]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.exec.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
man: fix a bunch of links
[thirdparty/systemd.git] / man / systemd.exec.xml
CommitLineData
dd1eb43b 1<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
798d3a52 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
dd1eb43b
LP		 3
4<!--
5 This file is part of systemd.
6
7 Copyright 2010 Lennart Poettering
8
9 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
dd1eb43b
LP		 12 (at your option) any later version.
13
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 17 Lesser General Public License for more details.
dd1eb43b 18
5430f7f2 19 You should have received a copy of the GNU Lesser General Public License
dd1eb43b
LP		 20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21-->
22
23<refentry id="systemd.exec">
798d3a52
ZJS		 24 <refentryinfo>
25 <title>systemd.exec</title>
26 <productname>systemd</productname>
27
28 <authorgroup>
29 <author>
30 <contrib>Developer</contrib>
31 <firstname>Lennart</firstname>
32 <surname>Poettering</surname>
33 <email>lennart@poettering.net</email>
34 </author>
35 </authorgroup>
36 </refentryinfo>
37
38 <refmeta>
39 <refentrytitle>systemd.exec</refentrytitle>
40 <manvolnum>5</manvolnum>
41 </refmeta>
42
43 <refnamediv>
44 <refname>systemd.exec</refname>
45 <refpurpose>Execution environment configuration</refpurpose>
46 </refnamediv>
47
48 <refsynopsisdiv>
49 <para><filename><replaceable>service</replaceable>.service</filename>,
50 <filename><replaceable>socket</replaceable>.socket</filename>,
51 <filename><replaceable>mount</replaceable>.mount</filename>,
52 <filename><replaceable>swap</replaceable>.swap</filename></para>
53 </refsynopsisdiv>
54
55 <refsect1>
56 <title>Description</title>
57
58 <para>Unit configuration files for services, sockets, mount
59 points, and swap devices share a subset of configuration options
60 which define the execution environment of spawned
61 processes.</para>
62
63 <para>This man page lists the configuration options shared by
64 these four unit types. See
65 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
66 for the common options of all unit configuration files, and
67 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
68 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
69 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
70 and
71 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
72 for more information on the specific unit configuration files. The
73 execution specific configuration options are configured in the
74 [Service], [Socket], [Mount], or [Swap] sections, depending on the
75 unit type.</para>
76 </refsect1>
77
78 <refsect1>
79 <title>Options</title>
80
81 <variablelist class='unit-directives'>
82
83 <varlistentry>
84 <term><varname>WorkingDirectory=</varname></term>
85
86 <listitem><para>Takes an absolute directory path. Sets the
87 working directory for executed processes. If not set, defaults
88 to the root directory when systemd is running as a system
89 instance and the respective user's home directory if run as
90 user.</para></listitem>
91 </varlistentry>
92
93 <varlistentry>
94 <term><varname>RootDirectory=</varname></term>
95
96 <listitem><para>Takes an absolute directory path. Sets the
97 root directory for executed processes, with the
98 <citerefentry project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
99 system call. If this is used, it must be ensured that the
100 process and all its auxiliary files are available in the
101 <function>chroot()</function> jail.</para></listitem>
102 </varlistentry>
103
104 <varlistentry>
105 <term><varname>User=</varname></term>
106 <term><varname>Group=</varname></term>
107
108 <listitem><para>Sets the Unix user or group that the processes
109 are executed as, respectively. Takes a single user or group
110 name or ID as argument. If no group is set, the default group
111 of the user is chosen.</para></listitem>
112 </varlistentry>
113
114 <varlistentry>
115 <term><varname>SupplementaryGroups=</varname></term>
116
117 <listitem><para>Sets the supplementary Unix groups the
118 processes are executed as. This takes a space-separated list
119 of group names or IDs. This option may be specified more than
120 once in which case all listed groups are set as supplementary
121 groups. When the empty string is assigned the list of
122 supplementary groups is reset, and all assignments prior to
123 this one will have no effect. In any way, this option does not
124 override, but extends the list of supplementary groups
125 configured in the system group database for the
126 user.</para></listitem>
127 </varlistentry>
128
129 <varlistentry>
130 <term><varname>Nice=</varname></term>
131
132 <listitem><para>Sets the default nice level (scheduling
133 priority) for executed processes. Takes an integer between -20
134 (highest priority) and 19 (lowest priority). See
135 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
136 for details.</para></listitem>
137 </varlistentry>
138
139 <varlistentry>
140 <term><varname>OOMScoreAdjust=</varname></term>
141
142 <listitem><para>Sets the adjustment level for the
143 Out-Of-Memory killer for executed processes. Takes an integer
144 between -1000 (to disable OOM killing for this process) and
145 1000 (to make killing of this process under memory pressure
146 very likely). See <ulink
147 url="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
148 for details.</para></listitem>
149 </varlistentry>
150
151 <varlistentry>
152 <term><varname>IOSchedulingClass=</varname></term>
153
154 <listitem><para>Sets the IO scheduling class for executed
155 processes. Takes an integer between 0 and 3 or one of the
156 strings <option>none</option>, <option>realtime</option>,
157 <option>best-effort</option> or <option>idle</option>. See
158 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
159 for details.</para></listitem>
160 </varlistentry>
161
162 <varlistentry>
163 <term><varname>IOSchedulingPriority=</varname></term>
164
165 <listitem><para>Sets the IO scheduling priority for executed
166 processes. Takes an integer between 0 (highest priority) and 7
167 (lowest priority). The available priorities depend on the
168 selected IO scheduling class (see above). See
169 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
170 for details.</para></listitem>
171 </varlistentry>
172
173 <varlistentry>
174 <term><varname>CPUSchedulingPolicy=</varname></term>
175
176 <listitem><para>Sets the CPU scheduling policy for executed
177 processes. Takes one of
178 <option>other</option>,
179 <option>batch</option>,
180 <option>idle</option>,
181 <option>fifo</option> or
182 <option>rr</option>. See
183 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
184 for details.</para></listitem>
185 </varlistentry>
186
187 <varlistentry>
188 <term><varname>CPUSchedulingPriority=</varname></term>
189
190 <listitem><para>Sets the CPU scheduling priority for executed
191 processes. The available priority range depends on the
192 selected CPU scheduling policy (see above). For real-time
193 scheduling policies an integer between 1 (lowest priority) and
194 99 (highest priority) can be used. See
195 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
196 for details. </para></listitem>
197 </varlistentry>
198
199 <varlistentry>
200 <term><varname>CPUSchedulingResetOnFork=</varname></term>
201
202 <listitem><para>Takes a boolean argument. If true, elevated
203 CPU scheduling priorities and policies will be reset when the
204 executed processes fork, and can hence not leak into child
205 processes. See
206 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
207 for details. Defaults to false.</para></listitem>
208 </varlistentry>
209
210 <varlistentry>
211 <term><varname>CPUAffinity=</varname></term>
212
213 <listitem><para>Controls the CPU affinity of the executed
214 processes. Takes a space-separated list of CPU indices. This
215 option may be specified more than once in which case the
216 specified CPU affinity masks are merged. If the empty string
217 is assigned, the mask is reset, all assignments prior to this
218 will have no effect. See
219 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
220 for details.</para></listitem>
221 </varlistentry>
222
223 <varlistentry>
224 <term><varname>UMask=</varname></term>
225
226 <listitem><para>Controls the file mode creation mask. Takes an
227 access mode in octal notation. See
228 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
229 for details. Defaults to 0022.</para></listitem>
230 </varlistentry>
231
232 <varlistentry>
233 <term><varname>Environment=</varname></term>
234
235 <listitem><para>Sets environment variables for executed
236 processes. Takes a space-separated list of variable
237 assignments. This option may be specified more than once in
238 which case all listed variables will be set. If the same
239 variable is set twice, the later setting will override the
240 earlier setting. If the empty string is assigned to this
241 option, the list of environment variables is reset, all prior
242 assignments have no effect. Variable expansion is not
243 performed inside the strings, however, specifier expansion is
244 possible. The $ character has no special meaning. If you need
245 to assign a value containing spaces to a variable, use double
246 quotes (") for the assignment.</para>
247
248 <para>Example:
249 <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"</programlisting>
250 gives three variables <literal>VAR1</literal>,
251 <literal>VAR2</literal>, <literal>VAR3</literal>
252 with the values <literal>word1 word2</literal>,
253 <literal>word3</literal>, <literal>$word 5 6</literal>.
254 </para>
255
256 <para>
257 See
258 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
259 for details about environment variables.</para></listitem>
260 </varlistentry>
261 <varlistentry>
262 <term><varname>EnvironmentFile=</varname></term>
263 <listitem><para>Similar to <varname>Environment=</varname> but
264 reads the environment variables from a text file. The text
265 file should contain new-line-separated variable assignments.
266 Empty lines and lines starting with ; or # will be ignored,
267 which may be used for commenting. A line ending with a
268 backslash will be concatenated with the following one,
269 allowing multiline variable definitions. The parser strips
270 leading and trailing whitespace from the values of
271 assignments, unless you use double quotes (").</para>
272
273 <para>The argument passed should be an absolute filename or
274 wildcard expression, optionally prefixed with
275 <literal>-</literal>, which indicates that if the file does
276 not exist, it will not be read and no error or warning message
277 is logged. This option may be specified more than once in
278 which case all specified files are read. If the empty string
279 is assigned to this option, the list of file to read is reset,
280 all prior assignments have no effect.</para>
281
282 <para>The files listed with this directive will be read
283 shortly before the process is executed (more specifically,
284 after all processes from a previous unit state terminated.
285 This means you can generate these files in one unit state, and
f407824d
DH		 286 read it with this option in the next).</para>
287
288 <para>Settings from these
798d3a52
ZJS		 289 files override settings made with
290 <varname>Environment=</varname>. If the same variable is set
291 twice from these files, the files will be read in the order
292 they are specified and the later setting will override the
293 earlier setting.</para></listitem>
294 </varlistentry>
295
296 <varlistentry>
297 <term><varname>StandardInput=</varname></term>
298 <listitem><para>Controls where file descriptor 0 (STDIN) of
299 the executed processes is connected to. Takes one of
300 <option>null</option>,
301 <option>tty</option>,
302 <option>tty-force</option>,
303 <option>tty-fail</option> or
304 <option>socket</option>.</para>
305
306 <para>If <option>null</option> is selected, standard input
307 will be connected to <filename>/dev/null</filename>, i.e. all
308 read attempts by the process will result in immediate
309 EOF.</para>
310
311 <para>If <option>tty</option> is selected, standard input is
312 connected to a TTY (as configured by
313 <varname>TTYPath=</varname>, see below) and the executed
314 process becomes the controlling process of the terminal. If
315 the terminal is already being controlled by another process,
316 the executed process waits until the current controlling
317 process releases the terminal.</para>
318
319 <para><option>tty-force</option> is similar to
320 <option>tty</option>, but the executed process is forcefully
321 and immediately made the controlling process of the terminal,
322 potentially removing previous controlling processes from the
323 terminal.</para>
324
325 <para><option>tty-fail</option> is similar to
326 <option>tty</option> but if the terminal already has a
327 controlling process start-up of the executed process
328 fails.</para>
329
330 <para>The <option>socket</option> option is only valid in
331 socket-activated services, and only when the socket
332 configuration file (see
333 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
334 for details) specifies a single socket only. If this option is
335 set, standard input will be connected to the socket the
336 service was activated from, which is primarily useful for
337 compatibility with daemons designed for use with the
338 traditional
339 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
340 daemon.</para>
341
342 <para>This setting defaults to
343 <option>null</option>.</para></listitem>
344 </varlistentry>
345 <varlistentry>
346 <term><varname>StandardOutput=</varname></term>
347 <listitem><para>Controls where file descriptor 1 (STDOUT) of
348 the executed processes is connected to. Takes one of
349 <option>inherit</option>,
350 <option>null</option>,
351 <option>tty</option>,
352 <option>journal</option>,
353 <option>syslog</option>,
354 <option>kmsg</option>,
355 <option>journal+console</option>,
356 <option>syslog+console</option>,
357 <option>kmsg+console</option> or
358 <option>socket</option>.</para>
359
360 <para><option>inherit</option> duplicates the file descriptor
361 of standard input for standard output.</para>
362
363 <para><option>null</option> connects standard output to
364 <filename>/dev/null</filename>, i.e. everything written to it
365 will be lost.</para>
366
367 <para><option>tty</option> connects standard output to a tty
368 (as configured via <varname>TTYPath=</varname>, see below). If
369 the TTY is used for output only, the executed process will not
370 become the controlling process of the terminal, and will not
371 fail or wait for other processes to release the
372 terminal.</para>
373
374 <para><option>journal</option> connects standard output with
375 the journal which is accessible via
376 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
377 Note that everything that is written to syslog or kmsg (see
378 below) is implicitly stored in the journal as well, the
379 specific two options listed below are hence supersets of this
380 one.</para>
381
382 <para><option>syslog</option> connects standard output to the
383 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
384 system syslog service, in addition to the journal. Note that
385 the journal daemon is usually configured to forward everything
386 it receives to syslog anyway, in which case this option is no
387 different from <option>journal</option>.</para>
388
389 <para><option>kmsg</option> connects standard output with the
390 kernel log buffer which is accessible via
391 <citerefentry project='man-pages'><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
392 in addition to the journal. The journal daemon might be
393 configured to send all logs to kmsg anyway, in which case this
394 option is no different from <option>journal</option>.</para>
395
396 <para><option>journal+console</option>,
397 <option>syslog+console</option> and
398 <option>kmsg+console</option> work in a similar way as the
399 three options above but copy the output to the system console
400 as well.</para>
401
402 <para><option>socket</option> connects standard output to a
403 socket acquired via socket activation. The semantics are
404 similar to the same option of
405 <varname>StandardInput=</varname>.</para>
406
407 <para>This setting defaults to the value set with
408 <option>DefaultStandardOutput=</option> in
409 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
410 which defaults to <option>journal</option>.</para></listitem>
411 </varlistentry>
412 <varlistentry>
413 <term><varname>StandardError=</varname></term>
414 <listitem><para>Controls where file descriptor 2 (STDERR) of
415 the executed processes is connected to. The available options
416 are identical to those of <varname>StandardOutput=</varname>,
417 with one exception: if set to <option>inherit</option> the
418 file descriptor used for standard output is duplicated for
419 standard error. This setting defaults to the value set with
420 <option>DefaultStandardError=</option> in
421 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
422 which defaults to <option>inherit</option>.</para></listitem>
423 </varlistentry>
424 <varlistentry>
425 <term><varname>TTYPath=</varname></term>
426 <listitem><para>Sets the terminal device node to use if
427 standard input, output, or error are connected to a TTY (see
428 above). Defaults to
429 <filename>/dev/console</filename>.</para></listitem>
430 </varlistentry>
431 <varlistentry>
432 <term><varname>TTYReset=</varname></term>
433 <listitem><para>Reset the terminal device specified with
434 <varname>TTYPath=</varname> before and after execution.
435 Defaults to <literal>no</literal>.</para></listitem>
436 </varlistentry>
437 <varlistentry>
438 <term><varname>TTYVHangup=</varname></term>
439 <listitem><para>Disconnect all clients which have opened the
440 terminal device specified with <varname>TTYPath=</varname>
441 before and after execution. Defaults to
442 <literal>no</literal>.</para></listitem>
443 </varlistentry>
444 <varlistentry>
445 <term><varname>TTYVTDisallocate=</varname></term>
446 <listitem><para>If the terminal device specified with
447 <varname>TTYPath=</varname> is a virtual console terminal, try
448 to deallocate the TTY before and after execution. This ensures
449 that the screen and scrollback buffer is cleared. Defaults to
450 <literal>no</literal>.</para></listitem>
451 </varlistentry>
452 <varlistentry>
453 <term><varname>SyslogIdentifier=</varname></term>
454 <listitem><para>Sets the process name to prefix log lines sent
455 to the logging system or the kernel log buffer with. If not
456 set, defaults to the process name of the executed process.
457 This option is only useful when
458 <varname>StandardOutput=</varname> or
459 <varname>StandardError=</varname> are set to
460 <option>syslog</option>, <option>journal</option> or
461 <option>kmsg</option> (or to the same settings in combination
462 with <option>+console</option>).</para></listitem>
463 </varlistentry>
464 <varlistentry>
465 <term><varname>SyslogFacility=</varname></term>
466 <listitem><para>Sets the syslog facility to use when logging
467 to syslog. One of <option>kern</option>,
468 <option>user</option>, <option>mail</option>,
469 <option>daemon</option>, <option>auth</option>,
470 <option>syslog</option>, <option>lpr</option>,
471 <option>news</option>, <option>uucp</option>,
472 <option>cron</option>, <option>authpriv</option>,
473 <option>ftp</option>, <option>local0</option>,
474 <option>local1</option>, <option>local2</option>,
475 <option>local3</option>, <option>local4</option>,
476 <option>local5</option>, <option>local6</option> or
477 <option>local7</option>. See
478 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
479 for details. This option is only useful when
480 <varname>StandardOutput=</varname> or
481 <varname>StandardError=</varname> are set to
482 <option>syslog</option>. Defaults to
483 <option>daemon</option>.</para></listitem>
484 </varlistentry>
485 <varlistentry>
486 <term><varname>SyslogLevel=</varname></term>
487 <listitem><para>Default syslog level to use when logging to
488 syslog or the kernel log buffer. One of
489 <option>emerg</option>,
490 <option>alert</option>,
491 <option>crit</option>,
492 <option>err</option>,
493 <option>warning</option>,
494 <option>notice</option>,
495 <option>info</option>,
496 <option>debug</option>. See
497 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
498 for details. This option is only useful when
499 <varname>StandardOutput=</varname> or
500 <varname>StandardError=</varname> are set to
501 <option>syslog</option> or <option>kmsg</option>. Note that
502 individual lines output by the daemon might be prefixed with a
503 different log level which can be used to override the default
504 log level specified here. The interpretation of these prefixes
505 may be disabled with <varname>SyslogLevelPrefix=</varname>,
506 see below. For details see
507 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
508
509 Defaults to
510 <option>info</option>.</para></listitem>
511 </varlistentry>
512
513 <varlistentry>
514 <term><varname>SyslogLevelPrefix=</varname></term>
515 <listitem><para>Takes a boolean argument. If true and
516 <varname>StandardOutput=</varname> or
517 <varname>StandardError=</varname> are set to
518 <option>syslog</option>, <option>kmsg</option> or
519 <option>journal</option>, log lines written by the executed
520 process that are prefixed with a log level will be passed on
521 to syslog with this log level set but the prefix removed. If
522 set to false, the interpretation of these prefixes is disabled
523 and the logged lines are passed on as-is. For details about
524 this prefixing see
525 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
526 Defaults to true.</para></listitem>
527 </varlistentry>
528
529 <varlistentry>
530 <term><varname>TimerSlackNSec=</varname></term>
531 <listitem><para>Sets the timer slack in nanoseconds for the
532 executed processes. The timer slack controls the accuracy of
533 wake-ups triggered by timers. See
534 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
535 for more information. Note that in contrast to most other time
536 span definitions this parameter takes an integer value in
537 nano-seconds if no unit is specified. The usual time units are
538 understood too.</para></listitem>
539 </varlistentry>
540
541 <varlistentry>
542 <term><varname>LimitCPU=</varname></term>
543 <term><varname>LimitFSIZE=</varname></term>
544 <term><varname>LimitDATA=</varname></term>
545 <term><varname>LimitSTACK=</varname></term>
546 <term><varname>LimitCORE=</varname></term>
547 <term><varname>LimitRSS=</varname></term>
548 <term><varname>LimitNOFILE=</varname></term>
549 <term><varname>LimitAS=</varname></term>
550 <term><varname>LimitNPROC=</varname></term>
551 <term><varname>LimitMEMLOCK=</varname></term>
552 <term><varname>LimitLOCKS=</varname></term>
553 <term><varname>LimitSIGPENDING=</varname></term>
554 <term><varname>LimitMSGQUEUE=</varname></term>
555 <term><varname>LimitNICE=</varname></term>
556 <term><varname>LimitRTPRIO=</varname></term>
557 <term><varname>LimitRTTIME=</varname></term>
558 <listitem><para>These settings set both soft and hard limits
559 of various resources for executed processes. See
560 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
561 for details. Use the string <varname>infinity</varname> to
562 configure no limit on a specific resource.</para></listitem>
563
564 <table>
565 <title>Limit directives and their equivalent with ulimit</title>
566
567 <tgroup cols='2'>
568 <colspec colname='directive' />
569 <colspec colname='equivalent' />
570 <thead>
571 <row>
572 <entry>Directive</entry>
573 <entry>ulimit equivalent</entry>
574 </row>
575 </thead>
576 <tbody>
577 <row>
578 <entry>LimitCPU</entry>
579 <entry>ulimit -t</entry>
580 </row>
581 <row>
582 <entry>LimitFSIZE</entry>
583 <entry>ulimit -f</entry>
584 </row>
585 <row>
586 <entry>LimitDATA</entry>
587 <entry>ulimit -d</entry>
588 </row>
589 <row>
590 <entry>LimitSTACK</entry>
591 <entry>ulimit -s</entry>
592 </row>
593 <row>
594 <entry>LimitCORE</entry>
595 <entry>ulimit -c</entry>
596 </row>
597 <row>
598 <entry>LimitRSS</entry>
599 <entry>ulimit -m</entry>
600 </row>
601 <row>
602 <entry>LimitNOFILE</entry>
603 <entry>ulimit -n</entry>
604 </row>
605 <row>
606 <entry>LimitAS</entry>
607 <entry>ulimit -v</entry>
608 </row>
609 <row>
610 <entry>LimitNPROC</entry>
611 <entry>ulimit -u</entry>
612 </row>
613 <row>
614 <entry>LimitMEMLOCK</entry>
615 <entry>ulimit -l</entry>
616 </row>
617 <row>
618 <entry>LimitLOCKS</entry>
619 <entry>ulimit -x</entry>
620 </row>
621 <row>
622 <entry>LimitSIGPENDING</entry>
623 <entry>ulimit -i</entry>
624 </row>
625 <row>
626 <entry>LimitMSGQUEUE</entry>
627 <entry>ulimit -q</entry>
628 </row>
629 <row>
630 <entry>LimitNICE</entry>
631 <entry>ulimit -e</entry>
632 </row>
633 <row>
634 <entry>LimitRTPRIO</entry>
635 <entry>ulimit -r</entry>
636 </row>
637 <row>
638 <entry>LimitRTTIME</entry>
639 <entry>No equivalent</entry>
640 </row>
641 </tbody>
642 </tgroup>
643 </table>
644 </varlistentry>
645
646 <varlistentry>
647 <term><varname>PAMName=</varname></term>
648 <listitem><para>Sets the PAM service name to set up a session
649 as. If set, the executed process will be registered as a PAM
650 session under the specified service name. This is only useful
651 in conjunction with the <varname>User=</varname> setting. If
652 not set, no PAM session will be opened for the executed
653 processes. See
654 <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
655 for details.</para></listitem>
656 </varlistentry>
657
658 <varlistentry>
659 <term><varname>CapabilityBoundingSet=</varname></term>
660
661 <listitem><para>Controls which capabilities to include in the
662 capability bounding set for the executed process. See
663 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
664 for details. Takes a whitespace-separated list of capability
665 names as read by
3ba3a79d 666 <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
798d3a52
ZJS		 667 e.g. <constant>CAP_SYS_ADMIN</constant>,
668 <constant>CAP_DAC_OVERRIDE</constant>,
669 <constant>CAP_SYS_PTRACE</constant>. Capabilities listed will
670 be included in the bounding set, all others are removed. If
671 the list of capabilities is prefixed with
672 <literal>~</literal>, all but the listed capabilities will be
673 included, the effect of the assignment inverted. Note that
674 this option also affects the respective capabilities in the
675 effective, permitted and inheritable capability sets, on top
676 of what <varname>Capabilities=</varname> does. If this option
677 is not used, the capability bounding set is not modified on
678 process execution, hence no limits on the capabilities of the
679 process are enforced. This option may appear more than once in
680 which case the bounding sets are merged. If the empty string
681 is assigned to this option, the bounding set is reset to the
682 empty capability set, and all prior settings have no effect.
683 If set to <literal>~</literal> (without any further argument),
684 the bounding set is reset to the full set of available
685 capabilities, also undoing any previous
686 settings.</para></listitem>
687 </varlistentry>
688
689 <varlistentry>
690 <term><varname>SecureBits=</varname></term>
691 <listitem><para>Controls the secure bits set for the executed
692 process. Takes a space-separated combination of options from
693 the following list:
694 <option>keep-caps</option>,
695 <option>keep-caps-locked</option>,
696 <option>no-setuid-fixup</option>,
697 <option>no-setuid-fixup-locked</option>,
698 <option>noroot</option>, and
699 <option>noroot-locked</option>.
700 This option may appear more than once in which case the secure
701 bits are ORed. If the empty string is assigned to this option,
702 the bits are reset to 0. See
703 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
704 for details.</para></listitem>
705 </varlistentry>
706
707 <varlistentry>
708 <term><varname>Capabilities=</varname></term>
709 <listitem><para>Controls the
710 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
711 set for the executed process. Take a capability string
712 describing the effective, permitted and inherited capability
713 sets as documented in
3ba3a79d 714 <citerefentry project='mankier'><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a52
ZJS		 715 Note that these capability sets are usually influenced (and
716 filtered) by the capabilities attached to the executed file.
717 Due to that <varname>CapabilityBoundingSet=</varname> is
718 probably a much more useful setting.</para></listitem>
719 </varlistentry>
720
721 <varlistentry>
722 <term><varname>ReadWriteDirectories=</varname></term>
723 <term><varname>ReadOnlyDirectories=</varname></term>
724 <term><varname>InaccessibleDirectories=</varname></term>
725
726 <listitem><para>Sets up a new file system namespace for
727 executed processes. These options may be used to limit access
728 a process might have to the main file system hierarchy. Each
729 setting takes a space-separated list of absolute directory
730 paths. Directories listed in
731 <varname>ReadWriteDirectories=</varname> are accessible from
732 within the namespace with the same access rights as from
733 outside. Directories listed in
734 <varname>ReadOnlyDirectories=</varname> are accessible for
735 reading only, writing will be refused even if the usual file
736 access controls would permit this. Directories listed in
737 <varname>InaccessibleDirectories=</varname> will be made
738 inaccessible for processes inside the namespace. Note that
739 restricting access with these options does not extend to
740 submounts of a directory that are created later on. These
741 options may be specified more than once in which case all
742 directories listed will have limited access from within the
743 namespace. If the empty string is assigned to this option, the
744 specific list is reset, and all prior assignments have no
745 effect.</para>
746 <para>Paths in
747 <varname>ReadOnlyDirectories=</varname>
748 and
749 <varname>InaccessibleDirectories=</varname>
750 may be prefixed with
751 <literal>-</literal>, in which case
752 they will be ignored when they do not
753 exist. Note that using this
754 setting will disconnect propagation of
755 mounts from the service to the host
756 (propagation in the opposite direction
757 continues to work). This means that
758 this setting may not be used for
759 services which shall be able to
760 install mount points in the main mount
761 namespace.</para></listitem>
762 </varlistentry>
763
764 <varlistentry>
765 <term><varname>PrivateTmp=</varname></term>
766
767 <listitem><para>Takes a boolean argument. If true, sets up a
768 new file system namespace for the executed processes and
769 mounts private <filename>/tmp</filename> and
770 <filename>/var/tmp</filename> directories inside it that is
771 not shared by processes outside of the namespace. This is
772 useful to secure access to temporary files of the process, but
773 makes sharing between processes via <filename>/tmp</filename>
774 or <filename>/var/tmp</filename> impossible. If this is
775 enabled, all temporary files created by a service in these
776 directories will be removed after the service is stopped.
777 Defaults to false. It is possible to run two or more units
778 within the same private <filename>/tmp</filename> and
779 <filename>/var/tmp</filename> namespace by using the
780 <varname>JoinsNamespaceOf=</varname> directive, see
781 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
782 for details. Note that using this setting will disconnect
783 propagation of mounts from the service to the host
784 (propagation in the opposite direction continues to work).
785 This means that this setting may not be used for services
786 which shall be able to install mount points in the main mount
787 namespace.</para></listitem>
788 </varlistentry>
789
790 <varlistentry>
791 <term><varname>PrivateDevices=</varname></term>
792
793 <listitem><para>Takes a boolean argument. If true, sets up a
794 new /dev namespace for the executed processes and only adds
795 API pseudo devices such as <filename>/dev/null</filename>,
796 <filename>/dev/zero</filename> or
797 <filename>/dev/random</filename> (as well as the pseudo TTY
798 subsystem) to it, but no physical devices such as
799 <filename>/dev/sda</filename>. This is useful to securely turn
800 off physical device access by the executed process. Defaults
801 to false. Enabling this option will also remove
802 <constant>CAP_MKNOD</constant> from the capability bounding
803 set for the unit (see above), and set
804 <varname>DevicePolicy=closed</varname> (see
805 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
806 for details). Note that using this setting will disconnect
807 propagation of mounts from the service to the host
808 (propagation in the opposite direction continues to work).
809 This means that this setting may not be used for services
810 which shall be able to install mount points in the main mount
811 namespace.</para></listitem>
812 </varlistentry>
813
814 <varlistentry>
815 <term><varname>PrivateNetwork=</varname></term>
816
817 <listitem><para>Takes a boolean argument. If true, sets up a
818 new network namespace for the executed processes and
819 configures only the loopback network device
820 <literal>lo</literal> inside it. No other network devices will
821 be available to the executed process. This is useful to
822 securely turn off network access by the executed process.
823 Defaults to false. It is possible to run two or more units
824 within the same private network namespace by using the
825 <varname>JoinsNamespaceOf=</varname> directive, see
826 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
827 for details. Note that this option will disconnect all socket
828 families from the host, this includes AF_NETLINK and AF_UNIX.
829 The latter has the effect that AF_UNIX sockets in the abstract
830 socket namespace will become unavailable to the processes
831 (however, those located in the file system will continue to be
832 accessible).</para></listitem>
833 </varlistentry>
834
835 <varlistentry>
836 <term><varname>ProtectSystem=</varname></term>
837
838 <listitem><para>Takes a boolean argument or
839 <literal>full</literal>. If true, mounts the
840 <filename>/usr</filename> and <filename>/boot</filename>
841 directories read-only for processes invoked by this unit. If
842 set to <literal>full</literal>, the <filename>/etc</filename>
843 directory is mounted read-only, too. This setting ensures that
844 any modification of the vendor supplied operating system (and
845 optionally its configuration) is prohibited for the service.
846 It is recommended to enable this setting for all long-running
847 services, unless they are involved with system updates or need
848 to modify the operating system in other ways. Note however
849 that processes retaining the CAP_SYS_ADMIN capability can undo
850 the effect of this setting. This setting is hence particularly
851 useful for daemons which have this capability removed, for
852 example with <varname>CapabilityBoundingSet=</varname>.
853 Defaults to off.</para></listitem>
854 </varlistentry>
855
856 <varlistentry>
857 <term><varname>ProtectHome=</varname></term>
858
859 <listitem><para>Takes a boolean argument or
860 <literal>read-only</literal>. If true, the directories
861 <filename>/home</filename> and <filename>/run/user</filename>
862 are made inaccessible and empty for processes invoked by this
863 unit. If set to <literal>read-only</literal>, the two
864 directories are made read-only instead. It is recommended to
865 enable this setting for all long-running services (in
866 particular network-facing ones), to ensure they cannot get
867 access to private user data, unless the services actually
868 require access to the user's private data. Note however that
869 processes retaining the CAP_SYS_ADMIN capability can undo the
870 effect of this setting. This setting is hence particularly
871 useful for daemons which have this capability removed, for
872 example with <varname>CapabilityBoundingSet=</varname>.
873 Defaults to off.</para></listitem>
874 </varlistentry>
875
876 <varlistentry>
877 <term><varname>MountFlags=</varname></term>
878
879 <listitem><para>Takes a mount propagation flag:
880 <option>shared</option>, <option>slave</option> or
881 <option>private</option>, which control whether mounts in the
882 file system namespace set up for this unit's processes will
883 receive or propagate mounts or unmounts. See
3ba3a79d 884 <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 885 for details. Defaults to <option>shared</option>. Use
886 <option>shared</option> to ensure that mounts and unmounts are
887 propagated from the host to the container and vice versa. Use
888 <option>slave</option> to run processes so that none of their
889 mounts and unmounts will propagate to the host. Use
890 <option>private</option> to also ensure that no mounts and
891 unmounts from the host will propagate into the unit processes'
892 namespace. Note that <option>slave</option> means that file
893 systems mounted on the host might stay mounted continuously in
894 the unit's namespace, and thus keep the device busy. Note that
895 the file system namespace related options
896 (<varname>PrivateTmp=</varname>,
897 <varname>PrivateDevices=</varname>,
898 <varname>ProtectSystem=</varname>,
899 <varname>ProtectHome=</varname>,
900 <varname>ReadOnlyDirectories=</varname>,
901 <varname>InaccessibleDirectories=</varname> and
902 <varname>ReadWriteDirectories=</varname>) require that mount
903 and unmount propagation from the unit's file system namespace
904 is disabled, and hence downgrade <option>shared</option> to
905 <option>slave</option>. </para></listitem>
906 </varlistentry>
907
908 <varlistentry>
909 <term><varname>UtmpIdentifier=</varname></term>
910
911 <listitem><para>Takes a four character identifier string for
912 an utmp/wtmp entry for this service. This should only be set
913 for services such as <command>getty</command> implementations
914 where utmp/wtmp entries must be created and cleared before and
915 after execution. If the configured string is longer than four
916 characters, it is truncated and the terminal four characters
917 are used. This setting interprets %I style string
918 replacements. This setting is unset by default, i.e. no
919 utmp/wtmp entries are created or cleaned up for this
920 service.</para></listitem>
921 </varlistentry>
922
923 <varlistentry>
924 <term><varname>SELinuxContext=</varname></term>
925
926 <listitem><para>Set the SELinux security context of the
927 executed process. If set, this will override the automated
928 domain transition. However, the policy still needs to
929 authorize the transition. This directive is ignored if SELinux
930 is disabled. If prefixed by <literal>-</literal>, all errors
931 will be ignored. See
3ba3a79d 932 <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a52
ZJS		 933 for details.</para></listitem>
934 </varlistentry>
935
936 <varlistentry>
937 <term><varname>AppArmorProfile=</varname></term>
938
939 <listitem><para>Takes a profile name as argument. The process
940 executed by the unit will switch to this profile when started.
941 Profiles must already be loaded in the kernel, or the unit
942 will fail. This result in a non operation if AppArmor is not
943 enabled. If prefixed by <literal>-</literal>, all errors will
944 be ignored. </para></listitem>
945 </varlistentry>
946
947 <varlistentry>
948 <term><varname>SmackProcessLabel=</varname></term>
949
950 <listitem><para>Takes a <option>SMACK64</option> security
951 label as argument. The process executed by the unit will be
952 started under this label and SMACK will decide whether the
953 processes is allowed to run or not based on it. The process
954 will continue to run under the label specified here unless the
955 executable has its own <option>SMACK64EXEC</option> label, in
956 which case the process will transition to run under that
957 label. When not specified, the label that systemd is running
958 under is used. This directive is ignored if SMACK is
959 disabled.</para>
960
961 <para>The value may be prefixed by <literal>-</literal>, in
962 which case all errors will be ignored. An empty value may be
963 specified to unset previous assignments.</para>
964 </listitem>
965 </varlistentry>
966
967 <varlistentry>
968 <term><varname>IgnoreSIGPIPE=</varname></term>
969
970 <listitem><para>Takes a boolean argument. If true, causes
971 <constant>SIGPIPE</constant> to be ignored in the executed
972 process. Defaults to true because <constant>SIGPIPE</constant>
973 generally is useful only in shell pipelines.</para></listitem>
974 </varlistentry>
975
976 <varlistentry>
977 <term><varname>NoNewPrivileges=</varname></term>
978
979 <listitem><para>Takes a boolean argument. If true, ensures
980 that the service process and all its children can never gain
981 new privileges. This option is more powerful than the
982 respective secure bits flags (see above), as it also prohibits
983 UID changes of any kind. This is the simplest, most effective
984 way to ensure that a process and its children can never
985 elevate privileges again.</para></listitem>
986 </varlistentry>
987
988 <varlistentry>
989 <term><varname>SystemCallFilter=</varname></term>
990
991 <listitem><para>Takes a space-separated list of system call
992 names. If this setting is used, all system calls executed by
993 the unit processes except for the listed ones will result in
994 immediate process termination with the
995 <constant>SIGSYS</constant> signal (whitelisting). If the
996 first character of the list is <literal>~</literal>, the
997 effect is inverted: only the listed system calls will result
998 in immediate process termination (blacklisting). If running in
999 user mode and this option is used,
1000 <varname>NoNewPrivileges=yes</varname> is implied. This
1001 feature makes use of the Secure Computing Mode 2 interfaces of
1002 the kernel ('seccomp filtering') and is useful for enforcing a
1003 minimal sandboxing environment. Note that the
1004 <function>execve</function>,
1005 <function>rt_sigreturn</function>,
1006 <function>sigreturn</function>,
1007 <function>exit_group</function>, <function>exit</function>
1008 system calls are implicitly whitelisted and do not need to be
1009 listed explicitly. This option may be specified more than once
1010 in which case the filter masks are merged. If the empty string
1011 is assigned, the filter is reset, all prior assignments will
1012 have no effect.</para>
1013
1014 <para>If you specify both types of this option (i.e.
1015 whitelisting and blacklisting), the first encountered will
1016 take precedence and will dictate the default action
1017 (termination or approval of a system call). Then the next
1018 occurrences of this option will add or delete the listed
1019 system calls from the set of the filtered system calls,
1020 depending of its type and the default action. (For example, if
1021 you have started with a whitelisting of
1022 <function>read</function> and <function>write</function>, and
1023 right after it add a blacklisting of
1024 <function>write</function>, then <function>write</function>
1025 will be removed from the set.) </para></listitem>
1026 </varlistentry>
1027
1028 <varlistentry>
1029 <term><varname>SystemCallErrorNumber=</varname></term>
1030
1031 <listitem><para>Takes an <literal>errno</literal> error number
1032 name to return when the system call filter configured with
1033 <varname>SystemCallFilter=</varname> is triggered, instead of
1034 terminating the process immediately. Takes an error name such
1035 as <constant>EPERM</constant>, <constant>EACCES</constant> or
1036 <constant>EUCLEAN</constant>. When this setting is not used,
1037 or when the empty string is assigned, the process will be
1038 terminated immediately when the filter is
1039 triggered.</para></listitem>
1040 </varlistentry>
1041
1042 <varlistentry>
1043 <term><varname>SystemCallArchitectures=</varname></term>
1044
1045 <listitem><para>Takes a space separated list of architecture
1046 identifiers to include in the system call filter. The known
1047 architecture identifiers are <constant>x86</constant>,
1048 <constant>x86-64</constant>, <constant>x32</constant>,
1049 <constant>arm</constant> as well as the special identifier
1050 <constant>native</constant>. Only system calls of the
1051 specified architectures will be permitted to processes of this
1052 unit. This is an effective way to disable compatibility with
1053 non-native architectures for processes, for example to
1054 prohibit execution of 32-bit x86 binaries on 64-bit x86-64
1055 systems. The special <constant>native</constant> identifier
1056 implicitly maps to the native architecture of the system (or
1057 more strictly: to the architecture the system manager is
1058 compiled for). If running in user mode and this option is
1059 used, <varname>NoNewPrivileges=yes</varname> is implied. Note
1060 that setting this option to a non-empty list implies that
1061 <constant>native</constant> is included too. By default, this
1062 option is set to the empty list, i.e. no architecture system
1063 call filtering is applied.</para></listitem>
1064 </varlistentry>
1065
1066 <varlistentry>
1067 <term><varname>RestrictAddressFamilies=</varname></term>
1068
1069 <listitem><para>Restricts the set of socket address families
1070 accessible to the processes of this unit. Takes a
1071 space-separated list of address family names to whitelist,
1072 such as
1073 <constant>AF_UNIX</constant>,
1074 <constant>AF_INET</constant> or
1075 <constant>AF_INET6</constant>. When
1076 prefixed with <constant>~</constant> the listed address
1077 families will be applied as blacklist, otherwise as whitelist.
1078 Note that this restricts access to the
3ba3a79d 1079 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 1080 system call only. Sockets passed into the process by other
1081 means (for example, by using socket activation with socket
1082 units, see
1083 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1084 are unaffected. Also, sockets created with
1085 <function>socketpair()</function> (which creates connected
1086 AF_UNIX sockets only) are unaffected. Note that this option
1087 has no effect on 32-bit x86 and is ignored (but works
1088 correctly on x86-64). If running in user mode and this option
1089 is used, <varname>NoNewPrivileges=yes</varname> is implied. By
1090 default, no restriction applies, all address families are
1091 accessible to processes. If assigned the empty string, any
1092 previous list changes are undone.</para>
1093
1094 <para>Use this option to limit exposure of processes to remote
1095 systems, in particular via exotic network protocols. Note that
1096 in most cases, the local <constant>AF_UNIX</constant> address
1097 family should be included in the configured whitelist as it is
1098 frequently used for local communication, including for
1099 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1100 logging.</para></listitem>
1101 </varlistentry>
1102
1103 <varlistentry>
1104 <term><varname>Personality=</varname></term>
1105
1106 <listitem><para>Controls which kernel architecture
3ba3a79d 1107 <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 1108 shall report, when invoked by unit processes. Takes one of
1109 <constant>x86</constant> and <constant>x86-64</constant>. This
1110 is useful when running 32-bit services on a 64-bit host
1111 system. If not specified, the personality is left unmodified
1112 and thus reflects the personality of the host system's
1113 kernel.</para></listitem>
1114 </varlistentry>
1115
1116 <varlistentry>
1117 <term><varname>RuntimeDirectory=</varname></term>
1118 <term><varname>RuntimeDirectoryMode=</varname></term>
1119
1120 <listitem><para>Takes a list of directory names. If set, one
1121 or more directories by the specified names will be created
1122 below <filename>/run</filename> (for system services) or below
1123 <varname>$XDG_RUNTIME_DIR</varname> (for user services) when
1124 the unit is started, and removed when the unit is stopped. The
1125 directories will have the access mode specified in
1126 <varname>RuntimeDirectoryMode=</varname>, and will be owned by
1127 the user and group specified in <varname>User=</varname> and
1128 <varname>Group=</varname>. Use this to manage one or more
1129 runtime directories of the unit and bind their lifetime to the
1130 daemon runtime. The specified directory names must be
1131 relative, and may not include a <literal>/</literal>, i.e.
1132 must refer to simple directories to create or remove. This is
1133 particularly useful for unprivileged daemons that cannot
1134 create runtime directories in <filename>/run</filename> due to
1135 lack of privileges, and to make sure the runtime directory is
1136 cleaned up automatically after use. For runtime directories
1137 that require more complex or different configuration or
1138 lifetime guarantees, please consider using
1139 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
1140 </varlistentry>
1141
1142 </variablelist>
1143 </refsect1>
1144
1145 <refsect1>
1146 <title>Environment variables in spawned processes</title>
1147
1148 <para>Processes started by the system are executed in a clean
1149 environment in which select variables listed below are set. System
1150 processes started by systemd do not inherit variables from PID 1,
1151 but processes started by user systemd instances inherit all
1152 environment variables from the user systemd instance.
1153 </para>
1154
1155 <variablelist class='environment-variables'>
1156 <varlistentry>
1157 <term><varname>$PATH</varname></term>
1158
1159 <listitem><para>Colon-separated list of directories to use
1160 when launching executables. Systemd uses a fixed value of
1161 <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
1162 </para></listitem>
1163 </varlistentry>
1164
1165 <varlistentry>
1166 <term><varname>$LANG</varname></term>
1167
1168 <listitem><para>Locale. Can be set in
3ba3a79d 1169 <citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a52
ZJS		 1170 or on the kernel command line (see
1171 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1172 and
1173 <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
1174 </para></listitem>
1175 </varlistentry>
1176
1177 <varlistentry>
1178 <term><varname>$USER</varname></term>
1179 <term><varname>$LOGNAME</varname></term>
1180 <term><varname>$HOME</varname></term>
1181 <term><varname>$SHELL</varname></term>
1182
1183 <listitem><para>User name (twice), home directory, and the
1184 login shell. The variables are set for the units that have
1185 <varname>User=</varname> set, which includes user
1186 <command>systemd</command> instances. See
3ba3a79d 1187 <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
798d3a52
ZJS		 1188 </para></listitem>
1189 </varlistentry>
1190
1191 <varlistentry>
1192 <term><varname>$XDG_RUNTIME_DIR</varname></term>
1193
1194 <listitem><para>The directory for volatile state. Set for the
1195 user <command>systemd</command> instance, and also in user
1196 sessions. See
1197 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
1198 </para></listitem>
1199 </varlistentry>
1200
1201 <varlistentry>
1202 <term><varname>$XDG_SESSION_ID</varname></term>
1203 <term><varname>$XDG_SEAT</varname></term>
1204 <term><varname>$XDG_VTNR</varname></term>
1205
1206 <listitem><para>The identifier of the session, the seat name,
1207 and virtual terminal of the session. Set by
1208 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
1209 for login sessions. <varname>$XDG_SEAT</varname> and
1210 <varname>$XDG_VTNR</varname> will only be set when attached to
1211 a seat and a tty.</para></listitem>
1212 </varlistentry>
1213
1214 <varlistentry>
1215 <term><varname>$MAINPID</varname></term>
1216
1217 <listitem><para>The PID of the units main process if it is
1218 known. This is only set for control processes as invoked by
1219 <varname>ExecReload=</varname> and similar. </para></listitem>
1220 </varlistentry>
1221
1222 <varlistentry>
1223 <term><varname>$MANAGERPID</varname></term>
1224
1225 <listitem><para>The PID of the user <command>systemd</command>
1226 instance, set for processes spawned by it. </para></listitem>
1227 </varlistentry>
1228
1229 <varlistentry>
1230 <term><varname>$LISTEN_FDS</varname></term>
1231 <term><varname>$LISTEN_PID</varname></term>
1232
1233 <listitem><para>Information about file descriptors passed to a
1234 service for socket activation. See
1235 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
1236 </para></listitem>
1237 </varlistentry>
1238
1239 <varlistentry>
1240 <term><varname>$TERM</varname></term>
1241
1242 <listitem><para>Terminal type, set only for units connected to
1243 a terminal (<varname>StandardInput=tty</varname>,
1244 <varname>StandardOutput=tty</varname>, or
1245 <varname>StandardError=tty</varname>). See
1246 <citerefentry project='man-pages'><refentrytitle>termcap</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1247 </para></listitem>
1248 </varlistentry>
1249 </variablelist>
1250
1251 <para>Additional variables may be configured by the following
1252 means: for processes spawned in specific units, use the
1253 <varname>Environment=</varname> and
1254 <varname>EnvironmentFile=</varname> options above; to specify
1255 variables globally, use <varname>DefaultEnvironment=</varname>
1256 (see
1257 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1258 or the kernel option <varname>systemd.setenv=</varname> (see
1259 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
1260 Additional variables may also be set through PAM,
1261 cf. <citerefentry project='man-pages'><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
1262 </refsect1>
1263
1264 <refsect1>
1265 <title>See Also</title>
1266 <para>
1267 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1268 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1269 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1270 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1271 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1272 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1273 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1274 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1275 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1276 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1277 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
1278 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1279 <citerefentry project='man-pages'><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1280 </para>
1281 </refsect1>
dd1eb43b
LP		 1282
1283</refentry>
Unnamed repository; edit this file 'description' to name the repository.