]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/systemd.exec.xml
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
man: reword man page titles
[thirdparty/systemd.git] / man / systemd.exec.xml
1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5
6 <!--
7 This file is part of systemd.
8
9 Copyright 2010 Lennart Poettering
10
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
15
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 -->
24
25 <refentry id="systemd.exec">
26 <refentryinfo>
27 <title>systemd.exec</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.exec</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.exec</refname>
47 <refpurpose>Execution environment configuration</refpurpose>
48 </refnamediv>
49
50 <refsynopsisdiv>
51 <para><filename>systemd.service</filename>,
52 <filename>systemd.socket</filename>,
53 <filename>systemd.mount</filename>,
54 <filename>systemd.swap</filename></para>
55 </refsynopsisdiv>
56
57 <refsect1>
58 <title>Description</title>
59
60 <para>Unit configuration files for services, sockets,
61 mount points and swap devices share a subset of
62 configuration options which define the execution
63 environment of spawned processes.</para>
64
65 <para>This man page lists the configuration options
66 shared by these four unit types. See
67 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
68 for the common options of all unit configuration
69 files, and
70 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
71 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
72 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>
73 and
74 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
75 for more information on the specific unit
76 configuration files. The execution specific
77 configuration options are configured in the [Service],
78 [Socket], [Mount] resp. [Swap] section, depending on the unit
79 type.</para>
80 </refsect1>
81
82 <refsect1>
83 <title>Options</title>
84
85 <variablelist>
86
87 <varlistentry>
88 <term><varname>WorkingDirectory=</varname></term>
89
90 <listitem><para>Takes an absolute
91 directory path. Sets the working
92 directory for executed processes. If
93 not set defaults to the root directory
94 when systemd is running as a system
95 instance and the respective user's
96 home directory if run as
97 user.</para></listitem>
98 </varlistentry>
99
100 <varlistentry>
101 <term><varname>RootDirectory=</varname></term>
102
103 <listitem><para>Takes an absolute
104 directory path. Sets the root
105 directory for executed processes, with
106 the
107 <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
108 system call. If this is used it must
109 be ensured that the process and all
110 its auxiliary files are available in
111 the <function>chroot()</function>
112 jail.</para></listitem>
113 </varlistentry>
114
115 <varlistentry>
116 <term><varname>User=</varname></term>
117 <term><varname>Group=</varname></term>
118
119 <listitem><para>Sets the Unix user
120 resp. group the processes are executed
121 as. Takes a single user resp. group
122 name or ID as argument. If no group is
123 set the default group of the user is
124 chosen.</para></listitem>
125 </varlistentry>
126
127 <varlistentry>
128 <term><varname>SupplementaryGroups=</varname></term>
129
130 <listitem><para>Sets the supplementary
131 Unix groups the processes are executed
132 as. This takes a space separated list
133 of group names or IDs. This option may
134 be specified more than once in which
135 case all listed groups are set as
136 supplementary groups. This option does
137 not override but extends the list of
138 supplementary groups configured in the
139 system group database for the
140 user.</para></listitem>
141 </varlistentry>
142
143 <varlistentry>
144 <term><varname>Nice=</varname></term>
145
146 <listitem><para>Sets the default nice
147 level (scheduling priority) for
148 executed processes. Takes an integer
149 between -20 (highest priority) and 19
150 (lowest priority). See
151 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
152 for details.</para></listitem>
153 </varlistentry>
154
155 <varlistentry>
156 <term><varname>OOMScoreAdjust=</varname></term>
157
158 <listitem><para>Sets the adjustment
159 level for the Out-Of-Memory killer for
160 executed processes. Takes an integer
161 between -1000 (to disable OOM killing
162 for this process) and 1000 (to make
163 killing of this process under memory
164 pressure very likely). See <ulink
165 url="http://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
166 for details.</para></listitem>
167 </varlistentry>
168
169 <varlistentry>
170 <term><varname>IOSchedulingClass=</varname></term>
171
172 <listitem><para>Sets the IO scheduling
173 class for executed processes. Takes an
174 integer between 0 and 3 or one of the
175 strings <option>none</option>,
176 <option>realtime</option>,
177 <option>best-effort</option> or
178 <option>idle</option>. See
179 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
180 for details.</para></listitem>
181 </varlistentry>
182
183 <varlistentry>
184 <term><varname>IOSchedulingPriority=</varname></term>
185
186 <listitem><para>Sets the IO scheduling
187 priority for executed processes. Takes
188 an integer between 0 (highest
189 priority) and 7 (lowest priority). The
190 available priorities depend on the
191 selected IO scheduling class (see
192 above). See
193 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
194 for details.</para></listitem>
195 </varlistentry>
196
197 <varlistentry>
198 <term><varname>CPUSchedulingPolicy=</varname></term>
199
200 <listitem><para>Sets the CPU
201 scheduling policy for executed
202 processes. Takes one of
203 <option>other</option>,
204 <option>batch</option>,
205 <option>idle</option>,
206 <option>fifo</option> or
207 <option>rr</option>. See
208 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
209 for details.</para></listitem>
210 </varlistentry>
211
212 <varlistentry>
213 <term><varname>CPUSchedulingPriority=</varname></term>
214
215 <listitem><para>Sets the CPU
216 scheduling priority for executed
217 processes. Takes an integer between 1
218 (lowest priority) and 99 (highest
219 priority). The available priority
220 range depends on the selected CPU
221 scheduling policy (see above). See
222 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
223 for details.</para></listitem>
224 </varlistentry>
225
226 <varlistentry>
227 <term><varname>CPUSchedulingResetOnFork=</varname></term>
228
229 <listitem><para>Takes a boolean
230 argument. If true elevated CPU
231 scheduling priorities and policies
232 will be reset when the executed
233 processes fork, and can hence not leak
234 into child processes. See
235 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
236 for details. Defaults to false.</para></listitem>
237 </varlistentry>
238
239 <varlistentry>
240 <term><varname>CPUAffinity=</varname></term>
241
242 <listitem><para>Controls the CPU
243 affinity of the executed
244 processes. Takes a space-separated
245 list of CPU indexes. See
246 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
247 for details.</para></listitem>
248 </varlistentry>
249
250 <varlistentry>
251 <term><varname>UMask=</varname></term>
252
253 <listitem><para>Controls the file mode
254 creation mask. Takes an access mode in
255 octal notation. See
256 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
257 for details. Defaults to
258 0022.</para></listitem>
259 </varlistentry>
260
261 <varlistentry>
262 <term><varname>Environment=</varname></term>
263
264 <listitem><para>Sets environment
265 variables for executed
266 processes. Takes a space-separated
267 list of variable assignments. This
268 option may be specified more than once
269 in which case all listed variables
270 will be set. If the same variable is
271 set twice the later setting will
272 override the earlier setting. See
273 <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
274 for details.</para></listitem>
275 </varlistentry>
276 <varlistentry>
277 <term><varname>EnvironmentFile=</varname></term>
278 <listitem><para>Similar to
279 <varname>Environment=</varname> but
280 reads the environment variables from a
281 text file. The text file should
282 contain new-line separated variable
283 assignments. Empty lines and lines
284 starting with ; or # will be ignored,
285 which may be used for commenting. The
286 parser strips leading and
287 trailing whitespace from the values
288 of assignments, unless you use
289 double quotes (").
290 The
291 argument passed should be an absolute
292 file name, optionally prefixed with
293 "-", which indicates that if the file
294 does not exist it won't be read and no
295 error or warning message is
296 logged. The files listed with this
297 directive will be read shortly before
298 the process is executed. Settings from
299 these files override settings made
300 with
301 <varname>Environment=</varname>. If
302 the same variable is set twice from
303 these files the files will be read in
304 the order they are specified and the
305 later setting will override the
306 earlier setting. </para></listitem>
307 </varlistentry>
308
309 <varlistentry>
310 <term><varname>StandardInput=</varname></term>
311 <listitem><para>Controls where file
312 descriptor 0 (STDIN) of the executed
313 processes is connected to. Takes one
314 of <option>null</option>,
315 <option>tty</option>,
316 <option>tty-force</option>,
317 <option>tty-fail</option> or
318 <option>socket</option>. If
319 <option>null</option> is selected
320 standard input will be connected to
321 <filename>/dev/null</filename>,
322 i.e. all read attempts by the process
323 will result in immediate EOF. If
324 <option>tty</option> is selected
325 standard input is connected to a TTY
326 (as configured by
327 <varname>TTYPath=</varname>, see
328 below) and the executed process
329 becomes the controlling process of the
330 terminal. If the terminal is already
331 being controlled by another process the
332 executed process waits until the current
333 controlling process releases the
334 terminal.
335 <option>tty-force</option>
336 is similar to <option>tty</option>,
337 but the executed process is forcefully
338 and immediately made the controlling
339 process of the terminal, potentially
340 removing previous controlling
341 processes from the
342 terminal. <option>tty-fail</option> is
343 similar to <option>tty</option> but if
344 the terminal already has a controlling
345 process start-up of the executed
346 process fails. The
347 <option>socket</option> option is only
348 valid in socket-activated services,
349 and only when the socket configuration
350 file (see
351 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
352 for details) specifies a single socket
353 only. If this option is set standard
354 input will be connected to the socket
355 the service was activated from, which
356 is primarily useful for compatibility
357 with daemons designed for use with the
358 traditional
359 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
360 daemon. This setting defaults to
361 <option>null</option>.</para></listitem>
362 </varlistentry>
363 <varlistentry>
364 <term><varname>StandardOutput=</varname></term>
365 <listitem><para>Controls where file
366 descriptor 1 (STDOUT) of the executed
367 processes is connected to. Takes one
368 of <option>inherit</option>,
369 <option>null</option>,
370 <option>tty</option>,
371 <option>syslog</option>,
372 <option>kmsg</option>,
373 <option>journal</option>,
374 <option>syslog+console</option>,
375 <option>kmsg+console</option>,
376 <option>journal+console</option> or
377 <option>socket</option>. If set to
378 <option>inherit</option> the file
379 descriptor of standard input is
380 duplicated for standard output. If set
381 to <option>null</option> standard
382 output will be connected to
383 <filename>/dev/null</filename>,
384 i.e. everything written to it will be
385 lost. If set to <option>tty</option>
386 standard output will be connected to a
387 tty (as configured via
388 <varname>TTYPath=</varname>, see
389 below). If the TTY is used for output
390 only the executed process will not
391 become the controlling process of the
392 terminal, and will not fail or wait
393 for other processes to release the
394 terminal. <option>syslog</option>
395 connects standard output to the
396 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
397 system syslog
398 service. <option>kmsg</option>
399 connects it with the kernel log buffer
400 which is accessible via
401 <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>journal</option>
402 connects it with the journal which is
403 accessible via
404 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
405 (Note that everything that is written
406 to syslog or kmsg is implicitly stored
407 in the journal as well, those options
408 are hence supersets of this
409 one). <option>syslog+console</option>,
410 <option>journal+console</option> and
411 <option>kmsg+console</option> work
412 similarly but copy the output to the
413 system console as
414 well. <option>socket</option> connects
415 standard output to a socket from
416 socket activation, semantics are
417 similar to the respective option of
418 <varname>StandardInput=</varname>.
419 This setting defaults to the value set
420 with
421 <option>DefaultStandardOutput=</option>
422 in
423 <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
424 which defaults to
425 <option>journal</option>.</para></listitem>
426 </varlistentry>
427 <varlistentry>
428 <term><varname>StandardError=</varname></term>
429 <listitem><para>Controls where file
430 descriptor 2 (STDERR) of the executed
431 processes is connected to. The
432 available options are identical to
433 those of
434 <varname>StandardOutput=</varname>,
435 with one exception: if set to
436 <option>inherit</option> the file
437 descriptor used for standard output is
438 duplicated for standard error. This
439 setting defaults to the value set with
440 <option>DefaultStandardError=</option>
441 in
442 <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
443 which defaults to
444 <option>inherit</option>.</para></listitem>
445 </varlistentry>
446 <varlistentry>
447 <term><varname>TTYPath=</varname></term>
448 <listitem><para>Sets the terminal
449 device node to use if standard input,
450 output or stderr are connected to a
451 TTY (see above). Defaults to
452 <filename>/dev/console</filename>.</para></listitem>
453 </varlistentry>
454 <varlistentry>
455 <term><varname>TTYReset=</varname></term>
456 <listitem><para>Reset the terminal
457 device specified with
458 <varname>TTYPath=</varname> before and
459 after execution. Defaults to
460 <literal>no</literal>.</para></listitem>
461 </varlistentry>
462 <varlistentry>
463 <term><varname>TTYVHangup=</varname></term>
464 <listitem><para>Disconnect all clients
465 which have opened the terminal device
466 specified with
467 <varname>TTYPath=</varname>
468 before and after execution. Defaults
469 to
470 <literal>no</literal>.</para></listitem>
471 </varlistentry>
472 <varlistentry>
473 <term><varname>TTYVTDisallocate=</varname></term>
474 <listitem><para>If the the terminal
475 device specified with
476 <varname>TTYPath=</varname> is a
477 virtual console terminal try to
478 deallocate the TTY before and after
479 execution. This ensures that the
480 screen and scrollback buffer is
481 cleared. Defaults to
482 <literal>no</literal>.</para></listitem>
483 </varlistentry>
484 <varlistentry>
485 <term><varname>SyslogIdentifier=</varname></term>
486 <listitem><para>Sets the process name
487 to prefix log lines sent to syslog or
488 the kernel log buffer with. If not set
489 defaults to the process name of the
490 executed process. This option is only
491 useful when
492 <varname>StandardOutput=</varname> or
493 <varname>StandardError=</varname> are
494 set to <option>syslog</option> or
495 <option>kmsg</option>.</para></listitem>
496 </varlistentry>
497 <varlistentry>
498 <term><varname>SyslogFacility=</varname></term>
499 <listitem><para>Sets the syslog
500 facility to use when logging to
501 syslog. One of <option>kern</option>,
502 <option>user</option>,
503 <option>mail</option>,
504 <option>daemon</option>,
505 <option>auth</option>,
506 <option>syslog</option>,
507 <option>lpr</option>,
508 <option>news</option>,
509 <option>uucp</option>,
510 <option>cron</option>,
511 <option>authpriv</option>,
512 <option>ftp</option>,
513 <option>local0</option>,
514 <option>local1</option>,
515 <option>local2</option>,
516 <option>local3</option>,
517 <option>local4</option>,
518 <option>local5</option>,
519 <option>local6</option> or
520 <option>local7</option>. See
521 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
522 for details. This option is only
523 useful when
524 <varname>StandardOutput=</varname> or
525 <varname>StandardError=</varname> are
526 set to <option>syslog</option>.
527 Defaults to
528 <option>daemon</option>.</para></listitem>
529 </varlistentry>
530 <varlistentry>
531 <term><varname>SyslogLevel=</varname></term>
532 <listitem><para>Default syslog level
533 to use when logging to syslog or the
534 kernel log buffer. One of
535 <option>emerg</option>,
536 <option>alert</option>,
537 <option>crit</option>,
538 <option>err</option>,
539 <option>warning</option>,
540 <option>notice</option>,
541 <option>info</option>,
542 <option>debug</option>. See
543 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
544 for details. This option is only
545 useful when
546 <varname>StandardOutput=</varname> or
547 <varname>StandardError=</varname> are
548 set to <option>syslog</option> or
549 <option>kmsg</option>. Note that
550 individual lines output by the daemon
551 might be prefixed with a different log
552 level which can be used to override
553 the default log level specified
554 here. The interpretation of these
555 prefixes may be disabled with
556 <varname>SyslogLevelPrefix=</varname>,
557 see below. For details see
558 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
559
560 Defaults to
561 <option>info</option>.</para></listitem>
562 </varlistentry>
563
564 <varlistentry>
565 <term><varname>SyslogLevelPrefix=</varname></term>
566 <listitem><para>Takes a boolean
567 argument. If true and
568 <varname>StandardOutput=</varname> or
569 <varname>StandardError=</varname> are
570 set to <option>syslog</option> or
571 <option>kmsg</option> log lines
572 written by the executed process that
573 are prefixed with a log level will be
574 passed on to syslog with this log
575 level set but the prefix removed. If
576 set to false, the interpretation of
577 these prefixes is disabled and the
578 logged lines are passed on as-is. For
579 details about this prefixing see
580 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
581 Defaults to true.</para></listitem>
582 </varlistentry>
583
584 <varlistentry>
585 <term><varname>TimerSlackNSec=</varname></term>
586 <listitem><para>Sets the timer slack
587 in nanoseconds for the executed
588 processes. The timer slack controls
589 the accuracy of wake-ups triggered by
590 timers. See
591 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
592 for more information. Note that in
593 contrast to most other time span
594 definitions this parameter takes an
595 integer value in nano-seconds if no
596 unit is specified. The usual time
597 units are understood
598 too.</para></listitem>
599 </varlistentry>
600
601 <varlistentry>
602 <term><varname>LimitCPU=</varname></term>
603 <term><varname>LimitFSIZE=</varname></term>
604 <term><varname>LimitDATA=</varname></term>
605 <term><varname>LimitSTACK=</varname></term>
606 <term><varname>LimitCORE=</varname></term>
607 <term><varname>LimitRSS=</varname></term>
608 <term><varname>LimitNOFILE=</varname></term>
609 <term><varname>LimitAS=</varname></term>
610 <term><varname>LimitNPROC=</varname></term>
611 <term><varname>LimitMEMLOCK=</varname></term>
612 <term><varname>LimitLOCKS=</varname></term>
613 <term><varname>LimitSIGPENDING=</varname></term>
614 <term><varname>LimitMSGQUEUE=</varname></term>
615 <term><varname>LimitNICE=</varname></term>
616 <term><varname>LimitRTPRIO=</varname></term>
617 <term><varname>LimitRTTIME=</varname></term>
618 <listitem><para>These settings control
619 various resource limits for executed
620 processes. See
621 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
622 for details. Use the string
623 <varname>infinity</varname> to
624 configure no limit on a specific
625 resource.</para></listitem>
626 </varlistentry>
627
628 <varlistentry>
629 <term><varname>PAMName=</varname></term>
630 <listitem><para>Sets the PAM service
631 name to set up a session as. If set
632 the executed process will be
633 registered as a PAM session under the
634 specified service name. This is only
635 useful in conjunction with the
636 <varname>User=</varname> setting. If
637 not set no PAM session will be opened
638 for the executed processes. See
639 <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
640 for details.</para></listitem>
641 </varlistentry>
642
643 <varlistentry>
644 <term><varname>TCPWrapName=</varname></term>
645 <listitem><para>If this is a
646 socket-activated service this sets the
647 tcpwrap service name to check the
648 permission for the current connection
649 with. This is only useful in
650 conjunction with socket-activated
651 services, and stream sockets (TCP) in
652 particular. It has no effect on other
653 socket types (e.g. datagram/UDP) and
654 on processes unrelated to socket-based
655 activation. If the tcpwrap
656 verification fails daemon start-up
657 will fail and the connection is
658 terminated. See
659 <citerefentry><refentrytitle>tcpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
660 for details. Note that this option may
661 be used to do access control checks
662 only. Shell commands and commands
663 described in
664 <citerefentry><refentrytitle>hosts_options</refentrytitle><manvolnum>5</manvolnum></citerefentry>
665 are not supported.</para></listitem>
666 </varlistentry>
667
668 <varlistentry>
669 <term><varname>CapabilityBoundingSet=</varname></term>
670
671 <listitem><para>Controls which
672 capabilities to include in the
673 capability bounding set for the
674 executed process. See
675 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
676 for details. Takes a whitespace
677 separated list of capability names as
678 read by
679 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
680 Capabilities listed will be included
681 in the bounding set, all others are
682 removed. If the list of capabilities
683 is prefixed with ~ all but the listed
684 capabilities will be included, the
685 effect of the assignment
686 inverted. Note that this option also
687 effects the respective capabilities in
688 the effective, permitted and
689 inheritable capability sets, on top of
690 what <varname>Capabilities=</varname>
691 does. If this option is not used the
692 capability bounding set is not
693 modified on process execution, hence
694 no limits on the capabilities of the
695 process are
696 enforced.</para></listitem>
697 </varlistentry>
698
699 <varlistentry>
700 <term><varname>SecureBits=</varname></term>
701 <listitem><para>Controls the secure
702 bits set for the executed process. See
703 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
704 for details. Takes a list of strings:
705 <option>keep-caps</option>,
706 <option>keep-caps-locked</option>,
707 <option>no-setuid-fixup</option>,
708 <option>no-setuid-fixup-locked</option>,
709 <option>noroot</option> and/or
710 <option>noroot-locked</option>.
711 </para></listitem>
712 </varlistentry>
713
714 <varlistentry>
715 <term><varname>Capabilities=</varname></term>
716 <listitem><para>Controls the
717 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
718 set for the executed process. Take a
719 capability string describing the
720 effective, permitted and inherited
721 capability sets as documented in
722 <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
723 Note that these capability sets are
724 usually influenced by the capabilities
725 attached to the executed file. Due to
726 that
727 <varname>CapabilityBoundingSet=</varname>
728 is probably the much more useful
729 setting.</para></listitem>
730 </varlistentry>
731
732 <varlistentry>
733 <term><varname>ControlGroup=</varname></term>
734
735 <listitem><para>Controls the control
736 groups the executed processes shall be
737 made members of. Takes a
738 space-separated list of cgroup
739 identifiers. A cgroup identifier has a
740 format like
741 <filename>cpu:/foo/bar</filename>,
742 where "cpu" identifies the kernel
743 control group controller used, and
744 <filename>/foo/bar</filename> is the
745 control group path. The controller
746 name and ":" may be omitted in which
747 case the named systemd control group
748 hierarchy is implied. Alternatively,
749 the path and ":" may be omitted, in
750 which case the default control group
751 path for this unit is implied. This
752 option may be used to place executed
753 processes in arbitrary groups in
754 arbitrary hierarchies -- which can be
755 configured externally with additional
756 execution limits. By default systemd
757 will place all executed processes in
758 separate per-unit control groups
759 (named after the unit) in the systemd
760 named hierarchy. Since every process
761 can be in one group per hierarchy only
762 overriding the control group path in
763 the named systemd hierarchy will
764 disable automatic placement in the
765 default group. This option is
766 primarily intended to place executed
767 processes in specific paths in
768 specific kernel controller
769 hierarchies. It is however not
770 recommended to manipulate the service
771 control group path in the systemd
772 named hierarchy. For details about
773 control groups see <ulink
774 url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>.</para></listitem>
775 </varlistentry>
776
777 <varlistentry>
778 <term><varname>ControlGroupModify=</varname></term>
779 <listitem><para>Takes a boolean
780 argument. If true, the control groups
781 created for this unit will be owned by
782 the user specified with
783 <varname>User=</varname> (and the
784 appropriate group), and he/she can create
785 subgroups as well as add processes to
786 the group.</para></listitem>
787 </varlistentry>
788
789 <varlistentry>
790 <term><varname>ControlGroupPersistent=</varname></term>
791 <listitem><para>Takes a boolean
792 argument. If true, the control groups
793 created for this unit will be marked
794 to be persistent, i.e. systemd will
795 not remove them when stopping the
796 unit. The default is false, meaning
797 that the control groups will be
798 removed when the unit is stopped. For
799 details about the semantics of this
800 logic see <ulink
801 url="http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups">PaxControlGroups</ulink>.</para></listitem>
802 </varlistentry>
803
804 <varlistentry>
805 <term><varname>ControlGroupAttribute=</varname></term>
806
807 <listitem><para>Set a specific control
808 group attribute for executed
809 processes, and (if needed) add the the
810 executed processes to a cgroup in the
811 hierarchy of the controller the
812 attribute belongs to. Takes two
813 space-separated arguments: the
814 attribute name (syntax is
815 <literal>cpu.shares</literal> where
816 <literal>cpu</literal> refers to a
817 specific controller and
818 <literal>shares</literal> to the
819 attribute name), and the attribute
820 value. Example:
821 <literal>ControlGroupAttribute=cpu.shares
822 512</literal>. If this option is used
823 for an attribute that belongs to a
824 kernel controller hierarchy the unit
825 is not already configured to be added
826 to (for example via the
827 <literal>ControlGroup=</literal>
828 option) then the unit will be added to
829 the controller and the default unit
830 cgroup path is implied. Thus, using
831 <varname>ControlGroupAttribute=</varname>
832 is in most case sufficient to make use
833 of control group enforcements,
834 explicit
835 <varname>ControlGroup=</varname> are
836 only necessary in case the implied
837 default control group path for a
838 service is not desirable. For details
839 about control group attributes see
840 <ulink
841 url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>. This
842 option may appear more than once, in
843 order to set multiple control group
844 attributes.</para></listitem>
845 </varlistentry>
846
847 <varlistentry>
848 <term><varname>CPUShares=</varname></term>
849
850 <listitem><para>Assign the specified
851 overall CPU time shares to the
852 processes executed. Takes an integer
853 value. This controls the
854 <literal>cpu.shares</literal> control
855 group attribute, which defaults to
856 1024. For details about this control
857 group attribute see <ulink
858 url="http://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.</para></listitem>
859 </varlistentry>
860
861 <varlistentry>
862 <term><varname>MemoryLimit=</varname></term>
863 <term><varname>MemorySoftLimit=</varname></term>
864
865 <listitem><para>Limit the overall memory usage
866 of the executed processes to a certain
867 size. Takes a memory size in bytes. If
868 the value is suffixed with K, M, G or
869 T the specified memory size is parsed
870 as Kilobytes, Megabytes, Gigabytes,
871 resp. Terabytes (to the base
872 1024). This controls the
873 <literal>memory.limit_in_bytes</literal>
874 and
875 <literal>memory.soft_limit_in_bytes</literal>
876 control group attributes. For details
877 about these control group attributes
878 see <ulink
879 url="http://www.kernel.org/doc/Documentation/cgroups/memory.txt">memory.txt</ulink>.</para></listitem>
880 </varlistentry>
881
882 <varlistentry>
883 <term><varname>DeviceAllow=</varname></term>
884 <term><varname>DeviceDeny=</varname></term>
885
886 <listitem><para>Control access to
887 specific device nodes by the executed processes. Takes two
888 space separated strings: a device node
889 path (such as
890 <filename>/dev/null</filename>)
891 followed by a combination of r, w, m
892 to control reading, writing resp.
893 creating of the specific device node
894 by the unit. This controls the
895 <literal>devices.allow</literal>
896 and
897 <literal>devices.deny</literal>
898 control group attributes. For details
899 about these control group attributes
900 see <ulink
901 url="http://www.kernel.org/doc/Documentation/cgroups/devices.txt">devices.txt</ulink>.</para></listitem>
902 </varlistentry>
903
904 <varlistentry>
905 <term><varname>BlockIOWeight=</varname></term>
906
907 <listitem><para>Set the default or
908 per-device overall block IO weight
909 value for the executed
910 processes. Takes either a single
911 weight value (between 10 and 1000) to
912 set the default block IO weight, or a
913 space separated pair of a file path
914 and a weight value to specify the
915 device specific weight value (Example:
916 "/dev/sda 500"). The file path may be
917 specified as path to a block device
918 node or as any other file in which
919 case the backing block device of the
920 file system of the file is
921 determined. This controls the
922 <literal>blkio.weight</literal> and
923 <literal>blkio.weight_device</literal>
924 control group attributes, which
925 default to 1000. Use this option
926 multiple times to set weights for
927 multiple devices. For details about
928 these control group attributes see
929 <ulink
930 url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
931 </varlistentry>
932
933 <varlistentry>
934 <term><varname>BlockIOReadBandwidth=</varname></term>
935 <term><varname>BlockIOWriteBandwidth=</varname></term>
936
937 <listitem><para>Set the per-device
938 overall block IO bandwidth limit for
939 the executed processes. Takes a space
940 separated pair of a file path and a
941 bandwidth value (in bytes per second)
942 to specify the device specific
943 bandwidth. The file path may be
944 specified as path to a block device
945 node or as any other file in which
946 case the backing block device of the
947 file system of the file is determined.
948 If the bandwidth is suffixed with K, M,
949 G, or T the specified bandwidth is
950 parsed as Kilobytes, Megabytes,
951 Gigabytes, resp. Terabytes (Example:
952 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
953 5M"). This controls the
954 <literal>blkio.read_bps_device</literal>
955 and
956 <literal>blkio.write_bps_device</literal>
957 control group attributes. Use this
958 option multiple times to set bandwidth
959 limits for multiple devices. For
960 details about these control group
961 attributes see <ulink
962 url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
963 </varlistentry>
964
965 <varlistentry>
966 <term><varname>ReadWriteDirectories=</varname></term>
967 <term><varname>ReadOnlyDirectories=</varname></term>
968 <term><varname>InaccessibleDirectories=</varname></term>
969
970 <listitem><para>Sets up a new
971 file-system name space for executed
972 processes. These options may be used
973 to limit access a process might have
974 to the main file-system
975 hierarchy. Each setting takes a
976 space-separated list of absolute
977 directory paths. Directories listed in
978 <varname>ReadWriteDirectories=</varname>
979 are accessible from within the
980 namespace with the same access rights
981 as from outside. Directories listed in
982 <varname>ReadOnlyDirectories=</varname>
983 are accessible for reading only,
984 writing will be refused even if the
985 usual file access controls would
986 permit this. Directories listed in
987 <varname>InaccessibleDirectories=</varname>
988 will be made inaccessible for processes
989 inside the namespace. Note that
990 restricting access with these options
991 does not extend to submounts of a
992 directory. You must list submounts
993 separately in these settings to
994 ensure the same limited access. These
995 options may be specified more than
996 once in which case all directories
997 listed will have limited access from
998 within the
999 namespace.</para></listitem>
1000 </varlistentry>
1001
1002 <varlistentry>
1003 <term><varname>PrivateTmp=</varname></term>
1004
1005 <listitem><para>Takes a boolean
1006 argument. If true sets up a new file
1007 system namespace for the executed
1008 processes and mounts a private
1009 <filename>/tmp</filename> directory
1010 inside it, that is not shared by
1011 processes outside of the
1012 namespace. This is useful to secure
1013 access to temporary files of the
1014 process, but makes sharing between
1015 processes via
1016 <filename>/tmp</filename>
1017 impossible. Defaults to
1018 false.</para></listitem>
1019 </varlistentry>
1020
1021 <varlistentry>
1022 <term><varname>PrivateNetwork=</varname></term>
1023
1024 <listitem><para>Takes a boolean
1025 argument. If true sets up a new
1026 network namespace for the executed
1027 processes and configures only the
1028 loopback network device
1029 <literal>lo</literal> inside it. No
1030 other network devices will be
1031 available to the executed process.
1032 This is useful to securely turn off
1033 network access by the executed
1034 process. Defaults to
1035 false.</para></listitem>
1036 </varlistentry>
1037
1038 <varlistentry>
1039 <term><varname>MountFlags=</varname></term>
1040
1041 <listitem><para>Takes a mount
1042 propagation flag:
1043 <option>shared</option>,
1044 <option>slave</option> or
1045 <option>private</option>, which
1046 control whether namespaces set up with
1047 <varname>ReadWriteDirectories=</varname>,
1048 <varname>ReadOnlyDirectories=</varname>
1049 and
1050 <varname>InaccessibleDirectories=</varname>
1051 receive or propagate new mounts
1052 from/to the main namespace. See
1053 <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1054 for details. Defaults to
1055 <option>shared</option>, i.e. the new
1056 namespace will both receive new mount
1057 points from the main namespace as well
1058 as propagate new mounts to
1059 it.</para></listitem>
1060 </varlistentry>
1061
1062 <varlistentry>
1063 <term><varname>UtmpIdentifier=</varname></term>
1064
1065 <listitem><para>Takes a a four
1066 character identifier string for an
1067 utmp/wtmp entry for this service. This
1068 should only be set for services such
1069 as <command>getty</command>
1070 implementations where utmp/wtmp
1071 entries must be created and cleared
1072 before and after execution. If the
1073 configured string is longer than four
1074 characters it is truncated and the
1075 terminal four characters are
1076 used. This setting interprets %I style
1077 string replacements. This setting is
1078 unset by default, i.e. no utmp/wtmp
1079 entries are created or cleaned up for
1080 this service.</para></listitem>
1081 </varlistentry>
1082
1083 <varlistentry>
1084 <term><varname>IgnoreSIGPIPE=</varname></term>
1085
1086 <listitem><para>Takes a boolean
1087 argument. If true causes SIGPIPE to be
1088 ignored in the executed
1089 process. Defaults to true, since
1090 SIGPIPE generally is useful only in
1091 shell pipelines.</para></listitem>
1092 </varlistentry>
1093
1094 </variablelist>
1095 </refsect1>
1096
1097 <refsect1>
1098 <title>See Also</title>
1099 <para>
1100 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1101 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1102 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1103 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1104 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1105 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1106 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1107 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1108 </para>
1109 </refsect1>
1110
1111 </refentry>
Unnamed repository; edit this file 'description' to name the repository.