para></listitem>
dd1eb43b
LP		 602 </varlistentry>
603
604 <varlistentry>
605 <term><varname>LimitCPU=</varname></term>
606 <term><varname>LimitFSIZE=</varname></term>
607 <term><varname>LimitDATA=</varname></term>
608 <term><varname>LimitSTACK=</varname></term>
609 <term><varname>LimitCORE=</varname></term>
610 <term><varname>LimitRSS=</varname></term>
611 <term><varname>LimitNOFILE=</varname></term>
612 <term><varname>LimitAS=</varname></term>
613 <term><varname>LimitNPROC=</varname></term>
614 <term><varname>LimitMEMLOCK=</varname></term>
615 <term><varname>LimitLOCKS=</varname></term>
616 <term><varname>LimitSIGPENDING=</varname></term>
617 <term><varname>LimitMSGQUEUE=</varname></term>
618 <term><varname>LimitNICE=</varname></term>
619 <term><varname>LimitRTPRIO=</varname></term>
620 <term><varname>LimitRTTIME=</varname></term>
621 <listitem><para>These settings control
622 various resource limits for executed
623 processes. See
624 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
3d57c6ab
LP		 625 for details. Use the string
626 <varname>infinity</varname> to
627 configure no limit on a specific
628 resource.</para></listitem>
dd1eb43b
LP		 629 </varlistentry>
630
631 <varlistentry>
632 <term><varname>PAMName=</varname></term>
633 <listitem><para>Sets the PAM service
634 name to set up a session as. If set
635 the executed process will be
636 registered as a PAM session under the
637 specified service name. This is only
638 useful in conjunction with the
639 <varname>User=</varname> setting. If
640 not set no PAM session will be opened
641 for the executed processes. See
642 <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
643 for details.</para></listitem>
644 </varlistentry>
645
646 <varlistentry>
647 <term><varname>TCPWrapName=</varname></term>
648 <listitem><para>If this is a
649 socket-activated service this sets the
650 tcpwrap service name to check the
651 permission for the current connection
652 with. This is only useful in
653 conjunction with socket-activated
654 services, and stream sockets (TCP) in
655 particular. It has no effect on other
9f056f40
LP		 656 socket types (e.g. datagram/UDP) and
657 on processes unrelated to socket-based
dd1eb43b
LP		 658 activation. If the tcpwrap
659 verification fails daemon start-up
660 will fail and the connection is
661 terminated. See
662 <citerefentry><refentrytitle>tcpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
9f056f40
LP		 663 for details. Note that this option may
664 be used to do access control checks
665 only. Shell commands and commands
666 described in
667 <citerefentry><refentrytitle>hosts_options</refentrytitle><manvolnum>5</manvolnum></citerefentry>
668 are not supported.</para></listitem>
dd1eb43b
LP		 669 </varlistentry>
670
671 <varlistentry>
260abb78
LP		 672 <term><varname>CapabilityBoundingSet=</varname></term>
673
674 <listitem><para>Controls which
675 capabilities to include in the
676 capability bounding set for the
677 executed process. See
dd1eb43b 678 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
260abb78 679 for details. Takes a whitespace
9f7dad77 680 separated list of capability names as
260abb78
LP		 681 read by
682 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
683 Capabilities listed will be included
684 in the bounding set, all others are
685 removed. If the list of capabilities
686 is prefixed with ~ all but the listed
687 capabilities will be included, the
5f4b19f4 688 effect of the assignment
ec8927ca
LP		 689 inverted. Note that this option also
690 effects the respective capabilities in
691 the effective, permitted and
692 inheritable capability sets, on top of
693 what <varname>Capabilities=</varname>
694 does. If this option is not used the
260abb78
LP		 695 capability bounding set is not
696 modified on process execution, hence
697 no limits on the capabilities of the
ec8927ca
LP		 698 process are
699 enforced.</para></listitem>
dd1eb43b
LP		 700 </varlistentry>
701
702 <varlistentry>
703 <term><varname>SecureBits=</varname></term>
704 <listitem><para>Controls the secure
705 bits set for the executed process. See
706 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
707 for details. Takes a list of strings:
708 <option>keep-caps</option>,
709 <option>keep-caps-locked</option>,
710 <option>no-setuid-fixup</option>,
711 <option>no-setuid-fixup-locked</option>,
3377af3e
LP		 712 <option>noroot</option> and/or
713 <option>noroot-locked</option>.
dd1eb43b
LP		 714 </para></listitem>
715 </varlistentry>
716
717 <varlistentry>
260abb78 718 <term><varname>Capabilities=</varname></term>
dd1eb43b 719 <listitem><para>Controls the
dd1eb43b 720 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
260abb78
LP		 721 set for the executed process. Take a
722 capability string describing the
723 effective, permitted and inherited
724 capability sets as documented in
725 <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
726 Note that these capability sets are
727 usually influenced by the capabilities
728 attached to the executed file. Due to
729 that
730 <varname>CapabilityBoundingSet=</varname>
731 is probably the much more useful
732 setting.</para></listitem>
dd1eb43b
LP		 733 </varlistentry>
734
735 <varlistentry>
736 <term><varname>ControlGroup=</varname></term>
737
738 <listitem><para>Controls the control
739 groups the executed processes shall be
ad678a06 740 made members of. Takes a
96d4ce01 741 space-separated list of cgroup
dd1eb43b
LP		 742 identifiers. A cgroup identifier has a
743 format like
744 <filename>cpu:/foo/bar</filename>,
745 where "cpu" identifies the kernel
746 control group controller used, and
747 <filename>/foo/bar</filename> is the
ab1f0633
LP		 748 control group path. The controller
749 name and ":" may be omitted in which
750 case the named systemd control group
dd1eb43b
LP		 751 hierarchy is implied. Alternatively,
752 the path and ":" may be omitted, in
753 which case the default control group
754 path for this unit is implied. This
755 option may be used to place executed
756 processes in arbitrary groups in
9f7dad77 757 arbitrary hierarchies -- which can be
ab1f0633
LP		 758 configured externally with additional
759 execution limits. By default systemd
760 will place all executed processes in
761 separate per-unit control groups
762 (named after the unit) in the systemd
763 named hierarchy. Since every process
764 can be in one group per hierarchy only
765 overriding the control group path in
766 the named systemd hierarchy will
767 disable automatic placement in the
768 default group. This option is
769 primarily intended to place executed
770 processes in specific paths in
771 specific kernel controller
772 hierarchies. It is however not
773 recommended to manipulate the service
774 control group path in the systemd
775 named hierarchy. For details about
776 control groups see <ulink
dd1eb43b
LP		 777 url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>.</para></listitem>
778 </varlistentry>
779
ab1f0633
LP		 780 <varlistentry>
781 <term><varname>ControlGroupModify=</varname></term>
782 <listitem><para>Takes a boolean
783 argument. If true, the control groups
784 created for this unit will be owned by
785 the user specified with
786 <varname>User=</varname> (and the
787 appropriate group), and he/she can create
788 subgroups as well as add processes to
789 the group.</para></listitem>
790 </varlistentry>
791
8d53b453 792 <varlistentry>
891703e1 793 <term><varname>ControlGroupPersistent=</varname></term>
8d53b453
LP		 794 <listitem><para>Takes a boolean
795 argument. If true, the control groups
796 created for this unit will be marked
891703e1 797 to be persistent, i.e. systemd will
8d53b453
LP		 798 not remove them when stopping the
799 unit. The default is false, meaning
800 that the control groups will be
801 removed when the unit is stopped. For
802 details about the semantics of this
803 logic see <ulink
804 url="http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups">PaxControlGroups</ulink>.</para></listitem>
805 </varlistentry>
806
ab1f0633
LP		 807 <varlistentry>
808 <term><varname>ControlGroupAttribute=</varname></term>
809
810 <listitem><para>Set a specific control
811 group attribute for executed
c5315881 812 processes, and (if needed) add the
ab1f0633
LP		 813 executed processes to a cgroup in the
814 hierarchy of the controller the
815 attribute belongs to. Takes two
816 space-separated arguments: the
817 attribute name (syntax is
818 <literal>cpu.shares</literal> where
819 <literal>cpu</literal> refers to a
820 specific controller and
821 <literal>shares</literal> to the
822 attribute name), and the attribute
823 value. Example:
824 <literal>ControlGroupAttribute=cpu.shares
825 512</literal>. If this option is used
826 for an attribute that belongs to a
827 kernel controller hierarchy the unit
828 is not already configured to be added
829 to (for example via the
830 <literal>ControlGroup=</literal>
831 option) then the unit will be added to
832 the controller and the default unit
833 cgroup path is implied. Thus, using
834 <varname>ControlGroupAttribute=</varname>
835 is in most case sufficient to make use
836 of control group enforcements,
837 explicit
838 <varname>ControlGroup=</varname> are
839 only necessary in case the implied
840 default control group path for a
841 service is not desirable. For details
842 about control group attributes see
843 <ulink
844 url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>. This
845 option may appear more than once, in
846 order to set multiple control group
847 attributes.</para></listitem>
848 </varlistentry>
849
850 <varlistentry>
851 <term><varname>CPUShares=</varname></term>
852
853 <listitem><para>Assign the specified
9e372868
LP		 854 overall CPU time shares to the
855 processes executed. Takes an integer
856 value. This controls the
ab1f0633 857 <literal>cpu.shares</literal> control
9e372868
LP		 858 group attribute, which defaults to
859 1024. For details about this control
860 group attribute see <ulink
ab1f0633
LP		 861 url="http://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.</para></listitem>
862 </varlistentry>
863
864 <varlistentry>
865 <term><varname>MemoryLimit=</varname></term>
866 <term><varname>MemorySoftLimit=</varname></term>
867
868 <listitem><para>Limit the overall memory usage
869 of the executed processes to a certain
870 size. Takes a memory size in bytes. If
871 the value is suffixed with K, M, G or
872 T the specified memory size is parsed
9e372868 873 as Kilobytes, Megabytes, Gigabytes,
16dad32e
AE		 874 or Terabytes (to the base
875 1024), respectively. This controls the
ab1f0633
LP		 876 <literal>memory.limit_in_bytes</literal>
877 and
878 <literal>memory.soft_limit_in_bytes</literal>
879 control group attributes. For details
880 about these control group attributes
881 see <ulink
882 url="http://www.kernel.org/doc/Documentation/cgroups/memory.txt">memory.txt</ulink>.</para></listitem>
883 </varlistentry>
884
885 <varlistentry>
886 <term><varname>DeviceAllow=</varname></term>
887 <term><varname>DeviceDeny=</varname></term>
888
889 <listitem><para>Control access to
890 specific device nodes by the executed processes. Takes two
891 space separated strings: a device node
892 path (such as
893 <filename>/dev/null</filename>)
894 followed by a combination of r, w, m
16dad32e 895 to control reading, writing, or
ab1f0633 896 creating of the specific device node
16dad32e 897 by the unit, respectively. This controls the
ab1f0633
LP		 898 <literal>devices.allow</literal>
899 and
900 <literal>devices.deny</literal>
901 control group attributes. For details
902 about these control group attributes
903 see <ulink
904 url="http://www.kernel.org/doc/Documentation/cgroups/devices.txt">devices.txt</ulink>.</para></listitem>
905 </varlistentry>
906
9e372868
LP		 907 <varlistentry>
908 <term><varname>BlockIOWeight=</varname></term>
909
910 <listitem><para>Set the default or
911 per-device overall block IO weight
912 value for the executed
913 processes. Takes either a single
914 weight value (between 10 and 1000) to
915 set the default block IO weight, or a
94959f0f
LP		 916 space separated pair of a file path
917 and a weight value to specify the
9e372868 918 device specific weight value (Example:
94959f0f
LP		 919 "/dev/sda 500"). The file path may be
920 specified as path to a block device
921 node or as any other file in which
922 case the backing block device of the
923 file system of the file is
924 determined. This controls the
9e372868
LP		 925 <literal>blkio.weight</literal> and
926 <literal>blkio.weight_device</literal>
927 control group attributes, which
928 default to 1000. Use this option
929 multiple times to set weights for
930 multiple devices. For details about
931 these control group attributes see
932 <ulink
933 url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
934 </varlistentry>
935
936 <varlistentry>
937 <term><varname>BlockIOReadBandwidth=</varname></term>
938 <term><varname>BlockIOWriteBandwidth=</varname></term>
939
940 <listitem><para>Set the per-device
49f43d5f 941 overall block IO bandwidth limit for
94959f0f
LP		 942 the executed processes. Takes a space
943 separated pair of a file path and a
49f43d5f 944 bandwidth value (in bytes per second)
94959f0f
LP		 945 to specify the device specific
946 bandwidth. The file path may be
947 specified as path to a block device
948 node or as any other file in which
949 case the backing block device of the
950 file system of the file is determined.
49f43d5f
VS		 951 If the bandwidth is suffixed with K, M,
952 G, or T the specified bandwidth is
94959f0f 953 parsed as Kilobytes, Megabytes,
16dad32e 954 Gigabytes, or Terabytes, respectively (Example:
94959f0f
LP		 955 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
956 5M"). This controls the
9e372868
LP		 957 <literal>blkio.read_bps_device</literal>
958 and
959 <literal>blkio.write_bps_device</literal>
960 control group attributes. Use this
49f43d5f 961 option multiple times to set bandwidth
9e372868
LP		 962 limits for multiple devices. For
963 details about these control group
964 attributes see <ulink
965 url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
966 </varlistentry>
967
dd1eb43b
LP		 968 <varlistentry>
969 <term><varname>ReadWriteDirectories=</varname></term>
970 <term><varname>ReadOnlyDirectories=</varname></term>
971 <term><varname>InaccessibleDirectories=</varname></term>
972
973 <listitem><para>Sets up a new
974 file-system name space for executed
975 processes. These options may be used
976 to limit access a process might have
977 to the main file-system
978 hierarchy. Each setting takes a
96d4ce01 979 space-separated list of absolute
dd1eb43b
LP		 980 directory paths. Directories listed in
981 <varname>ReadWriteDirectories=</varname>
982 are accessible from within the
983 namespace with the same access rights
984 as from outside. Directories listed in
985 <varname>ReadOnlyDirectories=</varname>
986 are accessible for reading only,
987 writing will be refused even if the
988 usual file access controls would
989 permit this. Directories listed in
990 <varname>InaccessibleDirectories=</varname>
9f7dad77 991 will be made inaccessible for processes
dd1eb43b
LP		 992 inside the namespace. Note that
993 restricting access with these options
994 does not extend to submounts of a
995 directory. You must list submounts
5471472d 996 separately in these settings to
dd1eb43b
LP		 997 ensure the same limited access. These
998 options may be specified more than
999 once in which case all directories
1000 listed will have limited access from
1001 within the
1002 namespace.</para></listitem>
1003 </varlistentry>
1004
1005 <varlistentry>
1006 <term><varname>PrivateTmp=</varname></term>
1007
1008 <listitem><para>Takes a boolean
ff01d048
LP		 1009 argument. If true sets up a new file
1010 system namespace for the executed
1011 processes and mounts a private
dd1eb43b
LP		 1012 <filename>/tmp</filename> directory
1013 inside it, that is not shared by
1014 processes outside of the
1015 namespace. This is useful to secure
1016 access to temporary files of the
1017 process, but makes sharing between
1018 processes via
1019 <filename>/tmp</filename>
ff01d048
LP		 1020 impossible. Defaults to
1021 false.</para></listitem>
1022 </varlistentry>
1023
1024 <varlistentry>
1025 <term><varname>PrivateNetwork=</varname></term>
1026
1027 <listitem><para>Takes a boolean
1028 argument. If true sets up a new
1029 network namespace for the executed
1030 processes and configures only the
1031 loopback network device
1032 <literal>lo</literal> inside it. No
1033 other network devices will be
1034 available to the executed process.
1035 This is useful to securely turn off
1036 network access by the executed
1037 process. Defaults to
1038 false.</para></listitem>
dd1eb43b
LP		 1039 </varlistentry>
1040
1041 <varlistentry>
1042 <term><varname>MountFlags=</varname></term>
1043
1044 <listitem><para>Takes a mount
1045 propagation flag:
1046 <option>shared</option>,
1047 <option>slave</option> or
1048 <option>private</option>, which
ac0930c8
LP		 1049 control whether the file system
1050 namespace set up for this unit's
1051 processes will receive or propagate
1052 new mounts. See
8050c221 1053 <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
ac0930c8
LP		 1054 for details. Default to
1055 <option>shared</option>.</para></listitem>
dd1eb43b
LP		 1056 </varlistentry>
1057
169c1bda
LP		 1058 <varlistentry>
1059 <term><varname>UtmpIdentifier=</varname></term>
1060
c5315881 1061 <listitem><para>Takes a four
169c1bda
LP		 1062 character identifier string for an
1063 utmp/wtmp entry for this service. This
1064 should only be set for services such
1065 as <command>getty</command>
1066 implementations where utmp/wtmp
1067 entries must be created and cleared
1068 before and after execution. If the
1069 configured string is longer than four
1070 characters it is truncated and the
1071 terminal four characters are
1072 used. This setting interprets %I style
1073 string replacements. This setting is
1074 unset by default, i.e. no utmp/wtmp
1075 entries are created or cleaned up for
1076 this service.</para></listitem>
1077 </varlistentry>
1078
353e12c2
LP		 1079 <varlistentry>
1080 <term><varname>IgnoreSIGPIPE=</varname></term>
1081
1082 <listitem><para>Takes a boolean
1083 argument. If true causes SIGPIPE to be
1084 ignored in the executed
1085 process. Defaults to true, since
1086 SIGPIPE generally is useful only in
1087 shell pipelines.</para></listitem>
1088 </varlistentry>
1089
8351ceae
LP		 1090 <varlistentry>
1091 <term><varname>NoNewPrivileges=</varname></term>
1092
1093 <listitem><para>Takes a boolean
1094 argument. If true ensures that the
1095 service process and all its children
1096 can never gain new privileges. This
1097 option is more powerful than the respective
1098 secure bits flags (see above), as it
1099 also prohibits UID changes of any
1100 kind. This is the simplest, most
1101 effective way to ensure that a process
1102 and its children can never elevate
1103 privileges again.</para></listitem>
1104 </varlistentry>
1105
1106 <varlistentry>
1107 <term><varname>SystemCallFilter=</varname></term>
1108
1109 <listitem><para>Takes a space
1110 separated list of system call
1111 names. If this setting is used all
1112 system calls executed by the unit
1113 process except for the listed ones
1114 will result in immediate process
1115 termination with the SIGSYS signal
1116 (whitelisting). If the first character
1117 of the list is <literal>~</literal>
1118 the effect is inverted: only the
1119 listed system calls will result in
1120 immediate process termination
1121 (blacklisting). If this option is used
1122 <varname>NoNewPrivileges=yes</varname>
1123 is implied. This feature makes use of
1124 the Secure Computing Mode 2 interfaces
1125 of the kernel ('seccomp filtering')
1126 and is useful for enforcing a minimal
1127 sandboxing environment. Note that the
1128 <function>execve</function>,
1129 <function>rt_sigreturn</function>,
1130 <function>sigreturn</function>,
1131 <function>exit_group</function>,
1132 <function>exit</function> system calls
1133 are implicitly whitelisted and don't
1134 need to be listed
1135 explicitly.</para></listitem>
1136 </varlistentry>
1137
dd1eb43b
LP		 1138 </variablelist>
1139 </refsect1>
1140
1141 <refsect1>
1142 <title>See Also</title>
1143 <para>
f3e219a2 1144 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
dd1eb43b 1145 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
169c4f65 1146 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
dd1eb43b
LP		 1147 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1148 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1149 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
2292707d 1150 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
4819ff03 1151 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
9cc2c8b7
ZJS		 1152 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1153 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
dd1eb43b
LP		 1154 </para>
1155 </refsect1>
1156
1157</refentry>
Unnamed repository; edit this file 'description' to name the repository.