]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.resource-control.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add SPDX license identifiers to catalog and po files
[thirdparty/systemd.git] / man / systemd.resource-control.xml
CommitLineData
3802a3d3 1<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
d868475a 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 3"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
d868475a
ZJS		 4
5<!--
b975b0d5 6 This file is part of systemd.
d868475a 7
b975b0d5 8 Copyright 2013 Zbigniew Jędrzejewski-Szmek
d868475a 9
b975b0d5
ZJS		 10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
d868475a 14
b975b0d5
ZJS		 15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
d868475a 19
b975b0d5
ZJS		 20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
d868475a
ZJS		 22-->
23
3fde5f30 24<refentry id="systemd.resource-control">
d868475a 25 <refentryinfo>
3fde5f30 26 <title>systemd.resource-control</title>
d868475a
ZJS		 27 <productname>systemd</productname>
28
29 <authorgroup>
30 <author>
31 <contrib>Developer</contrib>
32 <firstname>Lennart</firstname>
33 <surname>Poettering</surname>
34 <email>lennart@poettering.net</email>
35 </author>
36 </authorgroup>
37 </refentryinfo>
38
39 <refmeta>
3fde5f30 40 <refentrytitle>systemd.resource-control</refentrytitle>
d868475a
ZJS		 41 <manvolnum>5</manvolnum>
42 </refmeta>
43
44 <refnamediv>
3fde5f30
LP		 45 <refname>systemd.resource-control</refname>
46 <refpurpose>Resource control unit settings</refpurpose>
d868475a
ZJS		 47 </refnamediv>
48
49 <refsynopsisdiv>
50 <para>
51 <filename><replaceable>slice</replaceable>.slice</filename>,
52 <filename><replaceable>scope</replaceable>.scope</filename>,
53 <filename><replaceable>service</replaceable>.service</filename>,
54 <filename><replaceable>socket</replaceable>.socket</filename>,
55 <filename><replaceable>mount</replaceable>.mount</filename>,
56 <filename><replaceable>swap</replaceable>.swap</filename>
57 </para>
58 </refsynopsisdiv>
59
60 <refsect1>
61 <title>Description</title>
62
c7458f93
LP		 63 <para>Unit configuration files for services, slices, scopes, sockets, mount points, and swap devices share a subset
64 of configuration options for resource control of spawned processes. Internally, this relies on the Linux Control
65 Groups (cgroups) kernel concept for organizing processes in a hierarchical tree of named groups for the purpose of
66 resource management.</para>
9365b048 67
d868475a
ZJS		 68 <para>This man page lists the configuration options shared by
69 those six unit types. See
70 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
71 for the common options of all unit configuration files, and
72 <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
73 <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
74 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
75 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
76 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
77 and
78 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>
79 for more information on the specific unit configuration files. The
3fde5f30 80 resource control configuration options are configured in the
d868475a
ZJS		 81 [Slice], [Scope], [Service], [Socket], [Mount], or [Swap]
82 sections, depending on the unit type.</para>
ea021cc3 83
74b47bbd
ZJS		 84 <para>In addition, options which control resources available to programs
85 <emphasis>executed</emphasis> by systemd are listed in
86 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
87 Those options complement options listed here.</para>
88
ea021cc3 89 <para>See the <ulink
28a0ad81 90 url="https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/">New
72f4d966 91 Control Group Interfaces</ulink> for an introduction on how to make
ea021cc3 92 use of resource control APIs from programs.</para>
d868475a
ZJS		 93 </refsect1>
94
c129bd5d 95 <refsect1>
45f09f93 96 <title>Implicit Dependencies</title>
c129bd5d 97
45f09f93
JL		 98 <para>The following dependencies are implicitly added:</para>
99
100 <itemizedlist>
101 <listitem><para>Units with the <varname>Slice=</varname> setting set automatically acquire
102 <varname>Requires=</varname> and <varname>After=</varname> dependencies on the specified
103 slice unit.</para></listitem>
104 </itemizedlist>
c129bd5d
LP		 105 </refsect1>
106
45f09f93
JL		 107 <!-- We don't have any default dependency here. -->
108
538b4852
TH		 109 <refsect1>
110 <title>Unified and Legacy Control Group Hierarchies</title>
111
65c1cdb2
MR		 112 <para>The unified control group hierarchy is the new version of kernel control group interface, see <ulink
113 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>. Depending on the resource type,
114 there are differences in resource control capabilities. Also, because of interface changes, some resource types
115 have separate set of options on the unified hierarchy.</para>
538b4852
TH		 116
117 <para>
118 <variablelist>
66ebf6c0 119
538b4852 120 <varlistentry>
66ebf6c0 121 <term><option>CPU</option></term>
538b4852 122 <listitem>
66ebf6c0
TH		 123 <para><varname>CPUWeight=</varname> and <varname>StartupCPUWeight=</varname> replace
124 <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>, respectively.</para>
125
126 <para>The <literal>cpuacct</literal> controller does not exist separately on the unified hierarchy.</para>
538b4852
TH		 127 </listitem>
128 </varlistentry>
66ebf6c0 129
da4d897e
TH		 130 <varlistentry>
131 <term><option>Memory</option></term>
132 <listitem>
328583db
LP		 133 <para><varname>MemoryMax=</varname> replaces <varname>MemoryLimit=</varname>. <varname>MemoryLow=</varname>
134 and <varname>MemoryHigh=</varname> are effective only on unified hierarchy.</para>
da4d897e
TH		 135 </listitem>
136 </varlistentry>
66ebf6c0
TH		 137
138 <varlistentry>
139 <term><option>IO</option></term>
140 <listitem>
c12ad58c 141 <para><varname>IO</varname> prefixed settings are a superset of and replace <varname>BlockIO</varname>
66ebf6c0
TH		 142 prefixed ones. On unified hierarchy, IO resource control also applies to buffered writes.</para>
143 </listitem>
144 </varlistentry>
145
538b4852
TH		 146 </variablelist>
147 </para>
148
7d862ab8
TH		 149 <para>To ease the transition, there is best-effort translation between the two versions of settings. For each
150 controller, if any of the settings for the unified hierarchy are present, all settings for the legacy hierarchy are
151 ignored. If the resulting settings are for the other type of hierarchy, the configurations are translated before
152 application.</para>
c23b2c70
MR		 153
154 <para>Legacy control group hierarchy (see <ulink
155 url="https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt">cgroups.txt</ulink>), also called cgroup-v1,
0d5299ef 156 doesn't allow safe delegation of controllers to unprivileged processes. If the system uses the legacy control group
c23b2c70
MR		 157 hierarchy, resource control is disabled for systemd user instance, see
158 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
159 </para>
538b4852
TH		 160 </refsect1>
161
d868475a
ZJS		 162 <refsect1>
163 <title>Options</title>
164
165 <para>Units of the types listed above can have settings
3fde5f30 166 for resource control configuration:</para>
d868475a
ZJS		 167
168 <variablelist class='unit-directives'>
d868475a
ZJS		 169
170 <varlistentry>
61ad59b1 171 <term><varname>CPUAccounting=</varname></term>
d868475a
ZJS		 172
173 <listitem>
61ad59b1
LP		 174 <para>Turn on CPU usage accounting for this unit. Takes a
175 boolean argument. Note that turning on CPU accounting for
03a7b521 176 one unit will also implicitly turn it on for all units
085afe36
LP		 177 contained in the same slice and for all its parent slices
178 and the units contained therein. The system default for this
03a7b521 179 setting may be controlled with
085afe36
LP		 180 <varname>DefaultCPUAccounting=</varname> in
181 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
d868475a
ZJS		 182 </listitem>
183 </varlistentry>
184
66ebf6c0
TH		 185 <varlistentry>
186 <term><varname>CPUWeight=<replaceable>weight</replaceable></varname></term>
187 <term><varname>StartupCPUWeight=<replaceable>weight</replaceable></varname></term>
188
189 <listitem>
190 <para>Assign the specified CPU time weight to the processes executed, if the unified control group hierarchy
191 is used on the system. These options take an integer value and control the <literal>cpu.weight</literal>
192 control group attribute. The allowed range is 1 to 10000. Defaults to 100. For details about this control
193 group attribute, see <ulink
194 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink> and <ulink
195 url="https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.
196 The available CPU time is split up among all units within one slice relative to their CPU time weight.</para>
197
198 <para>While <varname>StartupCPUWeight=</varname> only applies to the startup phase of the system,
199 <varname>CPUWeight=</varname> applies to normal runtime of the system, and if the former is not set also to
200 the startup phase. Using <varname>StartupCPUWeight=</varname> allows prioritizing specific services at
201 boot-up differently than during normal runtime.</para>
202
203 <para>Implies <literal>CPUAccounting=true</literal>.</para>
204
7d862ab8 205 <para>These settings replace <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>.</para>
b2f8b02e
LP		 206 </listitem>
207 </varlistentry>
208
209 <varlistentry>
210 <term><varname>CPUQuota=</varname></term>
211
212 <listitem>
66ebf6c0
TH		 213 <para>Assign the specified CPU time quota to the processes executed. Takes a percentage value, suffixed with
214 "%". The percentage specifies how much CPU time the unit shall get at maximum, relative to the total CPU time
215 available on one CPU. Use values &gt; 100% for allotting CPU time on more than one CPU. This controls the
216 <literal>cpu.max</literal> attribute on the unified control group hierarchy and
217 <literal>cpu.cfs_quota_us</literal> on legacy. For details about these control group attributes, see <ulink
218 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink> and <ulink
b2f8b02e
LP		 219 url="https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.</para>
220
66ebf6c0
TH		 221 <para>Example: <varname>CPUQuota=20%</varname> ensures that the executed processes will never get more than
222 20% CPU time on one CPU.</para>
b2f8b02e
LP		 223
224 <para>Implies <literal>CPUAccounting=true</literal>.</para>
225 </listitem>
226 </varlistentry>
227
61ad59b1
LP		 228 <varlistentry>
229 <term><varname>MemoryAccounting=</varname></term>
230
231 <listitem>
232 <para>Turn on process and kernel memory accounting for this
233 unit. Takes a boolean argument. Note that turning on memory
03a7b521
LP		 234 accounting for one unit will also implicitly turn it on for
235 all units contained in the same slice and for all its parent
236 slices and the units contained therein. The system default
237 for this setting may be controlled with
085afe36
LP		 238 <varname>DefaultMemoryAccounting=</varname> in
239 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
61ad59b1
LP		 240 </listitem>
241 </varlistentry>
242
da4d897e
TH		 243 <varlistentry>
244 <term><varname>MemoryLow=<replaceable>bytes</replaceable></varname></term>
245
246 <listitem>
247 <para>Specify the best-effort memory usage protection of the executed processes in this unit. If the memory
248 usages of this unit and all its ancestors are below their low boundaries, this unit's memory won't be
249 reclaimed as long as memory can be reclaimed from unprotected units.</para>
250
251 <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
875ae566
LP		 252 parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
253 percentage value may be specified, which is taken relative to the installed physical memory on the
254 system. This controls the <literal>memory.low</literal> control group attribute. For details about this
255 control group attribute, see <ulink
256 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
da4d897e
TH		 257
258 <para>Implies <literal>MemoryAccounting=true</literal>.</para>
259
7d862ab8
TH		 260 <para>This setting is supported only if the unified control group hierarchy is used and disables
261 <varname>MemoryLimit=</varname>.</para>
da4d897e
TH		 262 </listitem>
263 </varlistentry>
264
265 <varlistentry>
266 <term><varname>MemoryHigh=<replaceable>bytes</replaceable></varname></term>
267
268 <listitem>
269 <para>Specify the high limit on memory usage of the executed processes in this unit. Memory usage may go
270 above the limit if unavoidable, but the processes are heavily slowed down and memory is taken away
271 aggressively in such cases. This is the main mechanism to control memory usage of a unit.</para>
272
273 <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
875ae566
LP		 274 parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
275 percentage value may be specified, which is taken relative to the installed physical memory on the
276 system. If assigned the
e57c9ce1 277 special value <literal>infinity</literal>, no memory limit is applied. This controls the
da4d897e
TH		 278 <literal>memory.high</literal> control group attribute. For details about this control group attribute, see
279 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
280
281 <para>Implies <literal>MemoryAccounting=true</literal>.</para>
282
7d862ab8
TH		 283 <para>This setting is supported only if the unified control group hierarchy is used and disables
284 <varname>MemoryLimit=</varname>.</para>
da4d897e
TH		 285 </listitem>
286 </varlistentry>
287
288 <varlistentry>
289 <term><varname>MemoryMax=<replaceable>bytes</replaceable></varname></term>
290
291 <listitem>
292 <para>Specify the absolute limit on memory usage of the executed processes in this unit. If memory usage
293 cannot be contained under the limit, out-of-memory killer is invoked inside the unit. It is recommended to
294 use <varname>MemoryHigh=</varname> as the main control mechanism and use <varname>MemoryMax=</varname> as the
295 last line of defense.</para>
296
297 <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
875ae566
LP		 298 parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
299 percentage value may be specified, which is taken relative to the installed physical memory on the system. If
300 assigned the special value <literal>infinity</literal>, no memory limit is applied. This controls the
da4d897e
TH		 301 <literal>memory.max</literal> control group attribute. For details about this control group attribute, see
302 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
303
304 <para>Implies <literal>MemoryAccounting=true</literal>.</para>
305
7d862ab8 306 <para>This setting replaces <varname>MemoryLimit=</varname>.</para>
da4d897e
TH		 307 </listitem>
308 </varlistentry>
309
96e131ea
WC		 310 <varlistentry>
311 <term><varname>MemorySwapMax=<replaceable>bytes</replaceable></varname></term>
312
313 <listitem>
314 <para>Specify the absolute limit on swap usage of the executed processes in this unit.</para>
315
316 <para>Takes a swap size in bytes. If the value is suffixed with K, M, G or T, the specified swap size is
317 parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the
318 special value <literal>infinity</literal>, no swap limit is applied. This controls the
319 <literal>memory.swap.max</literal> control group attribute. For details about this control group attribute,
320 see <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
321
322 <para>Implies <literal>MemoryAccounting=true</literal>.</para>
323
7d862ab8
TH		 324 <para>This setting is supported only if the unified control group hierarchy is used and disables
325 <varname>MemoryLimit=</varname>.</para>
d868475a
ZJS		 326 </listitem>
327 </varlistentry>
328
03a7b521
LP		 329 <varlistentry>
330 <term><varname>TasksAccounting=</varname></term>
331
332 <listitem>
333 <para>Turn on task accounting for this unit. Takes a
334 boolean argument. If enabled, the system manager will keep
335 track of the number of tasks in the unit. The number of
336 tasks accounted this way includes both kernel threads and
337 userspace processes, with each thread counting
338 individually. Note that turning on tasks accounting for one
339 unit will also implicitly turn it on for all units contained
340 in the same slice and for all its parent slices and the
341 units contained therein. The system default for this setting
342 may be controlled with
343 <varname>DefaultTasksAccounting=</varname> in
344 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
345 </listitem>
346 </varlistentry>
347
348 <varlistentry>
349 <term><varname>TasksMax=<replaceable>N</replaceable></varname></term>
350
351 <listitem>
83f8e808
LP		 352 <para>Specify the maximum number of tasks that may be created in the unit. This ensures that the number of
353 tasks accounted for the unit (see above) stays below a specific limit. This either takes an absolute number
354 of tasks or a percentage value that is taken relative to the configured maximum number of tasks on the
355 system. If assigned the special value <literal>infinity</literal>, no tasks limit is applied. This controls
356 the <literal>pids.max</literal> control group attribute. For details about this control group attribute, see
357 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/pids.txt">pids.txt</ulink>.</para>
03a7b521 358
0af20ea2
LP		 359 <para>Implies <literal>TasksAccounting=true</literal>. The
360 system default for this setting may be controlled with
361 <varname>DefaultTasksMax=</varname> in
362 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
03a7b521
LP		 363 </listitem>
364 </varlistentry>
365
13c31542
TH		 366 <varlistentry>
367 <term><varname>IOAccounting=</varname></term>
368
369 <listitem>
0069a0dd
LP		 370 <para>Turn on Block I/O accounting for this unit, if the unified control group hierarchy is used on the
371 system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly
372 turn it on for all units contained in the same slice and all for its parent slices and the units contained
373 therein. The system default for this setting may be controlled with <varname>DefaultIOAccounting=</varname>
374 in
13c31542 375 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
0069a0dd 376
7d862ab8
TH		 377 <para>This setting replaces <varname>BlockIOAccounting=</varname> and disables settings prefixed with
378 <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para>
13c31542
TH		 379 </listitem>
380 </varlistentry>
381
382 <varlistentry>
383 <term><varname>IOWeight=<replaceable>weight</replaceable></varname></term>
384 <term><varname>StartupIOWeight=<replaceable>weight</replaceable></varname></term>
385
386 <listitem>
0069a0dd
LP		 387 <para>Set the default overall block I/O weight for the executed processes, if the unified control group
388 hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the default block
389 I/O weight. This controls the <literal>io.weight</literal> control group attribute, which defaults to
390 100. For details about this control group attribute, see <ulink
391 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>. The available I/O
392 bandwidth is split up among all units within one slice relative to their block I/O weight.</para>
13c31542
TH		 393
394 <para>While <varname>StartupIOWeight=</varname> only applies
395 to the startup phase of the system,
396 <varname>IOWeight=</varname> applies to the later runtime of
397 the system, and if the former is not set also to the startup
398 phase. This allows prioritizing specific services at boot-up
399 differently than during runtime.</para>
400
401 <para>Implies <literal>IOAccounting=true</literal>.</para>
0069a0dd 402
7d862ab8
TH		 403 <para>These settings replace <varname>BlockIOWeight=</varname> and <varname>StartupBlockIOWeight=</varname>
404 and disable settings prefixed with <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para>
13c31542
TH		 405 </listitem>
406 </varlistentry>
407
408 <varlistentry>
409 <term><varname>IODeviceWeight=<replaceable>device</replaceable> <replaceable>weight</replaceable></varname></term>
410
411 <listitem>
0069a0dd
LP		 412 <para>Set the per-device overall block I/O weight for the executed processes, if the unified control group
413 hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify
414 the device specific weight value, between 1 and 10000. (Example: "/dev/sda 1000"). The file path may be
415 specified as path to a block device node or as any other file, in which case the backing block device of the
416 file system of the file is determined. This controls the <literal>io.weight</literal> control group
417 attribute, which defaults to 100. Use this option multiple times to set weights for multiple devices. For
418 details about this control group attribute, see <ulink
13c31542
TH		 419 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para>
420
421 <para>Implies <literal>IOAccounting=true</literal>.</para>
0069a0dd 422
7d862ab8
TH		 423 <para>This setting replaces <varname>BlockIODeviceWeight=</varname> and disables settings prefixed with
424 <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para>
13c31542
TH		 425 </listitem>
426 </varlistentry>
427
428 <varlistentry>
429 <term><varname>IOReadBandwidthMax=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
430 <term><varname>IOWriteBandwidthMax=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
431
432 <listitem>
0069a0dd
LP		 433 <para>Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified
434 control group hierarchy is used on the system. This limit is not work-conserving and the executed processes
435 are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file
436 path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may
437 be a path to a block device node, or as any other file in which case the backing block device of the file
438 system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is
439 parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
440 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the <literal>io.max</literal> control
441 group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details
442 about this control group attribute, see <ulink
13c31542
TH		 443 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.
444 </para>
445
446 <para>Implies <literal>IOAccounting=true</literal>.</para>
0069a0dd 447
7d862ab8
TH		 448 <para>These settings replace <varname>BlockIOReadBandwidth=</varname> and
449 <varname>BlockIOWriteBandwidth=</varname> and disable settings prefixed with <varname>BlockIO</varname> or
450 <varname>StartupBlockIO</varname>.</para>
13c31542
TH		 451 </listitem>
452 </varlistentry>
453
ac06a0cf
TH		 454 <varlistentry>
455 <term><varname>IOReadIOPSMax=<replaceable>device</replaceable> <replaceable>IOPS</replaceable></varname></term>
456 <term><varname>IOWriteIOPSMax=<replaceable>device</replaceable> <replaceable>IOPS</replaceable></varname></term>
457
458 <listitem>
459 <para>Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the
460 unified control group hierarchy is used on the system. This limit is not work-conserving and the executed
461 processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of
462 a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block
463 device node, or as any other file in which case the backing block device of the file system of the file is
464 used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS,
465 GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example:
466 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the <literal>io.max</literal> control
467 group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about
468 this control group attribute, see <ulink
469 url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.
470 </para>
471
472 <para>Implies <literal>IOAccounting=true</literal>.</para>
473
7d862ab8
TH		 474 <para>These settings are supported only if the unified control group hierarchy is used and disable settings
475 prefixed with <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para>
d868475a
ZJS		 476 </listitem>
477 </varlistentry>
478
8d8631d4
DM		 479 <varlistentry>
480 <term><varname>IPAccounting=</varname></term>
481
482 <listitem>
483 <para>Takes a boolean argument. If true, turns on IPv4 and IPv6 network traffic accounting for packets sent
484 or received by the unit. When this option is turned on, all IPv4 and IPv6 sockets created by any process of
485 the unit are accounted for. When this option is used in socket units, it applies to all IPv4 and IPv6 sockets
486 associated with it (including both listening and connection sockets where this applies). Note that for
487 socket-activated services, this configuration setting and the accounting data of the service unit and the
488 socket unit are kept separate, and displayed separately. No propagation of the setting and the collected
489 statistics is done, in either direction. Moreover, any traffic sent or received on any of the socket unit's
490 sockets is accounted to the socket unit — and never to the service unit it might have activated, even if the
491 socket is used by it. Note that IP accounting is currently not supported for slice units, and enabling this
492 option for them has no effect. The system default for this setting may be controlled with
493 <varname>DefaultIPAccounting=</varname> in
494 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
495 </listitem>
496 </varlistentry>
497
498 <varlistentry>
dcfaecc7 499 <term><varname>IPAddressAllow=<replaceable>ADDRESS[/PREFIXLENGTH]…</replaceable></varname></term>
8d8631d4
DM		 500 <term><varname>IPAddressDeny=<replaceable>ADDRESS[/PREFIXLENGTH]…</replaceable></varname></term>
501
502 <listitem>
503 <para>Turn on address range network traffic filtering for packets sent and received over AF_INET and AF_INET6
504 sockets. Both directives take a space separated list of IPv4 or IPv6 addresses, each optionally suffixed
505 with an address prefix length (separated by a <literal>/</literal> character). If the latter is omitted, the
506 address is considered a host address, i.e. the prefix covers the whole address (32 for IPv4, 128 for IPv6).
507 </para>
508
509 <para>The access lists configured with this option are applied to all sockets created by processes of this
510 unit (or in the case of socket units, associated with it). The lists are implicitly combined with any lists
511 configured for any of the parent slice units this unit might be a member of. By default all access lists are
512 empty. When configured the lists are enforced as follows:</para>
513
514 <itemizedlist>
515 <listitem><para>Access will be granted in case its destination/source address matches any entry in the
516 <varname>IPAddressAllow=</varname> setting.</para></listitem>
517
518 <listitem><para>Otherwise, access will be denied in case its destination/source address matches any entry
519 in the <varname>IPAddressDeny=</varname> setting.</para></listitem>
520
521 <listitem><para>Otherwise, access will be granted.</para></listitem>
522 </itemizedlist>
523
524 <para>In order to implement a whitelisting IP firewall, it is recommended to use a
525 <varname>IPAddressDeny=</varname><constant>any</constant> setting on an upper-level slice unit (such as the
526 root slice <filename>-.slice</filename> or the slice containing all system services
527 <filename>system.slice</filename> – see
528 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
529 details on these slice units), plus individual per-service <varname>IPAddressAllow=</varname> lines
530 permitting network access to relevant services, and only them.</para>
531
532 <para>Note that for socket-activated services, the IP access list configured on the socket unit applies to
533 all sockets associated with it directly, but not to any sockets created by the ultimately activated services
534 for it. Conversely, the IP access list configured for the service is not applied to any sockets passed into
535 the service via socket activation. Thus, it is usually a good idea, to replicate the IP access lists on both
536 the socket and the service unit, however it often makes sense to maintain one list more open and the other
537 one more restricted, depending on the usecase.</para>
538
539 <para>If these settings are used multiple times in the same unit the specified lists are combined. If an
540 empty string is assigned to these settings the specific access list is reset and all previous settings undone.</para>
541
542 <para>In place of explicit IPv4 or IPv6 address and prefix length specifications a small set of symbolic
543 names may be used. The following names are defined:</para>
544
545 <table>
546 <title>Special address/network names</title>
547
548 <tgroup cols='3'>
549 <colspec colname='name'/>
550 <colspec colname='definition'/>
551 <colspec colname='meaning'/>
552
553 <thead>
554 <row>
555 <entry>Symbolic Name</entry>
556 <entry>Definition</entry>
557 <entry>Meaning</entry>
558 </row>
559 </thead>
560
561 <tbody>
562 <row>
563 <entry><constant>any</constant></entry>
564 <entry>0.0.0.0/0 ::/0</entry>
565 <entry>Any host</entry>
566 </row>
567
568 <row>
569 <entry><constant>localhost</constant></entry>
570 <entry>127.0.0.0/8 ::1/128</entry>
571 <entry>All addresses on the local loopback</entry>
572 </row>
573
574 <row>
575 <entry><constant>link-local</constant></entry>
576 <entry>169.254.0.0/16 fe80::/64</entry>
577 <entry>All link-local IP addresses</entry>
578 </row>
579
580 <row>
581 <entry><constant>multicast</constant></entry>
582 <entry>224.0.0.0/4 ff00::/8</entry>
583 <entry>All IP multicasting addresses</entry>
584 </row>
585 </tbody>
586 </tgroup>
587 </table>
588
589 <para>Note that these settings might not be supported on some systems (for example if eBPF control group
590 support is not enabled in the underlying kernel or container manager). These settings will have no effect in
591 that case. If compatibility with such systems is desired it is hence recommended to not exclusively rely on
592 them for IP security.</para>
593 </listitem>
594 </varlistentry>
595
d868475a
ZJS		 596 <varlistentry>
597 <term><varname>DeviceAllow=</varname></term>
598
599 <listitem>
600 <para>Control access to specific device nodes by the
601 executed processes. Takes two space-separated strings: a
90060676
LP		 602 device node specifier followed by a combination of
603 <constant>r</constant>, <constant>w</constant>,
604 <constant>m</constant> to control
d868475a 605 <emphasis>r</emphasis>eading, <emphasis>w</emphasis>riting,
90060676 606 or creation of the specific device node(s) by the unit
d868475a
ZJS		 607 (<emphasis>m</emphasis>knod), respectively. This controls
608 the <literal>devices.allow</literal> and
609 <literal>devices.deny</literal> control group
90060676
LP		 610 attributes. For details about these control group
611 attributes, see <ulink
c51fa947 612 url="https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt">devices.txt</ulink>.</para>
90060676
LP		 613
614 <para>The device node specifier is either a path to a device
615 node in the file system, starting with
616 <filename>/dev/</filename>, or a string starting with either
617 <literal>char-</literal> or <literal>block-</literal>
618 followed by a device group name, as listed in
619 <filename>/proc/devices</filename>. The latter is useful to
620 whitelist all current and future devices belonging to a
e41969e3 621 specific device group at once. The device group is matched
1245e413 622 according to filename globbing rules, you may hence use the
e41969e3
LP		 623 <literal>*</literal> and <literal>?</literal>
624 wildcards. Examples: <filename>/dev/sda5</filename> is a
625 path to a device node, referring to an ATA or SCSI block
90060676
LP		 626 device. <literal>char-pts</literal> and
627 <literal>char-alsa</literal> are specifiers for all pseudo
e41969e3
LP		 628 TTYs and all ALSA sound devices,
629 respectively. <literal>char-cpu/*</literal> is a specifier
630 matching all CPU related device groups.</para>
d868475a
ZJS		 631 </listitem>
632 </varlistentry>
633
634 <varlistentry>
635 <term><varname>DevicePolicy=auto|closed|strict</varname></term>
636
637 <listitem>
638 <para>
639 Control the policy for allowing device access:
640 </para>
641 <variablelist>
642 <varlistentry>
643 <term><option>strict</option></term>
644 <listitem>
645 <para>means to only allow types of access that are
646 explicitly specified.</para>
647 </listitem>
648 </varlistentry>
649
650 <varlistentry>
651 <term><option>closed</option></term>
652 <listitem>
6a75304e 653 <para>in addition, allows access to standard pseudo
d868475a
ZJS		 654 devices including
655 <filename>/dev/null</filename>,
656 <filename>/dev/zero</filename>,
657 <filename>/dev/full</filename>,
658 <filename>/dev/random</filename>, and
659 <filename>/dev/urandom</filename>.
660 </para>
661 </listitem>
662 </varlistentry>
663
664 <varlistentry>
665 <term><option>auto</option></term>
666 <listitem>
667 <para>
6a75304e 668 in addition, allows access to all devices if no
d868475a
ZJS		 669 explicit <varname>DeviceAllow=</varname> is present.
670 This is the default.
671 </para>
672 </listitem>
673 </varlistentry>
674 </variablelist>
675 </listitem>
676 </varlistentry>
61ad59b1
LP		 677
678 <varlistentry>
679 <term><varname>Slice=</varname></term>
680
681 <listitem>
682 <para>The name of the slice unit to place the unit
683 in. Defaults to <filename>system.slice</filename> for all
dc7adf20
LP		 684 non-instantiated units of all unit types (except for slice
685 units themselves see below). Instance units are by default
686 placed in a subslice of <filename>system.slice</filename>
687 that is named after the template name.</para>
688
689 <para>This option may be used to arrange systemd units in a
690 hierarchy of slices each of which might have resource
691 settings applied.</para>
61ad59b1 692
fbce1139 693 <para>For units of type slice, the only accepted value for
61ad59b1 694 this setting is the parent slice. Since the name of a slice
fbce1139 695 unit implies the parent slice, it is hence redundant to ever
61ad59b1 696 set this parameter directly for slice units.</para>
ae0a5fb1
LP		 697
698 <para>Special care should be taken when relying on the default slice assignment in templated service units
699 that have <varname>DefaultDependencies=no</varname> set, see
700 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, section
45f09f93 701 "Default Dependencies" for details.</para>
ae0a5fb1 702
61ad59b1
LP		 703 </listitem>
704 </varlistentry>
705
a931ad47
LP		 706 <varlistentry>
707 <term><varname>Delegate=</varname></term>
708
709 <listitem>
a9f01ad1
LP		 710 <para>Turns on delegation of further resource control partitioning to processes of the unit. Units where this
711 is enabled may create and manage their own private subhierarchy of control groups below the control group of
712 the unit itself. For unprivileged services (i.e. those using the <varname>User=</varname> setting) the unit's
713 control group will be made accessible to the relevant user. When enabled the service manager will refrain
714 from manipulating control groups or moving processes below the unit's control group, so that a clear concept
715 of ownership is established: the control group tree above the unit's control group (i.e. towards the root
716 control group) is owned and managed by the service manager of the host, while the control group tree below
717 the unit's control group is owned and managed by the unit itself. Takes either a boolean argument or a list
718 of control group controller names. If true, delegation is turned on, and all supported controllers are
719 enabled for the unit, making them available to the unit's processes for management. If false, delegation is
720 turned off entirely (and no additional controllers are enabled). If set to a list of controllers, delegation
721 is turned on, and the specified controllers are enabled for the unit. Note that assigning the empty string
1bdfc7b9
YW		 722 will enable delegation, but reset the list of controllers, all assignments prior to this will have no effect.
723 Defaults to false.</para>
a9f01ad1
LP		 724
725 <para>Note that controller delegation to less privileged code is only safe on the unified control group
726 hierarchy. Accordingly, access to the specified controllers will not be granted to unprivileged services on
727 the legacy hierarchy, even when requested.</para>
728
729 <para>The following controller names may be specified: <option>cpu</option>, <option>cpuacct</option>,
730 <option>io</option>, <option>blkio</option>, <option>memory</option>, <option>devices</option>,
731 <option>pids</option>. Not all of these controllers are available on all kernels however, and some are
732 specific to the unified hierarchy while others are specific to the legacy hierarchy. Also note that the
733 kernel might support further controllers, which aren't covered here yet as delegation is either not supported
734 at all for them or not defined cleanly.</para>
a931ad47
LP		 735 </listitem>
736 </varlistentry>
737
d868475a
ZJS		 738 </variablelist>
739 </refsect1>
740
7d862ab8
TH		 741 <refsect1>
742 <title>Deprecated Options</title>
743
744 <para>The following options are deprecated. Use the indicated superseding options instead:</para>
745
746 <variablelist class='unit-directives'>
747
748 <varlistentry>
749 <term><varname>CPUShares=<replaceable>weight</replaceable></varname></term>
750 <term><varname>StartupCPUShares=<replaceable>weight</replaceable></varname></term>
751
752 <listitem>
753 <para>Assign the specified CPU time share weight to the processes executed. These options take an integer
754 value and control the <literal>cpu.shares</literal> control group attribute. The allowed range is 2 to
755 262144. Defaults to 1024. For details about this control group attribute, see <ulink
756 url="https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.
757 The available CPU time is split up among all units within one slice relative to their CPU time share
758 weight.</para>
759
760 <para>While <varname>StartupCPUShares=</varname> only applies to the startup phase of the system,
761 <varname>CPUShares=</varname> applies to normal runtime of the system, and if the former is not set also to
762 the startup phase. Using <varname>StartupCPUShares=</varname> allows prioritizing specific services at
763 boot-up differently than during normal runtime.</para>
764
765 <para>Implies <literal>CPUAccounting=true</literal>.</para>
766
767 <para>These settings are deprecated. Use <varname>CPUWeight=</varname> and
768 <varname>StartupCPUWeight=</varname> instead.</para>
769 </listitem>
770 </varlistentry>
771
772 <varlistentry>
773 <term><varname>MemoryLimit=<replaceable>bytes</replaceable></varname></term>
774
775 <listitem>
776 <para>Specify the limit on maximum memory usage of the executed processes. The limit specifies how much
777 process and kernel memory can be used by tasks in this unit. Takes a memory size in bytes. If the value is
778 suffixed with K, M, G or T, the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or
779 Terabytes (with the base 1024), respectively. Alternatively, a percentage value may be specified, which is
780 taken relative to the installed physical memory on the system. If assigned the special value
781 <literal>infinity</literal>, no memory limit is applied. This controls the
782 <literal>memory.limit_in_bytes</literal> control group attribute. For details about this control group
783 attribute, see <ulink
784 url="https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt">memory.txt</ulink>.</para>
785
786 <para>Implies <literal>MemoryAccounting=true</literal>.</para>
787
788 <para>This setting is deprecated. Use <varname>MemoryMax=</varname> instead.</para>
789 </listitem>
790 </varlistentry>
791
792 <varlistentry>
793 <term><varname>BlockIOAccounting=</varname></term>
794
795 <listitem>
796 <para>Turn on Block I/O accounting for this unit, if the legacy control group hierarchy is used on the
797 system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly
798 turn it on for all units contained in the same slice and all for its parent slices and the units contained
799 therein. The system default for this setting may be controlled with
800 <varname>DefaultBlockIOAccounting=</varname> in
801 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
802
803 <para>This setting is deprecated. Use <varname>IOAccounting=</varname> instead.</para>
804 </listitem>
805 </varlistentry>
806
807 <varlistentry>
808 <term><varname>BlockIOWeight=<replaceable>weight</replaceable></varname></term>
809 <term><varname>StartupBlockIOWeight=<replaceable>weight</replaceable></varname></term>
810
811 <listitem><para>Set the default overall block I/O weight for the executed processes, if the legacy control
812 group hierarchy is used on the system. Takes a single weight value (between 10 and 1000) to set the default
813 block I/O weight. This controls the <literal>blkio.weight</literal> control group attribute, which defaults to
814 500. For details about this control group attribute, see <ulink
815 url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>.
816 The available I/O bandwidth is split up among all units within one slice relative to their block I/O
817 weight.</para>
818
819 <para>While <varname>StartupBlockIOWeight=</varname> only
820 applies to the startup phase of the system,
821 <varname>BlockIOWeight=</varname> applies to the later runtime
822 of the system, and if the former is not set also to the
823 startup phase. This allows prioritizing specific services at
824 boot-up differently than during runtime.</para>
825
826 <para>Implies
827 <literal>BlockIOAccounting=true</literal>.</para>
828
829 <para>These settings are deprecated. Use <varname>IOWeight=</varname> and <varname>StartupIOWeight=</varname>
830 instead.</para>
831
832 </listitem>
833 </varlistentry>
834
835 <varlistentry>
836 <term><varname>BlockIODeviceWeight=<replaceable>device</replaceable> <replaceable>weight</replaceable></varname></term>
837
838 <listitem>
839 <para>Set the per-device overall block I/O weight for the executed processes, if the legacy control group
840 hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify
841 the device specific weight value, between 10 and 1000. (Example: "/dev/sda 500"). The file path may be
842 specified as path to a block device node or as any other file, in which case the backing block device of the
843 file system of the file is determined. This controls the <literal>blkio.weight_device</literal> control group
844 attribute, which defaults to 1000. Use this option multiple times to set weights for multiple devices. For
845 details about this control group attribute, see <ulink
846 url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>.</para>
847
848 <para>Implies
849 <literal>BlockIOAccounting=true</literal>.</para>
850
851 <para>This setting is deprecated. Use <varname>IODeviceWeight=</varname> instead.</para>
852 </listitem>
853 </varlistentry>
854
855 <varlistentry>
856 <term><varname>BlockIOReadBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
857 <term><varname>BlockIOWriteBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
858
859 <listitem>
860 <para>Set the per-device overall block I/O bandwidth limit for the executed processes, if the legacy control
861 group hierarchy is used on the system. Takes a space-separated pair of a file path and a bandwidth value (in
862 bytes per second) to specify the device specific bandwidth. The file path may be a path to a block device
863 node, or as any other file in which case the backing block device of the file system of the file is used. If
864 the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is parsed as Kilobytes, Megabytes,
865 Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
866 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the
867 <literal>blkio.throttle.read_bps_device</literal> and <literal>blkio.throttle.write_bps_device</literal>
868 control group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For
869 details about these control group attributes, see <ulink
870 url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>.
871 </para>
872
873 <para>Implies
874 <literal>BlockIOAccounting=true</literal>.</para>
875
876 <para>These settings are deprecated. Use <varname>IOReadBandwidthMax=</varname> and
877 <varname>IOWriteBandwidthMax=</varname> instead.</para>
878 </listitem>
879 </varlistentry>
880
881 </variablelist>
882 </refsect1>
883
d868475a
ZJS		 884 <refsect1>
885 <title>See Also</title>
886 <para>
887 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
888 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
889 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
890 <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
891 <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
892 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
893 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
894 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
74b47bbd 895 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
d868475a 896 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
61ad59b1 897 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
d868475a 898 The documentation for control groups and specific controllers in the Linux kernel:
c51fa947
MP		 899 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt">cgroups.txt</ulink>,
900 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/cpuacct.txt">cpuacct.txt</ulink>,
901 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt">memory.txt</ulink>,
902 <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>.
d868475a
ZJS		 903 </para>
904 </refsect1>
905</refentry>
Unnamed repository; edit this file 'description' to name the repository.