]>
Commit | Line | Data |
---|---|---|
514094f9 | 1 | <?xml version='1.0'?> |
3a54a157 ZJS |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
0307f791 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1+ --> |
d868475a | 5 | |
5403e153 | 6 | <refentry id="systemd.resource-control" xmlns:xi="http://www.w3.org/2001/XInclude"> |
d868475a | 7 | <refentryinfo> |
3fde5f30 | 8 | <title>systemd.resource-control</title> |
d868475a | 9 | <productname>systemd</productname> |
d868475a ZJS |
10 | </refentryinfo> |
11 | ||
12 | <refmeta> | |
3fde5f30 | 13 | <refentrytitle>systemd.resource-control</refentrytitle> |
d868475a ZJS |
14 | <manvolnum>5</manvolnum> |
15 | </refmeta> | |
16 | ||
17 | <refnamediv> | |
3fde5f30 LP |
18 | <refname>systemd.resource-control</refname> |
19 | <refpurpose>Resource control unit settings</refpurpose> | |
d868475a ZJS |
20 | </refnamediv> |
21 | ||
22 | <refsynopsisdiv> | |
23 | <para> | |
24 | <filename><replaceable>slice</replaceable>.slice</filename>, | |
25 | <filename><replaceable>scope</replaceable>.scope</filename>, | |
26 | <filename><replaceable>service</replaceable>.service</filename>, | |
27 | <filename><replaceable>socket</replaceable>.socket</filename>, | |
28 | <filename><replaceable>mount</replaceable>.mount</filename>, | |
29 | <filename><replaceable>swap</replaceable>.swap</filename> | |
30 | </para> | |
31 | </refsynopsisdiv> | |
32 | ||
33 | <refsect1> | |
34 | <title>Description</title> | |
35 | ||
c7458f93 LP |
36 | <para>Unit configuration files for services, slices, scopes, sockets, mount points, and swap devices share a subset |
37 | of configuration options for resource control of spawned processes. Internally, this relies on the Linux Control | |
38 | Groups (cgroups) kernel concept for organizing processes in a hierarchical tree of named groups for the purpose of | |
39 | resource management.</para> | |
9365b048 | 40 | |
d868475a ZJS |
41 | <para>This man page lists the configuration options shared by |
42 | those six unit types. See | |
43 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
44 | for the common options of all unit configuration files, and | |
45 | <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
46 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
47 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
48 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
49 | <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
50 | and | |
51 | <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
52 | for more information on the specific unit configuration files. The | |
3fde5f30 | 53 | resource control configuration options are configured in the |
d868475a ZJS |
54 | [Slice], [Scope], [Service], [Socket], [Mount], or [Swap] |
55 | sections, depending on the unit type.</para> | |
ea021cc3 | 56 | |
74b47bbd ZJS |
57 | <para>In addition, options which control resources available to programs |
58 | <emphasis>executed</emphasis> by systemd are listed in | |
59 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. | |
60 | Those options complement options listed here.</para> | |
61 | ||
ea021cc3 | 62 | <para>See the <ulink |
28a0ad81 | 63 | url="https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/">New |
72f4d966 | 64 | Control Group Interfaces</ulink> for an introduction on how to make |
ea021cc3 | 65 | use of resource control APIs from programs.</para> |
d868475a ZJS |
66 | </refsect1> |
67 | ||
c129bd5d | 68 | <refsect1> |
45f09f93 | 69 | <title>Implicit Dependencies</title> |
c129bd5d | 70 | |
45f09f93 JL |
71 | <para>The following dependencies are implicitly added:</para> |
72 | ||
73 | <itemizedlist> | |
74 | <listitem><para>Units with the <varname>Slice=</varname> setting set automatically acquire | |
75 | <varname>Requires=</varname> and <varname>After=</varname> dependencies on the specified | |
76 | slice unit.</para></listitem> | |
77 | </itemizedlist> | |
c129bd5d LP |
78 | </refsect1> |
79 | ||
45f09f93 JL |
80 | <!-- We don't have any default dependency here. --> |
81 | ||
538b4852 TH |
82 | <refsect1> |
83 | <title>Unified and Legacy Control Group Hierarchies</title> | |
84 | ||
bb6d563a ZJS |
85 | <para>The unified control group hierarchy is the new version of kernel control group interface, see |
86 | <ulink url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html">Control Groups v2</ulink>. | |
87 | Depending on the resource type, there are differences in resource control capabilities. Also, because of | |
88 | interface changes, some resource types have separate set of options on the unified hierarchy.</para> | |
538b4852 TH |
89 | |
90 | <para> | |
91 | <variablelist> | |
66ebf6c0 | 92 | |
538b4852 | 93 | <varlistentry> |
f8b68539 | 94 | <term>CPU</term> |
538b4852 | 95 | <listitem> |
66ebf6c0 TH |
96 | <para><varname>CPUWeight=</varname> and <varname>StartupCPUWeight=</varname> replace |
97 | <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>, respectively.</para> | |
98 | ||
99 | <para>The <literal>cpuacct</literal> controller does not exist separately on the unified hierarchy.</para> | |
538b4852 TH |
100 | </listitem> |
101 | </varlistentry> | |
66ebf6c0 | 102 | |
da4d897e | 103 | <varlistentry> |
f8b68539 | 104 | <term>Memory</term> |
da4d897e | 105 | <listitem> |
328583db LP |
106 | <para><varname>MemoryMax=</varname> replaces <varname>MemoryLimit=</varname>. <varname>MemoryLow=</varname> |
107 | and <varname>MemoryHigh=</varname> are effective only on unified hierarchy.</para> | |
da4d897e TH |
108 | </listitem> |
109 | </varlistentry> | |
66ebf6c0 TH |
110 | |
111 | <varlistentry> | |
f8b68539 | 112 | <term>IO</term> |
66ebf6c0 | 113 | <listitem> |
f8b68539 ZJS |
114 | <para><literal>IO</literal>-prefixed settings are a superset of and replace |
115 | <literal>BlockIO</literal>-prefixed ones. On unified hierarchy, IO resource control also applies | |
116 | to buffered writes.</para> | |
66ebf6c0 TH |
117 | </listitem> |
118 | </varlistentry> | |
119 | ||
538b4852 TH |
120 | </variablelist> |
121 | </para> | |
122 | ||
7d862ab8 TH |
123 | <para>To ease the transition, there is best-effort translation between the two versions of settings. For each |
124 | controller, if any of the settings for the unified hierarchy are present, all settings for the legacy hierarchy are | |
125 | ignored. If the resulting settings are for the other type of hierarchy, the configurations are translated before | |
126 | application.</para> | |
c23b2c70 MR |
127 | |
128 | <para>Legacy control group hierarchy (see <ulink | |
bb6d563a ZJS |
129 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/">Control Groups version 1</ulink>), |
130 | also called cgroup-v1, doesn't allow safe delegation of controllers to unprivileged processes. If the | |
131 | system uses the legacy control group hierarchy, resource control is disabled for the systemd user | |
132 | instance, see | |
133 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para> | |
538b4852 TH |
134 | </refsect1> |
135 | ||
d868475a ZJS |
136 | <refsect1> |
137 | <title>Options</title> | |
138 | ||
139 | <para>Units of the types listed above can have settings | |
3fde5f30 | 140 | for resource control configuration:</para> |
d868475a ZJS |
141 | |
142 | <variablelist class='unit-directives'> | |
d868475a ZJS |
143 | |
144 | <varlistentry> | |
61ad59b1 | 145 | <term><varname>CPUAccounting=</varname></term> |
d868475a ZJS |
146 | |
147 | <listitem> | |
61ad59b1 LP |
148 | <para>Turn on CPU usage accounting for this unit. Takes a |
149 | boolean argument. Note that turning on CPU accounting for | |
03a7b521 | 150 | one unit will also implicitly turn it on for all units |
085afe36 LP |
151 | contained in the same slice and for all its parent slices |
152 | and the units contained therein. The system default for this | |
03a7b521 | 153 | setting may be controlled with |
085afe36 LP |
154 | <varname>DefaultCPUAccounting=</varname> in |
155 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> | |
d868475a ZJS |
156 | </listitem> |
157 | </varlistentry> | |
158 | ||
66ebf6c0 TH |
159 | <varlistentry> |
160 | <term><varname>CPUWeight=<replaceable>weight</replaceable></varname></term> | |
161 | <term><varname>StartupCPUWeight=<replaceable>weight</replaceable></varname></term> | |
162 | ||
163 | <listitem> | |
164 | <para>Assign the specified CPU time weight to the processes executed, if the unified control group hierarchy | |
165 | is used on the system. These options take an integer value and control the <literal>cpu.weight</literal> | |
166 | control group attribute. The allowed range is 1 to 10000. Defaults to 100. For details about this control | |
167 | group attribute, see <ulink | |
bb6d563a ZJS |
168 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html">Control Groups v2</ulink> and <ulink |
169 | url="https://www.kernel.org/doc/html/latest/scheduler/sched-design-CFS.html">CFS Scheduler</ulink>. | |
66ebf6c0 TH |
170 | The available CPU time is split up among all units within one slice relative to their CPU time weight.</para> |
171 | ||
172 | <para>While <varname>StartupCPUWeight=</varname> only applies to the startup phase of the system, | |
173 | <varname>CPUWeight=</varname> applies to normal runtime of the system, and if the former is not set also to | |
174 | the startup phase. Using <varname>StartupCPUWeight=</varname> allows prioritizing specific services at | |
175 | boot-up differently than during normal runtime.</para> | |
176 | ||
7d862ab8 | 177 | <para>These settings replace <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>.</para> |
b2f8b02e LP |
178 | </listitem> |
179 | </varlistentry> | |
180 | ||
181 | <varlistentry> | |
182 | <term><varname>CPUQuota=</varname></term> | |
183 | ||
184 | <listitem> | |
66ebf6c0 TH |
185 | <para>Assign the specified CPU time quota to the processes executed. Takes a percentage value, suffixed with |
186 | "%". The percentage specifies how much CPU time the unit shall get at maximum, relative to the total CPU time | |
187 | available on one CPU. Use values > 100% for allotting CPU time on more than one CPU. This controls the | |
188 | <literal>cpu.max</literal> attribute on the unified control group hierarchy and | |
189 | <literal>cpu.cfs_quota_us</literal> on legacy. For details about these control group attributes, see <ulink | |
bb6d563a | 190 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html">Control Groups v2</ulink> and <ulink |
49bdfaba | 191 | url="https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt">sched-bwc.txt</ulink>.</para> |
b2f8b02e | 192 | |
66ebf6c0 TH |
193 | <para>Example: <varname>CPUQuota=20%</varname> ensures that the executed processes will never get more than |
194 | 20% CPU time on one CPU.</para> | |
b2f8b02e | 195 | |
b2f8b02e LP |
196 | </listitem> |
197 | </varlistentry> | |
198 | ||
10f28641 FB |
199 | <varlistentry> |
200 | <term><varname>CPUQuotaPeriodSec=</varname></term> | |
201 | ||
202 | <listitem> | |
203 | <para>Assign the duration over which the CPU time quota specified by <varname>CPUQuota=</varname> is measured. | |
204 | Takes a time duration value in seconds, with an optional suffix such as "ms" for milliseconds (or "s" for seconds.) | |
205 | The default setting is 100ms. The period is clamped to the range supported by the kernel, which is [1ms, 1000ms]. | |
206 | Additionally, the period is adjusted up so that the quota interval is also at least 1ms. | |
207 | Setting <varname>CPUQuotaPeriodSec=</varname> to an empty value resets it to the default.</para> | |
208 | ||
209 | <para>This controls the second field of <literal>cpu.max</literal> attribute on the unified control group hierarchy | |
210 | and <literal>cpu.cfs_period_us</literal> on legacy. For details about these control group attributes, see | |
bb6d563a ZJS |
211 | <ulink url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html">Control Groups v2</ulink> and |
212 | <ulink url="https://www.kernel.org/doc/html/latest/scheduler/sched-design-CFS.html">CFS Scheduler</ulink>.</para> | |
10f28641 FB |
213 | |
214 | <para>Example: <varname>CPUQuotaPeriodSec=10ms</varname> to request that the CPU quota is measured in periods of 10ms.</para> | |
215 | </listitem> | |
216 | </varlistentry> | |
047f5d63 PH |
217 | |
218 | <varlistentry> | |
219 | <term><varname>AllowedCPUs=</varname></term> | |
220 | ||
221 | <listitem> | |
222 | <para>Restrict processes to be executed on specific CPUs. Takes a list of CPU indices or ranges separated by either | |
223 | whitespace or commas. CPU ranges are specified by the lower and upper CPU indices separated by a dash.</para> | |
224 | ||
225 | <para>Setting <varname>AllowedCPUs=</varname> doesn't guarantee that all of the CPUs will be used by the processes | |
226 | as it may be limited by parent units. The effective configuration is reported as <varname>EffectiveCPUs=</varname>.</para> | |
227 | ||
228 | <para>This setting is supported only with the unified control group hierarchy.</para> | |
229 | </listitem> | |
230 | </varlistentry> | |
231 | ||
232 | <varlistentry> | |
233 | <term><varname>AllowedMemoryNodes=</varname></term> | |
234 | ||
235 | <listitem> | |
236 | <para>Restrict processes to be executed on specific memory NUMA nodes. Takes a list of memory NUMA nodes indices | |
237 | or ranges separated by either whitespace or commas. Memory NUMA nodes ranges are specified by the lower and upper | |
238 | CPU indices separated by a dash.</para> | |
239 | ||
240 | <para>Setting <varname>AllowedMemoryNodes=</varname> doesn't guarantee that all of the memory NUMA nodes will | |
241 | be used by the processes as it may be limited by parent units. The effective configuration is reported as | |
242 | <varname>EffectiveMemoryNodes=</varname>.</para> | |
243 | ||
244 | <para>This setting is supported only with the unified control group hierarchy.</para> | |
245 | </listitem> | |
246 | </varlistentry> | |
10f28641 | 247 | |
61ad59b1 LP |
248 | <varlistentry> |
249 | <term><varname>MemoryAccounting=</varname></term> | |
250 | ||
251 | <listitem> | |
252 | <para>Turn on process and kernel memory accounting for this | |
253 | unit. Takes a boolean argument. Note that turning on memory | |
03a7b521 LP |
254 | accounting for one unit will also implicitly turn it on for |
255 | all units contained in the same slice and for all its parent | |
256 | slices and the units contained therein. The system default | |
257 | for this setting may be controlled with | |
085afe36 LP |
258 | <varname>DefaultMemoryAccounting=</varname> in |
259 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> | |
61ad59b1 LP |
260 | </listitem> |
261 | </varlistentry> | |
262 | ||
48422635 TH |
263 | <varlistentry> |
264 | <term><varname>MemoryMin=<replaceable>bytes</replaceable></varname></term> | |
265 | ||
266 | <listitem> | |
267 | <para>Specify the memory usage protection of the executed processes in this unit. If the memory usages of | |
268 | this unit and all its ancestors are below their minimum boundaries, this unit's memory won't be reclaimed.</para> | |
269 | ||
270 | <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is | |
271 | parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a | |
272 | percentage value may be specified, which is taken relative to the installed physical memory on the | |
b62087d4 CD |
273 | system. If assigned the special value <literal>infinity</literal>, all available memory is protected, which may be |
274 | useful in order to always inherit all of the protection afforded by ancestors. | |
275 | This controls the <literal>memory.min</literal> control group attribute. For details about this | |
48422635 | 276 | control group attribute, see <ulink |
246be82b | 277 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.</para> |
48422635 | 278 | |
48422635 TH |
279 | <para>This setting is supported only if the unified control group hierarchy is used and disables |
280 | <varname>MemoryLimit=</varname>.</para> | |
acdb4b52 CD |
281 | |
282 | <para>Units may have their children use a default <literal>memory.min</literal> value by specifying | |
283 | <varname>DefaultMemoryMin=</varname>, which has the same semantics as <varname>MemoryMin=</varname>. This setting | |
284 | does not affect <literal>memory.min</literal> in the unit itself.</para> | |
48422635 TH |
285 | </listitem> |
286 | </varlistentry> | |
287 | ||
da4d897e TH |
288 | <varlistentry> |
289 | <term><varname>MemoryLow=<replaceable>bytes</replaceable></varname></term> | |
290 | ||
291 | <listitem> | |
292 | <para>Specify the best-effort memory usage protection of the executed processes in this unit. If the memory | |
293 | usages of this unit and all its ancestors are below their low boundaries, this unit's memory won't be | |
294 | reclaimed as long as memory can be reclaimed from unprotected units.</para> | |
295 | ||
296 | <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is | |
875ae566 LP |
297 | parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a |
298 | percentage value may be specified, which is taken relative to the installed physical memory on the | |
b62087d4 CD |
299 | system. If assigned the special value <literal>infinity</literal>, all available memory is protected, which may be |
300 | useful in order to always inherit all of the protection afforded by ancestors. | |
301 | This controls the <literal>memory.low</literal> control group attribute. For details about this | |
875ae566 | 302 | control group attribute, see <ulink |
246be82b | 303 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.</para> |
da4d897e | 304 | |
7d862ab8 TH |
305 | <para>This setting is supported only if the unified control group hierarchy is used and disables |
306 | <varname>MemoryLimit=</varname>.</para> | |
c52db42b | 307 | |
acdb4b52 CD |
308 | <para>Units may have their children use a default <literal>memory.low</literal> value by specifying |
309 | <varname>DefaultMemoryLow=</varname>, which has the same semantics as <varname>MemoryLow=</varname>. This setting | |
c52db42b | 310 | does not affect <literal>memory.low</literal> in the unit itself.</para> |
da4d897e TH |
311 | </listitem> |
312 | </varlistentry> | |
313 | ||
314 | <varlistentry> | |
315 | <term><varname>MemoryHigh=<replaceable>bytes</replaceable></varname></term> | |
316 | ||
317 | <listitem> | |
ba79e19c | 318 | <para>Specify the throttling limit on memory usage of the executed processes in this unit. Memory usage may go |
da4d897e TH |
319 | above the limit if unavoidable, but the processes are heavily slowed down and memory is taken away |
320 | aggressively in such cases. This is the main mechanism to control memory usage of a unit.</para> | |
321 | ||
322 | <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is | |
875ae566 LP |
323 | parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a |
324 | percentage value may be specified, which is taken relative to the installed physical memory on the | |
325 | system. If assigned the | |
ba79e19c | 326 | special value <literal>infinity</literal>, no memory throttling is applied. This controls the |
da4d897e | 327 | <literal>memory.high</literal> control group attribute. For details about this control group attribute, see |
246be82b | 328 | <ulink url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.</para> |
da4d897e | 329 | |
7d862ab8 TH |
330 | <para>This setting is supported only if the unified control group hierarchy is used and disables |
331 | <varname>MemoryLimit=</varname>.</para> | |
da4d897e TH |
332 | </listitem> |
333 | </varlistentry> | |
334 | ||
335 | <varlistentry> | |
336 | <term><varname>MemoryMax=<replaceable>bytes</replaceable></varname></term> | |
337 | ||
338 | <listitem> | |
339 | <para>Specify the absolute limit on memory usage of the executed processes in this unit. If memory usage | |
340 | cannot be contained under the limit, out-of-memory killer is invoked inside the unit. It is recommended to | |
341 | use <varname>MemoryHigh=</varname> as the main control mechanism and use <varname>MemoryMax=</varname> as the | |
342 | last line of defense.</para> | |
343 | ||
344 | <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is | |
875ae566 LP |
345 | parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a |
346 | percentage value may be specified, which is taken relative to the installed physical memory on the system. If | |
347 | assigned the special value <literal>infinity</literal>, no memory limit is applied. This controls the | |
da4d897e | 348 | <literal>memory.max</literal> control group attribute. For details about this control group attribute, see |
246be82b | 349 | <ulink url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.</para> |
da4d897e | 350 | |
7d862ab8 | 351 | <para>This setting replaces <varname>MemoryLimit=</varname>.</para> |
da4d897e TH |
352 | </listitem> |
353 | </varlistentry> | |
354 | ||
96e131ea WC |
355 | <varlistentry> |
356 | <term><varname>MemorySwapMax=<replaceable>bytes</replaceable></varname></term> | |
357 | ||
358 | <listitem> | |
359 | <para>Specify the absolute limit on swap usage of the executed processes in this unit.</para> | |
360 | ||
361 | <para>Takes a swap size in bytes. If the value is suffixed with K, M, G or T, the specified swap size is | |
362 | parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the | |
363 | special value <literal>infinity</literal>, no swap limit is applied. This controls the | |
364 | <literal>memory.swap.max</literal> control group attribute. For details about this control group attribute, | |
246be82b | 365 | see <ulink url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.</para> |
96e131ea | 366 | |
7d862ab8 TH |
367 | <para>This setting is supported only if the unified control group hierarchy is used and disables |
368 | <varname>MemoryLimit=</varname>.</para> | |
d868475a ZJS |
369 | </listitem> |
370 | </varlistentry> | |
371 | ||
03a7b521 LP |
372 | <varlistentry> |
373 | <term><varname>TasksAccounting=</varname></term> | |
374 | ||
375 | <listitem> | |
376 | <para>Turn on task accounting for this unit. Takes a | |
377 | boolean argument. If enabled, the system manager will keep | |
378 | track of the number of tasks in the unit. The number of | |
379 | tasks accounted this way includes both kernel threads and | |
380 | userspace processes, with each thread counting | |
381 | individually. Note that turning on tasks accounting for one | |
382 | unit will also implicitly turn it on for all units contained | |
383 | in the same slice and for all its parent slices and the | |
384 | units contained therein. The system default for this setting | |
385 | may be controlled with | |
386 | <varname>DefaultTasksAccounting=</varname> in | |
387 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> | |
388 | </listitem> | |
389 | </varlistentry> | |
390 | ||
391 | <varlistentry> | |
392 | <term><varname>TasksMax=<replaceable>N</replaceable></varname></term> | |
393 | ||
394 | <listitem> | |
83f8e808 LP |
395 | <para>Specify the maximum number of tasks that may be created in the unit. This ensures that the number of |
396 | tasks accounted for the unit (see above) stays below a specific limit. This either takes an absolute number | |
397 | of tasks or a percentage value that is taken relative to the configured maximum number of tasks on the | |
398 | system. If assigned the special value <literal>infinity</literal>, no tasks limit is applied. This controls | |
399 | the <literal>pids.max</literal> control group attribute. For details about this control group attribute, see | |
bb6d563a ZJS |
400 | <ulink url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/pids.html">Process Number Controller</ulink>. |
401 | </para> | |
03a7b521 | 402 | |
bb6d563a | 403 | <para>The system default for this setting may be controlled with |
0af20ea2 LP |
404 | <varname>DefaultTasksMax=</varname> in |
405 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> | |
03a7b521 LP |
406 | </listitem> |
407 | </varlistentry> | |
408 | ||
13c31542 TH |
409 | <varlistentry> |
410 | <term><varname>IOAccounting=</varname></term> | |
411 | ||
412 | <listitem> | |
0069a0dd LP |
413 | <para>Turn on Block I/O accounting for this unit, if the unified control group hierarchy is used on the |
414 | system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly | |
415 | turn it on for all units contained in the same slice and all for its parent slices and the units contained | |
416 | therein. The system default for this setting may be controlled with <varname>DefaultIOAccounting=</varname> | |
417 | in | |
13c31542 | 418 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> |
0069a0dd | 419 | |
7d862ab8 TH |
420 | <para>This setting replaces <varname>BlockIOAccounting=</varname> and disables settings prefixed with |
421 | <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para> | |
13c31542 TH |
422 | </listitem> |
423 | </varlistentry> | |
424 | ||
425 | <varlistentry> | |
426 | <term><varname>IOWeight=<replaceable>weight</replaceable></varname></term> | |
427 | <term><varname>StartupIOWeight=<replaceable>weight</replaceable></varname></term> | |
428 | ||
429 | <listitem> | |
0069a0dd LP |
430 | <para>Set the default overall block I/O weight for the executed processes, if the unified control group |
431 | hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the default block | |
432 | I/O weight. This controls the <literal>io.weight</literal> control group attribute, which defaults to | |
433 | 100. For details about this control group attribute, see <ulink | |
246be82b ZJS |
434 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files">IO Interface Files</ulink>. |
435 | The available I/O bandwidth is split up among all units within one slice relative to their block | |
436 | I/O weight.</para> | |
13c31542 TH |
437 | |
438 | <para>While <varname>StartupIOWeight=</varname> only applies | |
439 | to the startup phase of the system, | |
440 | <varname>IOWeight=</varname> applies to the later runtime of | |
441 | the system, and if the former is not set also to the startup | |
442 | phase. This allows prioritizing specific services at boot-up | |
443 | differently than during runtime.</para> | |
444 | ||
7d862ab8 TH |
445 | <para>These settings replace <varname>BlockIOWeight=</varname> and <varname>StartupBlockIOWeight=</varname> |
446 | and disable settings prefixed with <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para> | |
13c31542 TH |
447 | </listitem> |
448 | </varlistentry> | |
449 | ||
450 | <varlistentry> | |
451 | <term><varname>IODeviceWeight=<replaceable>device</replaceable> <replaceable>weight</replaceable></varname></term> | |
452 | ||
453 | <listitem> | |
0069a0dd LP |
454 | <para>Set the per-device overall block I/O weight for the executed processes, if the unified control group |
455 | hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify | |
6ae4283c TH |
456 | the device specific weight value, between 1 and 10000. (Example: <literal>/dev/sda 1000</literal>). The file |
457 | path may be specified as path to a block device node or as any other file, in which case the backing block | |
458 | device of the file system of the file is determined. This controls the <literal>io.weight</literal> control | |
459 | group attribute, which defaults to 100. Use this option multiple times to set weights for multiple devices. | |
460 | For details about this control group attribute, see <ulink | |
246be82b | 461 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files">IO Interface Files</ulink>.</para> |
13c31542 | 462 | |
7d862ab8 TH |
463 | <para>This setting replaces <varname>BlockIODeviceWeight=</varname> and disables settings prefixed with |
464 | <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para> | |
f27a21d4 LP |
465 | |
466 | <para>The specified device node should reference a block device that has an I/O scheduler | |
467 | associated, i.e. should not refer to partition or loopback block devices, but to the originating, | |
468 | physical device. When a path to a regular file or directory is specified it is attempted to | |
469 | discover the correct originating device backing the file system of the specified path. This works | |
470 | correctly only for simpler cases, where the file system is directly placed on a partition or | |
471 | physical block device, or where simple 1:1 encryption using dm-crypt/LUKS is used. This discovery | |
472 | does not cover complex storage and in particular RAID and volume management storage devices.</para> | |
13c31542 TH |
473 | </listitem> |
474 | </varlistentry> | |
475 | ||
476 | <varlistentry> | |
477 | <term><varname>IOReadBandwidthMax=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term> | |
478 | <term><varname>IOWriteBandwidthMax=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term> | |
479 | ||
480 | <listitem> | |
0069a0dd LP |
481 | <para>Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified |
482 | control group hierarchy is used on the system. This limit is not work-conserving and the executed processes | |
483 | are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file | |
484 | path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may | |
485 | be a path to a block device node, or as any other file in which case the backing block device of the file | |
486 | system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is | |
487 | parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example: | |
488 | "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the <literal>io.max</literal> control | |
489 | group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details | |
490 | about this control group attribute, see <ulink | |
246be82b | 491 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files">IO Interface Files</ulink>. |
13c31542 TH |
492 | </para> |
493 | ||
7d862ab8 TH |
494 | <para>These settings replace <varname>BlockIOReadBandwidth=</varname> and |
495 | <varname>BlockIOWriteBandwidth=</varname> and disable settings prefixed with <varname>BlockIO</varname> or | |
496 | <varname>StartupBlockIO</varname>.</para> | |
f27a21d4 LP |
497 | |
498 | <para>Similar restrictions on block device discovery as for <varname>IODeviceWeight=</varname> apply, see above.</para> | |
13c31542 TH |
499 | </listitem> |
500 | </varlistentry> | |
501 | ||
ac06a0cf TH |
502 | <varlistentry> |
503 | <term><varname>IOReadIOPSMax=<replaceable>device</replaceable> <replaceable>IOPS</replaceable></varname></term> | |
504 | <term><varname>IOWriteIOPSMax=<replaceable>device</replaceable> <replaceable>IOPS</replaceable></varname></term> | |
505 | ||
506 | <listitem> | |
507 | <para>Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the | |
508 | unified control group hierarchy is used on the system. This limit is not work-conserving and the executed | |
509 | processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of | |
510 | a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block | |
511 | device node, or as any other file in which case the backing block device of the file system of the file is | |
512 | used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS, | |
513 | GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example: | |
514 | "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the <literal>io.max</literal> control | |
515 | group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about | |
516 | this control group attribute, see <ulink | |
246be82b | 517 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files">IO Interface Files</ulink>. |
ac06a0cf TH |
518 | </para> |
519 | ||
7d862ab8 TH |
520 | <para>These settings are supported only if the unified control group hierarchy is used and disable settings |
521 | prefixed with <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para> | |
f27a21d4 LP |
522 | |
523 | <para>Similar restrictions on block device discovery as for <varname>IODeviceWeight=</varname> apply, see above.</para> | |
d868475a | 524 | </listitem> |
6ae4283c TH |
525 | </varlistentry> |
526 | ||
527 | <varlistentry> | |
528 | <term><varname>IODeviceLatencyTargetSec=<replaceable>device</replaceable> <replaceable>target</replaceable></varname></term> | |
529 | ||
530 | <listitem> | |
531 | <para>Set the per-device average target I/O latency for the executed processes, if the unified control group | |
532 | hierarchy is used on the system. Takes a file path and a timespan separated by a space to specify | |
533 | the device specific latency target. (Example: "/dev/sda 25ms"). The file path may be specified | |
534 | as path to a block device node or as any other file, in which case the backing block device of the file | |
535 | system of the file is determined. This controls the <literal>io.latency</literal> control group | |
536 | attribute. Use this option multiple times to set latency target for multiple devices. For details about this | |
537 | control group attribute, see <ulink | |
246be82b | 538 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files">IO Interface Files</ulink>.</para> |
6ae4283c | 539 | |
964c4eda | 540 | <para>Implies <literal>IOAccounting=yes</literal>.</para> |
6ae4283c TH |
541 | |
542 | <para>These settings are supported only if the unified control group hierarchy is used.</para> | |
f27a21d4 LP |
543 | |
544 | <para>Similar restrictions on block device discovery as for <varname>IODeviceWeight=</varname> apply, see above.</para> | |
6ae4283c | 545 | </listitem> |
d868475a ZJS |
546 | </varlistentry> |
547 | ||
8d8631d4 DM |
548 | <varlistentry> |
549 | <term><varname>IPAccounting=</varname></term> | |
550 | ||
551 | <listitem> | |
552 | <para>Takes a boolean argument. If true, turns on IPv4 and IPv6 network traffic accounting for packets sent | |
553 | or received by the unit. When this option is turned on, all IPv4 and IPv6 sockets created by any process of | |
2f75b05c ZJS |
554 | the unit are accounted for.</para> |
555 | ||
556 | <para>When this option is used in socket units, it applies to all IPv4 and IPv6 sockets | |
8d8631d4 DM |
557 | associated with it (including both listening and connection sockets where this applies). Note that for |
558 | socket-activated services, this configuration setting and the accounting data of the service unit and the | |
559 | socket unit are kept separate, and displayed separately. No propagation of the setting and the collected | |
560 | statistics is done, in either direction. Moreover, any traffic sent or received on any of the socket unit's | |
561 | sockets is accounted to the socket unit — and never to the service unit it might have activated, even if the | |
2f75b05c ZJS |
562 | socket is used by it.</para> |
563 | ||
564 | <para>The system default for this setting may be controlled with <varname>DefaultIPAccounting=</varname> in | |
8d8631d4 DM |
565 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> |
566 | </listitem> | |
567 | </varlistentry> | |
568 | ||
569 | <varlistentry> | |
dcfaecc7 | 570 | <term><varname>IPAddressAllow=<replaceable>ADDRESS[/PREFIXLENGTH]…</replaceable></varname></term> |
8d8631d4 DM |
571 | <term><varname>IPAddressDeny=<replaceable>ADDRESS[/PREFIXLENGTH]…</replaceable></varname></term> |
572 | ||
573 | <listitem> | |
ef81ce6e LP |
574 | <para>Turn on address range network traffic filtering for IP packets sent and received over |
575 | <constant>AF_INET</constant> and <constant>AF_INET6</constant> sockets. Both directives take a | |
576 | space separated list of IPv4 or IPv6 addresses, each optionally suffixed with an address prefix | |
577 | length in bits (separated by a <literal>/</literal> character). If the latter is omitted, the | |
578 | address is considered a host address, i.e. the prefix covers the whole address (32 for IPv4, 128 | |
579 | for IPv6).</para> | |
580 | ||
581 | <para>The access lists configured with this option are applied to all sockets created by processes | |
582 | of this unit (or in the case of socket units, associated with it). The lists are implicitly | |
583 | combined with any lists configured for any of the parent slice units this unit might be a member | |
584 | of. By default all access lists are empty. Both ingress and egress traffic is filtered by these | |
585 | settings. In case of ingress traffic the source IP address is checked against these access lists, | |
586 | in case of egress traffic the destination IP address is checked. When configured the lists are | |
587 | enforced as follows:</para> | |
8d8631d4 DM |
588 | |
589 | <itemizedlist> | |
ef81ce6e LP |
590 | <listitem><para>Access will be granted in case an IP packet's destination/source address matches |
591 | any entry in the <varname>IPAddressAllow=</varname> setting.</para></listitem> | |
8d8631d4 | 592 | |
ef81ce6e LP |
593 | <listitem><para>Otherwise, access will be denied in case its destination/source address matches |
594 | any entry in the <varname>IPAddressDeny=</varname> setting.</para></listitem> | |
8d8631d4 DM |
595 | |
596 | <listitem><para>Otherwise, access will be granted.</para></listitem> | |
597 | </itemizedlist> | |
598 | ||
599 | <para>In order to implement a whitelisting IP firewall, it is recommended to use a | |
600 | <varname>IPAddressDeny=</varname><constant>any</constant> setting on an upper-level slice unit (such as the | |
601 | root slice <filename>-.slice</filename> or the slice containing all system services | |
602 | <filename>system.slice</filename> – see | |
603 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> for | |
604 | details on these slice units), plus individual per-service <varname>IPAddressAllow=</varname> lines | |
605 | permitting network access to relevant services, and only them.</para> | |
606 | ||
607 | <para>Note that for socket-activated services, the IP access list configured on the socket unit applies to | |
608 | all sockets associated with it directly, but not to any sockets created by the ultimately activated services | |
609 | for it. Conversely, the IP access list configured for the service is not applied to any sockets passed into | |
610 | the service via socket activation. Thus, it is usually a good idea, to replicate the IP access lists on both | |
611 | the socket and the service unit, however it often makes sense to maintain one list more open and the other | |
612 | one more restricted, depending on the usecase.</para> | |
613 | ||
614 | <para>If these settings are used multiple times in the same unit the specified lists are combined. If an | |
615 | empty string is assigned to these settings the specific access list is reset and all previous settings undone.</para> | |
616 | ||
617 | <para>In place of explicit IPv4 or IPv6 address and prefix length specifications a small set of symbolic | |
618 | names may be used. The following names are defined:</para> | |
619 | ||
620 | <table> | |
621 | <title>Special address/network names</title> | |
622 | ||
623 | <tgroup cols='3'> | |
624 | <colspec colname='name'/> | |
625 | <colspec colname='definition'/> | |
626 | <colspec colname='meaning'/> | |
627 | ||
628 | <thead> | |
629 | <row> | |
630 | <entry>Symbolic Name</entry> | |
631 | <entry>Definition</entry> | |
632 | <entry>Meaning</entry> | |
633 | </row> | |
634 | </thead> | |
635 | ||
636 | <tbody> | |
637 | <row> | |
638 | <entry><constant>any</constant></entry> | |
639 | <entry>0.0.0.0/0 ::/0</entry> | |
640 | <entry>Any host</entry> | |
641 | </row> | |
642 | ||
643 | <row> | |
644 | <entry><constant>localhost</constant></entry> | |
645 | <entry>127.0.0.0/8 ::1/128</entry> | |
646 | <entry>All addresses on the local loopback</entry> | |
647 | </row> | |
648 | ||
649 | <row> | |
650 | <entry><constant>link-local</constant></entry> | |
651 | <entry>169.254.0.0/16 fe80::/64</entry> | |
652 | <entry>All link-local IP addresses</entry> | |
653 | </row> | |
654 | ||
655 | <row> | |
656 | <entry><constant>multicast</constant></entry> | |
657 | <entry>224.0.0.0/4 ff00::/8</entry> | |
658 | <entry>All IP multicasting addresses</entry> | |
659 | </row> | |
660 | </tbody> | |
661 | </tgroup> | |
662 | </table> | |
663 | ||
664 | <para>Note that these settings might not be supported on some systems (for example if eBPF control group | |
665 | support is not enabled in the underlying kernel or container manager). These settings will have no effect in | |
666 | that case. If compatibility with such systems is desired it is hence recommended to not exclusively rely on | |
667 | them for IP security.</para> | |
668 | </listitem> | |
669 | </varlistentry> | |
670 | ||
fab34748 KL |
671 | <varlistentry> |
672 | <term><varname>IPIngressFilterPath=<replaceable>BPF_FS_PROGRAMM_PATH</replaceable></varname></term> | |
673 | <term><varname>IPEgressFilterPath=<replaceable>BPF_FS_PROGRAMM_PATH</replaceable></varname></term> | |
674 | ||
675 | <listitem> | |
676 | <para>Add custom network traffic filters implemented as BPF programs, applying to all IP packets | |
677 | sent and received over <constant>AF_INET</constant> and <constant>AF_INET6</constant> sockets. | |
678 | Takes an absolute path to a pinned BPF program in the BPF virtual filesystem (<filename>/sys/fs/bpf/</filename>). | |
679 | </para> | |
680 | ||
681 | <para>The filters configured with this option are applied to all sockets created by processes | |
682 | of this unit (or in the case of socket units, associated with it). The filters are loaded in addition | |
683 | to filters any of the parent slice units this unit might be a member of as well as any | |
684 | <varname>IPAddressAllow=</varname> and <varname>IPAddressDeny=</varname> filters in any of these units. | |
685 | By default there are no filters specified.</para> | |
686 | ||
687 | <para>If these settings are used multiple times in the same unit all the specified programs are attached. If an | |
688 | empty string is assigned to these settings the program list is reset and all previous specified programs ignored.</para> | |
689 | ||
690 | <para>Note that for socket-activated services, the IP filter programs configured on the socket unit apply to | |
691 | all sockets associated with it directly, but not to any sockets created by the ultimately activated services | |
692 | for it. Conversely, the IP filter programs configured for the service are not applied to any sockets passed into | |
693 | the service via socket activation. Thus, it is usually a good idea, to replicate the IP filter programs on both | |
694 | the socket and the service unit, however it often makes sense to maintain one configuration more open and the other | |
695 | one more restricted, depending on the usecase.</para> | |
696 | ||
697 | <para>Note that these settings might not be supported on some systems (for example if eBPF control group | |
698 | support is not enabled in the underlying kernel or container manager). These settings will fail the service in | |
699 | that case. If compatibility with such systems is desired it is hence recommended to attach your filter manually | |
700 | (requires <varname>Delegate=</varname><constant>yes</constant>) instead of using this setting.</para> | |
701 | </listitem> | |
702 | </varlistentry> | |
703 | ||
d868475a ZJS |
704 | <varlistentry> |
705 | <term><varname>DeviceAllow=</varname></term> | |
706 | ||
707 | <listitem> | |
3ff668cb LP |
708 | <para>Control access to specific device nodes by the executed processes. Takes two space-separated |
709 | strings: a device node specifier followed by a combination of <constant>r</constant>, | |
710 | <constant>w</constant>, <constant>m</constant> to control <emphasis>r</emphasis>eading, | |
711 | <emphasis>w</emphasis>riting, or creation of the specific device node(s) by the unit | |
712 | (<emphasis>m</emphasis>knod), respectively. On cgroup-v1 this controls the | |
713 | <literal>devices.allow</literal> control group attribute. For details about this control group | |
714 | attribute, see <ulink | |
bb6d563a ZJS |
715 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/devices.html">Device Whitelist Controller</ulink>. |
716 | In the unified cgroup hierarchy this functionality is implemented using eBPF filtering.</para> | |
3ff668cb LP |
717 | |
718 | <para>The device node specifier is either a path to a device node in the file system, starting with | |
719 | <filename>/dev/</filename>, or a string starting with either <literal>char-</literal> or | |
720 | <literal>block-</literal> followed by a device group name, as listed in | |
721 | <filename>/proc/devices</filename>. The latter is useful to whitelist all current and future | |
722 | devices belonging to a specific device group at once. The device group is matched according to | |
723 | filename globbing rules, you may hence use the <literal>*</literal> and <literal>?</literal> | |
724 | wildcards. (Note that such globbing wildcards are not available for device node path | |
725 | specifications!) In order to match device nodes by numeric major/minor, use device node paths in | |
726 | the <filename>/dev/char/</filename> and <filename>/dev/block/</filename> directories. However, | |
727 | matching devices by major/minor is generally not recommended as assignments are neither stable nor | |
728 | portable between systems or different kernel versions.</para> | |
729 | ||
730 | <para>Examples: <filename>/dev/sda5</filename> is a path to a device node, referring to an ATA or | |
731 | SCSI block device. <literal>char-pts</literal> and <literal>char-alsa</literal> are specifiers for | |
732 | all pseudo TTYs and all ALSA sound devices, respectively. <literal>char-cpu/*</literal> is a | |
733 | specifier matching all CPU related device groups.</para> | |
00d85bbb LP |
734 | |
735 | <para>Note that whitelists defined this way should only reference device groups which are | |
736 | resolvable at the time the unit is started. Any device groups not resolvable then are not added to | |
737 | the device whitelist. In order to work around this limitation, consider extending service units | |
3a827125 LP |
738 | with a pair of <command>After=modprobe@xyz.service</command> and |
739 | <command>Wants=modprobe@xyz.service</command> lines that load the necessary kernel module | |
740 | implementing the device group if missing. | |
741 | Example: <programlisting>… | |
742 | [Unit] | |
743 | Wants=modprobe@loop.service | |
744 | After=modprobe@loop.service | |
745 | ||
00d85bbb | 746 | [Service] |
00d85bbb LP |
747 | DeviceAllow=block-loop |
748 | DeviceAllow=/dev/loop-control | |
749 | …</programlisting></para> | |
750 | ||
d868475a ZJS |
751 | </listitem> |
752 | </varlistentry> | |
753 | ||
754 | <varlistentry> | |
755 | <term><varname>DevicePolicy=auto|closed|strict</varname></term> | |
756 | ||
757 | <listitem> | |
758 | <para> | |
759 | Control the policy for allowing device access: | |
760 | </para> | |
761 | <variablelist> | |
762 | <varlistentry> | |
763 | <term><option>strict</option></term> | |
764 | <listitem> | |
765 | <para>means to only allow types of access that are | |
766 | explicitly specified.</para> | |
767 | </listitem> | |
768 | </varlistentry> | |
769 | ||
770 | <varlistentry> | |
771 | <term><option>closed</option></term> | |
772 | <listitem> | |
6a75304e | 773 | <para>in addition, allows access to standard pseudo |
d868475a ZJS |
774 | devices including |
775 | <filename>/dev/null</filename>, | |
776 | <filename>/dev/zero</filename>, | |
777 | <filename>/dev/full</filename>, | |
778 | <filename>/dev/random</filename>, and | |
779 | <filename>/dev/urandom</filename>. | |
780 | </para> | |
781 | </listitem> | |
782 | </varlistentry> | |
783 | ||
784 | <varlistentry> | |
785 | <term><option>auto</option></term> | |
786 | <listitem> | |
787 | <para> | |
6a75304e | 788 | in addition, allows access to all devices if no |
d868475a ZJS |
789 | explicit <varname>DeviceAllow=</varname> is present. |
790 | This is the default. | |
791 | </para> | |
792 | </listitem> | |
793 | </varlistentry> | |
794 | </variablelist> | |
795 | </listitem> | |
796 | </varlistentry> | |
61ad59b1 LP |
797 | |
798 | <varlistentry> | |
799 | <term><varname>Slice=</varname></term> | |
800 | ||
801 | <listitem> | |
802 | <para>The name of the slice unit to place the unit | |
803 | in. Defaults to <filename>system.slice</filename> for all | |
dc7adf20 LP |
804 | non-instantiated units of all unit types (except for slice |
805 | units themselves see below). Instance units are by default | |
806 | placed in a subslice of <filename>system.slice</filename> | |
807 | that is named after the template name.</para> | |
808 | ||
809 | <para>This option may be used to arrange systemd units in a | |
810 | hierarchy of slices each of which might have resource | |
811 | settings applied.</para> | |
61ad59b1 | 812 | |
fbce1139 | 813 | <para>For units of type slice, the only accepted value for |
61ad59b1 | 814 | this setting is the parent slice. Since the name of a slice |
fbce1139 | 815 | unit implies the parent slice, it is hence redundant to ever |
61ad59b1 | 816 | set this parameter directly for slice units.</para> |
ae0a5fb1 LP |
817 | |
818 | <para>Special care should be taken when relying on the default slice assignment in templated service units | |
819 | that have <varname>DefaultDependencies=no</varname> set, see | |
820 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, section | |
45f09f93 | 821 | "Default Dependencies" for details.</para> |
ae0a5fb1 | 822 | |
61ad59b1 LP |
823 | </listitem> |
824 | </varlistentry> | |
825 | ||
a931ad47 LP |
826 | <varlistentry> |
827 | <term><varname>Delegate=</varname></term> | |
828 | ||
829 | <listitem> | |
a9f01ad1 LP |
830 | <para>Turns on delegation of further resource control partitioning to processes of the unit. Units where this |
831 | is enabled may create and manage their own private subhierarchy of control groups below the control group of | |
832 | the unit itself. For unprivileged services (i.e. those using the <varname>User=</varname> setting) the unit's | |
833 | control group will be made accessible to the relevant user. When enabled the service manager will refrain | |
834 | from manipulating control groups or moving processes below the unit's control group, so that a clear concept | |
835 | of ownership is established: the control group tree above the unit's control group (i.e. towards the root | |
836 | control group) is owned and managed by the service manager of the host, while the control group tree below | |
837 | the unit's control group is owned and managed by the unit itself. Takes either a boolean argument or a list | |
838 | of control group controller names. If true, delegation is turned on, and all supported controllers are | |
839 | enabled for the unit, making them available to the unit's processes for management. If false, delegation is | |
840 | turned off entirely (and no additional controllers are enabled). If set to a list of controllers, delegation | |
99f3baa9 LP |
841 | is turned on, and the specified controllers are enabled for the unit. Note that additional controllers than |
842 | the ones specified might be made available as well, depending on configuration of the containing slice unit | |
843 | or other units contained in it. Note that assigning the empty string will enable delegation, but reset the | |
844 | list of controllers, all assignments prior to this will have no effect. Defaults to false.</para> | |
a9f01ad1 LP |
845 | |
846 | <para>Note that controller delegation to less privileged code is only safe on the unified control group | |
847 | hierarchy. Accordingly, access to the specified controllers will not be granted to unprivileged services on | |
848 | the legacy hierarchy, even when requested.</para> | |
849 | ||
5403e153 AZ |
850 | <xi:include href="supported-controllers.xml" xpointer="controllers-text" /> |
851 | ||
852 | <para>Not all of these controllers are available on all kernels however, and some are | |
a9f01ad1 LP |
853 | specific to the unified hierarchy while others are specific to the legacy hierarchy. Also note that the |
854 | kernel might support further controllers, which aren't covered here yet as delegation is either not supported | |
855 | at all for them or not defined cleanly.</para> | |
077c40bc LP |
856 | |
857 | <para>For further details on the delegation model consult <ulink | |
858 | url="https://systemd.io/CGROUP_DELEGATION">Control Group APIs and Delegation</ulink>.</para> | |
a931ad47 LP |
859 | </listitem> |
860 | </varlistentry> | |
861 | ||
c72703e2 CD |
862 | <varlistentry> |
863 | <term><varname>DisableControllers=</varname></term> | |
864 | ||
865 | <listitem> | |
866 | <para>Disables controllers from being enabled for a unit's children. If a controller listed is already in use | |
867 | in its subtree, the controller will be removed from the subtree. This can be used to avoid child units being | |
868 | able to implicitly or explicitly enable a controller. Defaults to not disabling any controllers.</para> | |
869 | ||
870 | <para>It may not be possible to successfully disable a controller if the unit or any child of the unit in | |
871 | question delegates controllers to its children, as any delegated subtree of the cgroup hierarchy is unmanaged | |
872 | by systemd.</para> | |
873 | ||
874 | <para>Multiple controllers may be specified, separated by spaces. You may also pass | |
875 | <varname>DisableControllers=</varname> multiple times, in which case each new instance adds another controller | |
876 | to disable. Passing <varname>DisableControllers=</varname> by itself with no controller name present resets | |
877 | the disabled controller list.</para> | |
878 | ||
5403e153 | 879 | <xi:include href="supported-controllers.xml" xpointer="controllers-text" /> |
c72703e2 CD |
880 | </listitem> |
881 | </varlistentry> | |
d868475a ZJS |
882 | </variablelist> |
883 | </refsect1> | |
884 | ||
7d862ab8 TH |
885 | <refsect1> |
886 | <title>Deprecated Options</title> | |
887 | ||
888 | <para>The following options are deprecated. Use the indicated superseding options instead:</para> | |
889 | ||
890 | <variablelist class='unit-directives'> | |
891 | ||
892 | <varlistentry> | |
893 | <term><varname>CPUShares=<replaceable>weight</replaceable></varname></term> | |
894 | <term><varname>StartupCPUShares=<replaceable>weight</replaceable></varname></term> | |
895 | ||
896 | <listitem> | |
897 | <para>Assign the specified CPU time share weight to the processes executed. These options take an integer | |
898 | value and control the <literal>cpu.shares</literal> control group attribute. The allowed range is 2 to | |
899 | 262144. Defaults to 1024. For details about this control group attribute, see <ulink | |
bb6d563a | 900 | url="https://www.kernel.org/doc/html/latest/scheduler/sched-design-CFS.html">CFS Scheduler</ulink>. |
7d862ab8 TH |
901 | The available CPU time is split up among all units within one slice relative to their CPU time share |
902 | weight.</para> | |
903 | ||
904 | <para>While <varname>StartupCPUShares=</varname> only applies to the startup phase of the system, | |
905 | <varname>CPUShares=</varname> applies to normal runtime of the system, and if the former is not set also to | |
906 | the startup phase. Using <varname>StartupCPUShares=</varname> allows prioritizing specific services at | |
907 | boot-up differently than during normal runtime.</para> | |
908 | ||
964c4eda | 909 | <para>Implies <literal>CPUAccounting=yes</literal>.</para> |
7d862ab8 TH |
910 | |
911 | <para>These settings are deprecated. Use <varname>CPUWeight=</varname> and | |
912 | <varname>StartupCPUWeight=</varname> instead.</para> | |
913 | </listitem> | |
914 | </varlistentry> | |
915 | ||
916 | <varlistentry> | |
917 | <term><varname>MemoryLimit=<replaceable>bytes</replaceable></varname></term> | |
918 | ||
919 | <listitem> | |
920 | <para>Specify the limit on maximum memory usage of the executed processes. The limit specifies how much | |
921 | process and kernel memory can be used by tasks in this unit. Takes a memory size in bytes. If the value is | |
922 | suffixed with K, M, G or T, the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or | |
923 | Terabytes (with the base 1024), respectively. Alternatively, a percentage value may be specified, which is | |
924 | taken relative to the installed physical memory on the system. If assigned the special value | |
925 | <literal>infinity</literal>, no memory limit is applied. This controls the | |
926 | <literal>memory.limit_in_bytes</literal> control group attribute. For details about this control group | |
927 | attribute, see <ulink | |
bb6d563a | 928 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/memory.html">Memory Resource Controller</ulink>.</para> |
7d862ab8 | 929 | |
964c4eda | 930 | <para>Implies <literal>MemoryAccounting=yes</literal>.</para> |
7d862ab8 TH |
931 | |
932 | <para>This setting is deprecated. Use <varname>MemoryMax=</varname> instead.</para> | |
933 | </listitem> | |
934 | </varlistentry> | |
935 | ||
936 | <varlistentry> | |
937 | <term><varname>BlockIOAccounting=</varname></term> | |
938 | ||
939 | <listitem> | |
940 | <para>Turn on Block I/O accounting for this unit, if the legacy control group hierarchy is used on the | |
941 | system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly | |
942 | turn it on for all units contained in the same slice and all for its parent slices and the units contained | |
943 | therein. The system default for this setting may be controlled with | |
944 | <varname>DefaultBlockIOAccounting=</varname> in | |
945 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> | |
946 | ||
947 | <para>This setting is deprecated. Use <varname>IOAccounting=</varname> instead.</para> | |
948 | </listitem> | |
949 | </varlistentry> | |
950 | ||
951 | <varlistentry> | |
952 | <term><varname>BlockIOWeight=<replaceable>weight</replaceable></varname></term> | |
953 | <term><varname>StartupBlockIOWeight=<replaceable>weight</replaceable></varname></term> | |
954 | ||
955 | <listitem><para>Set the default overall block I/O weight for the executed processes, if the legacy control | |
956 | group hierarchy is used on the system. Takes a single weight value (between 10 and 1000) to set the default | |
957 | block I/O weight. This controls the <literal>blkio.weight</literal> control group attribute, which defaults to | |
958 | 500. For details about this control group attribute, see <ulink | |
bb6d563a | 959 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/blkio-controller.html">Block IO Controller</ulink>. |
7d862ab8 TH |
960 | The available I/O bandwidth is split up among all units within one slice relative to their block I/O |
961 | weight.</para> | |
962 | ||
963 | <para>While <varname>StartupBlockIOWeight=</varname> only | |
964 | applies to the startup phase of the system, | |
965 | <varname>BlockIOWeight=</varname> applies to the later runtime | |
966 | of the system, and if the former is not set also to the | |
967 | startup phase. This allows prioritizing specific services at | |
968 | boot-up differently than during runtime.</para> | |
969 | ||
970 | <para>Implies | |
964c4eda | 971 | <literal>BlockIOAccounting=yes</literal>.</para> |
7d862ab8 TH |
972 | |
973 | <para>These settings are deprecated. Use <varname>IOWeight=</varname> and <varname>StartupIOWeight=</varname> | |
974 | instead.</para> | |
975 | ||
976 | </listitem> | |
977 | </varlistentry> | |
978 | ||
979 | <varlistentry> | |
980 | <term><varname>BlockIODeviceWeight=<replaceable>device</replaceable> <replaceable>weight</replaceable></varname></term> | |
981 | ||
982 | <listitem> | |
983 | <para>Set the per-device overall block I/O weight for the executed processes, if the legacy control group | |
984 | hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify | |
985 | the device specific weight value, between 10 and 1000. (Example: "/dev/sda 500"). The file path may be | |
986 | specified as path to a block device node or as any other file, in which case the backing block device of the | |
987 | file system of the file is determined. This controls the <literal>blkio.weight_device</literal> control group | |
988 | attribute, which defaults to 1000. Use this option multiple times to set weights for multiple devices. For | |
989 | details about this control group attribute, see <ulink | |
bb6d563a | 990 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/blkio-controller.html">Block IO Controller</ulink>.</para> |
7d862ab8 TH |
991 | |
992 | <para>Implies | |
964c4eda | 993 | <literal>BlockIOAccounting=yes</literal>.</para> |
7d862ab8 TH |
994 | |
995 | <para>This setting is deprecated. Use <varname>IODeviceWeight=</varname> instead.</para> | |
996 | </listitem> | |
997 | </varlistentry> | |
998 | ||
999 | <varlistentry> | |
1000 | <term><varname>BlockIOReadBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term> | |
1001 | <term><varname>BlockIOWriteBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term> | |
1002 | ||
1003 | <listitem> | |
1004 | <para>Set the per-device overall block I/O bandwidth limit for the executed processes, if the legacy control | |
1005 | group hierarchy is used on the system. Takes a space-separated pair of a file path and a bandwidth value (in | |
1006 | bytes per second) to specify the device specific bandwidth. The file path may be a path to a block device | |
1007 | node, or as any other file in which case the backing block device of the file system of the file is used. If | |
1008 | the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is parsed as Kilobytes, Megabytes, | |
1009 | Gigabytes, or Terabytes, respectively, to the base of 1000. (Example: | |
1010 | "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the | |
1011 | <literal>blkio.throttle.read_bps_device</literal> and <literal>blkio.throttle.write_bps_device</literal> | |
1012 | control group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For | |
1013 | details about these control group attributes, see <ulink | |
bb6d563a | 1014 | url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/blkio-controller.html">Block IO Controller</ulink>. |
7d862ab8 TH |
1015 | </para> |
1016 | ||
1017 | <para>Implies | |
964c4eda | 1018 | <literal>BlockIOAccounting=yes</literal>.</para> |
7d862ab8 TH |
1019 | |
1020 | <para>These settings are deprecated. Use <varname>IOReadBandwidthMax=</varname> and | |
1021 | <varname>IOWriteBandwidthMax=</varname> instead.</para> | |
1022 | </listitem> | |
1023 | </varlistentry> | |
1024 | ||
1025 | </variablelist> | |
1026 | </refsect1> | |
1027 | ||
d868475a ZJS |
1028 | <refsect1> |
1029 | <title>See Also</title> | |
1030 | <para> | |
1031 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
d1698b82 | 1032 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
d868475a ZJS |
1033 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
1034 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1035 | <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1036 | <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1037 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1038 | <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
1039 | <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
74b47bbd | 1040 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
d868475a | 1041 | <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
61ad59b1 | 1042 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
d868475a | 1043 | The documentation for control groups and specific controllers in the Linux kernel: |
bb6d563a | 1044 | <ulink url="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html">Control Groups v2</ulink>. |
d868475a ZJS |
1045 | </para> |
1046 | </refsect1> | |
1047 | </refentry> |