]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/systemd.exec.xml
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
exec: support unlimited resources
[thirdparty/systemd.git] / man / systemd.exec.xml
1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5
6 <!--
7 This file is part of systemd.
8
9 Copyright 2010 Lennart Poettering
10
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
15
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 -->
24
25 <refentry id="systemd.exec">
26 <refentryinfo>
27 <title>systemd.exec</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.exec</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.exec</refname>
47 <refpurpose>systemd execution environment configuration</refpurpose>
48 </refnamediv>
49
50 <refsynopsisdiv>
51 <para><filename>systemd.service</filename>,
52 <filename>systemd.socket</filename>,
53 <filename>systemd.mount</filename>,
54 <filename>systemd.swap</filename></para>
55 </refsynopsisdiv>
56
57 <refsect1>
58 <title>Description</title>
59
60 <para>Unit configuration files for services, sockets
61 mount points and swap devices share a subset of
62 configuration options which define the execution
63 environment of spawned processes.</para>
64
65 <para>This man page lists the configuration options
66 shared by these three unit types. See
67 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
68 for the common options of all unit configuration
69 files, and
70 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
71 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
72 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>
73 and
74 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
75 for more information on the specific unit
76 configuration files. The execution specific
77 configuration options are configured in the [Service],
78 [Socket], [Mount] resp. [Swap] section, depending on the unit
79 type.</para>
80 </refsect1>
81
82 <refsect1>
83 <title>Options</title>
84
85 <variablelist>
86
87 <varlistentry>
88 <term><varname>WorkingDirectory=</varname></term>
89
90 <listitem><para>Takes an absolute
91 directory path. Sets the working
92 directory for executed
93 processes.</para></listitem>
94 </varlistentry>
95
96 <varlistentry>
97 <term><varname>RootDirectory=</varname></term>
98
99 <listitem><para>Takes an absolute
100 directory path. Sets the root
101 directory for executed processes, with
102 the
103 <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
104 system call. If this is used it must
105 be ensured that the process and all
106 its auxiliary files are available in
107 the <function>chroot()</function>
108 jail.</para></listitem>
109 </varlistentry>
110
111 <varlistentry>
112 <term><varname>User=</varname></term>
113 <term><varname>Group=</varname></term>
114
115 <listitem><para>Sets the Unix user
116 resp. group the processes are executed
117 as. Takes a single user resp. group
118 name or ID as argument. If no group is
119 set the default group of the user is
120 chosen.</para></listitem>
121 </varlistentry>
122
123 <varlistentry>
124 <term><varname>SupplementaryGroups=</varname></term>
125
126 <listitem><para>Sets the supplementary
127 Unix groups the processes are executed
128 as. This takes a space separated list
129 of group names or IDs. This option may
130 be specified more than once in which
131 case all listed groups are set as
132 supplementary groups. This option does
133 not override but extends the list of
134 supplementary groups configured in the
135 system group database for the
136 user.</para></listitem>
137 </varlistentry>
138
139 <varlistentry>
140 <term><varname>Nice=</varname></term>
141
142 <listitem><para>Sets the default nice
143 level (scheduling priority) for
144 executed processes. Takes an integer
145 between -20 (highest priority) and 19
146 (lowest priority). See
147 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
148 for details.</para></listitem>
149 </varlistentry>
150
151 <varlistentry>
152 <term><varname>OOMScoreAdjust=</varname></term>
153
154 <listitem><para>Sets the adjustment
155 level for the Out-Of-Memory killer for
156 executed processes. Takes an integer
157 between -1000 (to disable OOM killing
158 for this process) and 1000 (to make
159 killing of this process under memory
160 pressure very likely). See <ulink
161 url="http://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
162 for details.</para></listitem>
163 </varlistentry>
164
165 <varlistentry>
166 <term><varname>IOSchedulingClass=</varname></term>
167
168 <listitem><para>Sets the IO scheduling
169 class for executed processes. Takes an
170 integer between 0 and 3 or one of the
171 strings <option>none</option>,
172 <option>realtime</option>,
173 <option>best-effort</option> or
174 <option>idle</option>. See
175 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
176 for details.</para></listitem>
177 </varlistentry>
178
179 <varlistentry>
180 <term><varname>IOSchedulingPriority=</varname></term>
181
182 <listitem><para>Sets the IO scheduling
183 priority for executed processes. Takes
184 an integer between 0 (highest
185 priority) and 7 (lowest priority). The
186 available priorities depend on the
187 selected IO scheduling class (see
188 above). See
189 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
190 for details.</para></listitem>
191 </varlistentry>
192
193 <varlistentry>
194 <term><varname>CPUSchedulingPolicy=</varname></term>
195
196 <listitem><para>Sets the CPU
197 scheduling policy for executed
198 processes. Takes one of
199 <option>other</option>,
200 <option>batch</option>,
201 <option>idle</option>,
202 <option>fifo</option> or
203 <option>rr</option>. See
204 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
205 for details.</para></listitem>
206 </varlistentry>
207
208 <varlistentry>
209 <term><varname>CPUSchedulingPriority=</varname></term>
210
211 <listitem><para>Sets the CPU
212 scheduling priority for executed
213 processes. Takes an integer between 1
214 (lowest priority) and 99 (highest
215 priority). The available priority
216 range depends on the selected CPU
217 scheduling policy (see above). See
218 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
219 for details.</para></listitem>
220 </varlistentry>
221
222 <varlistentry>
223 <term><varname>CPUSchedulingResetOnFork=</varname></term>
224
225 <listitem><para>Takes a boolean
226 argument. If true elevated CPU
227 scheduling priorities and policies
228 will be reset when the executed
229 processes fork, and can hence not leak
230 into child processes. See
231 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
232 for details. Defaults to false.</para></listitem>
233 </varlistentry>
234
235 <varlistentry>
236 <term><varname>CPUAffinity=</varname></term>
237
238 <listitem><para>Controls the CPU
239 affinity of the executed
240 processes. Takes a space-separated
241 list of CPU indexes. See
242 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
243 for details.</para></listitem>
244 </varlistentry>
245
246 <varlistentry>
247 <term><varname>UMask=</varname></term>
248
249 <listitem><para>Controls the file mode
250 creation mask. Takes an access mode in
251 octal notation. See
252 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
253 for details. Defaults to
254 0002.</para></listitem>
255 </varlistentry>
256
257 <varlistentry>
258 <term><varname>Environment=</varname></term>
259
260 <listitem><para>Sets environment
261 variables for executed
262 processes. Takes a space-separated
263 list of variable assignments. This
264 option may be specified more than once
265 in which case all listed variables
266 will be set. If the same variable is
267 set twice the later setting will
268 override the earlier setting. See
269 <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
270 for details.</para></listitem>
271 </varlistentry>
272 <varlistentry>
273 <term><varname>EnvironmentFile=</varname></term>
274 <listitem><para>Similar to
275 <varname>Environment=</varname> but
276 reads the environment variables from a
277 text file. The text file should
278 contain new-line separated variable
279 assignments. Empty lines and lines
280 starting with ; or # will be ignored,
281 which may be used for commenting. The
282 argument passed should be an absolute
283 file name, optionally prefixed with
284 "-", which indicates that if the file
285 does not exist it won't be read and no
286 error or warning message is
287 logged. The files listed with this
288 directive will be read shortly before
289 the process is executed. Settings from
290 these files override settings made
291 with
292 <varname>Environment=</varname>. If
293 the same variable is set twice from
294 these files the files will be read in
295 the order they are specified and the
296 later setting will override the
297 earlier setting. </para></listitem>
298 </varlistentry>
299
300 <varlistentry>
301 <term><varname>StandardInput=</varname></term>
302 <listitem><para>Controls where file
303 descriptor 0 (STDIN) of the executed
304 processes is connected to. Takes one
305 of <option>null</option>,
306 <option>tty</option>,
307 <option>tty-force</option>,
308 <option>tty-fail</option> or
309 <option>socket</option>. If
310 <option>null</option> is selected
311 standard input will be connected to
312 <filename>/dev/null</filename>,
313 i.e. all read attempts by the process
314 will result in immediate EOF. If
315 <option>tty</option> is selected
316 standard input is connected to a TTY
317 (as configured by
318 <varname>TTYPath=</varname>, see
319 below) and the executed process
320 becomes the controlling process of the
321 terminal. If the terminal is already
322 being controlled by another process the
323 executed process waits until the current
324 controlling process releases the
325 terminal.
326 <option>tty-force</option>
327 is similar to <option>tty</option>,
328 but the executed process is forcefully
329 and immediately made the controlling
330 process of the terminal, potentially
331 removing previous controlling
332 processes from the
333 terminal. <option>tty-fail</option> is
334 similar to <option>tty</option> but if
335 the terminal already has a controlling
336 process start-up of the executed
337 process fails. The
338 <option>socket</option> option is only
339 valid in socket-activated services,
340 and only when the socket configuration
341 file (see
342 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
343 for details) specifies a single socket
344 only. If this option is set standard
345 input will be connected to the socket
346 the service was activated from, which
347 is primarily useful for compatibility
348 with daemons designed for use with the
349 traditional
350 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
351 daemon. This setting defaults to
352 <option>null</option>.</para></listitem>
353 </varlistentry>
354 <varlistentry>
355 <term><varname>StandardOutput=</varname></term>
356 <listitem><para>Controls where file
357 descriptor 1 (STDOUT) of the executed
358 processes is connected to. Takes one
359 of <option>inherit</option>,
360 <option>null</option>,
361 <option>tty</option>,
362 <option>syslog</option>,
363 <option>kmsg</option>,
364 <option>kmsg+console</option>,
365 <option>syslog+console</option> or
366 <option>socket</option>. If set to
367 <option>inherit</option> the file
368 descriptor of standard input is
369 duplicated for standard output. If set
370 to <option>null</option> standard
371 output will be connected to
372 <filename>/dev/null</filename>,
373 i.e. everything written to it will be
374 lost. If set to <option>tty</option>
375 standard output will be connected to a
376 tty (as configured via
377 <varname>TTYPath=</varname>, see
378 below). If the TTY is used for output
379 only the executed process will not
380 become the controlling process of the
381 terminal, and will not fail or wait
382 for other processes to release the
383 terminal. <option>syslog</option>
384 connects standard output to the
385 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
386 system logger. <option>kmsg</option>
387 connects it with the kernel log buffer
388 which is accessible via
389 <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>syslog+console</option>
390 and <option>kmsg+console</option> work
391 similarly but copy the output to the
392 system console as
393 well. <option>socket</option> connects
394 standard output to a socket from
395 socket activation, semantics are
396 similar to the respective option of
397 <varname>StandardInput=</varname>.
398 This setting defaults to
399 <option>inherit</option>.</para></listitem>
400 </varlistentry>
401 <varlistentry>
402 <term><varname>StandardError=</varname></term>
403 <listitem><para>Controls where file
404 descriptor 2 (STDERR) of the executed
405 processes is connected to. The
406 available options are identical to
407 those of
408 <varname>StandardOutput=</varname>,
409 with one exception: if set to
410 <option>inherit</option> the file
411 descriptor used for standard output is
412 duplicated for standard error. This
413 setting defaults to
414 <option>inherit</option>.</para></listitem>
415 </varlistentry>
416 <varlistentry>
417 <term><varname>TTYPath=</varname></term>
418 <listitem><para>Sets the terminal
419 device node to use if standard input,
420 output or stderr are connected to a
421 TTY (see above). Defaults to
422 <filename>/dev/console</filename>.</para></listitem>
423 </varlistentry>
424 <varlistentry>
425 <term><varname>SyslogIdentifier=</varname></term>
426 <listitem><para>Sets the process name
427 to prefix log lines sent to syslog or
428 the kernel log buffer with. If not set
429 defaults to the process name of the
430 executed process. This option is only
431 useful when
432 <varname>StandardOutput=</varname> or
433 <varname>StandardError=</varname> are
434 set to <option>syslog</option> or
435 <option>kmsg</option>.</para></listitem>
436 </varlistentry>
437 <varlistentry>
438 <term><varname>SyslogFacility=</varname></term>
439 <listitem><para>Sets the syslog
440 facility to use when logging to
441 syslog. One of <option>kern</option>,
442 <option>user</option>,
443 <option>mail</option>,
444 <option>daemon</option>,
445 <option>auth</option>,
446 <option>syslog</option>,
447 <option>lpr</option>,
448 <option>news</option>,
449 <option>uucp</option>,
450 <option>cron</option>,
451 <option>authpriv</option>,
452 <option>ftp</option>,
453 <option>local0</option>,
454 <option>local1</option>,
455 <option>local2</option>,
456 <option>local3</option>,
457 <option>local4</option>,
458 <option>local5</option>,
459 <option>local6</option> or
460 <option>local7</option>. See
461 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
462 for details. This option is only
463 useful when
464 <varname>StandardOutput=</varname> or
465 <varname>StandardError=</varname> are
466 set to <option>syslog</option>.
467 Defaults to
468 <option>daemon</option>.</para></listitem>
469 </varlistentry>
470 <varlistentry>
471 <term><varname>SyslogLevel=</varname></term>
472 <listitem><para>Default syslog level
473 to use when logging to syslog or the
474 kernel log buffer. One of
475 <option>emerg</option>,
476 <option>alert</option>,
477 <option>crit</option>,
478 <option>err</option>,
479 <option>warning</option>,
480 <option>notice</option>,
481 <option>info</option>,
482 <option>debug</option>. See
483 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
484 for details. This option is only
485 useful when
486 <varname>StandardOutput=</varname> or
487 <varname>StandardError=</varname> are
488 set to <option>syslog</option> or
489 <option>kmsg</option>. Note that
490 individual lines output by the daemon
491 might be prefixed with a different log
492 level which can be used to override
493 the default log level specified
494 here. The interpretation of these
495 prefixes may be disabled with
496 <varname>SyslogLevelPrefix=</varname>,
497 see below. For details see
498 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
499
500 Defaults to
501 <option>info</option>.</para></listitem>
502 </varlistentry>
503
504 <varlistentry>
505 <term><varname>SyslogLevelPrefix=</varname></term>
506 <listitem><para>Takes a boolean
507 argument. If true and
508 <varname>StandardOutput=</varname> or
509 <varname>StandardError=</varname> are
510 set to <option>syslog</option> or
511 <option>kmsg</option> log lines
512 written by the executed process that
513 are prefixed with a log level will be
514 passed on to syslog with this log
515 level set but the prefix removed. If
516 set to false, the interpretation of
517 these prefixes is disabled and the
518 logged lines are passed on as-is. For
519 details about this prefixing see
520 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
521 Defaults to true.</para></listitem>
522 </varlistentry>
523
524 <varlistentry>
525 <term><varname>TimerSlackNSec=</varname></term>
526 <listitem><para>Sets the timer slack
527 in nanoseconds for the executed
528 processes. The timer slack controls the
529 accuracy of wake-ups triggered by
530 timers. See
531 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
532 for more information. Note that in
533 contrast to most other time span
534 definitions this parameter takes an
535 integer value in nano-seconds and does
536 not understand any other
537 units.</para></listitem>
538 </varlistentry>
539
540 <varlistentry>
541 <term><varname>LimitCPU=</varname></term>
542 <term><varname>LimitFSIZE=</varname></term>
543 <term><varname>LimitDATA=</varname></term>
544 <term><varname>LimitSTACK=</varname></term>
545 <term><varname>LimitCORE=</varname></term>
546 <term><varname>LimitRSS=</varname></term>
547 <term><varname>LimitNOFILE=</varname></term>
548 <term><varname>LimitAS=</varname></term>
549 <term><varname>LimitNPROC=</varname></term>
550 <term><varname>LimitMEMLOCK=</varname></term>
551 <term><varname>LimitLOCKS=</varname></term>
552 <term><varname>LimitSIGPENDING=</varname></term>
553 <term><varname>LimitMSGQUEUE=</varname></term>
554 <term><varname>LimitNICE=</varname></term>
555 <term><varname>LimitRTPRIO=</varname></term>
556 <term><varname>LimitRTTIME=</varname></term>
557 <listitem><para>These settings control
558 various resource limits for executed
559 processes. See
560 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
561 for details. Use the string
562 <varname>infinity</varname> to
563 configure no limit on a specific
564 resource.</para></listitem>
565 </varlistentry>
566
567 <varlistentry>
568 <term><varname>PAMName=</varname></term>
569 <listitem><para>Sets the PAM service
570 name to set up a session as. If set
571 the executed process will be
572 registered as a PAM session under the
573 specified service name. This is only
574 useful in conjunction with the
575 <varname>User=</varname> setting. If
576 not set no PAM session will be opened
577 for the executed processes. See
578 <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
579 for details.</para></listitem>
580 </varlistentry>
581
582 <varlistentry>
583 <term><varname>TCPWrapName=</varname></term>
584 <listitem><para>If this is a
585 socket-activated service this sets the
586 tcpwrap service name to check the
587 permission for the current connection
588 with. This is only useful in
589 conjunction with socket-activated
590 services, and stream sockets (TCP) in
591 particular. It has no effect on other
592 socket types (e.g. datagram/UDP) and on processes
593 unrelated to socket-based
594 activation. If the tcpwrap
595 verification fails daemon start-up
596 will fail and the connection is
597 terminated. See
598 <citerefentry><refentrytitle>tcpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
599 for details.</para></listitem>
600 </varlistentry>
601
602 <varlistentry>
603 <term><varname>CapabilityBoundingSet=</varname></term>
604
605 <listitem><para>Controls which
606 capabilities to include in the
607 capability bounding set for the
608 executed process. See
609 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
610 for details. Takes a whitespace
611 seperated list of capability names as
612 read by
613 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
614 Capabilities listed will be included
615 in the bounding set, all others are
616 removed. If the list of capabilities
617 is prefixed with ~ all but the listed
618 capabilities will be included, the
619 effect of this assignment
620 inverted. Note that this option does
621 not actually set or unset any
622 capabilities in the effective,
623 permitted or inherited capability
624 sets. That's what
625 <varname>Capabilities=</varname> is
626 for. If this option is not used the
627 capability bounding set is not
628 modified on process execution, hence
629 no limits on the capabilities of the
630 process are enforced.</para></listitem>
631 </varlistentry>
632
633 <varlistentry>
634 <term><varname>SecureBits=</varname></term>
635 <listitem><para>Controls the secure
636 bits set for the executed process. See
637 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
638 for details. Takes a list of strings:
639 <option>keep-caps</option>,
640 <option>keep-caps-locked</option>,
641 <option>no-setuid-fixup</option>,
642 <option>no-setuid-fixup-locked</option>,
643 <option>no-setuid-noroot</option> and/or
644 <option>no-setuid-noroot-locked</option>.
645 </para></listitem>
646 </varlistentry>
647
648 <varlistentry>
649 <term><varname>Capabilities=</varname></term>
650 <listitem><para>Controls the
651 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
652 set for the executed process. Take a
653 capability string describing the
654 effective, permitted and inherited
655 capability sets as documented in
656 <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
657 Note that these capability sets are
658 usually influenced by the capabilities
659 attached to the executed file. Due to
660 that
661 <varname>CapabilityBoundingSet=</varname>
662 is probably the much more useful
663 setting.</para></listitem>
664 </varlistentry>
665
666 <varlistentry>
667 <term><varname>ControlGroup=</varname></term>
668
669 <listitem><para>Controls the control
670 groups the executed processes shall be
671 made members of. Takes a
672 space-separated list of cgroup
673 identifiers. A cgroup identifier has a
674 format like
675 <filename>cpu:/foo/bar</filename>,
676 where "cpu" identifies the kernel
677 control group controller used, and
678 <filename>/foo/bar</filename> is the
679 control group path. The controller name
680 and ":" may be omitted in which case
681 the named systemd control group
682 hierarchy is implied. Alternatively,
683 the path and ":" may be omitted, in
684 which case the default control group
685 path for this unit is implied. This
686 option may be used to place executed
687 processes in arbitrary groups in
688 arbitrary hierachies -- which can be
689 configured externally with additional execution limits. By default
690 systemd will place all executed
691 processes in separate per-unit control
692 groups (named after the unit) in the
693 systemd named hierarchy. Since every
694 process can be in one group per
695 hierarchy only overriding the control group
696 path in the named systemd hierarchy
697 will disable automatic placement in
698 the default group. For details about control
699 groups see <ulink
700 url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>.</para></listitem>
701 </varlistentry>
702
703 <varlistentry>
704 <term><varname>ReadWriteDirectories=</varname></term>
705 <term><varname>ReadOnlyDirectories=</varname></term>
706 <term><varname>InaccessibleDirectories=</varname></term>
707
708 <listitem><para>Sets up a new
709 file-system name space for executed
710 processes. These options may be used
711 to limit access a process might have
712 to the main file-system
713 hierarchy. Each setting takes a
714 space-separated list of absolute
715 directory paths. Directories listed in
716 <varname>ReadWriteDirectories=</varname>
717 are accessible from within the
718 namespace with the same access rights
719 as from outside. Directories listed in
720 <varname>ReadOnlyDirectories=</varname>
721 are accessible for reading only,
722 writing will be refused even if the
723 usual file access controls would
724 permit this. Directories listed in
725 <varname>InaccessibleDirectories=</varname>
726 will be made inaccesible for processes
727 inside the namespace. Note that
728 restricting access with these options
729 does not extend to submounts of a
730 directory. You must list submounts
731 separately in these settings to
732 ensure the same limited access. These
733 options may be specified more than
734 once in which case all directories
735 listed will have limited access from
736 within the
737 namespace.</para></listitem>
738 </varlistentry>
739
740 <varlistentry>
741 <term><varname>PrivateTmp=</varname></term>
742
743 <listitem><para>Takes a boolean
744 argument. If true sets up a new
745 namespace for the executed processes
746 and mounts a private
747 <filename>/tmp</filename> directory
748 inside it, that is not shared by
749 processes outside of the
750 namespace. This is useful to secure
751 access to temporary files of the
752 process, but makes sharing between
753 processes via
754 <filename>/tmp</filename>
755 impossible. Defaults to false.</para></listitem>
756 </varlistentry>
757
758 <varlistentry>
759 <term><varname>MountFlags=</varname></term>
760
761 <listitem><para>Takes a mount
762 propagation flag:
763 <option>shared</option>,
764 <option>slave</option> or
765 <option>private</option>, which
766 control whether namespaces set up with
767 <varname>ReadWriteDirectories=</varname>,
768 <varname>ReadOnlyDirectories=</varname>
769 and
770 <varname>InaccessibleDirectories=</varname>
771 receive or propagate new mounts
772 from/to the main namespace. See
773 <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>1</manvolnum></citerefentry>
774 for details. Defaults to
775 <option>shared</option>, i.e. the new
776 namespace will both receive new mount
777 points from the main namespace as well
778 as propagate new mounts to
779 it.</para></listitem>
780 </varlistentry>
781
782 <varlistentry>
783 <term><varname>UtmpIdentifier=</varname></term>
784
785 <listitem><para>Takes a a four
786 character identifier string for an
787 utmp/wtmp entry for this service. This
788 should only be set for services such
789 as <command>getty</command>
790 implementations where utmp/wtmp
791 entries must be created and cleared
792 before and after execution. If the
793 configured string is longer than four
794 characters it is truncated and the
795 terminal four characters are
796 used. This setting interprets %I style
797 string replacements. This setting is
798 unset by default, i.e. no utmp/wtmp
799 entries are created or cleaned up for
800 this service.</para></listitem>
801 </varlistentry>
802
803 </variablelist>
804 </refsect1>
805
806 <refsect1>
807 <title>See Also</title>
808 <para>
809 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
810 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
811 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
812 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
813 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
814 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
815 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
816 </para>
817 </refsect1>
818
819 </refentry>
Unnamed repository; edit this file 'description' to name the repository.