X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=man%2Fsystemd.socket.xml;h=fb51ef6658936463b95c263752bc335eb6cfbef5;hb=78a562ee4bcbc7b0e8b58b475ff656f646e95e40;hp=a1943f65ab64ff58f16e1ee24d6d9eab1d6cb461;hpb=0e74bad141d035b7d45f5e46ea4f33217db3c9e8;p=thirdparty%2Fsystemd.git diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index a1943f65ab6..fb51ef66589 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -1,41 +1,15 @@ - + systemd.socket systemd - - - - Developer - Lennart - Poettering - lennart@poettering.net - - @@ -94,8 +68,8 @@ or it must be a template unit named the same way. Example: a socket file foo.socket needs a matching service foo.service if - is set. If - is set, a service template file + is set. If + is set, a service template file foo@.service must exist from which services are instantiated for each incoming connection. @@ -120,56 +94,72 @@ socket passing (i.e. sockets passed in via standard input and output, using StandardInput=socket in the service file). - - - Implicit Dependencies - - The following dependencies are implicitly added: - - - Socket units automatically gain a Before= - dependency on the service units they activate. - - Socket units referring to file system paths (such as AF_UNIX - sockets or FIFOs) implicitly gain Requires= and - After= dependencies on all mount units - necessary to access those paths. - - Socket units using the BindToDevice= - setting automatically gain a BindsTo= and - After= dependency on the device unit - encapsulating the specified network interface. - - - Additional implicit dependencies may be added as result of - execution and resource control parameters as documented in - systemd.exec5 - and - systemd.resource-control5. + All network sockets allocated through .socket units are allocated in the host's network + namespace (see network_namespaces7). This + does not mean however that the service activated by a configured socket unit has to be part of the host's network + namespace as well. It is supported and even good practice to run services in their own network namespace (for + example through PrivateNetwork=, see + systemd.exec5), receiving only + the sockets configured through socket-activation from the host's namespace. In such a set-up communication within + the host's network namespace is only permitted through the activation sockets passed in while all sockets allocated + from the service code itself will be associated with the service's own namespace, and thus possibly subject to a a + much more restrictive configuration. - Default Dependencies - - The following dependencies are added unless - DefaultDependencies=no is set: - - - Socket units automatically gain a - Before= dependency on - sockets.target. - - Socket units automatically gain a pair of - After= and Requires= - dependency on sysinit.target, and a pair of - Before= and Conflicts= - dependencies on shutdown.target. These - dependencies ensure that the socket unit is started before normal - services at boot, and is stopped on shutdown. Only sockets - involved with early boot or late system shutdown should disable - DefaultDependencies= option. - + Automatic Dependencies + + + Implicit Dependencies + + The following dependencies are implicitly added: + + + Socket units automatically gain a Before= + dependency on the service units they activate. + + Socket units referring to file system paths (such as AF_UNIX + sockets or FIFOs) implicitly gain Requires= and + After= dependencies on all mount units + necessary to access those paths. + + Socket units using the BindToDevice= + setting automatically gain a BindsTo= and + After= dependency on the device unit + encapsulating the specified network interface. + + + Additional implicit dependencies may be added as result of + execution and resource control parameters as documented in + systemd.exec5 + and + systemd.resource-control5. + + + + Default Dependencies + + The following dependencies are added unless + DefaultDependencies=no is set: + + + Socket units automatically gain a + Before= dependency on + sockets.target. + + Socket units automatically gain a pair of + After= and Requires= + dependency on sysinit.target, and a pair of + Before= and Conflicts= + dependencies on shutdown.target. These + dependencies ensure that the socket unit is started before normal + services at boot, and is stopped on shutdown. Only sockets + involved with early boot or late system shutdown should disable + DefaultDependencies= option. + + @@ -325,7 +315,7 @@ SocketProtocol= - Takes a one of + Takes one of or . Specifies a socket protocol (IPPROTO_UDPLITE) UDP-Lite (IPPROTO_SCTP) SCTP socket respectively. @@ -334,7 +324,7 @@ BindIPv6Only= - Takes a one of , + Takes one of , or . Controls the IPV6_V6ONLY socket option (see ipv67 @@ -417,17 +407,17 @@ incoming traffic. Defaults to . For performance reasons, it is recommended to write new daemons only in a way that is suitable for - . A daemon listening on an + . A daemon listening on an AF_UNIX socket may, but does not need to, call close2 on the received socket before exiting. However, it must not unlink the socket from a file system. It should not invoke shutdown2 - on sockets it got with Accept=false, but it + on sockets it got with Accept=no, but it may do so for sockets it got with - Accept=true set. Setting - Accept=true is mostly useful to allow + Accept=yes set. Setting + Accept=yes is mostly useful to allow daemons designed for usage with inetd8 to work unmodified with systemd socket @@ -451,11 +441,11 @@ MaxConnections= The maximum number of connections to simultaneously run services instances for, when - is set. If more concurrent + is set. If more concurrent connections are coming in, they will be refused until at least one existing connection is terminated. This setting has no effect on sockets configured with - or datagram sockets. Defaults to + or datagram sockets. Defaults to 64.