]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - man/systemd.service.xml
projects / thirdparty / systemd.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
portable: avoid passing through ID/version fields to LogExtraFields= when they contai...
[thirdparty/systemd.git] / man / systemd.service.xml
... / ...
CommitLineData
1<?xml version='1.0'?>
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
4<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
5
6<refentry id="systemd.service" xmlns:xi="http://www.w3.org/2001/XInclude">
7 <refentryinfo>
8 <title>systemd.service</title>
9 <productname>systemd</productname>
10 </refentryinfo>
11
12 <refmeta>
13 <refentrytitle>systemd.service</refentrytitle>
14 <manvolnum>5</manvolnum>
15 </refmeta>
16
17 <refnamediv>
18 <refname>systemd.service</refname>
19 <refpurpose>Service unit configuration</refpurpose>
20 </refnamediv>
21
22 <refsynopsisdiv>
23 <para><filename><replaceable>service</replaceable>.service</filename></para>
24 </refsynopsisdiv>
25
26 <refsect1>
27 <title>Description</title>
28
29 <para>A unit configuration file whose name ends in
30 <literal>.service</literal> encodes information about a process
31 controlled and supervised by systemd.</para>
32
33 <para>This man page lists the configuration options specific to
34 this unit type. See
35 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
36 for the common options of all unit configuration files. The common
37 configuration items are configured in the generic
38 [Unit] and [Install]
39 sections. The service specific configuration options are
40 configured in the [Service] section.</para>
41
42 <para>Additional options are listed in
43 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
44 which define the execution environment the commands are executed
45 in, and in
46 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
47 which define the way the processes of the service are terminated,
48 and in
49 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
50 which configure resource control settings for the processes of the
51 service.</para>
52
53 <para>The <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>
54 command allows creating <filename>.service</filename> and <filename>.scope</filename> units dynamically
55 and transiently from the command line.</para>
56 </refsect1>
57
58 <refsect1>
59 <title>Service Templates</title>
60
61 <para>It is possible for <command>systemd</command> services to take a single argument via the
62 <literal><replaceable>service</replaceable>@<replaceable>argument</replaceable>.service</literal>
63 syntax. Such services are called "instantiated" services, while the unit definition without the
64 <replaceable>argument</replaceable> parameter is called a "template". An example could be a
65 <filename>dhcpcd@.service</filename> service template which takes a network interface as a
66 parameter to form an instantiated service. Within the service file, this parameter or "instance
67 name" can be accessed with %-specifiers. See
68 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
69 for details.</para>
70 </refsect1>
71
72 <refsect1>
73 <title>Automatic Dependencies</title>
74
75 <refsect2>
76 <title>Implicit Dependencies</title>
77
78 <para>The following dependencies are implicitly added:</para>
79
80 <itemizedlist>
81 <listitem><para>Services with <varname>Type=dbus</varname> set automatically
82 acquire dependencies of type <varname>Requires=</varname> and
83 <varname>After=</varname> on
84 <filename>dbus.socket</filename>.</para></listitem>
85
86 <listitem><para>Socket activated services are automatically ordered after
87 their activating <filename>.socket</filename> units via an
88 automatic <varname>After=</varname> dependency.
89 Services also pull in all <filename>.socket</filename> units
90 listed in <varname>Sockets=</varname> via automatic
91 <varname>Wants=</varname> and <varname>After=</varname> dependencies.</para></listitem>
92 </itemizedlist>
93
94 <para>Additional implicit dependencies may be added as result of
95 execution and resource control parameters as documented in
96 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
97 and
98 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
99 </refsect2>
100
101 <refsect2>
102 <title>Default Dependencies</title>
103
104 <para>The following dependencies are added unless <varname>DefaultDependencies=no</varname> is set:</para>
105
106 <itemizedlist>
107 <listitem><para>Service units will have dependencies of type <varname>Requires=</varname> and
108 <varname>After=</varname> on <filename>sysinit.target</filename>, a dependency of type <varname>After=</varname> on
109 <filename>basic.target</filename> as well as dependencies of type <varname>Conflicts=</varname> and
110 <varname>Before=</varname> on <filename>shutdown.target</filename>. These ensure that normal service units pull in
111 basic system initialization, and are terminated cleanly prior to system shutdown. Only services involved with early
112 boot or late system shutdown should disable this option.</para></listitem>
113
114 <listitem><para>Instanced service units (i.e. service units with an <literal>@</literal> in their name) are assigned by
115 default a per-template slice unit (see
116 <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>), named after the
117 template unit, containing all instances of the specific template. This slice is normally stopped at shutdown,
118 together with all template instances. If that is not desired, set <varname>DefaultDependencies=no</varname> in the
119 template unit, and either define your own per-template slice unit file that also sets
120 <varname>DefaultDependencies=no</varname>, or set <varname>Slice=system.slice</varname> (or another suitable slice)
121 in the template unit. Also see
122 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
123 </para></listitem>
124 </itemizedlist>
125 </refsect2>
126 </refsect1>
127
128 <refsect1>
129 <title>Options</title>
130
131 <para>Service unit files may include [Unit] and [Install] sections, which are described in
132 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
133 </para>
134
135 <para>Service unit files must include a [Service]
136 section, which carries information about the service and the
137 process it supervises. A number of options that may be used in
138 this section are shared with other unit types. These options are
139 documented in
140 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
141 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
142 and
143 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
144 The options specific to the [Service] section
145 of service units are the following:</para>
146
147 <variablelist class='unit-directives'>
148 <varlistentry>
149 <term><varname>Type=</varname></term>
150
151 <listitem>
152 <para>Configures the mechanism via which the service notifies the manager that the service start-up
153 has finished. One of <option>simple</option>, <option>exec</option>, <option>forking</option>,
154 <option>oneshot</option>, <option>dbus</option>, <option>notify</option>,
155 <option>notify-reload</option>, or <option>idle</option>:</para>
156
157 <itemizedlist>
158 <listitem><para>If set to <option>simple</option> (the default if <varname>ExecStart=</varname>
159 is specified but neither <varname>Type=</varname> nor <varname>BusName=</varname> are, and
160 credentials are not used), the service manager will consider the unit started immediately after
161 the main service process has been forked off (i.e. immediately after <function>fork()</function>,
162 and before various process attributes have been configured and in particular before the new process
163 has called <function>execve()</function> to invoke the actual service binary). Typically,
164 <varname>Type=</varname><option>exec</option> is the better choice, see below.</para>
165
166 <para>It is expected that the process configured with <varname>ExecStart=</varname> is the main
167 process of the service. In this mode, if the process offers functionality to other processes on
168 the system, its communication channels should be installed before the service is started up
169 (e.g. sockets set up by systemd, via socket activation), as the service manager will immediately
170 proceed starting follow-up units, right after creating the main service process, and before
171 executing the service's binary. Note that this means <command>systemctl start</command> command
172 lines for <option>simple</option> services will report success even if the service's binary
173 cannot be invoked successfully (for example because the selected <varname>User=</varname> does not
174 exist, or the service binary is missing).</para></listitem>
175
176 <listitem><para>The <option>exec</option> type is similar to <option>simple</option>, but the
177 service manager will consider the unit started immediately after the main service binary has been
178 executed. The service manager will delay starting of follow-up units until that point. (Or in
179 other words: <option>simple</option> proceeds with further jobs right after
180 <function>fork()</function> returns, while <option>exec</option> will not proceed before both
181 <function>fork()</function> and <function>execve()</function> in the service process succeeded.)
182 Note that this means <command>systemctl start</command> command lines for <option>exec</option>
183 services will report failure when the service's binary cannot be invoked successfully (for
184 example because the selected <varname>User=</varname> does not exist, or the service binary is
185 missing). This type is implied if credentials are used (refer to <varname>LoadCredential=</varname>
186 in <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
187 for details).</para></listitem>
188
189 <listitem><para>If set to <option>forking</option>, the manager will consider the unit started
190 immediately after the binary that forked off by the manager exits. <emphasis>The use of this type
191 is discouraged, use <option>notify</option>, <option>notify-reload</option>, or
192 <option>dbus</option> instead.</emphasis></para>
193
194 <para>It is expected that the process configured with <varname>ExecStart=</varname> will call
195 <function>fork()</function> as part of its start-up. The parent process is expected to exit when
196 start-up is complete and all communication channels are set up. The child continues to run as the
197 main service process, and the service manager will consider the unit started when the parent
198 process exits. This is the behavior of traditional UNIX services. If this setting is used, it is
199 recommended to also use the <varname>PIDFile=</varname> option, so that systemd can reliably
200 identify the main process of the service. The manager will proceed with starting follow-up units
201 after the parent process exits.</para></listitem>
202
203 <listitem><para>Behavior of <option>oneshot</option> is similar to <option>exec</option>;
204 however, the service manager will consider the unit up after the main process exits. It will then
205 start follow-up units. <varname>RemainAfterExit=</varname> is particularly useful for this type
206 of service. <varname>Type=</varname><option>oneshot</option> is the implied default if neither
207 <varname>Type=</varname> nor <varname>ExecStart=</varname> are specified. Note that if this
208 option is used without <varname>RemainAfterExit=</varname> the service will never enter
209 <literal>active</literal> unit state, but will directly transition from
210 <literal>activating</literal> to <literal>deactivating</literal> or <literal>dead</literal>,
211 since no process is configured that shall run continuously. In particular this means that after a
212 service of this type ran (and which has <varname>RemainAfterExit=</varname> not set) it will not
213 show up as started afterwards, but as dead.</para></listitem>
214
215 <listitem><para>Behavior of <option>dbus</option> is similar to <option>simple</option>; however,
216 units of this type must have the <varname>BusName=</varname> specified and the service manager
217 will consider the unit up when the specified bus name has been acquired. This type is the default
218 if <varname>BusName=</varname> is specified.</para>
219
220 <para>Service units with this option configured implicitly gain dependencies on the
221 <filename>dbus.socket</filename> unit. A service unit of this type is considered to be in the
222 activating state until the specified bus name is acquired. It is considered activated while the
223 bus name is taken. Once the bus name is released the service is considered being no longer
224 functional which has the effect that the service manager attempts to terminate any remaining
225 processes belonging to the service. Services that drop their bus name as part of their shutdown
226 logic thus should be prepared to receive a <constant>SIGTERM</constant> (or whichever signal is
227 configured in <varname>KillSignal=</varname>) as result.</para></listitem>
228
229 <listitem><para>Behavior of <option>notify</option> is similar to <option>exec</option>; however,
230 it is expected that the service sends a <literal>READY=1</literal> notification message via
231 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry> or
232 an equivalent call when it has finished starting up. systemd will proceed with starting follow-up
233 units after this notification message has been sent. If this option is used,
234 <varname>NotifyAccess=</varname> (see below) should be set to open access to the notification
235 socket provided by systemd. If <varname>NotifyAccess=</varname> is missing or set to
236 <option>none</option>, it will be forcibly set to <option>main</option>.</para>
237
238 <para>If the service supports reloading, and uses a signal to start the reload, using
239 <option>notify-reload</option> instead is recommended.</para></listitem>
240
241 <listitem><para>Behavior of <option>notify-reload</option> is similar to <option>notify</option>,
242 with one difference: the <constant>SIGHUP</constant> UNIX process signal is sent to the service's
243 main process when the service is asked to reload and the manager will wait for a notification
244 about the reload being finished.</para>
245
246 <para>When initiating the reload process the service is expected to reply with a notification
247 message via
248 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
249 that contains the <literal>RELOADING=1</literal> field in combination with
250 <literal>MONOTONIC_USEC=</literal> set to the current monotonic time
251 (i.e. <constant>CLOCK_MONOTONIC</constant> in
252 <citerefentry><refentrytitle>clock_gettime</refentrytitle><manvolnum>2</manvolnum></citerefentry>)
253 in μs, formatted as decimal string. Once reloading is complete another notification message must
254 be sent, containing <literal>READY=1</literal>. Using this service type and implementing this
255 reload protocol is an efficient alternative to providing an <varname>ExecReload=</varname>
256 command for reloading of the service's configuration.</para>
257
258 <para>The signal to send can be tweaked via <varname>ReloadSignal=</varname>, see below.</para>
259 </listitem>
260
261 <listitem><para>Behavior of <option>idle</option> is very similar to <option>simple</option>; however,
262 actual execution of the service program is delayed until all active jobs are dispatched. This may be used
263 to avoid interleaving of output of shell services with the status output on the console. Note that this
264 type is useful only to improve console output, it is not useful as a general unit ordering tool, and the
265 effect of this service type is subject to a 5s timeout, after which the service program is invoked
266 anyway.</para></listitem>
267 </itemizedlist>
268
269 <para>It is recommended to use <varname>Type=</varname><option>exec</option> for long-running
270 services, as it ensures that process setup errors (e.g. errors such as a missing service
271 executable, or missing user) are properly tracked. However, as this service type will not propagate
272 the failures in the service's own startup code (as opposed to failures in the preparatory steps the
273 service manager executes before <function>execve()</function>) and does not allow ordering of other
274 units against completion of initialization of the service code itself (which for example is useful
275 if clients need to connect to the service through some form of IPC, and the IPC channel is only
276 established by the service itself — in contrast to doing this ahead of time through socket or bus
277 activation or similar), it might not be sufficient for many cases. If so, <option>notify</option>,
278 <option>notify-reload</option>, or <option>dbus</option> (the latter only in case the service
279 provides a D-Bus interface) are the preferred options as they allow service program code to
280 precisely schedule when to consider the service started up successfully and when to proceed with
281 follow-up units. The <option>notify</option>/<option>notify-reload</option> service types require
282 explicit support in the service codebase (as <function>sd_notify()</function> or an equivalent API
283 needs to be invoked by the service at the appropriate time) — if it is not supported, then
284 <option>forking</option> is an alternative: it supports the traditional heavy-weight UNIX service
285 start-up protocol. Note that using any type other than <option>simple</option> possibly delays the
286 boot process, as the service manager needs to wait for at least some service initialization to
287 complete. (Also note it is generally not recommended to use <option>idle</option> or
288 <option>oneshot</option> for long-running services.)</para>
289
290 <para>Note that various service settings (e.g. <varname>User=</varname>, <varname>Group=</varname>
291 through libc NSS) might result in "hidden" blocking IPC calls to other services when
292 used. Sometimes it might be advisable to use the <option>simple</option> service type to ensure
293 that the service manager's transaction logic is not affected by such potentially slow operations
294 and hidden dependencies, as this is the only service type where the service manager will not wait
295 for such service execution setup operations to complete before proceeding.</para></listitem>
296 </varlistentry>
297
298 <varlistentry>
299 <term><varname>ExitType=</varname></term>
300
301 <listitem>
302 <para>Specifies when the manager should consider the service to be finished. One of <option>main</option> or
303 <option>cgroup</option>:</para>
304
305 <itemizedlist>
306 <listitem><para>If set to <option>main</option> (the default), the service manager
307 will consider the unit stopped when the main process, which is determined according to the
308 <varname>Type=</varname>, exits. Consequently, it cannot be used with
309 <varname>Type=</varname><option>oneshot</option>.</para></listitem>
310
311 <listitem><para>If set to <option>cgroup</option>, the service will be considered running as long as at
312 least one process in the cgroup has not exited.</para></listitem>
313 </itemizedlist>
314
315 <para>It is generally recommended to use <varname>ExitType=</varname><option>main</option> when a service has
316 a known forking model and a main process can reliably be determined. <varname>ExitType=</varname>
317 <option>cgroup</option> is meant for applications whose forking model is not known ahead of time and which
318 might not have a specific main process. It is well suited for transient or automatically generated services,
319 such as graphical applications inside of a desktop environment.</para>
320
321 <xi:include href="version-info.xml" xpointer="v250"/>
322 </listitem>
323 </varlistentry>
324
325 <varlistentry>
326 <term><varname>RemainAfterExit=</varname></term>
327
328 <listitem><para>Takes a boolean value that specifies whether
329 the service shall be considered active even when all its
330 processes exited. Defaults to <option>no</option>.</para>
331 </listitem>
332 </varlistentry>
333
334 <varlistentry>
335 <term><varname>GuessMainPID=</varname></term>
336
337 <listitem><para>Takes a boolean value that specifies whether
338 systemd should try to guess the main PID of a service if it
339 cannot be determined reliably. This option is ignored unless
340 <option>Type=forking</option> is set and
341 <option>PIDFile=</option> is unset because for the other types
342 or with an explicitly configured PID file, the main PID is
343 always known. The guessing algorithm might come to incorrect
344 conclusions if a daemon consists of more than one process. If
345 the main PID cannot be determined, failure detection and
346 automatic restarting of a service will not work reliably.
347 Defaults to <option>yes</option>.</para>
348 </listitem>
349 </varlistentry>
350
351 <varlistentry>
352 <term><varname>PIDFile=</varname></term>
353
354 <listitem><para>Takes a path referring to the PID file of the service. Usage of this option is
355 recommended for services where <varname>Type=</varname> is set to <option>forking</option>. The path
356 specified typically points to a file below <filename>/run/</filename>. If a relative path is
357 specified for system service, then it is hence prefixed with <filename>/run/</filename>, and prefixed
358 with <filename>$XDG_RUNTIME_DIR</filename> if specified in a user service. The service manager will
359 read the PID of the main process of the service from this file after start-up of the service. The
360 service manager will not write to the file configured here, although it will remove the file after
361 the service has shut down if it still exists. The PID file does not need to be owned by a privileged
362 user, but if it is owned by an unprivileged user additional safety restrictions are enforced: the
363 file may not be a symlink to a file owned by a different user (neither directly nor indirectly), and
364 the PID file must refer to a process already belonging to the service.</para>
365
366 <para>Note that PID files should be avoided in modern projects. Use <option>Type=notify</option>,
367 <option>Type=notify-reload</option> or <option>Type=simple</option> where possible, which does not
368 require use of PID files to determine the main process of a service and avoids needless
369 forking.</para></listitem>
370 </varlistentry>
371
372 <varlistentry>
373 <term><varname>BusName=</varname></term>
374
375 <listitem><para>Takes a D-Bus destination name that this service shall use. This option is mandatory
376 for services where <varname>Type=</varname> is set to <option>dbus</option>. It is recommended to
377 always set this property if known to make it easy to map the service name to the D-Bus destination.
378 In particular, <command>systemctl service-log-level/service-log-target</command> verbs make use of
379 this.</para>
380 </listitem>
381 </varlistentry>
382
383 <varlistentry>
384 <term><varname>ExecStart=</varname></term>
385 <listitem><para>Commands that are executed when this service is started.</para>
386
387 <para>Unless <varname>Type=</varname> is <option>oneshot</option>, exactly one command must be
388 given. When <varname>Type=oneshot</varname> is used, this setting may be used multiple times to
389 define multiple commands to execute. If the empty string is assigned to this option, the list of
390 commands to start is reset, prior assignments of this option will have no effect. If no
391 <varname>ExecStart=</varname> is specified, then the service must have
392 <varname>RemainAfterExit=yes</varname> and at least one <varname>ExecStop=</varname> line
393 set. (Services lacking both <varname>ExecStart=</varname> and <varname>ExecStop=</varname> are not
394 valid.)</para>
395
396 <para>If more than one command is configured, the commands are invoked sequentially in the order they
397 appear in the unit file. If one of the commands fails (and is not prefixed with
398 <literal>-</literal>), other lines are not executed, and the unit is considered failed.</para>
399
400 <para>Unless <varname>Type=forking</varname> is set, the process started via this command line will
401 be considered the main process of the daemon.</para>
402 </listitem>
403 </varlistentry>
404
405 <varlistentry>
406 <term><varname>ExecStartPre=</varname></term>
407 <term><varname>ExecStartPost=</varname></term>
408
409 <listitem><para>Additional commands that are executed before or after the command in
410 <varname>ExecStart=</varname>, respectively. Syntax is the same as for <varname>ExecStart=</varname>.
411 Multiple command lines are allowed, regardless of the service type (i.e. <varname>Type=</varname>),
412 and the commands are executed one after the other, serially.</para>
413
414 <para>If any of those commands (not prefixed with
415 <literal>-</literal>) fail, the rest are not executed and the
416 unit is considered failed.</para>
417
418 <para><varname>ExecStart=</varname> commands are only run after
419 all <varname>ExecStartPre=</varname> commands that were not prefixed
420 with a <literal>-</literal> exit successfully.</para>
421
422 <para><varname>ExecStartPost=</varname> commands are only run after the commands specified in
423 <varname>ExecStart=</varname> have been invoked successfully, as determined by
424 <varname>Type=</varname> (i.e. the process has been started for <varname>Type=simple</varname> or
425 <varname>Type=idle</varname>, the last <varname>ExecStart=</varname> process exited successfully for
426 <varname>Type=oneshot</varname>, the initial process exited successfully for
427 <varname>Type=forking</varname>, <literal>READY=1</literal> is sent for
428 <varname>Type=notify</varname>/<varname>Type=notify-reload</varname>, or the
429 <varname>BusName=</varname> has been taken for <varname>Type=dbus</varname>).</para>
430
431 <para>Note that <varname>ExecStartPre=</varname> may not be
432 used to start long-running processes. All processes forked
433 off by processes invoked via <varname>ExecStartPre=</varname> will
434 be killed before the next service process is run.</para>
435
436 <para>Note that if any of the commands specified in <varname>ExecStartPre=</varname>,
437 <varname>ExecStart=</varname>, or <varname>ExecStartPost=</varname> fail (and are not prefixed with
438 <literal>-</literal>, see above) or time out before the service is fully up, execution continues with commands
439 specified in <varname>ExecStopPost=</varname>, the commands in <varname>ExecStop=</varname> are skipped.</para>
440
441 <para>Note that the execution of <varname>ExecStartPost=</varname> is taken into account for the purpose of
442 <varname>Before=</varname>/<varname>After=</varname> ordering constraints.</para>
443 </listitem>
444 </varlistentry>
445
446 <varlistentry>
447 <term><varname>ExecCondition=</varname></term>
448 <listitem><para>Optional commands that are executed before the commands in
449 <varname>ExecStartPre=</varname>. Syntax is the same as for <varname>ExecStart=</varname>. Multiple
450 command lines are allowed, regardless of the service type (i.e. <varname>Type=</varname>), and the
451 commands are executed one after the other, serially.</para>
452
453 <para>The behavior is like an <varname>ExecStartPre=</varname> and condition check hybrid: when an
454 <varname>ExecCondition=</varname> command exits with exit code 1 through 254 (inclusive), the remaining
455 commands are skipped and the unit is <emphasis>not</emphasis> marked as failed. However, if an
456 <varname>ExecCondition=</varname> command exits with 255 or abnormally (e.g. timeout, killed by a
457 signal, etc.), the unit will be considered failed (and remaining commands will be skipped). Exit code of 0 or
458 those matching <varname>SuccessExitStatus=</varname> will continue execution to the next commands.</para>
459
460 <para>The same recommendations about not running long-running processes in <varname>ExecStartPre=</varname>
461 also applies to <varname>ExecCondition=</varname>. <varname>ExecCondition=</varname> will also run the commands
462 in <varname>ExecStopPost=</varname>, as part of stopping the service, in the case of any non-zero or abnormal
463 exits, like the ones described above.</para>
464
465 <xi:include href="version-info.xml" xpointer="v243"/>
466 </listitem>
467 </varlistentry>
468
469 <varlistentry>
470 <term><varname>ExecReload=</varname></term>
471
472 <listitem><para>Commands to execute to trigger a configuration reload in the service. This setting
473 may take multiple command lines, following the same scheme as described for
474 <varname>ExecStart=</varname> above. Use of this setting is optional. Specifier and environment
475 variable substitution is supported here following the same scheme as for
476 <varname>ExecStart=</varname>.</para>
477
478 <para>One additional, special environment variable is set: if known, <varname>$MAINPID</varname> is
479 set to the main process of the daemon, and may be used for command lines like the following:</para>
480
481 <programlisting>ExecReload=kill -HUP $MAINPID</programlisting>
482
483 <para>Note however that reloading a daemon by enqueuing a signal without completion notification
484 (as is the case with the example line above) is usually not a good choice, because this is an
485 asynchronous operation and hence not suitable when ordering reloads of multiple services against
486 each other. It is thus strongly recommended to either use <varname>Type=notify-reload</varname>,
487 or to set <varname>ExecReload=</varname> to a command that not only triggers a configuration reload
488 of the daemon, but also synchronously waits for it to complete. For example, <citerefentry
489 project='mankier'><refentrytitle>dbus-broker</refentrytitle><manvolnum>1</manvolnum></citerefentry>
490 uses the following:</para>
491
492 <programlisting>ExecReload=busctl call org.freedesktop.DBus \
493 /org/freedesktop/DBus org.freedesktop.DBus \
494 ReloadConfig
495</programlisting>
496
497 <para>This setting can be combined with <varname>Type=notify-reload</varname>, in which case
498 the service main process is signaled after all specified command lines finish execution. Specially,
499 if <literal>RELOADING=1</literal> notification is received before <varname>ExecReload=</varname>
500 completes, the signaling is skipped and the service manager immediately starts listening for
501 <literal>READY=1</literal>.</para>
502 </listitem>
503 </varlistentry>
504
505 <varlistentry>
506 <term><varname>ExecReloadPost=</varname></term>
507
508 <listitem><para>Commands to execute after a successful reload operation. Syntax for this setting
509 is exactly the same as <varname>ExecReload=</varname>.</para>
510
511 <xi:include href="version-info.xml" xpointer="v259"/>
512 </listitem>
513 </varlistentry>
514
515 <varlistentry>
516 <term><varname>ExecStop=</varname></term>
517 <listitem><para>Commands to execute to stop the service started via
518 <varname>ExecStart=</varname>. This argument takes multiple command lines, following the same scheme
519 as described for <varname>ExecStart=</varname> above. Use of this setting is optional. After the
520 commands configured in this option are run, it is implied that the service is stopped, and any
521 processes remaining for it are terminated according to the <varname>KillMode=</varname> setting (see
522 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
523 If this option is not specified, the process is terminated by sending the signal specified in
524 <varname>KillSignal=</varname> or <varname>RestartKillSignal=</varname> when service stop is
525 requested. Specifier and environment variable substitution is supported (including
526 <varname>$MAINPID</varname>, see above).</para>
527
528 <para>Note that it is usually not sufficient to specify a command for this setting that only asks the
529 service to terminate (for example, by sending some form of termination signal to it), but does not
530 wait for it to do so. Since the remaining processes of the services are killed according to
531 <varname>KillMode=</varname> and <varname>KillSignal=</varname> or
532 <varname>RestartKillSignal=</varname> as described above immediately after the command exited, this
533 may not result in a clean stop. The specified command should hence be a synchronous operation, not an
534 asynchronous one.</para>
535
536 <para>Note that the commands specified in <varname>ExecStop=</varname> are only executed when the service
537 started successfully first. They are not invoked if the service was never started at all, or in case its
538 start-up failed, for example because any of the commands specified in <varname>ExecStart=</varname>,
539 <varname>ExecStartPre=</varname> or <varname>ExecStartPost=</varname> failed (and were not prefixed with
540 <literal>-</literal>, see above) or timed out. Use <varname>ExecStopPost=</varname> to invoke commands when a
541 service failed to start up correctly and is shut down again. Also note that the stop operation is always
542 performed if the service started successfully, even if the processes in the service terminated on their
543 own or were killed. The stop commands must be prepared to deal with that case. <varname>$MAINPID</varname>
544 will be unset if systemd knows that the main process exited by the time the stop commands are called.</para>
545
546 <para>Service restart requests are implemented as stop operations followed by start operations. This
547 means that <varname>ExecStop=</varname> and <varname>ExecStopPost=</varname> are executed during a
548 service restart operation.</para>
549
550 <para>It is recommended to use this setting for commands that communicate with the service requesting
551 clean termination. For post-mortem clean-up steps use <varname>ExecStopPost=</varname> instead.
552 </para></listitem>
553 </varlistentry>
554
555 <varlistentry>
556 <term><varname>ExecStopPost=</varname></term>
557 <listitem><para>Additional commands that are executed after the service is stopped. This includes cases where
558 the commands configured in <varname>ExecStop=</varname> were used, where the service does not have any
559 <varname>ExecStop=</varname> defined, or where the service exited unexpectedly. This argument takes multiple
560 command lines, following the same scheme as described for <varname>ExecStart=</varname>. Use of these settings
561 is optional. Specifier and environment variable substitution is supported. Note that – unlike
562 <varname>ExecStop=</varname> – commands specified with this setting are invoked when a service failed to start
563 up correctly and is shut down again.</para>
564
565 <para>It is recommended to use this setting for clean-up operations that shall be executed even when
566 the service failed to start up correctly. Commands configured with this setting need to be able to
567 operate even if the service failed starting up half-way and left incompletely initialized data
568 around. As the service's processes have likely exited already when the commands specified with this
569 setting are executed they should not attempt to communicate with them.</para>
570
571 <para>Note that all commands that are configured with this setting are invoked with the result code of the
572 service, as well as the main process' exit code and status, set in the <varname>$SERVICE_RESULT</varname>,
573 <varname>$EXIT_CODE</varname> and <varname>$EXIT_STATUS</varname> environment variables, see
574 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
575 details.</para>
576
577 <para>Note that the execution of <varname>ExecStopPost=</varname> is taken into account for the purpose of
578 <varname>Before=</varname>/<varname>After=</varname> ordering constraints.</para></listitem>
579 </varlistentry>
580
581 <varlistentry>
582 <term><varname>RestartSec=</varname></term>
583 <listitem><para>Configures the time to sleep before restarting
584 a service (as configured with <varname>Restart=</varname>).
585 Takes a unit-less value in seconds, or a time span value such
586 as "5min 20s". Defaults to 100ms.</para></listitem>
587 </varlistentry>
588
589 <varlistentry>
590 <term><varname>RestartSteps=</varname></term>
591 <listitem><para>Configures the number of exponential steps to take to increase the interval
592 of auto-restarts from <varname>RestartSec=</varname> to <varname>RestartMaxDelaySec=</varname>.
593 Takes a positive integer or 0 to disable it. Defaults to 0. <emphasis>Hint:</emphasis> values
594 between 3 and 5 are good choices when exponential backoff is desired.</para>
595
596 <para>Example:</para>
597
598 <programlisting>RestartSec=10s
599RestartSteps=4
600RestartMaxDelaySec=160s</programlisting>
601
602 <para>This will produce the following restart intervals: 10s, 20s, 40s, 80s, 160s, 160s, 160s, etc.
603 Notice the geometric interpolation and the resulting constant ratio between intervals; here it is 2.
604 The formula for the <emphasis>ratio</emphasis> is
605 <inlineequation>
606 <mathphrase>
607 (<varname>RestartMaxDelaySec</varname> / <varname>RestartSec</varname>)^(1 / <varname>RestartSteps</varname>)
608 </mathphrase>
609 </inlineequation>. A (repeating) delay equal to <varname>RestartMaxDelaySec=</varname> is always
610 reached after
611 <inlineequation>
612 <mathphrase>
613 <varname>RestartSteps</varname> + 1
614 </mathphrase>
615 </inlineequation> steps.</para>
616
617 <para>This setting is effective only if <varname>RestartMaxDelaySec=</varname> is also set and
618 <varname>RestartSec=</varname> is not zero.</para>
619
620 <xi:include href="version-info.xml" xpointer="v254"/></listitem>
621 </varlistentry>
622
623 <varlistentry>
624 <term><varname>RestartMaxDelaySec=</varname></term>
625 <listitem><para>Configures the longest time to sleep before restarting a service
626 as the interval goes up with <varname>RestartSteps=</varname>. Takes a value
627 in the same format as <varname>RestartSec=</varname>, or <literal>infinity</literal>
628 to disable the setting. Defaults to <literal>infinity</literal>.</para>
629
630 <para>This setting is effective only if <varname>RestartSteps=</varname> is also set and
631 <varname>RestartSec=</varname> is not zero.</para>
632
633 <xi:include href="version-info.xml" xpointer="v254"/></listitem>
634 </varlistentry>
635
636 <varlistentry>
637 <term><varname>TimeoutStartSec=</varname></term>
638 <listitem><para>Configures the time to wait for start-up. If a daemon service does not signal
639 start-up completion within the configured time, the service will be considered failed and will be
640 shut down again. The precise action depends on the <varname>TimeoutStartFailureMode=</varname>
641 option. Takes a unit-less value in seconds, or a time span value such as "5min 20s". Pass
642 <literal>infinity</literal> to disable the timeout logic. Defaults to
643 <varname>DefaultTimeoutStartSec=</varname> set in the manager, except when
644 <varname>Type=oneshot</varname> is used, in which case the timeout is disabled by default (see
645 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
646 </para>
647
648 <para>If a service of <varname>Type=notify</varname>/<varname>Type=notify-reload</varname> sends
649 <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause the start time to be extended beyond
650 <varname>TimeoutStartSec=</varname>. The first receipt of this message must occur before
651 <varname>TimeoutStartSec=</varname> is exceeded, and once the start time has extended beyond
652 <varname>TimeoutStartSec=</varname>, the service manager will allow the service to continue to start,
653 provided the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified
654 until the service startup status is finished by <literal>READY=1</literal>. (see
655 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
656 </para>
657
658 <para>Note that the start timeout is also applied to service reloads, regardless of whether implemented
659 through <varname>ExecReload=</varname> or via the reload logic enabled via <varname>Type=notify-reload</varname>.
660 If the reload does not complete within the configured time, the reload will be considered failed and
661 the service will continue running with the old configuration. This will not affect the running service,
662 but will be logged and will cause e.g. <command>systemctl reload</command> to fail.</para>
663
664 <xi:include href="version-info.xml" xpointer="v188"/></listitem>
665 </varlistentry>
666
667 <varlistentry>
668 <term><varname>TimeoutStopSec=</varname></term>
669 <listitem><para>This option serves two purposes. First, it configures the time to wait for each
670 <varname>ExecStop=</varname> command. If any of them times out, subsequent <varname>ExecStop=</varname> commands
671 are skipped and the service will be terminated by <constant>SIGTERM</constant>. If no <varname>ExecStop=</varname>
672 commands are specified, the service gets the <constant>SIGTERM</constant> immediately. This default behavior
673 can be changed by the <varname>TimeoutStopFailureMode=</varname> option. Second, it configures the time
674 to wait for the service itself to stop. If it does not terminate in the specified time, it will be forcibly terminated
675 by <constant>SIGKILL</constant> (see <varname>KillMode=</varname> in
676 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
677 Takes a unit-less value in seconds, or a time span value such
678 as "5min 20s". Pass <literal>infinity</literal> to disable the
679 timeout logic. Defaults to
680 <varname>DefaultTimeoutStopSec=</varname> from the manager
681 configuration file (see
682 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
683 </para>
684
685 <para>If a service of <varname>Type=notify</varname>/<varname>Type=notify-reload</varname> sends
686 <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause the stop time to be extended beyond
687 <varname>TimeoutStopSec=</varname>. The first receipt of this message must occur before
688 <varname>TimeoutStopSec=</varname> is exceeded, and once the stop time has extended beyond
689 <varname>TimeoutStopSec=</varname>, the service manager will allow the service to continue to stop,
690 provided the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified,
691 or terminates itself (see
692 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
693 </para>
694
695 <xi:include href="version-info.xml" xpointer="v188"/></listitem>
696 </varlistentry>
697
698 <varlistentry>
699 <term><varname>TimeoutAbortSec=</varname></term>
700 <listitem><para>This option configures the time to wait for the service to terminate when it was aborted due to a
701 watchdog timeout (see <varname>WatchdogSec=</varname>). If the service has a short <varname>TimeoutStopSec=</varname>
702 this option can be used to give the system more time to write a core dump of the service. Upon expiration the service
703 will be forcibly terminated by <constant>SIGKILL</constant> (see <varname>KillMode=</varname> in
704 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The core file will
705 be truncated in this case. Use <varname>TimeoutAbortSec=</varname> to set a sensible timeout for the core dumping per
706 service that is large enough to write all expected data while also being short enough to handle the service failure
707 in due time.
708 </para>
709
710 <para>Takes a unit-less value in seconds, or a time span value such as "5min 20s". Pass an empty value to skip
711 the dedicated watchdog abort timeout handling and fall back <varname>TimeoutStopSec=</varname>. Pass
712 <literal>infinity</literal> to disable the timeout logic. Defaults to <varname>DefaultTimeoutAbortSec=</varname> from
713 the manager configuration file (see
714 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
715 </para>
716
717 <para>If a service of <varname>Type=notify</varname>/<varname>Type=notify-reload</varname> handles
718 <constant>SIGABRT</constant> itself (instead of relying on the kernel to write a core dump) it can
719 send <literal>EXTEND_TIMEOUT_USEC=…</literal> to extended the abort time beyond
720 <varname>TimeoutAbortSec=</varname>. The first receipt of this message must occur before
721 <varname>TimeoutAbortSec=</varname> is exceeded, and once the abort time has extended beyond
722 <varname>TimeoutAbortSec=</varname>, the service manager will allow the service to continue to abort,
723 provided the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified,
724 or terminates itself (see
725 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
726 </para>
727
728 <xi:include href="version-info.xml" xpointer="v243"/></listitem>
729 </varlistentry>
730
731 <varlistentry>
732 <term><varname>TimeoutSec=</varname></term>
733 <listitem><para>A shorthand for configuring both
734 <varname>TimeoutStartSec=</varname> and
735 <varname>TimeoutStopSec=</varname> to the specified value.
736 </para></listitem>
737 </varlistentry>
738
739 <varlistentry>
740 <term><varname>TimeoutStartFailureMode=</varname></term>
741 <term><varname>TimeoutStopFailureMode=</varname></term>
742
743 <listitem><para>These options configure the action that is taken in case a daemon service does not signal
744 start-up within its configured <varname>TimeoutStartSec=</varname>, respectively if it does not stop within
745 <varname>TimeoutStopSec=</varname>. Takes one of <option>terminate</option>, <option>abort</option> and
746 <option>kill</option>. Both options default to <option>terminate</option>.</para>
747
748 <para>If <option>terminate</option> is set the service will be gracefully terminated by sending the signal
749 specified in <varname>KillSignal=</varname> (defaults to <constant>SIGTERM</constant>, see
750 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>). If the
751 service does not terminate the <varname>FinalKillSignal=</varname> is sent after
752 <varname>TimeoutStopSec=</varname>. If <option>abort</option> is set, <varname>WatchdogSignal=</varname> is sent
753 instead and <varname>TimeoutAbortSec=</varname> applies before sending <varname>FinalKillSignal=</varname>.
754 This setting may be used to analyze services that fail to start-up or shut-down intermittently.
755 By using <option>kill</option> the service is immediately terminated by sending
756 <varname>FinalKillSignal=</varname> without any further timeout. This setting can be used to expedite the
757 shutdown of failing services.
758 </para>
759
760 <xi:include href="version-info.xml" xpointer="v246"/></listitem>
761 </varlistentry>
762
763 <varlistentry>
764 <term><varname>RuntimeMaxSec=</varname></term>
765
766 <listitem><para>Configures a maximum time for the service to run. If this is used and the service has been
767 active for longer than the specified time it is terminated and put into a failure state. Note that this setting
768 does not have any effect on <varname>Type=oneshot</varname> services, as they terminate immediately after
769 activation completed (use <varname>TimeoutStartSec=</varname> to limit their activation).
770 Pass <literal>infinity</literal> (the default) to configure no runtime limit.</para>
771
772 <para>If a service of <varname>Type=notify</varname>/<varname>Type=notify-reload</varname> sends
773 <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause the runtime to be extended beyond
774 <varname>RuntimeMaxSec=</varname>. The first receipt of this message must occur before
775 <varname>RuntimeMaxSec=</varname> is exceeded, and once the runtime has extended beyond
776 <varname>RuntimeMaxSec=</varname>, the service manager will allow the service to continue to run,
777 provided the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified
778 until the service shutdown is achieved by <literal>STOPPING=1</literal> (or termination). (see
779 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
780 </para>
781
782 <xi:include href="version-info.xml" xpointer="v229"/></listitem>
783 </varlistentry>
784
785 <varlistentry>
786 <term><varname>RuntimeRandomizedExtraSec=</varname></term>
787
788 <listitem><para>This option modifies <varname>RuntimeMaxSec=</varname> by increasing the maximum runtime by an
789 evenly distributed duration between 0 and the specified value (in seconds). If <varname>RuntimeMaxSec=</varname> is
790 unspecified, then this feature will be disabled.
791 </para>
792
793 <xi:include href="version-info.xml" xpointer="v250"/></listitem>
794 </varlistentry>
795
796 <varlistentry>
797 <term><varname>WatchdogSec=</varname></term>
798 <listitem><para>Configures the watchdog timeout for a service.
799 The watchdog is activated when the start-up is completed. The
800 service must call
801 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
802 regularly with <literal>WATCHDOG=1</literal> (i.e. the
803 "keep-alive ping"). If the time between two such calls is
804 larger than the configured time, then the service is placed in
805 a failed state and it will be terminated with
806 <constant>SIGABRT</constant> (or the signal specified by
807 <varname>WatchdogSignal=</varname>). By setting
808 <varname>Restart=</varname> to <option>on-failure</option>,
809 <option>on-watchdog</option>, <option>on-abnormal</option> or
810 <option>always</option>, the service will be automatically
811 restarted. The time configured here will be passed to the
812 executed service process in the
813 <varname>WATCHDOG_USEC=</varname> environment variable. This
814 allows daemons to automatically enable the keep-alive pinging
815 logic if watchdog support is enabled for the service. If this
816 option is used, <varname>NotifyAccess=</varname> (see below)
817 should be set to open access to the notification socket
818 provided by systemd. If <varname>NotifyAccess=</varname> is
819 not set, it will be implicitly set to <option>main</option>.
820 Defaults to 0, which disables this feature. The service can
821 check whether the service manager expects watchdog keep-alive
822 notifications. See
823 <citerefentry><refentrytitle>sd_watchdog_enabled</refentrytitle><manvolnum>3</manvolnum></citerefentry>
824 for details.
825 <citerefentry><refentrytitle>sd_event_set_watchdog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
826 may be used to enable automatic watchdog notification support.
827 </para></listitem>
828 </varlistentry>
829
830 <varlistentry>
831 <term><varname>Restart=</varname></term>
832 <listitem><para>Configures whether the service shall be restarted when the service process exits,
833 is killed, or a timeout is reached. The service process may be the main service process, but it may
834 also be one of the processes specified with <varname>ExecStartPre=</varname>,
835 <varname>ExecStartPost=</varname>, <varname>ExecStop=</varname>, <varname>ExecStopPost=</varname>,
836 or <varname>ExecReload=</varname>. When the death of the process is a result of systemd operation
837 (e.g. service stop or restart), the service will not be restarted. Timeouts include missing the watchdog
838 "keep-alive ping" deadline and a service start, reload, and stop operation timeouts.</para>
839
840 <para>Takes one of <option>no</option>, <option>on-success</option>, <option>on-failure</option>,
841 <option>on-abnormal</option>, <option>on-watchdog</option>, <option>on-abort</option>, or
842 <option>always</option>. If set to <option>no</option> (the default), the service will not be restarted.
843 If set to <option>on-success</option>, it will be restarted only when the service process exits cleanly.
844 In this context, a clean exit means any of the following:
845 <itemizedlist>
846 <listitem><simpara>exit code of 0;</simpara></listitem>
847 <listitem><simpara>for types other than <varname>Type=oneshot</varname>, one of the signals
848 <constant>SIGHUP</constant>, <constant>SIGINT</constant>,
849 <constant>SIGTERM</constant>, or <constant>SIGPIPE</constant>;
850 </simpara></listitem>
851 <listitem><simpara>exit statuses and signals specified in
852 <varname>SuccessExitStatus=</varname>.</simpara></listitem>
853 </itemizedlist>
854 If set to <option>on-failure</option>, the service will be restarted when the process exits with
855 a non-zero exit code, is terminated by a signal (including on core dump, but excluding the aforementioned
856 four signals), when an operation (such as service reload) times out, and when the configured watchdog
857 timeout is triggered. If set to <option>on-abnormal</option>, the service will be restarted when
858 the process is terminated by a signal (including on core dump, excluding the aforementioned four signals),
859 when an operation times out, or when the watchdog timeout is triggered. If set to <option>on-abort</option>,
860 the service will be restarted only if the service process exits due to an uncaught signal not specified
861 as a clean exit status. If set to <option>on-watchdog</option>, the service will be restarted
862 only if the watchdog timeout for the service expires. If set to <option>always</option>, the service
863 will be restarted regardless of whether it exited cleanly or not, got terminated abnormally by
864 a signal, or hit a timeout. Note that <varname>Type=oneshot</varname> services will never be restarted
865 on a clean exit status, i.e. <option>always</option> and <option>on-success</option> are rejected
866 for them.</para>
867
868 <table>
869 <title>Exit causes and the effect of the <varname>Restart=</varname> settings</title>
870
871 <tgroup cols='2'>
872 <colspec colname='path' />
873 <colspec colname='expl' />
874 <thead>
875 <row>
876 <entry>Restart settings/Exit causes</entry>
877 <entry><option>no</option></entry>
878 <entry><option>always</option></entry>
879 <entry><option>on-success</option></entry>
880 <entry><option>on-failure</option></entry>
881 <entry><option>on-abnormal</option></entry>
882 <entry><option>on-abort</option></entry>
883 <entry><option>on-watchdog</option></entry>
884 </row>
885 </thead>
886 <tbody>
887 <row>
888 <entry>Clean exit code or signal</entry>
889 <entry/>
890 <entry>X</entry>
891 <entry>X</entry>
892 <entry/>
893 <entry/>
894 <entry/>
895 <entry/>
896 </row>
897 <row>
898 <entry>Unclean exit code</entry>
899 <entry/>
900 <entry>X</entry>
901 <entry/>
902 <entry>X</entry>
903 <entry/>
904 <entry/>
905 <entry/>
906 </row>
907 <row>
908 <entry>Unclean signal</entry>
909 <entry/>
910 <entry>X</entry>
911 <entry/>
912 <entry>X</entry>
913 <entry>X</entry>
914 <entry>X</entry>
915 <entry/>
916 </row>
917 <row>
918 <entry>Timeout</entry>
919 <entry/>
920 <entry>X</entry>
921 <entry/>
922 <entry>X</entry>
923 <entry>X</entry>
924 <entry/>
925 <entry/>
926 </row>
927 <row>
928 <entry>Watchdog</entry>
929 <entry/>
930 <entry>X</entry>
931 <entry/>
932 <entry>X</entry>
933 <entry>X</entry>
934 <entry/>
935 <entry>X</entry>
936 </row>
937 <row>
938 <entry>Termination due to OOM</entry>
939 <entry/>
940 <entry>X</entry>
941 <entry/>
942 <entry>X</entry>
943 <entry>X</entry>
944 <entry/>
945 <entry/>
946 </row>
947 </tbody>
948 </tgroup>
949 </table>
950
951 <para>As exceptions to the setting above, the service will not
952 be restarted if the exit code or signal is specified in
953 <varname>RestartPreventExitStatus=</varname> (see below) or
954 the service is stopped with <command>systemctl stop</command>
955 or an equivalent operation. Also, the services will always be
956 restarted if the exit code or signal is specified in
957 <varname>RestartForceExitStatus=</varname> (see below).</para>
958
959 <para>Note that service restart is subject to unit start rate
960 limiting configured with <varname>StartLimitIntervalSec=</varname>
961 and <varname>StartLimitBurst=</varname>, see
962 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
963 for details.</para>
964
965 <para>Setting this to <option>on-failure</option> is the
966 recommended choice for long-running services, in order to
967 increase reliability by attempting automatic recovery from
968 errors. For services that shall be able to terminate on their
969 own choice (and avoid immediate restarting),
970 <option>on-abnormal</option> is an alternative choice.</para>
971 </listitem>
972 </varlistentry>
973
974 <varlistentry>
975 <term><varname>RestartMode=</varname></term>
976
977 <listitem>
978 <para>Takes a string value that specifies how a service should restart:
979 <itemizedlist>
980 <listitem>
981 <para>If set to <option>normal</option> (the default), the service restarts by going through
982 a failed/inactive state.</para>
983
984 <xi:include href="version-info.xml" xpointer="v254"/>
985 </listitem>
986
987 <listitem>
988 <para>If set to <option>direct</option>, the service transitions to the activating
989 state directly during auto-restart, skipping failed/inactive state.
990 <varname>ExecStopPost=</varname> is still invoked.
991 <varname>OnSuccess=</varname> and <varname>OnFailure=</varname> are skipped.</para>
992
993 <para>This option is useful in cases where a dependency can fail temporarily but we do not
994 want these temporary failures to make the dependent units fail. Dependent units are not
995 notified of these temporary failures.</para>
996
997 <xi:include href="version-info.xml" xpointer="v254"/>
998 </listitem>
999
1000 <listitem>
1001 <para>If set to <option>debug</option>, the service manager will log messages that are
1002 related to this unit at debug level while automated restarts are attempted, until either the
1003 service hits the rate limit or it succeeds, and the <varname>$DEBUG_INVOCATION=1</varname>
1004 environment variable will be set for the unit. This is useful to be able to get additional
1005 information when a service fails to start, without needing to proactively or permanently
1006 enable debug level logging in systemd, which is very verbose. This is otherwise equivalent
1007 to <option>normal</option> mode.</para>
1008
1009 <xi:include href="version-info.xml" xpointer="v257"/>
1010 </listitem>
1011 </itemizedlist>
1012 </para>
1013
1014 <xi:include href="version-info.xml" xpointer="v254"/>
1015 </listitem>
1016 </varlistentry>
1017
1018 <varlistentry>
1019 <term><varname>SuccessExitStatus=</varname></term>
1020
1021 <listitem><para>Takes a list of exit status definitions that, when returned by the main service
1022 process, will be considered successful termination, in addition to the normal successful exit status
1023 0 and, except for <varname>Type=oneshot</varname>, the signals <constant>SIGHUP</constant>, <constant>SIGINT</constant>,
1024 <constant>SIGTERM</constant>, and <constant>SIGPIPE</constant>. Exit status definitions can be
1025 numeric termination statuses, termination status names, or termination signal names, separated by
1026 spaces. See the Process Exit Codes section in
1027 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
1028 a list of termination status names (for this setting only the part without the
1029 <literal>EXIT_</literal> or <literal>EX_</literal> prefix should be used). See <citerefentry
1030 project='man-pages'><refentrytitle>signal</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
1031 a list of signal names.</para>
1032
1033 <para>Note that this setting does not change the mapping between numeric exit statuses and their
1034 names, i.e. regardless how this setting is used 0 will still be mapped to <literal>SUCCESS</literal>
1035 (and thus typically shown as <literal>0/SUCCESS</literal> in tool outputs) and 1 to
1036 <literal>FAILURE</literal> (and thus typically shown as <literal>1/FAILURE</literal>), and so on. It
1037 only controls what happens as effect of these exit statuses, and how it propagates to the state of
1038 the service as a whole.</para>
1039
1040 <para>This option may appear more than once, in which case the list of successful exit statuses is
1041 merged. If the empty string is assigned to this option, the list is reset, all prior assignments of
1042 this option will have no effect.</para>
1043
1044 <example>
1045 <title>A service with the <varname>SuccessExitStatus=</varname> setting</title>
1046
1047 <programlisting>SuccessExitStatus=TEMPFAIL 250 SIGKILL</programlisting>
1048
1049 <para>Exit status 75 (<constant>TEMPFAIL</constant>), 250, and the termination signal
1050 <constant>SIGKILL</constant> are considered clean service terminations.</para>
1051 </example>
1052
1053 <para>Note: <command>systemd-analyze exit-status</command> may be used to list exit statuses and
1054 translate between numerical status values and names.</para>
1055
1056 <xi:include href="version-info.xml" xpointer="v189"/></listitem>
1057 </varlistentry>
1058
1059 <varlistentry>
1060 <term><varname>RestartPreventExitStatus=</varname></term>
1061
1062 <listitem><para>Takes a list of exit status definitions that, when returned by the main service
1063 process, will prevent automatic service restarts, regardless of the restart setting configured with
1064 <varname>Restart=</varname>. Exit status definitions can be numeric termination statuses, termination
1065 status names, or termination signal names, separated by spaces. Defaults to the empty list, so that,
1066 by default, no exit status is excluded from the configured restart logic.
1067
1068 <example>
1069 <title>A service with the <varname>RestartPreventExitStatus=</varname> setting</title>
1070
1071 <programlisting>RestartPreventExitStatus=TEMPFAIL 250 SIGKILL</programlisting>
1072
1073 <para>Exit status 75 (<constant>TEMPFAIL</constant>), 250, and the termination signal
1074 <constant>SIGKILL</constant> will not result in automatic service restarting.</para>
1075 </example>
1076
1077 This option may appear more than once, in which case the list of restart-preventing statuses is merged.
1078 If the empty string is assigned to this option, the list is reset and all prior assignments of this
1079 option will have no effect.</para>
1080
1081 <para>Note that this setting has no effect on processes configured via
1082 <varname>ExecStartPre=</varname>, <varname>ExecStartPost=</varname>, <varname>ExecStop=</varname>,
1083 <varname>ExecStopPost=</varname> or <varname>ExecReload=</varname>, but only on the main service
1084 process, i.e. either the one invoked by <varname>ExecStart=</varname> or (depending on
1085 <varname>Type=</varname>, <varname>PIDFile=</varname>, …) the otherwise configured main
1086 process.</para>
1087
1088 <xi:include href="version-info.xml" xpointer="v189"/></listitem>
1089 </varlistentry>
1090
1091 <varlistentry>
1092 <term><varname>RestartForceExitStatus=</varname></term>
1093
1094 <listitem><para>Takes a list of exit status definitions that, when returned by the main service
1095 process, will force automatic service restarts, regardless of the restart setting configured with
1096 <varname>Restart=</varname>. The argument format is similar to <varname>RestartPreventExitStatus=</varname>.
1097 </para>
1098
1099 <para>Note that for <varname>Type=oneshot</varname> services, a success exit status will prevent
1100 them from auto-restarting, no matter whether the corresponding exit statuses are listed in this
1101 option or not.</para>
1102
1103 <xi:include href="version-info.xml" xpointer="v215"/></listitem>
1104 </varlistentry>
1105
1106 <varlistentry>
1107 <term><varname>RootDirectoryStartOnly=</varname></term>
1108 <listitem><para>Takes a boolean argument. If true, the root directory, as configured with the
1109 <varname>RootDirectory=</varname> option (see
1110 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1111 for more information), is only applied to the process started with <varname>ExecStart=</varname>,
1112 and not to the various other <varname>ExecStartPre=</varname>, <varname>ExecStartPost=</varname>,
1113 <varname>ExecReload=</varname>, <varname>ExecReloadPost=</varname>, <varname>ExecStop=</varname>,
1114 and <varname>ExecStopPost=</varname> commands. If false, the setting is applied to all
1115 configured commands the same way. Defaults to false.</para></listitem>
1116 </varlistentry>
1117
1118 <varlistentry>
1119 <term><varname>NonBlocking=</varname></term>
1120 <listitem><para>Set the <constant>O_NONBLOCK</constant> flag for all file descriptors passed via
1121 socket-based activation. If true, all file descriptors >= 3 (i.e. all except stdin, stdout, stderr),
1122 excluding those passed in via the file descriptor storage logic (see
1123 <varname>FileDescriptorStoreMax=</varname> for details), will have the
1124 <constant>O_NONBLOCK</constant> flag set and hence are in non-blocking mode. This option is only
1125 useful in conjunction with a socket unit, as described in
1126 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1127 and has no effect on file descriptors which were previously saved in the file-descriptor store for
1128 example. Defaults to false.</para>
1129
1130 <para>Note that if the same socket unit is configured to be passed to multiple service units (via the
1131 <varname>Sockets=</varname> setting, see below), and these services have different
1132 <varname>NonBlocking=</varname> configurations, the precise state of <constant>O_NONBLOCK</constant>
1133 depends on the order in which these services are invoked, and will possibly change after service code
1134 already took possession of the socket file descriptor, simply because the
1135 <constant>O_NONBLOCK</constant> state of a socket is shared by all file descriptors referencing
1136 it. Hence it is essential that all services sharing the same socket use the same
1137 <varname>NonBlocking=</varname> configuration, and do not change the flag in service code
1138 either.</para></listitem>
1139 </varlistentry>
1140
1141 <varlistentry>
1142 <term><varname>NotifyAccess=</varname></term>
1143 <listitem><para>Controls access to the service status notification socket, as accessible via the
1144 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1145 call. Takes one of <option>none</option> (the default), <option>main</option>, <option>exec</option>
1146 or <option>all</option>. If <option>none</option>, no daemon status updates are accepted from the
1147 service processes, all status update messages are ignored. If <option>main</option>, only service
1148 updates sent from the main process of the service are accepted. If <option>exec</option>, only
1149 service updates sent from any of the main or control processes originating from one of the
1150 <varname>Exec*=</varname> commands are accepted. If <option>all</option>, all services updates from
1151 all members of the service's control group are accepted. This option should be set to open access to
1152 the notification socket when using
1153 <varname>Type=notify</varname>/<varname>Type=notify-reload</varname> or
1154 <varname>WatchdogSec=</varname> (see above). If those options are used but
1155 <varname>NotifyAccess=</varname> is not configured, it will be implicitly set to
1156 <option>main</option>.</para>
1157
1158 <para>Note that <function>sd_notify()</function> notifications may be attributed to units correctly only if
1159 either the sending process is still around at the time PID 1 processes the message, or if the sending process
1160 is explicitly runtime-tracked by the service manager. The latter is the case if the service manager originally
1161 forked off the process, i.e. on all processes that match <option>main</option> or
1162 <option>exec</option>. Conversely, if an auxiliary process of the unit sends an
1163 <function>sd_notify()</function> message and immediately exits, the service manager might not be able to
1164 properly attribute the message to the unit, and thus will ignore it, even if
1165 <varname>NotifyAccess=</varname><option>all</option> is set for it.</para>
1166
1167 <para>Hence, to eliminate all race conditions involving lookup of the client's unit and attribution of notifications
1168 to units correctly, <function>sd_notify_barrier()</function> may be used. This call acts as a synchronization point
1169 and ensures all notifications sent before this call have been picked up by the service manager when it returns
1170 successfully. Use of <function>sd_notify_barrier()</function> is needed for clients which are not invoked by the
1171 service manager, otherwise this synchronization mechanism is unnecessary for attribution of notifications to the
1172 unit.</para></listitem>
1173 </varlistentry>
1174
1175 <varlistentry>
1176 <term><varname>Sockets=</varname></term>
1177 <listitem><para>Specifies the name of the socket units this
1178 service shall inherit socket file descriptors from when the
1179 service is started. Normally, it should not be necessary to use
1180 this setting, as all socket file descriptors whose unit shares
1181 the same name as the service (subject to the different unit
1182 name suffix of course) are passed to the spawned
1183 process.</para>
1184
1185 <para>Note that the same socket file descriptors may be passed
1186 to multiple processes simultaneously. Also note that a
1187 different service may be activated on incoming socket traffic
1188 than the one which is ultimately configured to inherit the
1189 socket file descriptors. Or, in other words: the
1190 <varname>Service=</varname> setting of
1191 <filename>.socket</filename> units does not have to match the
1192 inverse of the <varname>Sockets=</varname> setting of the
1193 <filename>.service</filename> it refers to.</para>
1194
1195 <para>This option may appear more than once, in which case the list of socket units is merged. Note
1196 that once set, clearing the list of sockets again (for example, by assigning the empty string to this
1197 option) is not supported.</para></listitem>
1198 </varlistentry>
1199
1200 <varlistentry>
1201 <term><varname>FileDescriptorStoreMax=</varname></term>
1202 <listitem><para>Configure how many file descriptors may be stored in the service manager for the
1203 service using
1204 <citerefentry><refentrytitle>sd_pid_notify_with_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>'s
1205 <literal>FDSTORE=1</literal> messages. This is useful for implementing services that can restart
1206 after an explicit request or a crash without losing state. Any open sockets and other file
1207 descriptors which should not be closed during the restart may be stored this way. Application state
1208 can either be serialized to a file in <varname>RuntimeDirectory=</varname>, or stored in a
1209 <citerefentry><refentrytitle>memfd_create</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1210 memory file descriptor. Defaults to 0, i.e. no file descriptors may be stored in the service
1211 manager. All file descriptors passed to the service manager from a specific service are passed back
1212 to the service's main process on the next service restart (see
1213 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry> for
1214 details about the precise protocol used and the order in which the file descriptors are passed). Any
1215 file descriptors passed to the service manager are automatically closed when
1216 <constant>POLLHUP</constant> or <constant>POLLERR</constant> is seen on them, or when the service is
1217 fully stopped and no job is queued or being executed for it (the latter can be tweaked with
1218 <varname>FileDescriptorStorePreserve=</varname>, see below). If this option is used,
1219 <varname>NotifyAccess=</varname> (see above) should be set to open access to the notification socket
1220 provided by systemd. If <varname>NotifyAccess=</varname> is not set, it will be implicitly set to
1221 <option>main</option>.</para>
1222
1223 <para>The <command>fdstore</command> command of
1224 <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1225 may be used to list the current contents of a service's file descriptor store.</para>
1226
1227 <para>Note that the service manager will only pass file descriptors contained in the file descriptor
1228 store to the service's own processes, never to other clients via IPC or similar. However, it does
1229 allow unprivileged clients to query the list of currently open file descriptors of a
1230 service. Sensitive data may hence be safely placed inside the referenced files, but should not be
1231 attached to the metadata (e.g. included in filenames) of the stored file
1232 descriptors.</para>
1233
1234 <para>If this option is set to a non-zero value the <varname>$FDSTORE</varname> environment variable
1235 will be set for processes invoked for this service. See
1236 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
1237 details.</para>
1238
1239 <para>For further information on the file descriptor store see the <ulink
1240 url="https://systemd.io/FILE_DESCRIPTOR_STORE">File Descriptor Store</ulink> overview.</para>
1241
1242 <xi:include href="version-info.xml" xpointer="v219"/></listitem>
1243 </varlistentry>
1244
1245 <varlistentry>
1246 <term><varname>FileDescriptorStorePreserve=</varname></term>
1247 <listitem><para>Takes one of <constant>no</constant>, <constant>yes</constant>,
1248 <constant>restart</constant> and controls when to release the service's file descriptor store
1249 (i.e. when to close the contained file descriptors, if any). If set to <constant>no</constant> the
1250 file descriptor store is automatically released when the service is stopped; if
1251 <constant>restart</constant> (the default) it is kept around as long as the unit is neither inactive
1252 nor failed, or a job is queued for the service, or the service is expected to be restarted. If
1253 <constant>yes</constant> the file descriptor store is kept around until the unit is removed from
1254 memory (i.e. is not referenced anymore and inactive). The latter is useful to keep entries in the
1255 file descriptor store pinned until the service manager exits.</para>
1256
1257 <para>Use <command>systemctl clean --what=fdstore …</command> to release the file descriptor store
1258 explicitly.</para>
1259
1260 <xi:include href="version-info.xml" xpointer="v254"/></listitem>
1261 </varlistentry>
1262
1263 <varlistentry>
1264 <term><varname>USBFunctionDescriptors=</varname></term>
1265 <listitem><para>Configure the location of a file containing
1266 <ulink
1267 url="https://docs.kernel.org/usb/functionfs.html">USB
1268 FunctionFS</ulink> descriptors, for implementation of USB
1269 gadget functions. This is used only in conjunction with a
1270 socket unit with <varname>ListenUSBFunction=</varname>
1271 configured. The contents of this file are written to the
1272 <filename>ep0</filename> file after it is
1273 opened.</para>
1274
1275 <xi:include href="version-info.xml" xpointer="v227"/></listitem>
1276 </varlistentry>
1277
1278 <varlistentry>
1279 <term><varname>USBFunctionStrings=</varname></term>
1280 <listitem><para>Configure the location of a file containing
1281 USB FunctionFS strings. Behavior is similar to
1282 <varname>USBFunctionDescriptors=</varname>
1283 above.</para>
1284
1285 <xi:include href="version-info.xml" xpointer="v227"/></listitem>
1286 </varlistentry>
1287
1288 <varlistentry id='oom-policy'>
1289 <term><varname>OOMPolicy=</varname></term>
1290
1291 <listitem><para>Configure the out-of-memory (OOM) killing policy for the kernel and the userspace OOM
1292 killer
1293 <citerefentry><refentrytitle>systemd-oomd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
1294 On Linux, when memory becomes scarce to the point that the kernel has trouble allocating memory for
1295 itself, it might decide to kill a running process in order to free up memory and reduce memory
1296 pressure. Note that <filename>systemd-oomd.service</filename> is a more flexible solution that aims
1297 to prevent out-of-memory situations for the userspace too, not just the kernel, by attempting to
1298 terminate services earlier, before the kernel would have to act.</para>
1299
1300 <para>This setting takes one of <constant>continue</constant>, <constant>stop</constant> or
1301 <constant>kill</constant>. If set to <constant>continue</constant> and a process in the unit is
1302 killed by the OOM killer, this is logged but the unit continues running. If set to
1303 <constant>stop</constant> the event is logged and the unit's processes are terminated cleanly by the
1304 service manager. If set to <constant>kill</constant> and one of the unit's processes is killed by the
1305 OOM killer the kernel is instructed to kill all remaining processes of the unit too, by setting the
1306 <filename>memory.oom.group</filename> attribute to <constant>1</constant>; also see kernel page
1307 <ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html">Control Group v2</ulink>. In case of
1308 both <constant>stop</constant> and <constant>kill</constant>, the service ultimately ends up in the
1309 <constant>oom-kill</constant> failed state after which <varname>Restart=</varname> may apply.
1310 </para>
1311
1312 <para>Defaults to the setting <varname>DefaultOOMPolicy=</varname> in
1313 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1314 is set to, except for units where <varname>Delegate=</varname> is turned on, where it defaults to
1315 <constant>continue</constant>.</para>
1316
1317 <para>Use the <varname>OOMScoreAdjust=</varname> setting to configure whether processes of the unit
1318 shall be considered preferred or less preferred candidates for process termination by the Linux OOM
1319 killer logic. See
1320 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
1321 details.</para>
1322
1323 <para>This setting also applies to
1324 <citerefentry><refentrytitle>systemd-oomd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
1325 Similarly to the kernel OOM kills performed by the kernel, this setting determines the state of the
1326 unit after <command>systemd-oomd</command> kills a cgroup associated with it.</para>
1327
1328 <xi:include href="version-info.xml" xpointer="v243"/></listitem>
1329 </varlistentry>
1330
1331 <varlistentry>
1332 <term><varname>OpenFile=</varname></term>
1333 <listitem><para>Takes an argument of the form <literal>path<optional><replaceable>:fd-name:options</replaceable></optional></literal>,
1334 where:
1335 <itemizedlist>
1336 <listitem><simpara><literal>path</literal> is a path to a file or an <constant>AF_UNIX</constant> socket in the file system;</simpara></listitem>
1337 <listitem><simpara><literal>fd-name</literal> is a name that will be associated with the file descriptor;
1338 the name may contain any ASCII character, but must exclude control characters and ":", and must be at most 255 characters in length;
1339 it is optional and, if not provided, defaults to the file name;</simpara></listitem>
1340 <listitem><simpara><literal>options</literal> is a comma-separated list of access options;
1341 possible values are
1342 <literal>read-only</literal>,
1343 <literal>append</literal>,
1344 <literal>truncate</literal>,
1345 <literal>graceful</literal>;
1346 if not specified, files will be opened in <constant>rw</constant> mode;
1347 if <literal>graceful</literal> is specified, errors during file/socket opening are ignored.
1348 Specifying the same option several times is treated as an error.</simpara></listitem>
1349 </itemizedlist>
1350 The file or socket is opened by the service manager and the file descriptor is passed to the service.
1351 If the path is a socket, we call <function>connect()</function> on it.
1352 See <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1353 for more details on how to retrieve these file descriptors.</para>
1354
1355 <para>This setting is useful to allow services to access files/sockets that they cannot access themselves
1356 (due to running in a separate mount namespace, not having privileges, ...).</para>
1357
1358 <para>This setting can be specified multiple times, in which case all the specified paths are opened and the file descriptors passed to the service.
1359 If the empty string is assigned, the entire list of open files defined prior to this is reset.</para>
1360
1361 <xi:include href="version-info.xml" xpointer="v253"/></listitem>
1362 </varlistentry>
1363
1364 <varlistentry>
1365 <term><varname>ReloadSignal=</varname></term>
1366 <listitem><para>Configures the UNIX process signal to send to the service's main process when asked
1367 to reload the service's configuration. Defaults to <constant>SIGHUP</constant>. This option has no
1368 effect unless <varname>Type=</varname><option>notify-reload</option> is used, see
1369 above.</para>
1370
1371 <xi:include href="version-info.xml" xpointer="v253"/></listitem>
1372 </varlistentry>
1373
1374 <varlistentry>
1375 <term><varname>RefreshOnReload=</varname></term>
1376
1377 <listitem><para>Takes a boolean argument, or a list of resources defined in
1378 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1379 Possible values are <option>extensions</option> and <option>credentials</option>, separated by space.
1380 Prepending the list with a single tilde character (<literal>~</literal>) inverts the effect.
1381 Defaults to <option>extensions</option>. An empty assignment resets the list to default. If enabled,
1382 the corresponding resources (<option>ExtensionImages=</option>/<option>ExtensionDirectories=</option>
1383 for <option>extensions</option> and <option>LoadCredential=</option>/<option>ImportCredential=</option>/
1384 <option>SetCredential=</option> (along with their <option>Encrypted</option> counterparts)
1385 for <option>credentials</option>) will be refreshed on service reload. If <option>yes</option>,
1386 all resources listed above that are used by the service shall be refreshed.</para>
1387
1388 <para>Specially, if this option is set explicitly, and the respective resources are in use,
1389 the service may be reloaded without any actual reload mechanism (<option>ExecReload=</option>
1390 or <option>Type=notify-reload</option>) for notifying the main process, in which case the reload
1391 is considered complete immediately after refreshing.</para>
1392
1393 <xi:include href="version-info.xml" xpointer="v260"/></listitem>
1394 </varlistentry>
1395
1396 </variablelist>
1397
1398 <para id='shared-unit-options'>Check
1399 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1400 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, and
1401 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more
1402 settings.</para>
1403 </refsect1>
1404
1405 <refsect1>
1406 <title>Command lines</title>
1407
1408 <para>This section describes command line parsing and
1409 variable and specifier substitutions for
1410 <varname>ExecStart=</varname>,
1411 <varname>ExecStartPre=</varname>,
1412 <varname>ExecStartPost=</varname>,
1413 <varname>ExecReload=</varname>,
1414 <varname>ExecStop=</varname>,
1415 <varname>ExecStopPost=</varname>, and
1416 <varname>ExecCondition=</varname> options.</para>
1417
1418 <para>Multiple command lines may be specified by using the relevant setting multiple times.</para>
1419
1420 <para>Each command line is unquoted using the rules described in "Quoting" section in
1421 <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry>. The
1422 first item becomes the command to execute, and the subsequent items the arguments.</para>
1423
1424 <para>This syntax is inspired by shell syntax, but only the meta-characters and expansions
1425 described in the following paragraphs are understood, and the expansion of variables is
1426 different. Specifically, redirection using
1427 <literal>&lt;</literal>,
1428 <literal>&lt;&lt;</literal>,
1429 <literal>&gt;</literal>, and
1430 <literal>&gt;&gt;</literal>, pipes using
1431 <literal>|</literal>, running programs in the background using
1432 <literal>&amp;</literal>, and <emphasis>other elements of shell
1433 syntax are not supported</emphasis>.</para>
1434
1435 <para>The command to execute may contain spaces, but control characters are not allowed.</para>
1436
1437 <para>Each command may be prefixed with a number of special characters:</para>
1438
1439 <table>
1440 <title>Special executable prefixes</title>
1441
1442 <tgroup cols='2'>
1443 <colspec colname='prefix'/>
1444 <colspec colname='meaning'/>
1445
1446 <thead>
1447 <row>
1448 <entry>Prefix</entry>
1449 <entry>Effect</entry>
1450 </row>
1451 </thead>
1452 <tbody>
1453 <row>
1454 <entry><literal>@</literal></entry>
1455 <entry>If the executable path is prefixed with <literal>@</literal>, the second specified token will be passed as <constant>argv[0]</constant> to the executed process (instead of the actual filename), followed by the further arguments specified, unless <literal>|</literal> is also specified, in which case it enables login shell semantics for the shell spawned by prefixing <literal>-</literal> to <constant>argv[0]</constant>.</entry>
1456 </row>
1457
1458 <row>
1459 <entry><literal>-</literal></entry>
1460 <entry>If the executable path is prefixed with <literal>-</literal>, an exit code of the command normally considered a failure (i.e. non-zero exit status or abnormal exit due to signal) is recorded, but has no further effect and is considered equivalent to success.</entry>
1461 </row>
1462
1463 <row>
1464 <entry><literal>:</literal></entry>
1465 <entry>If the executable path is prefixed with <literal>:</literal>, environment variable substitution (as described below this table) is not applied.</entry>
1466 </row>
1467
1468 <row>
1469 <entry><literal>+</literal></entry>
1470 <entry>If the executable path is prefixed with <literal>+</literal> then the process is executed with full privileges. In this mode privilege restrictions configured with <varname>User=</varname>, <varname>Group=</varname>, <varname>CapabilityBoundingSet=</varname> or the various file system namespacing options (such as <varname>PrivateDevices=</varname>, <varname>PrivateTmp=</varname>) are not applied to the invoked command line (but still affect any other <varname>ExecStart=</varname>, <varname>ExecStop=</varname>, … lines). However, note that this will not bypass options that apply to the whole control group, such as <varname>DevicePolicy=</varname>, see <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> for the full list.</entry>
1471 </row>
1472
1473 <row>
1474 <entry><literal>!</literal></entry>
1475
1476 <entry>Similar to the <literal>+</literal> character discussed above this permits invoking command lines with elevated privileges. However, unlike <literal>+</literal> the <literal>!</literal> character exclusively alters the effect of <varname>User=</varname>, <varname>Group=</varname> and <varname>SupplementaryGroups=</varname>, i.e. only the stanzas that affect user and group credentials. Note that this setting may be combined with <varname>DynamicUser=</varname>, in which case a dynamic user/group pair is allocated before the command is invoked, but credential changing is left to the executed process itself.</entry>
1477 </row>
1478
1479 <row>
1480 <entry><literal>|</literal></entry>
1481
1482 <entry>If <literal>|</literal> is specified standalone as executable path, invoke the default shell of <varname>User=</varname>. If specified as a prefix, use the shell (<literal>-c</literal>) to spawn the executable. When <literal>@</literal> is used in conjunction, <constant>argv[0]</constant> of shell will be prefixed with <literal>-</literal> to enable login shell semantics.</entry>
1483 </row>
1484 </tbody>
1485 </tgroup>
1486 </table>
1487
1488 <para><literal>@</literal>, <literal>|</literal>, <literal>-</literal>, <literal>:</literal>, and one of
1489 <literal>+</literal>/<literal>!</literal> may be used together and they can appear in any order.
1490 However, <literal>+</literal> and <literal>!</literal> may not be specified at the same time.</para>
1491
1492 <para>For each command, the first argument must be either an absolute path to an executable or a simple
1493 file name without any slashes. If the command is not a full (absolute) path, it will be resolved to a
1494 full path using a fixed search path determined at compilation time. Searched directories include
1495 <filename>/usr/local/bin/</filename>, <filename>/usr/bin/</filename>, and their
1496 <filename>sbin/</filename> counterparts (only on systems using split <filename>bin/</filename> and
1497 <filename>sbin/</filename>). It is thus safe to use just the executable name in case of executables
1498 located in any of the "standard" directories, and an absolute path must be used in other cases. Hint:
1499 this search path may be queried using <command>systemd-path search-binaries-default</command>.</para>
1500
1501 <para>The command line accepts <literal>%</literal> specifiers as described in
1502 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
1503
1504 <para>An argument solely consisting of <literal>;</literal> must be escaped, i.e. specified as <literal>\;</literal>.</para>
1505
1506 <para>Basic environment variable substitution is supported. Use
1507 <literal>${FOO}</literal> as part of a word, or as a word of its
1508 own, on the command line, in which case it will be erased and replaced
1509 by the exact value of the environment variable (if any) including all
1510 whitespace it contains, always resulting in exactly a single argument.
1511 Use <literal>$FOO</literal> as a separate word on the command line, in
1512 which case it will be replaced by the value of the environment
1513 variable split at whitespace, resulting in zero or more arguments.
1514 For this type of expansion, quotes are respected when splitting
1515 into words, and afterwards removed.</para>
1516
1517 <para>Example:</para>
1518
1519 <programlisting>Environment="ONE=one" 'TWO=two two'
1520ExecStart=echo $ONE $TWO ${TWO}</programlisting>
1521
1522 <para>This will execute <command>/bin/echo</command> with four
1523 arguments: <literal>one</literal>, <literal>two</literal>,
1524 <literal>two</literal>, and <literal>two two</literal>.</para>
1525
1526 <para>Example:</para>
1527 <programlisting>Environment=ONE='one' "TWO='two two' too" THREE=
1528ExecStart=/bin/echo ${ONE} ${TWO} ${THREE}
1529ExecStart=/bin/echo $ONE $TWO $THREE</programlisting>
1530 <para>This results in <filename>/bin/echo</filename> being
1531 called twice, the first time with arguments
1532 <literal>'one'</literal>,
1533 <literal>'two two' too</literal>, <literal></literal>,
1534 and the second time with arguments
1535 <literal>one</literal>, <literal>two two</literal>,
1536 <literal>too</literal>.
1537 </para>
1538
1539 <para>Unless for commands with the special executable prefix <literal>:</literal>,
1540 to pass a literal dollar sign, use <literal>$$</literal>.
1541 Variables whose value is not known at expansion time are treated
1542 as empty strings. Note that the first argument (i.e. the program
1543 to execute) may not be a variable.</para>
1544
1545 <para>Variables to be used in this fashion may be defined through
1546 <varname>Environment=</varname> and
1547 <varname>EnvironmentFile=</varname>. In addition, variables listed
1548 in the section "Environment variables in spawned processes" in
1549 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1550 which are considered "static configuration", may be used (this
1551 includes e.g. <varname>$USER</varname>, but not
1552 <varname>$TERM</varname>).</para>
1553
1554 <para>Note that shell command lines are not directly supported, and <literal>|</literal> invokes the user's
1555 default shell which isn't deterministic. It's recommended to specify a shell implementation explicitly
1556 if portability is desired. Example:</para>
1557 <programlisting>ExecStart=sh -c 'dmesg | tac'</programlisting>
1558
1559 <para>Example:</para>
1560
1561 <programlisting>ExecStart=echo one
1562ExecStart=echo "two two"</programlisting>
1563
1564 <para>This will execute <command>echo</command> two times,
1565 each time with one argument: <literal>one</literal> and
1566 <literal>two two</literal>, respectively. Because two commands are
1567 specified, <varname>Type=oneshot</varname> must be used.</para>
1568
1569 <para>Example:</para>
1570
1571 <programlisting>Type=oneshot
1572ExecStart=:echo $USER
1573ExecStart=-false
1574ExecStart=+:@true $TEST</programlisting>
1575
1576 <para>This will execute <command>/usr/bin/echo</command> with the literal argument
1577 <literal>$USER</literal> (<literal>:</literal> suppresses variable expansion), and then
1578 <command>/usr/bin/false</command> (the return value will be ignored because <literal>-</literal>
1579 suppresses checking of the return value), and <command>/usr/bin/true</command> (with elevated privileges,
1580 with <literal>$TEST</literal> as <constant>argv[0]</constant>).</para>
1581
1582 <para>Example:</para>
1583
1584 <programlisting>ExecStart=echo / &gt;/dev/null &amp; \; \
1585ls</programlisting>
1586
1587 <para>This will execute <command>echo</command>
1588 with five arguments: <literal>/</literal>,
1589 <literal>&gt;/dev/null</literal>,
1590 <literal>&amp;</literal>, <literal>;</literal>, and
1591 <literal>ls</literal>.</para>
1592 </refsect1>
1593
1594 <refsect1>
1595 <title>Examples</title>
1596
1597 <example>
1598 <title>Simple service</title>
1599
1600 <para>The following unit file creates a service that will
1601 execute <filename index="false">/usr/sbin/foo-daemon</filename>. Since no
1602 <varname>Type=</varname> is specified, the default
1603 <varname>Type=</varname><option>simple</option> will be assumed.
1604 systemd will assume the unit to be started immediately after the
1605 program has begun executing.</para>
1606
1607 <programlisting>[Unit]
1608Description=Foo
1609
1610[Service]
1611ExecStart=/usr/sbin/foo-daemon
1612
1613[Install]
1614WantedBy=multi-user.target</programlisting>
1615
1616 <para>Note that systemd assumes here that the process started by
1617 systemd will continue running until the service terminates. If
1618 the program daemonizes itself (i.e. forks), please use
1619 <varname>Type=</varname><option>forking</option> instead.</para>
1620
1621 <para>Since no <varname>ExecStop=</varname> was specified,
1622 systemd will send SIGTERM to all processes started from this
1623 service, and after a timeout also SIGKILL. This behavior can be
1624 modified, see
1625 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1626 for details.</para>
1627
1628 <para>Note that this unit type does not include any type of notification when a service has completed
1629 initialization. For this, you should use other unit types, such as
1630 <varname>Type=</varname><option>notify</option>/<varname>Type=</varname><option>notify-reload</option>
1631 if the service understands systemd's notification protocol,
1632 <varname>Type=</varname><option>forking</option> if the service can background itself or
1633 <varname>Type=</varname><option>dbus</option> if the unit acquires a DBus name once initialization is
1634 complete. See below.</para>
1635 </example>
1636
1637 <example>
1638 <title>Oneshot service</title>
1639
1640 <para>Sometimes, units should just execute an action without
1641 keeping active processes, such as a filesystem check or a
1642 cleanup action on boot. For this,
1643 <varname>Type=</varname><option>oneshot</option> exists. Units
1644 of this type will wait until the process specified terminates
1645 and then fall back to being inactive. The following unit will
1646 perform a cleanup action:</para>
1647
1648 <programlisting>[Unit]
1649Description=Cleanup old Foo data
1650
1651[Service]
1652Type=oneshot
1653ExecStart=/usr/sbin/foo-cleanup
1654
1655[Install]
1656WantedBy=multi-user.target</programlisting>
1657
1658 <para>Note that systemd will consider the unit to be in the
1659 state "starting" until the program has terminated, so ordered
1660 dependencies will wait for the program to finish before starting
1661 themselves. The unit will revert to the "inactive" state after
1662 the execution is done, never reaching the "active" state. That
1663 means another request to start the unit will perform the action
1664 again.</para>
1665
1666 <para><varname>Type=</varname><option>oneshot</option> are the
1667 only service units that may have more than one
1668 <varname>ExecStart=</varname> specified. For units with multiple
1669 commands (<varname index="false">Type=oneshot</varname>), all commands will be run again.</para>
1670 <para> For <varname index="false">Type=oneshot</varname>, <varname>Restart=</varname><option>always</option>
1671 and <varname>Restart=</varname><option>on-success</option> are <emphasis>not</emphasis> allowed.</para>
1672 </example>
1673
1674 <example>
1675 <title>Stoppable oneshot service</title>
1676
1677 <para>Similarly to the oneshot services, there are sometimes
1678 units that need to execute a program to set up something and
1679 then execute another to shut it down, but no process remains
1680 active while they are considered "started". Network
1681 configuration can sometimes fall into this category. Another use
1682 case is if a oneshot service shall not be executed each time
1683 when they are pulled in as a dependency, but only the first
1684 time.</para>
1685
1686 <para>For this, systemd knows the setting
1687 <varname>RemainAfterExit=</varname><option>yes</option>, which
1688 causes systemd to consider the unit to be active if the start
1689 action exited successfully. This directive can be used with all
1690 types, but is most useful with
1691 <varname>Type=</varname><option>oneshot</option> and
1692 <varname>Type=</varname><option>simple</option>. With
1693 <varname>Type=</varname><option>oneshot</option>, systemd waits
1694 until the start action has completed before it considers the
1695 unit to be active, so dependencies start only after the start
1696 action has succeeded. With
1697 <varname>Type=</varname><option>simple</option>, dependencies
1698 will start immediately after the start action has been
1699 dispatched. The following unit provides an example for a simple
1700 static firewall.</para>
1701
1702 <programlisting>[Unit]
1703Description=Simple firewall
1704
1705[Service]
1706Type=oneshot
1707RemainAfterExit=yes
1708ExecStart=/usr/local/sbin/simple-firewall-start
1709ExecStop=/usr/local/sbin/simple-firewall-stop
1710
1711[Install]
1712WantedBy=multi-user.target</programlisting>
1713
1714 <para>Since the unit is considered to be running after the start
1715 action has exited, invoking <command>systemctl start</command>
1716 on that unit again will cause no action to be taken.</para>
1717 </example>
1718
1719 <example>
1720 <title>Traditional forking services</title>
1721
1722 <para>Many traditional daemons/services background (i.e. fork,
1723 daemonize) themselves when starting. Set
1724 <varname>Type=</varname><option>forking</option> in the
1725 service's unit file to support this mode of operation. systemd
1726 will consider the service to be in the process of initialization
1727 while the original program is still running. Once it exits
1728 successfully and at least a process remains (and
1729 <varname>RemainAfterExit=</varname><option>no</option>), the
1730 service is considered started.</para>
1731
1732 <para>Often, a traditional daemon only consists of one process.
1733 Therefore, if only one process is left after the original
1734 process terminates, systemd will consider that process the main
1735 process of the service. In that case, the
1736 <varname>$MAINPID</varname> variable will be available in
1737 <varname>ExecReload=</varname>, <varname>ExecStop=</varname>,
1738 etc.</para>
1739
1740 <para>In case more than one process remains, systemd will be
1741 unable to determine the main process, so it will not assume
1742 there is one. In that case, <varname>$MAINPID</varname> will not
1743 expand to anything. However, if the process decides to write a
1744 traditional PID file, systemd will be able to read the main PID
1745 from there. Please set <varname>PIDFile=</varname> accordingly.
1746 Note that the daemon should write that file before finishing
1747 with its initialization. Otherwise, systemd might try to read the
1748 file before it exists.</para>
1749
1750 <para>The following example shows a simple daemon that forks and
1751 just starts one process in the background:</para>
1752
1753 <programlisting>[Unit]
1754Description=My Simple Daemon
1755
1756[Service]
1757Type=forking
1758ExecStart=/usr/sbin/my-simple-daemon -d
1759
1760[Install]
1761WantedBy=multi-user.target</programlisting>
1762
1763 <para>Please see
1764 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1765 for details on how you can influence the way systemd terminates
1766 the service.</para>
1767 </example>
1768
1769 <example>
1770 <title>DBus services</title>
1771
1772 <para>For services that acquire a name on the DBus system bus,
1773 use <varname>Type=</varname><option>dbus</option> and set
1774 <varname>BusName=</varname> accordingly. The service should not
1775 fork (daemonize). systemd will consider the service to be
1776 initialized once the name has been acquired on the system bus.
1777 The following example shows a typical DBus service:</para>
1778
1779 <programlisting>[Unit]
1780Description=Simple DBus Service
1781
1782[Service]
1783Type=dbus
1784BusName=org.example.simple-dbus-service
1785ExecStart=/usr/sbin/simple-dbus-service
1786
1787[Install]
1788WantedBy=multi-user.target</programlisting>
1789
1790 <para>For <emphasis>bus-activatable</emphasis> services, do not
1791 include a [Install] section in the systemd
1792 service file, but use the <varname>SystemdService=</varname>
1793 option in the corresponding DBus service file, for example
1794 (<filename>/usr/share/dbus-1/system-services/org.example.simple-dbus-service.service</filename>):</para>
1795
1796 <programlisting>[D-BUS Service]
1797Name=org.example.simple-dbus-service
1798Exec=/usr/sbin/simple-dbus-service
1799User=root
1800SystemdService=simple-dbus-service.service</programlisting>
1801
1802 <para>Please see
1803 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1804 for details on how you can influence the way systemd terminates
1805 the service.</para>
1806 </example>
1807
1808 <example>
1809 <title>Services that notify systemd about their initialization</title>
1810
1811 <para><varname>Type=</varname><option>simple</option> services are really easy to write, but have the
1812 major disadvantage of systemd not being able to tell when initialization of the given service is
1813 complete. For this reason, systemd supports a simple notification protocol that allows daemons to make
1814 systemd aware that they are done initializing. Use <varname>Type=</varname><option>notify</option> or
1815 <varname>Type=</varname><option>notify-reload</option> for this. A typical service file for such a
1816 daemon would look like this:</para>
1817
1818 <programlisting>[Unit]
1819Description=Simple Notifying Service
1820
1821[Service]
1822Type=notify-reload
1823ExecStart=/usr/sbin/simple-notifying-service
1824
1825[Install]
1826WantedBy=multi-user.target</programlisting>
1827
1828 <para>Note that the daemon has to support systemd's notification
1829 protocol, else systemd will think the service has not started yet
1830 and kill it after a timeout. For an example of how to update
1831 daemons to support this protocol transparently, take a look at
1832 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
1833 systemd will consider the unit to be in the 'starting' state
1834 until a readiness notification has arrived.</para>
1835
1836 <para>Please see
1837 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1838 for details on how you can influence the way systemd terminates
1839 the service.</para>
1840
1841 <para>To avoid code duplication, it is preferable to use
1842 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1843 when possible, especially when other APIs provided by
1844 <citerefentry><refentrytitle>libsystemd</refentrytitle><manvolnum>3</manvolnum></citerefentry> are
1845 also used, but note that the notification protocol is very simple and guaranteed to be stable as per
1846 the <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability
1847 Promise</ulink>, so it can be reimplemented by services with no external dependencies. For a
1848 self-contained example, see
1849 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
1850 </example>
1851 </refsect1>
1852
1853 <refsect1>
1854 <title>See Also</title>
1855 <para><simplelist type="inline">
1856 <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
1857 <member><citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
1858 <member><citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
1859 <member><citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
1860 <member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
1861 <member><citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
1862 <member><citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
1863 <member><citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
1864 <member><citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
1865 </simplelist></para>
1866 </refsect1>
1867
1868</refentry>
Unnamed repository; edit this file 'description' to name the repository.