[thirdparty/systemd.git] / man / systemd-system.conf.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
        "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<!--
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->

<refentry id="systemd-system.conf">
        <refentryinfo>
                <title>systemd-system.conf</title>
                <productname>systemd</productname>

                <authorgroup>
                        <author>
                                <contrib>Developer</contrib>
                                <firstname>Lennart</firstname>
                                <surname>Poettering</surname>
                                <email>lennart@poettering.net</email>
                        </author>
                </authorgroup>
        </refentryinfo>

        <refmeta>
                <refentrytitle>systemd-system.conf</refentrytitle>
                <manvolnum>5</manvolnum>
        </refmeta>

        <refnamediv>
                <refname>systemd-system.conf</refname>
                <refname>systemd-user.conf</refname>
                <refpurpose>System and session service manager configuration file</refpurpose>
        </refnamediv>

        <refsynopsisdiv>
                <para><filename>/etc/systemd/system.conf</filename></para>
                <para><filename>/etc/systemd/user.conf</filename></para>
        </refsynopsisdiv>

        <refsect1>
                <title>Description</title>

                <para>When run as system instance systemd reads the
                configuration file <filename>system.conf</filename>,
                otherwise <filename>user.conf</filename>. These
                configuration files contain a few settings controlling
                basic manager operations.</para>
        </refsect1>

        <refsect1>
                <title>Options</title>

                <para>All options are configured in the
                <literal>[Manager]</literal> section:</para>

                <variablelist class='systemd-directives'>

                        <varlistentry>
                                <term><varname>LogLevel=</varname></term>
                                <term><varname>LogTarget=</varname></term>
                                <term><varname>LogColor=</varname></term>
                                <term><varname>LogLocation=</varname></term>
                                <term><varname>DumpCore=yes</varname></term>
                                <term><varname>CrashShell=no</varname></term>
                                <term><varname>ShowStatus=yes</varname></term>
                                <term><varname>CrashChVT=1</varname></term>
                                <term><varname>DefaultStandardOutput=journal</varname></term>
                                <term><varname>DefaultStandardError=inherit</varname></term>

                                <listitem><para>Configures various
                                parameters of basic manager
                                operation. These options may be
                                overridden by the respective command
                                line arguments. See
                                <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
                                for details about these command line
                                arguments.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>CPUAffinity=</varname></term>

                                <listitem><para>Configures the initial
                                CPU affinity for the init
                                process. Takes a space-separated list
                                of CPU indices.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>

                                <listitem><para>Configures controllers
                                that shall be mounted in a single
                                hierarchy. By default, systemd will
                                mount all controllers which are
                                enabled in the kernel in individual
                                hierarchies, with the exception of
                                those listed in this setting. Takes a
                                space-separated list of comma-separated
                                controller names, in order
                                to allow multiple joined
                                hierarchies. Defaults to
                                'cpu,cpuacct'. Pass an empty string to
                                ensure that systemd mounts all
                                controllers in separate
                                hierarchies.</para>

                                <para>Note that this option is only
                                applied once, at very early boot. If
                                you use an initial RAM disk (initrd)
                                that uses systemd, it might hence be
                                necessary to rebuild the initrd if
                                this option is changed, and make sure
                                the new configuration file is included
                                in it. Otherwise, the initrd might
                                mount the controller hierarchies in a
                                different configuration than intended,
                                and the main system cannot remount
                                them anymore.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>RuntimeWatchdogSec=</varname></term>
                                <term><varname>ShutdownWatchdogSec=</varname></term>

                                <listitem><para>Configure the hardware
                                watchdog at runtime and at
                                reboot. Takes a timeout value in
                                seconds (or in other time units if
                                suffixed with <literal>ms</literal>,
                                <literal>min</literal>,
                                <literal>h</literal>,
                                <literal>d</literal>,
                                <literal>w</literal>). If
                                <varname>RuntimeWatchdogSec=</varname>
                                is set to a non-zero value, the
                                watchdog hardware
                                (<filename>/dev/watchdog</filename>)
                                will be programmed to automatically
                                reboot the system if it is not
                                contacted within the specified timeout
                                interval. The system manager will
                                ensure to contact it at least once in
                                half the specified timeout
                                interval. This feature requires a
                                hardware watchdog device to be
                                present, as it is commonly the case in
                                embedded and server systems. Not all
                                hardware watchdogs allow configuration
                                of the reboot timeout, in which case
                                the closest available timeout is
                                picked. <varname>ShutdownWatchdogSec=</varname>
                                may be used to configure the hardware
                                watchdog when the system is asked to
                                reboot. It works as a safety net to
                                ensure that the reboot takes place
                                even if a clean reboot attempt times
                                out. By default
                                <varname>RuntimeWatchdogSec=</varname>
                                defaults to 0 (off), and
                                <varname>ShutdownWatchdogSec=</varname>
                                to 10min. These settings have no
                                effect if a hardware watchdog is not
                                available.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>CapabilityBoundingSet=</varname></term>

                                <listitem><para>Controls which
                                capabilities to include in the
                                capability bounding set for PID 1 and
                                its children. See
                                <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
                                for details. Takes a whitespace-separated
                                list of capability names as read by
                                <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
                                Capabilities listed will be included
                                in the bounding set, all others are
                                removed. If the list of capabilities
                                is prefixed with ~, all but the listed
                                capabilities will be included, the
                                effect of the assignment
                                inverted. Note that this option also
                                affects the respective capabilities in
                                the effective, permitted and
                                inheritable capability sets. The
                                capability bounding set may also be
                                individually configured for units
                                using the
                                <varname>CapabilityBoundingSet=</varname>
                                directive for units, but note that
                                capabilities dropped for PID 1 cannot
                                be regained in individual units, they
                                are lost for good.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>SystemCallArchitectures=</varname></term>

                                <listitem><para>Takes a
                                space-separated list of architecture
                                identifiers. Selects from which
                                architectures system calls may be
                                invoked on this system. This may be
                                used as an effective way to disable
                                invocation of non-native binaries
                                system-wide, for example to prohibit
                                execution of 32-bit x86 binaries on
                                64-bit x86-64 systems. This option
                                operates system-wide, and acts
                                similar to the
                                <varname>SystemCallArchitectures=</varname>
                                setting of unit files, see
                                <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                                for details. This setting defaults to
                                the empty list, in which case no
                                filtering of system calls based on
                                architecture is applied. Known
                                architecture identifiers are
                                <literal>x86</literal>,
                                <literal>x86-64</literal>,
                                <literal>x32</literal>,
                                <literal>arm</literal> and the special
                                identifier
                                <literal>native</literal>. The latter
                                implicitly maps to the native
                                architecture of the system (or more
                                specifically, the architecture the
                                system manager was compiled for). Set
                                this setting to
                                <literal>native</literal> to prohibit
                                execution of any non-native
                                binaries. When a binary executes a
                                system call of an architecture that is
                                not listed in this setting, it will be
                                immediately terminated with the SIGSYS
                                signal.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>TimerSlackNSec=</varname></term>

                                <listitem><para>Sets the timer slack
                                in nanoseconds for PID 1, which is
                                inherited by all executed processes,
                                unless overridden individually, for
                                example with the
                                <varname>TimerSlackNSec=</varname>
                                setting in service units (for details
                                see
                                <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
                                timer slack controls the accuracy of
                                wake-ups triggered by system
                                timers. See
                                <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
                                for more information. Note that in
                                contrast to most other time span
                                definitions this parameter takes an
                                integer value in nano-seconds if no
                                unit is specified. The usual time
                                units are understood
                                too.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>StartTimeoutSec=</varname></term>
                                <term><varname>StartTimeoutAction=</varname></term>
                                <term><varname>StartTimeoutRebootArgument=</varname></term>

                                <listitem><para>Configures an over-all
                                system start-up timeout and controls
                                what to do when the timeout is
                                reached. <varname>StartTimeoutSec=</varname>
                                specifies the timeout, and defaults to
                                <literal>15min</literal>. <varname>StartTimeoutAction=</varname>
                                configures the action to take when the
                                system did not finish boot-up within
                                the specified time. It takes the same
                                values as the per-service
                                <varname>StartLimitAction=</varname>
                                setting, see
                                <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                                for details. Defaults to
                                <option>poweroff-force</option>. <varname>StartTimeoutRebootArgument=</varname>
                                configures an optional reboot string
                                to pass to the
                                <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
                                system call.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>DefaultTimerAccuracySec=</varname></term>

                                <listitem><para>Sets the default
                                accuracy of timer units. This controls
                                the global default for the
                                <varname>AccuracySec=</varname>
                                setting of timer units, see
                                <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                                for
                                details. <varname>AccuracySec=</varname>
                                set in individual units override the
                                global default for the specific
                                unit. Defaults to 1min. Note that the
                                accuracy of timer units is also
                                affected by the configured timer slack
                                for PID 1, see
                                <varname>TimerSlackNSec=</varname>
                                above.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>DefaultTimeoutStartSec=</varname></term>
                                <term><varname>DefaultTimeoutStopSec=</varname></term>
                                <term><varname>DefaultRestartSec=</varname></term>

                                <listitem><para>Configures the default
                                timeouts for starting and stopping of
                                units, as well as the default time to
                                sleep between automatic restarts of
                                units, as configured per-unit in
                                <varname>TimeoutStartSec=</varname>,
                                <varname>TimeoutStopSec=</varname> and
                                <varname>RestartSec=</varname> (for
                                services, see
                                <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                                for details on the per-unit
                                settings). For non-service units,
                                <varname>DefaultTimeoutStartSec=</varname>
                                sets the default
                                <varname>TimeoutSec=</varname> value.
                                </para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>DefaultStartLimitInterval=</varname></term>
                                <term><varname>DefaultStartLimitBurst=</varname></term>

                                <listitem><para>Configure the default
                                unit start rate limiting, as
                                configured per-service by
                                <varname>StartLimitInterval=</varname>
                                and
                                <varname>StartLimitBurst=</varname>. See
                                <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                                for details on the per-service
                                settings.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>DefaultEnvironment=</varname></term>

                                <listitem><para>Sets manager
                                environment variables passed to all
                                executed processes. Takes a
                                space-separated list of variable
                                assignments. See
                                <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
                                for details about environment
                                variables.</para>

                                <para>Example:

                                <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>

                                Sets three variables
                                <literal>VAR1</literal>,
                                <literal>VAR2</literal>,
                                <literal>VAR3</literal>.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>DefaultCPUAccounting=</varname></term>
                                <term><varname>DefaultBlockIOAccounting=</varname></term>
                                <term><varname>DefaultMemoryAccounting=</varname></term>

                                <listitem><para>Configure the default
                                resource accounting settings, as
                                configured per-unit by
                                <varname>CPUAccounting=</varname>,
                                <varname>BlockIOAccounting=</varname>
                                and
                                <varname>MemoryAccounting=</varname>. See
                                <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                                for details on the per-unit
                                settings.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><varname>DefaultLimitCPU=</varname></term>
                                <term><varname>DefaultLimitFSIZE=</varname></term>
                                <term><varname>DefaultLimitDATA=</varname></term>
                                <term><varname>DefaultLimitSTACK=</varname></term>
                                <term><varname>DefaultLimitCORE=</varname></term>
                                <term><varname>DefaultLimitRSS=</varname></term>
                                <term><varname>DefaultLimitNOFILE=</varname></term>
                                <term><varname>DefaultLimitAS=</varname></term>
                                <term><varname>DefaultLimitNPROC=</varname></term>
                                <term><varname>DefaultLimitMEMLOCK=</varname></term>
                                <term><varname>DefaultLimitLOCKS=</varname></term>
                                <term><varname>DefaultLimitSIGPENDING=</varname></term>
                                <term><varname>DefaultLimitMSGQUEUE=</varname></term>
                                <term><varname>DefaultLimitNICE=</varname></term>
                                <term><varname>DefaultLimitRTPRIO=</varname></term>
                                <term><varname>DefaultLimitRTTIME=</varname></term>

                                <listitem><para>These settings control
                                various default resource limits for
                                units. See
                                <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
                                for details. Use the string
                                <varname>infinity</varname> to
                                configure no limit on a specific
                                resource. These settings may be
                                overridden in individual units
                                using the corresponding LimitXXX=
                                directives. Note that these resource
                                limits are only defaults for units,
                                they are not applied to PID 1
                                itself.</para></listitem>
                        </varlistentry>
                </variablelist>
        </refsect1>

        <refsect1>
                  <title>See Also</title>
                  <para>
                          <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                          <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
                          <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
                  </para>
        </refsect1>

</refentry>
Commit	Line	Data
f3e219a2 LP	1	<?xml version='1.0'?> <!---nxml--->
	2	<?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
	3	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
	4	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
	5
	6	<!--
	7	This file is part of systemd.
	8
	9	Copyright 2010 Lennart Poettering
	10
	11	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	12	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	13	the Free Software Foundation; either version 2.1 of the License, or
f3e219a2 LP	14	(at your option) any later version.
	15
	16	systemd is distributed in the hope that it will be useful, but
	17	WITHOUT ANY WARRANTY; without even the implied warranty of
	18	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	19	Lesser General Public License for more details.
f3e219a2	20
5430f7f2	21	You should have received a copy of the GNU Lesser General Public License
f3e219a2 LP	22	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	23	-->
	24
5f9cfd4c	25	<refentry id="systemd-system.conf">
f3e219a2	26	<refentryinfo>
5f9cfd4c	27	<title>systemd-system.conf</title>
f3e219a2 LP	28	<productname>systemd</productname>
	29
	30	<authorgroup>
	31	<author>
	32	<contrib>Developer</contrib>
	33	<firstname>Lennart</firstname>
	34	<surname>Poettering</surname>
	35	<email>lennart@poettering.net</email>
	36	</author>
	37	</authorgroup>
	38	</refentryinfo>
	39
	40	<refmeta>
5f9cfd4c	41	<refentrytitle>systemd-system.conf</refentrytitle>
f3e219a2 LP	42	<manvolnum>5</manvolnum>
	43	</refmeta>
	44
	45	<refnamediv>
5f9cfd4c ZJS	46	<refname>systemd-system.conf</refname>
	47	<refname>systemd-user.conf</refname>
	48	<refpurpose>System and session service manager configuration file</refpurpose>
f3e219a2 LP	49	</refnamediv>
	50
	51	<refsynopsisdiv>
4aa6e778 LP	52	<para><filename>/etc/systemd/system.conf</filename></para>
4aa6e778 LP	53	<para><filename>/etc/systemd/user.conf</filename></para>
f3e219a2 LP	54	</refsynopsisdiv>
	55
	56	<refsect1>
	57	<title>Description</title>
	58
	59	<para>When run as system instance systemd reads the
	60	configuration file <filename>system.conf</filename>,
af2d49f7	61	otherwise <filename>user.conf</filename>. These
f3e219a2 LP	62	configuration files contain a few settings controlling
f3e219a2 LP	63	basic manager operations.</para>
f3e219a2 LP	64	</refsect1>
	65
	66	<refsect1>
	67	<title>Options</title>
	68
	69	<para>All options are configured in the
	70	<literal>[Manager]</literal> section:</para>
	71
ffafe91b	72	<variablelist class='systemd-directives'>
f3e219a2 LP	73
	74	<varlistentry>
	75	<term><varname>LogLevel=</varname></term>
	76	<term><varname>LogTarget=</varname></term>
	77	<term><varname>LogColor=</varname></term>
	78	<term><varname>LogLocation=</varname></term>
	79	<term><varname>DumpCore=yes</varname></term>
	80	<term><varname>CrashShell=no</varname></term>
	81	<term><varname>ShowStatus=yes</varname></term>
	82	<term><varname>CrashChVT=1</varname></term>
706343f4	83	<term><varname>DefaultStandardOutput=journal</varname></term>
0a494f1f	84	<term><varname>DefaultStandardError=inherit</varname></term>
f3e219a2 LP	85
	86	<listitem><para>Configures various
	87	parameters of basic manager
	88	operation. These options may be
5471472d	89	overridden by the respective command
f3e219a2 LP	90	line arguments. See
	91	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
	92	for details about these command line
	93	arguments.</para></listitem>
	94	</varlistentry>
	95
	96	<varlistentry>
	97	<term><varname>CPUAffinity=</varname></term>
	98
	99	<listitem><para>Configures the initial
	100	CPU affinity for the init
96d4ce01	101	process. Takes a space-separated list
66f756d4	102	of CPU indices.</para></listitem>
af2d49f7	103	</varlistentry>
06d4c99a LP	104
06d4c99a LP	105	<varlistentry>
7ac80732	106	<term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
0c85a4f3 LP	107
	108	<listitem><para>Configures controllers
	109	that shall be mounted in a single
79640424	110	hierarchy. By default, systemd will
0c85a4f3 LP	111	mount all controllers which are
0c85a4f3 LP	112	enabled in the kernel in individual
49f43d5f	113	hierarchies, with the exception of
0c85a4f3	114	those listed in this setting. Takes a
e9dd9f95 JSJ	115	space-separated list of comma-separated
e9dd9f95 JSJ	116	controller names, in order
0c85a4f3 LP	117	to allow multiple joined
	118	hierarchies. Defaults to
	119	'cpu,cpuacct'. Pass an empty string to
	120	ensure that systemd mounts all
	121	controllers in separate
e5e991a1 LP	122	hierarchies.</para>
	123
	124	<para>Note that this option is only
	125	applied once, at very early boot. If
	126	you use an initial RAM disk (initrd)
e9dd9f95	127	that uses systemd, it might hence be
e5e991a1 LP	128	necessary to rebuild the initrd if
	129	this option is changed, and make sure
	130	the new configuration file is included
79640424	131	in it. Otherwise, the initrd might
ab06eef8	132	mount the controller hierarchies in a
b02a01dc LP	133	different configuration than intended,
	134	and the main system cannot remount
	135	them anymore.</para></listitem>
0c85a4f3	136	</varlistentry>
e96d6be7 LP	137
	138	<varlistentry>
	139	<term><varname>RuntimeWatchdogSec=</varname></term>
	140	<term><varname>ShutdownWatchdogSec=</varname></term>
	141
	142	<listitem><para>Configure the hardware
	143	watchdog at runtime and at
	144	reboot. Takes a timeout value in
	145	seconds (or in other time units if
	146	suffixed with <literal>ms</literal>,
	147	<literal>min</literal>,
	148	<literal>h</literal>,
	149	<literal>d</literal>,
	150	<literal>w</literal>). If
	151	<varname>RuntimeWatchdogSec=</varname>
79640424	152	is set to a non-zero value, the
e96d6be7 LP	153	watchdog hardware
	154	(<filename>/dev/watchdog</filename>)
	155	will be programmed to automatically
	156	reboot the system if it is not
	157	contacted within the specified timeout
	158	interval. The system manager will
	159	ensure to contact it at least once in
	160	half the specified timeout
	161	interval. This feature requires a
	162	hardware watchdog device to be
	163	present, as it is commonly the case in
	164	embedded and server systems. Not all
	165	hardware watchdogs allow configuration
	166	of the reboot timeout, in which case
	167	the closest available timeout is
	168	picked. <varname>ShutdownWatchdogSec=</varname>
	169	may be used to configure the hardware
	170	watchdog when the system is asked to
	171	reboot. It works as a safety net to
	172	ensure that the reboot takes place
	173	even if a clean reboot attempt times
	174	out. By default
	175	<varname>RuntimeWatchdogSec=</varname>
	176	defaults to 0 (off), and
	177	<varname>ShutdownWatchdogSec=</varname>
	178	to 10min. These settings have no
	179	effect if a hardware watchdog is not
	180	available.</para></listitem>
	181	</varlistentry>
c93ff2e9	182
ec8927ca LP	183	<varlistentry>
	184	<term><varname>CapabilityBoundingSet=</varname></term>
	185
	186	<listitem><para>Controls which
	187	capabilities to include in the
	188	capability bounding set for PID 1 and
	189	its children. See
5aded369	190	<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
e9dd9f95 JSJ	191	for details. Takes a whitespace-separated
e9dd9f95 JSJ	192	list of capability names as read by
ec8927ca LP	193	<citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
	194	Capabilities listed will be included
	195	in the bounding set, all others are
	196	removed. If the list of capabilities
79640424	197	is prefixed with ~, all but the listed
ec8927ca LP	198	capabilities will be included, the
	199	effect of the assignment
	200	inverted. Note that this option also
bb31a4ac	201	affects the respective capabilities in
ec8927ca LP	202	the effective, permitted and
	203	inheritable capability sets. The
	204	capability bounding set may also be
	205	individually configured for units
	206	using the
	207	<varname>CapabilityBoundingSet=</varname>
	208	directive for units, but note that
	209	capabilities dropped for PID 1 cannot
	210	be regained in individual units, they
	211	are lost for good.</para></listitem>
	212	</varlistentry>
	213
d3b1c508 LP	214	<varlistentry>
	215	<term><varname>SystemCallArchitectures=</varname></term>
	216
	217	<listitem><para>Takes a
	218	space-separated list of architecture
66f756d4	219	identifiers. Selects from which
d3b1c508 LP	220	architectures system calls may be
	221	invoked on this system. This may be
	222	used as an effective way to disable
	223	invocation of non-native binaries
	224	system-wide, for example to prohibit
73e231ab JE	225	execution of 32-bit x86 binaries on
	226	64-bit x86-64 systems. This option
	227	operates system-wide, and acts
d3b1c508 LP	228	similar to the
	229	<varname>SystemCallArchitectures=</varname>
	230	setting of unit files, see
	231	<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	232	for details. This setting defaults to
73e231ab	233	the empty list, in which case no
d3b1c508 LP	234	filtering of system calls based on
	235	architecture is applied. Known
	236	architecture identifiers are
	237	<literal>x86</literal>,
	238	<literal>x86-64</literal>,
	239	<literal>x32</literal>,
	240	<literal>arm</literal> and the special
	241	identifier
	242	<literal>native</literal>. The latter
	243	implicitly maps to the native
	244	architecture of the system (or more
	245	specifically, the architecture the
	246	system manager was compiled for). Set
	247	this setting to
	248	<literal>native</literal> to prohibit
	249	execution of any non-native
	250	binaries. When a binary executes a
	251	system call of an architecture that is
73e231ab	252	not listed in this setting, it will be
d3b1c508 LP	253	immediately terminated with the SIGSYS
	254	signal.</para></listitem>
	255	</varlistentry>
	256
aa0f64ac LP	257	<varlistentry>
	258	<term><varname>TimerSlackNSec=</varname></term>
	259
	260	<listitem><para>Sets the timer slack
bd8f585b LP	261	in nanoseconds for PID 1, which is
bd8f585b LP	262	inherited by all executed processes,
bb31a4ac	263	unless overridden individually, for
aa0f64ac LP	264	example with the
	265	<varname>TimerSlackNSec=</varname>
	266	setting in service units (for details
	267	see
	268	<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
	269	timer slack controls the accuracy of
bd8f585b LP	270	wake-ups triggered by system
bd8f585b LP	271	timers. See
aa0f64ac LP	272	<citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
	273	for more information. Note that in
	274	contrast to most other time span
	275	definitions this parameter takes an
	276	integer value in nano-seconds if no
	277	unit is specified. The usual time
	278	units are understood
	279	too.</para></listitem>
	280	</varlistentry>
	281
2928b0a8 LP	282	<varlistentry>
	283	<term><varname>StartTimeoutSec=</varname></term>
	284	<term><varname>StartTimeoutAction=</varname></term>
	285	<term><varname>StartTimeoutRebootArgument=</varname></term>
	286
	287	<listitem><para>Configures an over-all
	288	system start-up timeout and controls
	289	what to do when the timeout is
	290	reached. <varname>StartTimeoutSec=</varname>
	291	specifies the timeout, and defaults to
	292	<literal>15min</literal>. <varname>StartTimeoutAction=</varname>
	293	configures the action to take when the
	294	system did not finish boot-up within
	295	the specified time. It takes the same
	296	values as the per-service
	297	<varname>StartLimitAction=</varname>
	298	setting, see
	299	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	300	for details. Defaults to
f07756bf	301	<option>poweroff-force</option>. <varname>StartTimeoutRebootArgument=</varname>
2928b0a8 LP	302	configures an optional reboot string
	303	to pass to the
	304	<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
	305	system call.</para></listitem>
	306	</varlistentry>
	307
bd8f585b LP	308	<varlistentry>
	309	<term><varname>DefaultTimerAccuracySec=</varname></term>
	310
	311	<listitem><para>Sets the default
	312	accuracy of timer units. This controls
	313	the global default for the
	314	<varname>AccuracySec=</varname>
	315	setting of timer units, see
	316	<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	317	for
	318	details. <varname>AccuracySec=</varname>
	319	set in individual units override the
	320	global default for the specific
	321	unit. Defaults to 1min. Note that the
	322	accuracy of timer units is also
	323	affected by the configured timer slack
	324	for PID 1, see
	325	<varname>TimerSlackNSec=</varname>
	326	above.</para></listitem>
	327	</varlistentry>
	328
d3b1c508 LP	329	<varlistentry>
	330	<term><varname>DefaultTimeoutStartSec=</varname></term>
	331	<term><varname>DefaultTimeoutStopSec=</varname></term>
	332	<term><varname>DefaultRestartSec=</varname></term>
	333
	334	<listitem><para>Configures the default
73e231ab	335	timeouts for starting and stopping of
d3b1c508 LP	336	units, as well as the default time to
	337	sleep between automatic restarts of
	338	units, as configured per-unit in
	339	<varname>TimeoutStartSec=</varname>,
	340	<varname>TimeoutStopSec=</varname> and
	341	<varname>RestartSec=</varname> (for
085afe36	342	services, see
d3b1c508 LP	343	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	344	for details on the per-unit
	345	settings). For non-service units,
	346	<varname>DefaultTimeoutStartSec=</varname>
	347	sets the default
	348	<varname>TimeoutSec=</varname> value.
	349	</para></listitem>
	350	</varlistentry>
085afe36	351
d3b1c508 LP	352	<varlistentry>
	353	<term><varname>DefaultStartLimitInterval=</varname></term>
	354	<term><varname>DefaultStartLimitBurst=</varname></term>
	355
085afe36 LP	356	<listitem><para>Configure the default
	357	unit start rate limiting, as
	358	configured per-service by
	359	<varname>StartLimitInterval=</varname>
	360	and
d3b1c508 LP	361	<varname>StartLimitBurst=</varname>. See
	362	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	363	for details on the per-service
085afe36	364	settings.</para></listitem>
d3b1c508 LP	365	</varlistentry>
d3b1c508 LP	366
97d0e5f8 UTL	367	<varlistentry>
	368	<term><varname>DefaultEnvironment=</varname></term>
	369
78894537 LP	370	<listitem><para>Sets manager
	371	environment variables passed to all
	372	executed processes. Takes a
	373	space-separated list of variable
	374	assignments. See
5aded369	375	<citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
78894537 LP	376	for details about environment
78894537 LP	377	variables.</para>
97d0e5f8 UTL	378
97d0e5f8 UTL	379	<para>Example:
97d0e5f8	380
78894537 LP	381	<programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
	382
	383	Sets three variables
	384	<literal>VAR1</literal>,
	385	<literal>VAR2</literal>,
	386	<literal>VAR3</literal>.</para></listitem>
97d0e5f8 UTL	387	</varlistentry>
97d0e5f8 UTL	388
085afe36 LP	389	<varlistentry>
	390	<term><varname>DefaultCPUAccounting=</varname></term>
	391	<term><varname>DefaultBlockIOAccounting=</varname></term>
	392	<term><varname>DefaultMemoryAccounting=</varname></term>
	393
	394	<listitem><para>Configure the default
	395	resource accounting settings, as
	396	configured per-unit by
	397	<varname>CPUAccounting=</varname>,
	398	<varname>BlockIOAccounting=</varname>
	399	and
	400	<varname>MemoryAccounting=</varname>. See
	401	<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	402	for details on the per-unit
	403	settings.</para></listitem>
	404	</varlistentry>
	405
c93ff2e9 FC	406	<varlistentry>
	407	<term><varname>DefaultLimitCPU=</varname></term>
	408	<term><varname>DefaultLimitFSIZE=</varname></term>
	409	<term><varname>DefaultLimitDATA=</varname></term>
	410	<term><varname>DefaultLimitSTACK=</varname></term>
	411	<term><varname>DefaultLimitCORE=</varname></term>
	412	<term><varname>DefaultLimitRSS=</varname></term>
	413	<term><varname>DefaultLimitNOFILE=</varname></term>
	414	<term><varname>DefaultLimitAS=</varname></term>
	415	<term><varname>DefaultLimitNPROC=</varname></term>
	416	<term><varname>DefaultLimitMEMLOCK=</varname></term>
	417	<term><varname>DefaultLimitLOCKS=</varname></term>
	418	<term><varname>DefaultLimitSIGPENDING=</varname></term>
	419	<term><varname>DefaultLimitMSGQUEUE=</varname></term>
	420	<term><varname>DefaultLimitNICE=</varname></term>
	421	<term><varname>DefaultLimitRTPRIO=</varname></term>
	422	<term><varname>DefaultLimitRTTIME=</varname></term>
ec8927ca	423
c93ff2e9	424	<listitem><para>These settings control
ec8927ca LP	425	various default resource limits for
ec8927ca LP	426	units. See
c93ff2e9 FC	427	<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
	428	for details. Use the string
	429	<varname>infinity</varname> to
	430	configure no limit on a specific
ec8927ca	431	resource. These settings may be
bb31a4ac	432	overridden in individual units
ec8927ca LP	433	using the corresponding LimitXXX=
	434	directives. Note that these resource
	435	limits are only defaults for units,
	436	they are not applied to PID 1
	437	itself.</para></listitem>
c93ff2e9	438	</varlistentry>
f3e219a2 LP	439	</variablelist>
	440	</refsect1>
	441
	442	<refsect1>
	443	<title>See Also</title>
	444	<para>
9cc2c8b7	445	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
78894537	446	<citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
d3b1c508 LP	447	<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
d3b1c508 LP	448	<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
5aded369 ZJS	449	<citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
5aded369 ZJS	450	<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
f3e219a2 LP	451	</para>
	452	</refsect1>
	453
	454	</refentry>