[thirdparty/systemd.git] / man / systemd-system.conf.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<!--
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->

<refentry id="systemd-system.conf"
    xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>systemd-system.conf</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>Lennart</firstname>
        <surname>Poettering</surname>
        <email>lennart@poettering.net</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-system.conf</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-system.conf</refname>
    <refname>system.conf.d</refname>
    <refname>systemd-user.conf</refname>
    <refname>user.conf.d</refname>
    <refpurpose>System and session service manager configuration files</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>/etc/systemd/system.conf</filename></para>
    <para><filename>/etc/systemd/system.conf.d/*.conf</filename></para>
    <para><filename>/run/systemd/system.conf.d/*.conf</filename></para>
    <para><filename>/usr/lib/systemd/system.conf.d/*.conf</filename></para>
    <para><filename>/etc/systemd/user.conf</filename></para>
    <para><filename>/etc/systemd/user.conf.d/*.conf</filename></para>
    <para><filename>/run/systemd/user.conf.d/*.conf</filename></para>
    <para><filename>/usr/lib/systemd/user.conf.d/*.conf</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>When run as a system instance, systemd interprets the
    configuration file <filename>system.conf</filename> and the files
    in <filename>system.conf.d</filename> directories; when run as a
    user instance, systemd interprets the configuration file
    <filename>user.conf</filename> and the files in
    <filename>user.conf.d</filename> directories. These configuration
    files contain a few settings controlling basic manager
    operations.</para>
  </refsect1>

  <xi:include href="standard-conf.xml" xpointer="main-conf" />

  <refsect1>
    <title>Options</title>

    <para>All options are configured in the
    <literal>[Manager]</literal> section:</para>

    <variablelist class='systemd-directives'>

      <varlistentry>
        <term><varname>LogLevel=</varname></term>
        <term><varname>LogTarget=</varname></term>
        <term><varname>LogColor=</varname></term>
        <term><varname>LogLocation=</varname></term>
        <term><varname>DumpCore=yes</varname></term>
        <term><varname>CrashShell=no</varname></term>
        <term><varname>ShowStatus=yes</varname></term>
        <term><varname>CrashChVT=1</varname></term>
        <term><varname>DefaultStandardOutput=journal</varname></term>
        <term><varname>DefaultStandardError=inherit</varname></term>

        <listitem><para>Configures various parameters of basic manager
        operation. These options may be overridden by the respective
        command line arguments. See
        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        for details about these command line
        arguments.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>CPUAffinity=</varname></term>

        <listitem><para>Configures the initial CPU affinity for the
        init process. Takes a space-separated list of CPU
        indices.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>

        <listitem><para>Configures controllers that shall be mounted
        in a single hierarchy. By default, systemd will mount all
        controllers which are enabled in the kernel in individual
        hierarchies, with the exception of those listed in this
        setting. Takes a space-separated list of comma-separated
        controller names, in order to allow multiple joined
        hierarchies. Defaults to 'cpu,cpuacct'. Pass an empty string
        to ensure that systemd mounts all controllers in separate
        hierarchies.</para>

        <para>Note that this option is only applied once, at very
        early boot. If you use an initial RAM disk (initrd) that uses
        systemd, it might hence be necessary to rebuild the initrd if
        this option is changed, and make sure the new configuration
        file is included in it. Otherwise, the initrd might mount the
        controller hierarchies in a different configuration than
        intended, and the main system cannot remount them
        anymore.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>RuntimeWatchdogSec=</varname></term>
        <term><varname>ShutdownWatchdogSec=</varname></term>

        <listitem><para>Configure the hardware watchdog at runtime and
        at reboot. Takes a timeout value in seconds (or in other time
        units if suffixed with <literal>ms</literal>,
        <literal>min</literal>, <literal>h</literal>,
        <literal>d</literal>, <literal>w</literal>). If
        <varname>RuntimeWatchdogSec=</varname> is set to a non-zero
        value, the watchdog hardware
        (<filename>/dev/watchdog</filename>) will be programmed to
        automatically reboot the system if it is not contacted within
        the specified timeout interval. The system manager will ensure
        to contact it at least once in half the specified timeout
        interval. This feature requires a hardware watchdog device to
        be present, as it is commonly the case in embedded and server
        systems. Not all hardware watchdogs allow configuration of the
        reboot timeout, in which case the closest available timeout is
        picked. <varname>ShutdownWatchdogSec=</varname> may be used to
        configure the hardware watchdog when the system is asked to
        reboot. It works as a safety net to ensure that the reboot
        takes place even if a clean reboot attempt times out. By
        default <varname>RuntimeWatchdogSec=</varname> defaults to 0
        (off), and <varname>ShutdownWatchdogSec=</varname> to 10min.
        These settings have no effect if a hardware watchdog is not
        available.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>CapabilityBoundingSet=</varname></term>

        <listitem><para>Controls which capabilities to include in the
        capability bounding set for PID 1 and its children. See
        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
        for details. Takes a whitespace-separated list of capability
        names as read by
        <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
        Capabilities listed will be included in the bounding set, all
        others are removed. If the list of capabilities is prefixed
        with ~, all but the listed capabilities will be included, the
        effect of the assignment inverted. Note that this option also
        affects the respective capabilities in the effective,
        permitted and inheritable capability sets. The capability
        bounding set may also be individually configured for units
        using the <varname>CapabilityBoundingSet=</varname> directive
        for units, but note that capabilities dropped for PID 1 cannot
        be regained in individual units, they are lost for
        good.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>SystemCallArchitectures=</varname></term>

        <listitem><para>Takes a space-separated list of architecture
        identifiers. Selects from which architectures system calls may
        be invoked on this system. This may be used as an effective
        way to disable invocation of non-native binaries system-wide,
        for example to prohibit execution of 32-bit x86 binaries on
        64-bit x86-64 systems. This option operates system-wide, and
        acts similar to the
        <varname>SystemCallArchitectures=</varname> setting of unit
        files, see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details. This setting defaults to the empty list, in which
        case no filtering of system calls based on architecture is
        applied. Known architecture identifiers are
        <literal>x86</literal>, <literal>x86-64</literal>,
        <literal>x32</literal>, <literal>arm</literal> and the special
        identifier <literal>native</literal>. The latter implicitly
        maps to the native architecture of the system (or more
        specifically, the architecture the system manager was compiled
        for). Set this setting to <literal>native</literal> to
        prohibit execution of any non-native binaries. When a binary
        executes a system call of an architecture that is not listed
        in this setting, it will be immediately terminated with the
        SIGSYS signal.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>TimerSlackNSec=</varname></term>

        <listitem><para>Sets the timer slack in nanoseconds for PID 1,
        which is inherited by all executed processes, unless
        overridden individually, for example with the
        <varname>TimerSlackNSec=</varname> setting in service units
        (for details see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
        The timer slack controls the accuracy of wake-ups triggered by
        system timers. See
        <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
        for more information. Note that in contrast to most other time
        span definitions this parameter takes an integer value in
        nano-seconds if no unit is specified. The usual time units are
        understood too.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultTimerAccuracySec=</varname></term>

        <listitem><para>Sets the default accuracy of timer units. This
        controls the global default for the
        <varname>AccuracySec=</varname> setting of timer units, see
        <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details. <varname>AccuracySec=</varname> set in individual
        units override the global default for the specific unit.
        Defaults to 1min. Note that the accuracy of timer units is
        also affected by the configured timer slack for PID 1, see
        <varname>TimerSlackNSec=</varname> above.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultTimeoutStartSec=</varname></term>
        <term><varname>DefaultTimeoutStopSec=</varname></term>
        <term><varname>DefaultRestartSec=</varname></term>

        <listitem><para>Configures the default timeouts for starting
        and stopping of units, as well as the default time to sleep
        between automatic restarts of units, as configured per-unit in
        <varname>TimeoutStartSec=</varname>,
        <varname>TimeoutStopSec=</varname> and
        <varname>RestartSec=</varname> (for services, see
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details on the per-unit settings). For non-service units,
        <varname>DefaultTimeoutStartSec=</varname> sets the default
        <varname>TimeoutSec=</varname>
        value. <varname>DefaultTimeoutStartSec=</varname> and
        <varname>DefaultTimeoutStopSec=</varname> default to
        90s. <varname>DefaultRestartSec=</varname> defaults to
        100ms.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultStartLimitInterval=</varname></term>
        <term><varname>DefaultStartLimitBurst=</varname></term>

        <listitem><para>Configure the default unit start rate
        limiting, as configured per-service by
        <varname>StartLimitInterval=</varname> and
        <varname>StartLimitBurst=</varname>. See
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details on the per-service settings.
        <varname>DefaultStartLimitInterval=</varname> defaults to
        10s. <varname>DefaultStartLimitBurst=</varname> defaults to
        5.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultEnvironment=</varname></term>

        <listitem><para>Sets manager environment variables passed to
        all executed processes. Takes a space-separated list of
        variable assignments. See
        <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
        for details about environment variables.</para>

        <para>Example:

        <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>

        Sets three variables
        <literal>VAR1</literal>,
        <literal>VAR2</literal>,
        <literal>VAR3</literal>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultCPUAccounting=</varname></term>
        <term><varname>DefaultBlockIOAccounting=</varname></term>
        <term><varname>DefaultMemoryAccounting=</varname></term>

        <listitem><para>Configure the default resource accounting
        settings, as configured per-unit by
        <varname>CPUAccounting=</varname>,
        <varname>BlockIOAccounting=</varname> and
        <varname>MemoryAccounting=</varname>. See
        <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details on the per-unit settings.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultLimitCPU=</varname></term>
        <term><varname>DefaultLimitFSIZE=</varname></term>
        <term><varname>DefaultLimitDATA=</varname></term>
        <term><varname>DefaultLimitSTACK=</varname></term>
        <term><varname>DefaultLimitCORE=</varname></term>
        <term><varname>DefaultLimitRSS=</varname></term>
        <term><varname>DefaultLimitNOFILE=</varname></term>
        <term><varname>DefaultLimitAS=</varname></term>
        <term><varname>DefaultLimitNPROC=</varname></term>
        <term><varname>DefaultLimitMEMLOCK=</varname></term>
        <term><varname>DefaultLimitLOCKS=</varname></term>
        <term><varname>DefaultLimitSIGPENDING=</varname></term>
        <term><varname>DefaultLimitMSGQUEUE=</varname></term>
        <term><varname>DefaultLimitNICE=</varname></term>
        <term><varname>DefaultLimitRTPRIO=</varname></term>
        <term><varname>DefaultLimitRTTIME=</varname></term>

        <listitem><para>These settings control various default
        resource limits for units. See
        <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
        for details. Use the string <varname>infinity</varname> to
        configure no limit on a specific resource. These settings may
        be overridden in individual units using the corresponding
        LimitXXX= directives. Note that these resource limits are only
        defaults for units, they are not applied to PID 1
        itself.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
      <title>See Also</title>
      <para>
        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
        <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
      </para>
  </refsect1>

</refentry>
Commit	Line	Data
f3e219a2	1	<?xml version='1.0'?> <!---nxml--->
f3e219a2	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
f3e219a2 LP	4
	5	<!--
	6	This file is part of systemd.
	7
	8	Copyright 2010 Lennart Poettering
	9
	10	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	11	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	12	the Free Software Foundation; either version 2.1 of the License, or
f3e219a2 LP	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	18	Lesser General Public License for more details.
f3e219a2	19
5430f7f2	20	You should have received a copy of the GNU Lesser General Public License
f3e219a2 LP	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	-->
	23
1b907b5c	24	<refentry id="systemd-system.conf"
798d3a52 ZJS	25	xmlns:xi="http://www.w3.org/2001/XInclude">
	26	<refentryinfo>
	27	<title>systemd-system.conf</title>
	28	<productname>systemd</productname>
	29
	30	<authorgroup>
	31	<author>
	32	<contrib>Developer</contrib>
	33	<firstname>Lennart</firstname>
	34	<surname>Poettering</surname>
	35	<email>lennart@poettering.net</email>
	36	</author>
	37	</authorgroup>
	38	</refentryinfo>
	39
	40	<refmeta>
	41	<refentrytitle>systemd-system.conf</refentrytitle>
	42	<manvolnum>5</manvolnum>
	43	</refmeta>
	44
	45	<refnamediv>
	46	<refname>systemd-system.conf</refname>
	47	<refname>system.conf.d</refname>
	48	<refname>systemd-user.conf</refname>
	49	<refname>user.conf.d</refname>
	50	<refpurpose>System and session service manager configuration files</refpurpose>
	51	</refnamediv>
	52
	53	<refsynopsisdiv>
12b42c76 TG	54	<para><filename>/etc/systemd/system.conf</filename></para>
12b42c76 TG	55	<para><filename>/etc/systemd/system.conf.d/*.conf</filename></para>
798d3a52	56	<para><filename>/run/systemd/system.conf.d/*.conf</filename></para>
12b42c76 TG	57	<para><filename>/usr/lib/systemd/system.conf.d/*.conf</filename></para>
	58	<para><filename>/etc/systemd/user.conf</filename></para>
	59	<para><filename>/etc/systemd/user.conf.d/*.conf</filename></para>
798d3a52	60	<para><filename>/run/systemd/user.conf.d/*.conf</filename></para>
12b42c76	61	<para><filename>/usr/lib/systemd/user.conf.d/*.conf</filename></para>
798d3a52 ZJS	62	</refsynopsisdiv>
	63
	64	<refsect1>
	65	<title>Description</title>
	66
	67	<para>When run as a system instance, systemd interprets the
	68	configuration file <filename>system.conf</filename> and the files
	69	in <filename>system.conf.d</filename> directories; when run as a
	70	user instance, systemd interprets the configuration file
	71	<filename>user.conf</filename> and the files in
	72	<filename>user.conf.d</filename> directories. These configuration
	73	files contain a few settings controlling basic manager
	74	operations.</para>
	75	</refsect1>
	76
e93549ef	77	<xi:include href="standard-conf.xml" xpointer="main-conf" />
798d3a52 ZJS	78
	79	<refsect1>
	80	<title>Options</title>
	81
	82	<para>All options are configured in the
	83	<literal>[Manager]</literal> section:</para>
	84
	85	<variablelist class='systemd-directives'>
	86
	87	<varlistentry>
	88	<term><varname>LogLevel=</varname></term>
	89	<term><varname>LogTarget=</varname></term>
	90	<term><varname>LogColor=</varname></term>
	91	<term><varname>LogLocation=</varname></term>
	92	<term><varname>DumpCore=yes</varname></term>
	93	<term><varname>CrashShell=no</varname></term>
	94	<term><varname>ShowStatus=yes</varname></term>
	95	<term><varname>CrashChVT=1</varname></term>
	96	<term><varname>DefaultStandardOutput=journal</varname></term>
	97	<term><varname>DefaultStandardError=inherit</varname></term>
	98
	99	<listitem><para>Configures various parameters of basic manager
	100	operation. These options may be overridden by the respective
	101	command line arguments. See
	102	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
	103	for details about these command line
	104	arguments.</para></listitem>
	105	</varlistentry>
	106
	107	<varlistentry>
	108	<term><varname>CPUAffinity=</varname></term>
	109
	110	<listitem><para>Configures the initial CPU affinity for the
	111	init process. Takes a space-separated list of CPU
	112	indices.</para></listitem>
	113	</varlistentry>
	114
	115	<varlistentry>
	116	<term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
	117
	118	<listitem><para>Configures controllers that shall be mounted
	119	in a single hierarchy. By default, systemd will mount all
	120	controllers which are enabled in the kernel in individual
	121	hierarchies, with the exception of those listed in this
	122	setting. Takes a space-separated list of comma-separated
	123	controller names, in order to allow multiple joined
	124	hierarchies. Defaults to 'cpu,cpuacct'. Pass an empty string
	125	to ensure that systemd mounts all controllers in separate
	126	hierarchies.</para>
	127
	128	<para>Note that this option is only applied once, at very
	129	early boot. If you use an initial RAM disk (initrd) that uses
	130	systemd, it might hence be necessary to rebuild the initrd if
	131	this option is changed, and make sure the new configuration
	132	file is included in it. Otherwise, the initrd might mount the
	133	controller hierarchies in a different configuration than
	134	intended, and the main system cannot remount them
	135	anymore.</para></listitem>
	136	</varlistentry>
	137
	138	<varlistentry>
	139	<term><varname>RuntimeWatchdogSec=</varname></term>
	140	<term><varname>ShutdownWatchdogSec=</varname></term>
	141
142	<listitem><para>Configure the hardware watchdog at runtime and
143	at reboot. Takes a timeout value in seconds (or in other time
144	units if suffixed with <literal>ms</literal>,
145	<literal>min</literal>, <literal>h</literal>,
146	<literal>d</literal>, <literal>w</literal>). If
147	<varname>RuntimeWatchdogSec=</varname> is set to a non-zero
148	value, the watchdog hardware
149	(<filename>/dev/watchdog</filename>) will be programmed to
150	automatically reboot the system if it is not contacted within
151	the specified timeout interval. The system manager will ensure
152	to contact it at least once in half the specified timeout
153	interval. This feature requires a hardware watchdog device to
154	be present, as it is commonly the case in embedded and server
155	systems. Not all hardware watchdogs allow configuration of the
156	reboot timeout, in which case the closest available timeout is
157	picked. <varname>ShutdownWatchdogSec=</varname> may be used to
158	configure the hardware watchdog when the system is asked to
159	reboot. It works as a safety net to ensure that the reboot
160	takes place even if a clean reboot attempt times out. By
161	default <varname>RuntimeWatchdogSec=</varname> defaults to 0
162	(off), and <varname>ShutdownWatchdogSec=</varname> to 10min.
163	These settings have no effect if a hardware watchdog is not
164	available.</para></listitem>
165	</varlistentry>
166
167	<varlistentry>
168	<term><varname>CapabilityBoundingSet=</varname></term>
169
170	<listitem><para>Controls which capabilities to include in the
171	capability bounding set for PID 1 and its children. See
172	<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
173	for details. Takes a whitespace-separated list of capability
174	names as read by
3ba3a79d	175	<citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a52 ZJS	176	Capabilities listed will be included in the bounding set, all
	177	others are removed. If the list of capabilities is prefixed
	178	with ~, all but the listed capabilities will be included, the
	179	effect of the assignment inverted. Note that this option also
	180	affects the respective capabilities in the effective,
	181	permitted and inheritable capability sets. The capability
	182	bounding set may also be individually configured for units
	183	using the <varname>CapabilityBoundingSet=</varname> directive
	184	for units, but note that capabilities dropped for PID 1 cannot
	185	be regained in individual units, they are lost for
	186	good.</para></listitem>
	187	</varlistentry>
	188
	189	<varlistentry>
	190	<term><varname>SystemCallArchitectures=</varname></term>
	191
	192	<listitem><para>Takes a space-separated list of architecture
	193	identifiers. Selects from which architectures system calls may
	194	be invoked on this system. This may be used as an effective
	195	way to disable invocation of non-native binaries system-wide,
	196	for example to prohibit execution of 32-bit x86 binaries on
	197	64-bit x86-64 systems. This option operates system-wide, and
	198	acts similar to the
	199	<varname>SystemCallArchitectures=</varname> setting of unit
	200	files, see
	201	<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	202	for details. This setting defaults to the empty list, in which
	203	case no filtering of system calls based on architecture is
	204	applied. Known architecture identifiers are
	205	<literal>x86</literal>, <literal>x86-64</literal>,
	206	<literal>x32</literal>, <literal>arm</literal> and the special
	207	identifier <literal>native</literal>. The latter implicitly
	208	maps to the native architecture of the system (or more
	209	specifically, the architecture the system manager was compiled
	210	for). Set this setting to <literal>native</literal> to
	211	prohibit execution of any non-native binaries. When a binary
	212	executes a system call of an architecture that is not listed
	213	in this setting, it will be immediately terminated with the
	214	SIGSYS signal.</para></listitem>
	215	</varlistentry>
	216
	217	<varlistentry>
	218	<term><varname>TimerSlackNSec=</varname></term>
	219
	220	<listitem><para>Sets the timer slack in nanoseconds for PID 1,
	221	which is inherited by all executed processes, unless
	222	overridden individually, for example with the
	223	<varname>TimerSlackNSec=</varname> setting in service units
	224	(for details see
	225	<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
	226	The timer slack controls the accuracy of wake-ups triggered by
	227	system timers. See
	228	<citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
	229	for more information. Note that in contrast to most other time
	230	span definitions this parameter takes an integer value in
	231	nano-seconds if no unit is specified. The usual time units are
	232	understood too.</para></listitem>
	233	</varlistentry>
	234
	235	<varlistentry>
	236	<term><varname>DefaultTimerAccuracySec=</varname></term>
	237
	238	<listitem><para>Sets the default accuracy of timer units. This
	239	controls the global default for the
240	<varname>AccuracySec=</varname> setting of timer units, see
241	<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
242	for details. <varname>AccuracySec=</varname> set in individual
243	units override the global default for the specific unit.
244	Defaults to 1min. Note that the accuracy of timer units is
245	also affected by the configured timer slack for PID 1, see
246	<varname>TimerSlackNSec=</varname> above.</para></listitem>
247	</varlistentry>
248
249	<varlistentry>
250	<term><varname>DefaultTimeoutStartSec=</varname></term>
251	<term><varname>DefaultTimeoutStopSec=</varname></term>
252	<term><varname>DefaultRestartSec=</varname></term>
253
254	<listitem><para>Configures the default timeouts for starting
255	and stopping of units, as well as the default time to sleep
256	between automatic restarts of units, as configured per-unit in
257	<varname>TimeoutStartSec=</varname>,
258	<varname>TimeoutStopSec=</varname> and
259	<varname>RestartSec=</varname> (for services, see
260	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
261	for details on the per-unit settings). For non-service units,
262	<varname>DefaultTimeoutStartSec=</varname> sets the default
f5a05fb5 LP	263	<varname>TimeoutSec=</varname>
	264	value. <varname>DefaultTimeoutStartSec=</varname> and
	265	<varname>DefaultTimeoutStopSec=</varname> default to
	266	90s. <varname>DefaultRestartSec=</varname> defaults to
	267	100ms.</para></listitem>
798d3a52 ZJS	268	</varlistentry>
	269
	270	<varlistentry>
	271	<term><varname>DefaultStartLimitInterval=</varname></term>
	272	<term><varname>DefaultStartLimitBurst=</varname></term>
	273
	274	<listitem><para>Configure the default unit start rate
	275	limiting, as configured per-service by
	276	<varname>StartLimitInterval=</varname> and
	277	<varname>StartLimitBurst=</varname>. See
	278	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
f5a05fb5 LP	279	for details on the per-service settings.
	280	<varname>DefaultStartLimitInterval=</varname> defaults to
	281	10s. <varname>DefaultStartLimitBurst=</varname> defaults to
	282	5.</para></listitem>
798d3a52 ZJS	283	</varlistentry>
	284
	285	<varlistentry>
	286	<term><varname>DefaultEnvironment=</varname></term>
	287
	288	<listitem><para>Sets manager environment variables passed to
	289	all executed processes. Takes a space-separated list of
	290	variable assignments. See
	291	<citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
	292	for details about environment variables.</para>
	293
	294	<para>Example:
	295
	296	<programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
	297
	298	Sets three variables
	299	<literal>VAR1</literal>,
	300	<literal>VAR2</literal>,
	301	<literal>VAR3</literal>.</para></listitem>
	302	</varlistentry>
	303
	304	<varlistentry>
	305	<term><varname>DefaultCPUAccounting=</varname></term>
	306	<term><varname>DefaultBlockIOAccounting=</varname></term>
	307	<term><varname>DefaultMemoryAccounting=</varname></term>
	308
	309	<listitem><para>Configure the default resource accounting
	310	settings, as configured per-unit by
	311	<varname>CPUAccounting=</varname>,
	312	<varname>BlockIOAccounting=</varname> and
	313	<varname>MemoryAccounting=</varname>. See
	314	<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	315	for details on the per-unit settings.</para></listitem>
	316	</varlistentry>
	317
	318	<varlistentry>
	319	<term><varname>DefaultLimitCPU=</varname></term>
	320	<term><varname>DefaultLimitFSIZE=</varname></term>
	321	<term><varname>DefaultLimitDATA=</varname></term>
	322	<term><varname>DefaultLimitSTACK=</varname></term>
	323	<term><varname>DefaultLimitCORE=</varname></term>
	324	<term><varname>DefaultLimitRSS=</varname></term>
	325	<term><varname>DefaultLimitNOFILE=</varname></term>
	326	<term><varname>DefaultLimitAS=</varname></term>
	327	<term><varname>DefaultLimitNPROC=</varname></term>
	328	<term><varname>DefaultLimitMEMLOCK=</varname></term>
	329	<term><varname>DefaultLimitLOCKS=</varname></term>
	330	<term><varname>DefaultLimitSIGPENDING=</varname></term>
	331	<term><varname>DefaultLimitMSGQUEUE=</varname></term>
	332	<term><varname>DefaultLimitNICE=</varname></term>
	333	<term><varname>DefaultLimitRTPRIO=</varname></term>
	334	<term><varname>DefaultLimitRTTIME=</varname></term>
	335
	336	<listitem><para>These settings control various default
	337	resource limits for units. See
	338	<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
	339	for details. Use the string <varname>infinity</varname> to
	340	configure no limit on a specific resource. These settings may
	341	be overridden in individual units using the corresponding
	342	LimitXXX= directives. Note that these resource limits are only
	343	defaults for units, they are not applied to PID 1
	344	itself.</para></listitem>
	345	</varlistentry>
	346	</variablelist>
347	</refsect1>
348
349	<refsect1>
350	<title>See Also</title>
351	<para>
352	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
353	<citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
354	<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
355	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
356	<citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
357	<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
358	</para>
359	</refsect1>
f3e219a2 LP	360
f3e219a2 LP	361	</refentry>