+ <term><varname>IgnoreSIGPIPE=</varname></term>
+
+ <listitem><para>Takes a boolean argument. If true, causes <constant>SIGPIPE</constant> to be ignored in the
+ executed process. Defaults to true because <constant>SIGPIPE</constant> generally is useful only in shell
+ pipelines.</para></listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Scheduling</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term><varname>Nice=</varname></term>
+
+ <listitem><para>Sets the default nice level (scheduling priority) for executed processes. Takes an integer
+ between -20 (highest priority) and 19 (lowest priority). See
+ <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
+ details.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>CPUSchedulingPolicy=</varname></term>
+
+ <listitem><para>Sets the CPU scheduling policy for executed processes. Takes one of <option>other</option>,
+ <option>batch</option>, <option>idle</option>, <option>fifo</option> or <option>rr</option>. See
+ <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
+ details.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>CPUSchedulingPriority=</varname></term>
+
+ <listitem><para>Sets the CPU scheduling priority for executed processes. The available priority range depends
+ on the selected CPU scheduling policy (see above). For real-time scheduling policies an integer between 1
+ (lowest priority) and 99 (highest priority) can be used. See
+ <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
+ details. </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>CPUSchedulingResetOnFork=</varname></term>
+
+ <listitem><para>Takes a boolean argument. If true, elevated CPU scheduling priorities and policies will be
+ reset when the executed processes fork, and can hence not leak into child processes. See
+ <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
+ details. Defaults to false.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>CPUAffinity=</varname></term>
+
+ <listitem><para>Controls the CPU affinity of the executed processes. Takes a list of CPU indices or ranges
+ separated by either whitespace or commas. CPU ranges are specified by the lower and upper CPU indices separated
+ by a dash. This option may be specified more than once, in which case the specified CPU affinity masks are
+ merged. If the empty string is assigned, the mask is reset, all assignments prior to this will have no
+ effect. See
+ <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
+ details.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>IOSchedulingClass=</varname></term>
+
+ <listitem><para>Sets the I/O scheduling class for executed processes. Takes an integer between 0 and 3 or one
+ of the strings <option>none</option>, <option>realtime</option>, <option>best-effort</option> or
+ <option>idle</option>. See
+ <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
+ details.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>IOSchedulingPriority=</varname></term>
+
+ <listitem><para>Sets the I/O scheduling priority for executed processes. Takes an integer between 0 (highest
+ priority) and 7 (lowest priority). The available priorities depend on the selected I/O scheduling class (see
+ above). See <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
+ details.</para></listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+
+ <refsect1>
+ <title>Sandboxing</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term><varname>ProtectSystem=</varname></term>
+
+ <listitem><para>Takes a boolean argument or the special values <literal>full</literal> or
+ <literal>strict</literal>. If true, mounts the <filename>/usr</filename> and <filename>/boot</filename>
+ directories read-only for processes invoked by this unit. If set to <literal>full</literal>, the
+ <filename>/etc</filename> directory is mounted read-only, too. If set to <literal>strict</literal> the entire
+ file system hierarchy is mounted read-only, except for the API file system subtrees <filename>/dev</filename>,
+ <filename>/proc</filename> and <filename>/sys</filename> (protect these directories using
+ <varname>PrivateDevices=</varname>, <varname>ProtectKernelTunables=</varname>,
+ <varname>ProtectControlGroups=</varname>). This setting ensures that any modification of the vendor-supplied
+ operating system (and optionally its configuration, and local mounts) is prohibited for the service. It is
+ recommended to enable this setting for all long-running services, unless they are involved with system updates
+ or need to modify the operating system in other ways. If this option is used,
+ <varname>ReadWritePaths=</varname> may be used to exclude specific directories from being made read-only. This
+ setting is implied if <varname>DynamicUser=</varname> is set. For this setting the same restrictions regarding
+ mount propagation and privileges apply as for <varname>ReadOnlyPaths=</varname> and related calls, see
+ below. Defaults to off.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>ProtectHome=</varname></term>
+
+ <listitem><para>Takes a boolean argument or <literal>read-only</literal>. If true, the directories
+ <filename>/home</filename>, <filename>/root</filename> and <filename>/run/user</filename> are made inaccessible
+ and empty for processes invoked by this unit. If set to <literal>read-only</literal>, the three directories are
+ made read-only instead. It is recommended to enable this setting for all long-running services (in particular
+ network-facing ones), to ensure they cannot get access to private user data, unless the services actually
+ require access to the user's private data. This setting is implied if <varname>DynamicUser=</varname> is
+ set. For this setting the same restrictions regarding mount propagation and privileges apply as for
+ <varname>ReadOnlyPaths=</varname> and related calls, see below.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>RuntimeDirectory=</varname></term>
+ <term><varname>StateDirectory=</varname></term>
+ <term><varname>CacheDirectory=</varname></term>
+ <term><varname>LogsDirectory=</varname></term>
+ <term><varname>ConfigurationDirectory=</varname></term>
+
+ <listitem><para>These options take a whitespace-separated list of directory names. The specified directory
+ names must be relative, and may not include <literal>.</literal> or <literal>..</literal>. If set, one or more
+ directories by the specified names will be created (including their parents) below <filename>/run</filename>
+ (or <varname>$XDG_RUNTIME_DIR</varname> for user services), <filename>/var/lib</filename> (or
+ <varname>$XDG_CONFIG_HOME</varname> for user services), <filename>/var/cache</filename> (or
+ <varname>$XDG_CACHE_HOME</varname> for user services), <filename>/var/log</filename> (or
+ <varname>$XDG_CONFIG_HOME</varname><filename>/log</filename> for user services), or <filename>/etc</filename>
+ (or <varname>$XDG_CONFIG_HOME</varname> for user services), respectively, when the unit is started.</para>
+
+ <para>In case of <varname>RuntimeDirectory=</varname> the lowest subdirectories are removed when the unit is
+ stopped. It is possible to preserve the specified directories in this case if
+ <varname>RuntimeDirectoryPreserve=</varname> is configured to <option>restart</option> or <option>yes</option>
+ (see below). The directories specified with <varname>StateDirectory=</varname>,
+ <varname>CacheDirectory=</varname>, <varname>LogsDirectory=</varname>,
+ <varname>ConfigurationDirectory=</varname> are not removed when the unit is stopped.</para>
+
+ <para>Except in case of <varname>ConfigurationDirectory=</varname>, the innermost specified directories will be
+ owned by the user and group specified in <varname>User=</varname> and <varname>Group=</varname>. If the
+ specified directories already exist and their owning user or group do not match the configured ones, all files
+ and directories below the specified directories as well as the directories themselves will have their file
+ ownership recursively changed to match what is configured. As an optimization, if the specified directories are
+ already owned by the right user and group, files and directories below of them are left as-is, even if they do
+ not match what is requested. The innermost specified directories will have their access mode adjusted to the
+ what is specified in <varname>RuntimeDirectoryMode=</varname>, <varname>StateDirectoryMode=</varname>,
+ <varname>CacheDirectoryMode=</varname>, <varname>LogsDirectoryMode=</varname> and
+ <varname>ConfigurationDirectoryMode=</varname>.</para>
+
+ <para>These options imply <varname>BindPaths=</varname> for the specified paths. When combined with
+ <varname>RootDirectory=</varname> or <varname>RootImage=</varname> these paths always reside on the host and
+ are mounted from there into the unit's file system namespace.</para>
+
+ <para>If <varname>DynamicUser=</varname> is used in conjunction with <varname>StateDirectory=</varname>,
+ <varname>CacheDirectory=</varname> and <varname>LogsDirectory=</varname> is slightly altered: the directories
+ are created below <filename>/var/lib/private</filename>, <filename>/var/cache/private</filename> and
+ <filename>/var/log/private</filename>, respectively, which are host directories made inaccessible to
+ unprivileged users, which ensures that access to these directories cannot be gained through dynamic user ID
+ recycling. Symbolic links are created to hide this difference in behaviour. Both from perspective of the host
+ and from inside the unit, the relevant directories hence always appear directly below
+ <filename>/var/lib</filename>, <filename>/var/cache</filename> and <filename>/var/log</filename>.</para>
+
+ <para>Use <varname>RuntimeDirectory=</varname> to manage one or more runtime directories for the unit and bind
+ their lifetime to the daemon runtime. This is particularly useful for unprivileged daemons that cannot create
+ runtime directories in <filename>/run</filename> due to lack of privileges, and to make sure the runtime
+ directory is cleaned up automatically after use. For runtime directories that require more complex or different
+ configuration or lifetime guarantees, please consider using
+ <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+ <para>Example: if a system service unit has the following,
+ <programlisting>RuntimeDirectory=foo/bar baz</programlisting>
+ the service manager creates <filename>/run/foo</filename> (if it does not exist),
+ <filename>/run/foo/bar</filename>, and <filename>/run/baz</filename>. The directories
+ <filename>/run/foo/bar</filename> and <filename>/run/baz</filename> except <filename>/run/foo</filename> are
+ owned by the user and group specified in <varname>User=</varname> and <varname>Group=</varname>, and removed
+ when the service is stopped.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>RuntimeDirectoryMode=</varname></term>
+ <term><varname>StateDirectoryMode=</varname></term>
+ <term><varname>CacheDirectoryMode=</varname></term>
+ <term><varname>LogsDirectoryMode=</varname></term>
+ <term><varname>ConfigurationDirectoryMode=</varname></term>
+
+ <listitem><para>Specifies the access mode of the directories specified in <varname>RuntimeDirectory=</varname>,
+ <varname>StateDirectory=</varname>, <varname>CacheDirectory=</varname>, <varname>LogsDirectory=</varname>, or
+ <varname>ConfigurationDirectory=</varname>, respectively, as an octal number. Defaults to
+ <constant>0755</constant>. See "Permissions" in <citerefentry
+ project='man-pages'><refentrytitle>path_resolution</refentrytitle><manvolnum>7</manvolnum></citerefentry> for a
+ discussion of the meaning of permission bits.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>RuntimeDirectoryPreserve=</varname></term>
+
+ <listitem><para>Takes a boolean argument or <option>restart</option>. If set to <option>no</option> (the
+ default), the directories specified in <varname>RuntimeDirectory=</varname> are always removed when the service
+ stops. If set to <option>restart</option> the directories are preserved when the service is both automatically
+ and manually restarted. Here, the automatic restart means the operation specified in
+ <varname>Restart=</varname>, and manual restart means the one triggered by <command>systemctl restart
+ foo.service</command>. If set to <option>yes</option>, then the directories are not removed when the service is
+ stopped. Note that since the runtime directory <filename>/run</filename> is a mount point of
+ <literal>tmpfs</literal>, then for system services the directories specified in
+ <varname>RuntimeDirectory=</varname> are removed when the system is rebooted.</para></listitem>