]>
Commit | Line | Data |
---|---|---|
1f812fea LP |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?> | |
3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | |
4 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
5 | ||
6 | <!-- | |
7 | This file is part of systemd. | |
8 | ||
9 | Copyright 2010 Lennart Poettering | |
10 | ||
11 | systemd is free software; you can redistribute it and/or modify it | |
5430f7f2 LP |
12 | under the terms of the GNU Lesser General Public License as published by |
13 | the Free Software Foundation; either version 2.1 of the License, or | |
1f812fea LP |
14 | (at your option) any later version. |
15 | ||
16 | systemd is distributed in the hope that it will be useful, but | |
17 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
5430f7f2 | 19 | Lesser General Public License for more details. |
1f812fea | 20 | |
5430f7f2 | 21 | You should have received a copy of the GNU Lesser General Public License |
1f812fea LP |
22 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
23 | --> | |
24 | ||
25 | <refentry id="systemd.socket"> | |
26 | <refentryinfo> | |
27 | <title>systemd.socket</title> | |
28 | <productname>systemd</productname> | |
29 | ||
30 | <authorgroup> | |
31 | <author> | |
32 | <contrib>Developer</contrib> | |
33 | <firstname>Lennart</firstname> | |
34 | <surname>Poettering</surname> | |
35 | <email>lennart@poettering.net</email> | |
36 | </author> | |
37 | </authorgroup> | |
38 | </refentryinfo> | |
39 | ||
40 | <refmeta> | |
41 | <refentrytitle>systemd.socket</refentrytitle> | |
42 | <manvolnum>5</manvolnum> | |
43 | </refmeta> | |
44 | ||
45 | <refnamediv> | |
46 | <refname>systemd.socket</refname> | |
34511ca7 | 47 | <refpurpose>Socket unit configuration</refpurpose> |
1f812fea LP |
48 | </refnamediv> |
49 | ||
50 | <refsynopsisdiv> | |
51 | <para><filename>systemd.socket</filename></para> | |
52 | </refsynopsisdiv> | |
53 | ||
54 | <refsect1> | |
55 | <title>Description</title> | |
56 | ||
65232ea7 LP |
57 | <para>A unit configuration file whose name ends in |
58 | <filename>.socket</filename> encodes information about | |
59 | an IPC or network socket or a file system FIFO | |
60 | controlled and supervised by systemd, for socket-based | |
61 | activation.</para> | |
1f812fea LP |
62 | |
63 | <para>This man page lists the configuration options | |
64 | specific to this unit type. See | |
65 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
66 | for the common options of all unit configuration | |
67 | files. The common configuration items are configured | |
68 | in the generic [Unit] and [Install] sections. The | |
cdb788e4 | 69 | socket specific configuration options are configured |
1f812fea LP |
70 | in the [Socket] section.</para> |
71 | ||
72 | <para>Additional options are listed in | |
ba60f905 LP |
73 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
74 | which define the execution environment the | |
75 | <option>ExecStartPre=</option>, | |
76 | <option>ExecStartPost=</option>, | |
77 | <option>ExecStopPre=</option> and | |
78 | <option>ExecStoptPost=</option> commands are executed | |
4819ff03 LP |
79 | in, and in |
80 | <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
81 | which define the way the processes are | |
82 | terminated.</para> | |
1f812fea | 83 | |
65232ea7 LP |
84 | <para>For each socket file a matching service file |
85 | (see | |
86 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
87 | for details) must exist, describing the service to | |
88 | start on incoming traffic on the socket. Depending on | |
b439c6ee | 89 | the setting of <option>Accept=</option> (see below), |
65232ea7 LP |
90 | this must either be named like the socket unit, but |
91 | with the suffix replaced; or it must be a template | |
92 | file named the same way. Example: a socket file | |
1f812fea LP |
93 | <filename>foo.socket</filename> needs a matching |
94 | service <filename>foo.service</filename> if | |
95 | <option>Accept=false</option> is set. If | |
96 | <option>Accept=true</option> is set a service template | |
97 | file <filename>foo@.service</filename> must exist from | |
98 | which services are instantiated for each incoming | |
99 | connection.</para> | |
65232ea7 | 100 | |
62adf224 LP |
101 | <para>Unless <varname>DefaultDependencies=</varname> |
102 | is set to <option>false</option>, socket units will | |
103 | implicitly have dependencies of type | |
104 | <varname>Requires=</varname> and | |
105 | <varname>After=</varname> on | |
106 | <filename>sysinit.target</filename> as well as | |
107 | dependencies of type <varname>Conflicts=</varname> and | |
108 | <varname>Before=</varname> on | |
109 | <filename>shutdown.target</filename>. These ensure | |
110 | that socket units pull in basic system | |
111 | initialization, and are terminated cleanly prior to | |
112 | system shutdown. Only sockets involved with early | |
113 | boot or late system shutdown should disable this | |
114 | option.</para> | |
115 | ||
65232ea7 | 116 | <para>Socket units may be used to implement on-demand |
b439c6ee | 117 | starting of services, as well as parallelized starting |
65232ea7 | 118 | of services.</para> |
be039669 LP |
119 | |
120 | <para>Note that the daemon software configured for | |
121 | socket activation with socket units needs to be able | |
122 | to accept sockets from systemd, either via systemd's | |
123 | native socket passing interface (see | |
124 | <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry> | |
125 | for details) or via the traditional | |
126 | <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>-style | |
127 | socket passing (i.e. sockets passed in via STDIN and | |
128 | STDOUT, using <varname>StandardInput=socket</varname> | |
129 | in the service file).</para> | |
1f812fea LP |
130 | </refsect1> |
131 | ||
132 | <refsect1> | |
133 | <title>Options</title> | |
134 | ||
135 | <para>Socket files must include a [Socket] section, | |
136 | which carries information about the socket or FIFO it | |
137 | supervises. A number of options that may be used in | |
138 | this section are shared with other unit types. These | |
139 | options are documented in | |
4819ff03 LP |
140 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
141 | and | |
142 | <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The | |
65232ea7 | 143 | options specific to the [Socket] section of socket |
1f812fea LP |
144 | units are the following:</para> |
145 | ||
146 | <variablelist> | |
147 | <varlistentry> | |
148 | <term><varname>ListenStream=</varname></term> | |
149 | <term><varname>ListenDatagram=</varname></term> | |
150 | <term><varname>ListenSequentialPacket=</varname></term> | |
151 | <listitem><para>Specifies an address | |
152 | to listen on for a stream | |
16dad32e AE |
153 | (SOCK_STREAM), datagram (SOCK_DGRAM), |
154 | or sequential packet | |
155 | (SOCK_SEQPACKET) socket, respectively. The address | |
1f812fea LP |
156 | can be written in various formats:</para> |
157 | ||
158 | <para>If the address starts with a | |
159 | slash (/), it is read as file system | |
160 | socket in the AF_UNIX socket | |
161 | family.</para> | |
162 | ||
163 | <para>If the address starts with an | |
7e115808 | 164 | at symbol (@) it is read as abstract |
1f812fea LP |
165 | namespace socket in the AF_UNIX |
166 | family. The @ is replaced with a NUL | |
167 | character before binding. For details | |
168 | see | |
169 | <citerefentry><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para> | |
170 | ||
171 | <para>If the address string is a | |
172 | single number it is read as port | |
5198dabc LP |
173 | number to listen on via |
174 | IPv6. Depending on the value of | |
175 | <varname>BindIPv6Only=</varname> (see below) this | |
176 | might result in the service being | |
177 | available via both IPv6 and IPv4 (default) or | |
178 | just via IPv6. | |
179 | </para> | |
1f812fea LP |
180 | |
181 | <para>If the address string is a | |
182 | string in the format v.w.x.y:z it is | |
183 | read as IPv4 specifier for listening | |
184 | on an address v.w.x.y on a port | |
185 | z.</para> | |
186 | ||
187 | <para>If the address string is a | |
188 | string in the format [x]:y it is read | |
5198dabc LP |
189 | as IPv6 address x on a port y. Note |
190 | that this might make the service | |
191 | available via IPv4, too, depending on | |
192 | the <varname>BindIPv6Only=</varname> | |
193 | setting (see below). | |
194 | </para> | |
1f812fea LP |
195 | |
196 | <para>Note that SOCK_SEQPACKET | |
197 | (i.e. <varname>ListenSequentialPacket=</varname>) | |
198 | is only available for AF_UNIX | |
199 | sockets. SOCK_STREAM | |
200 | (i.e. <varname>ListenStream=</varname>) | |
201 | when used for IP sockets refers to TCP | |
202 | sockets, SOCK_DGRAM | |
203 | (i.e. <varname>ListenDatagram=</varname>) | |
204 | to UDP.</para> | |
205 | ||
206 | <para>These options may be specified | |
207 | more than once in which case incoming | |
208 | traffic on any of the sockets will trigger | |
209 | service activation, and all listed | |
210 | sockets will be passed to the service, | |
211 | regardless whether there is incoming | |
212 | traffic on them or not.</para> | |
213 | ||
b439c6ee | 214 | <para>If an IP address is used here, it |
1f812fea LP |
215 | is often desirable to listen on it |
216 | before the interface it is configured | |
217 | on is up and running, and even | |
218 | regardless whether it will be up and | |
219 | running ever at all. To deal with this it is | |
220 | recommended to set the | |
221 | <varname>FreeBind=</varname> option | |
222 | described below.</para></listitem> | |
223 | </varlistentry> | |
224 | ||
225 | <varlistentry> | |
226 | <term><varname>ListenFIFO=</varname></term> | |
227 | <listitem><para>Specifies a file | |
228 | system FIFO to listen on. This expects | |
229 | an absolute file system path as | |
c5315881 | 230 | argument. Behavior otherwise is very |
1f812fea LP |
231 | similar to the |
232 | <varname>ListenDatagram=</varname> | |
7a22745a LP |
233 | directive above.</para></listitem> |
234 | </varlistentry> | |
235 | ||
b0a3f2bc LP |
236 | <varlistentry> |
237 | <term><varname>ListenSpecial=</varname></term> | |
238 | <listitem><para>Specifies a special | |
239 | file in the file system to listen | |
240 | on. This expects an absolute file | |
c5315881 | 241 | system path as argument. Behavior |
b0a3f2bc LP |
242 | otherwise is very similar to the |
243 | <varname>ListenFIFO=</varname> | |
244 | directive above. Use this to open | |
245 | character device nodes as well as | |
246 | special files in | |
247 | <filename>/proc</filename> and | |
248 | <filename>/sys</filename>.</para></listitem> | |
249 | </varlistentry> | |
250 | ||
7a22745a LP |
251 | <varlistentry> |
252 | <term><varname>ListenNetlink=</varname></term> | |
253 | <listitem><para>Specifies a Netlink | |
254 | family to create a socket for to | |
255 | listen on. This expects a short string | |
256 | referring to the AF_NETLINK family | |
257 | name (such as <varname>audit</varname> | |
258 | or <varname>kobject-uevent</varname>) | |
259 | as argument, optionally suffixed by a | |
260 | whitespace followed by a multicast | |
c5315881 | 261 | group integer. Behavior otherwise is |
7a22745a LP |
262 | very similar to the |
263 | <varname>ListenDatagram=</varname> | |
1f812fea LP |
264 | directive above.</para></listitem> |
265 | </varlistentry> | |
266 | ||
916abb21 LP |
267 | <varlistentry> |
268 | <term><varname>ListenMessageQueue=</varname></term> | |
269 | <listitem><para>Specifies a POSIX | |
270 | message queue name to listen on. This | |
271 | expects a valid message queue name | |
c5315881 | 272 | (i.e. beginning with /). Behavior |
916abb21 LP |
273 | otherwise is very similar to the |
274 | <varname>ListenFIFO=</varname> | |
275 | directive above. On Linux message | |
276 | queue descriptors are actually file | |
277 | descriptors and can be inherited | |
278 | between processes.</para></listitem> | |
279 | </varlistentry> | |
280 | ||
1f812fea LP |
281 | <varlistentry> |
282 | <term><varname>BindIPv6Only=</varname></term> | |
283 | <listitem><para>Takes a one of | |
284 | <option>default</option>, | |
285 | <option>both</option> or | |
286 | <option>ipv6-only</option>. Controls | |
287 | the IPV6_V6ONLY socket option (see | |
288 | <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
289 | for details). If | |
290 | <option>both</option>, IPv6 sockets | |
291 | bound will be accessible via both IPv4 | |
292 | and IPv6. If | |
293 | <option>ipv6-only</option>, they will | |
294 | be accessible via IPv6 only. If | |
295 | <option>default</option> (which is the | |
296 | default, surprise!) the system wide | |
297 | default setting is used, as controlled | |
298 | by | |
5198dabc LP |
299 | <filename>/proc/sys/net/ipv6/bindv6only</filename>, |
300 | which in turn defaults to the | |
301 | equivalent of | |
302 | <option>both</option>.</para> | |
1f812fea LP |
303 | </listitem> |
304 | </varlistentry> | |
305 | ||
306 | <varlistentry> | |
307 | <term><varname>Backlog=</varname></term> | |
308 | <listitem><para>Takes an unsigned | |
309 | integer argument. Specifies the number | |
310 | of connections to queue that have not | |
311 | been accepted yet. This setting | |
312 | matters only for stream and sequential | |
313 | packet sockets. See | |
314 | <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
315 | for details. Defaults to SOMAXCONN | |
316 | (128).</para></listitem> | |
317 | </varlistentry> | |
318 | ||
319 | <varlistentry> | |
320 | <term><varname>BindToDevice=</varname></term> | |
321 | <listitem><para>Specifies a network | |
322 | interface name to bind this socket | |
323 | to. If set traffic will only be | |
324 | accepted from the specified network | |
325 | interfaces. This controls the | |
326 | SO_BINDTODEVICE socket option (see | |
327 | <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
b439c6ee | 328 | for details). If this option is used, |
1f812fea LP |
329 | an automatic dependency from this |
330 | socket unit on the network interface | |
331 | device unit | |
332 | (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
333 | is created.</para></listitem> | |
334 | </varlistentry> | |
335 | ||
336 | <varlistentry> | |
337 | <term><varname>DirectoryMode=</varname></term> | |
338 | <listitem><para>If listening on a file | |
7277f5a9 | 339 | system socket or FIFO, the parent |
1f812fea LP |
340 | directories are automatically created |
341 | if needed. This option specifies the | |
342 | file system access mode used when | |
dd1eb43b LP |
343 | creating these directories. Takes an |
344 | access mode in octal | |
345 | notation. Defaults to | |
346 | 0755.</para></listitem> | |
1f812fea LP |
347 | </varlistentry> |
348 | ||
349 | <varlistentry> | |
350 | <term><varname>SocketMode=</varname></term> | |
351 | <listitem><para>If listening on a file | |
7277f5a9 | 352 | system socket or FIFO, this option |
1f812fea LP |
353 | specifies the file system access mode |
354 | used when creating the file | |
dd1eb43b LP |
355 | node. Takes an access mode in octal |
356 | notation. Defaults to | |
1f812fea LP |
357 | 0666.</para></listitem> |
358 | </varlistentry> | |
359 | ||
360 | <varlistentry> | |
361 | <term><varname>Accept=</varname></term> | |
362 | <listitem><para>Takes a boolean | |
b439c6ee | 363 | argument. If true, a service instance |
1f812fea LP |
364 | is spawned for each incoming |
365 | connection and only the connection | |
b439c6ee | 366 | socket is passed to it. If false, all |
1f812fea LP |
367 | listening sockets themselves are |
368 | passed to the started service unit, | |
369 | and only one service unit is spawned | |
370 | for all connections (also see | |
371 | above). This value is ignored for | |
372 | datagram sockets and FIFOs where | |
b439c6ee | 373 | a single service unit unconditionally |
1f812fea LP |
374 | handles all incoming traffic. Defaults |
375 | to <option>false</option>. For | |
b439c6ee | 376 | performance reasons, it is recommended |
1f812fea LP |
377 | to write new daemons only in a way |
378 | that is suitable for | |
379 | <option>Accept=false</option>. This | |
380 | option is mostly useful to allow | |
381 | daemons designed for usage with | |
b439c6ee KS |
382 | <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
383 | to work unmodified with systemd socket | |
1f812fea LP |
384 | activation.</para></listitem> |
385 | </varlistentry> | |
386 | ||
387 | <varlistentry> | |
388 | <term><varname>MaxConnections=</varname></term> | |
389 | <listitem><para>The maximum number of | |
390 | connections to simultaneously run | |
391 | services instances for, when | |
392 | <option>Accept=true</option> is | |
393 | set. If more concurrent connections | |
b439c6ee | 394 | are coming in, they will be refused |
1f812fea LP |
395 | until at least one existing connection |
396 | is terminated. This setting has no | |
397 | effect for sockets configured with | |
f848f8d8 | 398 | <option>Accept=false</option> or datagram |
1f812fea LP |
399 | sockets. Defaults to |
400 | 64.</para></listitem> | |
401 | </varlistentry> | |
402 | ||
403 | <varlistentry> | |
404 | <term><varname>KeepAlive=</varname></term> | |
405 | <listitem><para>Takes a boolean | |
406 | argument. If true, the TCP/IP stack | |
407 | will send a keep alive message after | |
408 | 2h (depending on the configuration of | |
409 | <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>) | |
410 | for all TCP streams accepted on this | |
411 | socket. This controls the SO_KEEPALIVE | |
412 | socket option (see | |
413 | <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
414 | and the <ulink | |
415 | url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP | |
416 | Keepalive HOWTO</ulink> for details.) | |
417 | Defaults to | |
418 | <option>false</option>.</para></listitem> | |
419 | </varlistentry> | |
420 | ||
421 | <varlistentry> | |
422 | <term><varname>Priority=</varname></term> | |
423 | <listitem><para>Takes an integer | |
424 | argument controlling the priority for | |
425 | all traffic sent from this | |
426 | socket. This controls the SO_PRIORITY | |
427 | socket option (see | |
428 | <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
429 | for details.).</para></listitem> | |
430 | </varlistentry> | |
431 | ||
432 | <varlistentry> | |
433 | <term><varname>ReceiveBuffer=</varname></term> | |
434 | <term><varname>SendBuffer=</varname></term> | |
435 | <listitem><para>Takes an integer | |
436 | argument controlling the receive | |
16dad32e AE |
437 | or send buffer sizes of this |
438 | socket, respectively. This controls the SO_RCVBUF | |
439 | and SO_SNDBUF socket options (see | |
1f812fea LP |
440 | <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
441 | for details.).</para></listitem> | |
442 | </varlistentry> | |
443 | ||
444 | <varlistentry> | |
445 | <term><varname>IPTOS=</varname></term> | |
446 | <listitem><para>Takes an integer | |
447 | argument controlling the IP | |
448 | Type-Of-Service field for packets | |
449 | generated from this socket. This | |
450 | controls the IP_TOS socket option (see | |
451 | <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
452 | for details.). Either a numeric string | |
453 | or one of <option>low-delay</option>, | |
454 | <option>throughput</option>, | |
455 | <option>reliability</option> or | |
456 | <option>low-cost</option> may be | |
457 | specified.</para></listitem> | |
458 | </varlistentry> | |
459 | ||
460 | <varlistentry> | |
461 | <term><varname>IPTTL=</varname></term> | |
462 | <listitem><para>Takes an integer | |
463 | argument controlling the IPv4 | |
464 | Time-To-Live/IPv6 Hop-Count field for | |
465 | packets generated from this | |
466 | socket. This sets the | |
467 | IP_TTL/IPV6_UNICAST_HOPS socket | |
468 | options (see | |
469 | <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
470 | and | |
471 | <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
472 | for details.)</para></listitem> | |
473 | </varlistentry> | |
474 | ||
475 | <varlistentry> | |
476 | <term><varname>Mark=</varname></term> | |
477 | <listitem><para>Takes an integer | |
478 | value. Controls the firewall mark of | |
479 | packets generated by this socket. This | |
480 | can be used in the firewall logic to | |
481 | filter packets from this socket. This | |
482 | sets the SO_MARK socket option. See | |
483 | <citerefentry><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
484 | for details.</para></listitem> | |
485 | </varlistentry> | |
486 | ||
0eb59ccf AK |
487 | <varlistentry> |
488 | <term><varname>SmackLabel=</varname></term> | |
489 | <term><varname>SmackLabelIPIn=</varname></term> | |
490 | <term><varname>SmackLabelIPOut=</varname></term> | |
491 | <listitem><para>Takes a string | |
492 | value. Controls the extended | |
493 | attributes | |
494 | <literal>security.SMACK64</literal>, | |
495 | <literal>security.SMACK64IPIN</literal> | |
496 | and | |
497 | <literal>security.SMACK64IPOUT</literal>, | |
498 | respectively, i.e. the security label | |
499 | of the FIFO, or the security label for | |
500 | the incoming or outgoing connections | |
501 | of the socket, respectively. See | |
502 | <ulink | |
503 | url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink> | |
504 | for details.</para></listitem> | |
505 | </varlistentry> | |
506 | ||
1f812fea LP |
507 | <varlistentry> |
508 | <term><varname>PipeSize=</varname></term> | |
509 | <listitem><para>Takes an integer | |
510 | value. Controls the pipe buffer size | |
511 | of FIFOs configured in this socket | |
512 | unit. See | |
513 | <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
514 | for details.</para></listitem> | |
515 | </varlistentry> | |
516 | ||
916abb21 LP |
517 | <varlistentry> |
518 | <term><varname>MessageQueueMaxMessages=</varname>, | |
519 | <varname>MessageQueueMessageSize=</varname></term> | |
520 | <listitem><para>These two settings | |
521 | take integer values and control the | |
16dad32e | 522 | mq_maxmsg field or the mq_msgsize field, respectively, when |
916abb21 LP |
523 | creating the message queue. Note that |
524 | either none or both of these variables | |
525 | need to be set. See | |
526 | <citerefentry><refentrytitle>mq_setattr</refentrytitle><manvolnum>3</manvolnum></citerefentry> | |
527 | for details.</para></listitem> | |
528 | </varlistentry> | |
529 | ||
1f812fea LP |
530 | <varlistentry> |
531 | <term><varname>FreeBind=</varname></term> | |
532 | <listitem><para>Takes a boolean | |
533 | value. Controls whether the socket can | |
534 | be bound to non-local IP | |
535 | addresses. This is useful to configure | |
536 | sockets listening on specific IP | |
537 | addresses before those IP addresses | |
538 | are successfully configured on a | |
539 | network interface. This sets the | |
540 | IP_FREEBIND socket option. For | |
541 | robustness reasons it is recommended | |
542 | to use this option whenever you bind a | |
543 | socket to a specific IP | |
544 | address. Defaults to <option>false</option>.</para></listitem> | |
545 | </varlistentry> | |
546 | ||
6b6d2dee LP |
547 | <varlistentry> |
548 | <term><varname>Transparent=</varname></term> | |
549 | <listitem><para>Takes a boolean | |
550 | value. Controls the IP_TRANSPARENT | |
271b032a | 551 | socket option. Defaults to |
6b6d2dee LP |
552 | <option>false</option>.</para></listitem> |
553 | </varlistentry> | |
554 | ||
ec6370a2 LP |
555 | <varlistentry> |
556 | <term><varname>Broadcast=</varname></term> | |
557 | <listitem><para>Takes a boolean | |
558 | value. This controls the SO_BROADCAST | |
271b032a | 559 | socket option, which allows broadcast |
ec6370a2 LP |
560 | datagrams to be sent from this |
561 | socket. Defaults to | |
562 | <option>false</option>.</para></listitem> | |
563 | </varlistentry> | |
564 | ||
42e87475 | 565 | <varlistentry> |
271b032a | 566 | <term><varname>PassCredentials=</varname></term> |
42e87475 MS |
567 | <listitem><para>Takes a boolean |
568 | value. This controls the SO_PASSCRED | |
54ecda32 | 569 | socket option, which allows AF_UNIX sockets to |
42e87475 MS |
570 | receive the credentials of the sending |
571 | process in an ancillary message. | |
572 | Defaults to | |
573 | <option>false</option>.</para></listitem> | |
574 | </varlistentry> | |
575 | ||
54ecda32 LP |
576 | <varlistentry> |
577 | <term><varname>PassSecurity=</varname></term> | |
578 | <listitem><para>Takes a boolean | |
579 | value. This controls the SO_PASSSEC | |
580 | socket option, which allows AF_UNIX | |
581 | sockets to receive the security | |
582 | context of the sending process in an | |
583 | ancillary message. Defaults to | |
584 | <option>false</option>.</para></listitem> | |
585 | </varlistentry> | |
586 | ||
cebf8b20 TT |
587 | <varlistentry> |
588 | <term><varname>TCPCongestion=</varname></term> | |
589 | <listitem><para>Takes a string | |
590 | value. Controls the TCP congestion | |
591 | algorithm used by this socket. Should | |
592 | be one of "westwood", "veno", "cubic", | |
593 | "lp" or any other available algorithm | |
594 | supported by the IP stack. This | |
595 | setting applies only to stream | |
596 | sockets.</para></listitem> | |
597 | </varlistentry> | |
598 | ||
1f812fea LP |
599 | <varlistentry> |
600 | <term><varname>ExecStartPre=</varname></term> | |
601 | <term><varname>ExecStartPost=</varname></term> | |
b3eaa628 LP |
602 | <listitem><para>Takes one or more |
603 | command lines, which are executed | |
16dad32e | 604 | before or after the listening |
b3eaa628 | 605 | sockets/FIFOs are created and |
16dad32e | 606 | bound, respectively. The first token of the command |
1f812fea LP |
607 | line must be an absolute file name, |
608 | then followed by arguments for the | |
b3eaa628 LP |
609 | process. Multiple command lines may be |
610 | specified following the same scheme as | |
611 | used for | |
612 | <varname>ExecStartPre=</varname> of | |
613 | service unit files.</para></listitem> | |
1f812fea LP |
614 | </varlistentry> |
615 | ||
616 | <varlistentry> | |
617 | <term><varname>ExecStopPre=</varname></term> | |
618 | <term><varname>ExecStopPost=</varname></term> | |
619 | <listitem><para>Additional commands | |
16dad32e | 620 | that are executed before or after |
1f812fea | 621 | the listening sockets/FIFOs are closed |
16dad32e | 622 | and removed, respectively. Multiple command lines |
b3eaa628 LP |
623 | may be specified following the same |
624 | scheme as used for | |
625 | <varname>ExecStartPre=</varname> of | |
626 | service unit files.</para></listitem> | |
1f812fea LP |
627 | </varlistentry> |
628 | ||
1f812fea LP |
629 | <varlistentry> |
630 | <term><varname>TimeoutSec=</varname></term> | |
631 | <listitem><para>Configures the time to | |
632 | wait for the commands specified in | |
633 | <varname>ExecStartPre=</varname>, | |
634 | <varname>ExecStartPost=</varname>, | |
635 | <varname>ExecStopPre=</varname> and | |
636 | <varname>ExecStopPost=</varname> to | |
b439c6ee KS |
637 | finish. If a command does not exit |
638 | within the configured time, the socket | |
1f812fea | 639 | will be considered failed and be shut |
b439c6ee | 640 | down again. All commands still running, |
1f812fea LP |
641 | will be terminated forcibly via |
642 | SIGTERM, and after another delay of | |
643 | this time with SIGKILL. (See | |
4819ff03 | 644 | <option>KillMode=</option> in <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.) |
1f812fea LP |
645 | Takes a unit-less value in seconds, or |
646 | a time span value such as "5min | |
647 | 20s". Pass 0 to disable the timeout | |
648 | logic. Defaults to | |
ecb963cc | 649 | 90s.</para></listitem> |
1f812fea LP |
650 | </varlistentry> |
651 | ||
d9ff321a LP |
652 | <varlistentry> |
653 | <term><varname>Service=</varname></term> | |
654 | <listitem><para>Specifies the service | |
655 | unit name to activate on incoming | |
656 | traffic. This defaults to the service | |
657 | that bears the same name as the socket | |
658 | (ignoring the different suffixes). In | |
659 | most cases it should not be necessary | |
660 | to use this option.</para></listitem> | |
661 | </varlistentry> | |
662 | ||
1f812fea | 663 | </variablelist> |
4819ff03 LP |
664 | |
665 | <para>Check | |
666 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
667 | and | |
668 | <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
669 | for more settings.</para> | |
670 | ||
1f812fea LP |
671 | </refsect1> |
672 | ||
673 | <refsect1> | |
674 | <title>See Also</title> | |
675 | <para> | |
f3e219a2 | 676 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
1f812fea LP |
677 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
678 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
679 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
4819ff03 | 680 | <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
1f812fea LP |
681 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
682 | </para> | |
683 | </refsect1> | |
684 | ||
685 | </refentry> |