]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.exec.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #1012 from gentoo-root/master
[thirdparty/systemd.git] / man / systemd.exec.xml
CommitLineData
dd1eb43b 1<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
dd1eb43b
LP		 3
4<!--
5 This file is part of systemd.
6
7 Copyright 2010 Lennart Poettering
8
9 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
dd1eb43b
LP		 12 (at your option) any later version.
13
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 17 Lesser General Public License for more details.
dd1eb43b 18
5430f7f2 19 You should have received a copy of the GNU Lesser General Public License
dd1eb43b
LP		 20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21-->
22
23<refentry id="systemd.exec">
798d3a52
ZJS		 24 <refentryinfo>
25 <title>systemd.exec</title>
26 <productname>systemd</productname>
27
28 <authorgroup>
29 <author>
30 <contrib>Developer</contrib>
31 <firstname>Lennart</firstname>
32 <surname>Poettering</surname>
33 <email>lennart@poettering.net</email>
34 </author>
35 </authorgroup>
36 </refentryinfo>
37
38 <refmeta>
39 <refentrytitle>systemd.exec</refentrytitle>
40 <manvolnum>5</manvolnum>
41 </refmeta>
42
43 <refnamediv>
44 <refname>systemd.exec</refname>
45 <refpurpose>Execution environment configuration</refpurpose>
46 </refnamediv>
47
48 <refsynopsisdiv>
49 <para><filename><replaceable>service</replaceable>.service</filename>,
50 <filename><replaceable>socket</replaceable>.socket</filename>,
51 <filename><replaceable>mount</replaceable>.mount</filename>,
52 <filename><replaceable>swap</replaceable>.swap</filename></para>
53 </refsynopsisdiv>
54
55 <refsect1>
56 <title>Description</title>
57
58 <para>Unit configuration files for services, sockets, mount
59 points, and swap devices share a subset of configuration options
60 which define the execution environment of spawned
61 processes.</para>
62
63 <para>This man page lists the configuration options shared by
64 these four unit types. See
65 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
66 for the common options of all unit configuration files, and
67 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
68 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
69 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
70 and
71 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
72 for more information on the specific unit configuration files. The
73 execution specific configuration options are configured in the
74 [Service], [Socket], [Mount], or [Swap] sections, depending on the
75 unit type.</para>
76 </refsect1>
77
78 <refsect1>
79 <title>Options</title>
80
81 <variablelist class='unit-directives'>
82
83 <varlistentry>
84 <term><varname>WorkingDirectory=</varname></term>
85
86 <listitem><para>Takes an absolute directory path. Sets the
87 working directory for executed processes. If not set, defaults
88 to the root directory when systemd is running as a system
89 instance and the respective user's home directory if run as
90 user.</para></listitem>
91 </varlistentry>
92
93 <varlistentry>
94 <term><varname>RootDirectory=</varname></term>
95
96 <listitem><para>Takes an absolute directory path. Sets the
97 root directory for executed processes, with the
98 <citerefentry project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
99 system call. If this is used, it must be ensured that the
100 process and all its auxiliary files are available in the
101 <function>chroot()</function> jail.</para></listitem>
102 </varlistentry>
103
104 <varlistentry>
105 <term><varname>User=</varname></term>
106 <term><varname>Group=</varname></term>
107
108 <listitem><para>Sets the Unix user or group that the processes
109 are executed as, respectively. Takes a single user or group
110 name or ID as argument. If no group is set, the default group
111 of the user is chosen.</para></listitem>
112 </varlistentry>
113
114 <varlistentry>
115 <term><varname>SupplementaryGroups=</varname></term>
116
117 <listitem><para>Sets the supplementary Unix groups the
118 processes are executed as. This takes a space-separated list
119 of group names or IDs. This option may be specified more than
120 once in which case all listed groups are set as supplementary
121 groups. When the empty string is assigned the list of
122 supplementary groups is reset, and all assignments prior to
123 this one will have no effect. In any way, this option does not
124 override, but extends the list of supplementary groups
125 configured in the system group database for the
126 user.</para></listitem>
127 </varlistentry>
128
129 <varlistentry>
130 <term><varname>Nice=</varname></term>
131
132 <listitem><para>Sets the default nice level (scheduling
133 priority) for executed processes. Takes an integer between -20
134 (highest priority) and 19 (lowest priority). See
135 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
136 for details.</para></listitem>
137 </varlistentry>
138
139 <varlistentry>
140 <term><varname>OOMScoreAdjust=</varname></term>
141
142 <listitem><para>Sets the adjustment level for the
143 Out-Of-Memory killer for executed processes. Takes an integer
144 between -1000 (to disable OOM killing for this process) and
145 1000 (to make killing of this process under memory pressure
146 very likely). See <ulink
147 url="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
148 for details.</para></listitem>
149 </varlistentry>
150
151 <varlistentry>
152 <term><varname>IOSchedulingClass=</varname></term>
153
154 <listitem><para>Sets the IO scheduling class for executed
155 processes. Takes an integer between 0 and 3 or one of the
156 strings <option>none</option>, <option>realtime</option>,
157 <option>best-effort</option> or <option>idle</option>. See
158 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
159 for details.</para></listitem>
160 </varlistentry>
161
162 <varlistentry>
163 <term><varname>IOSchedulingPriority=</varname></term>
164
165 <listitem><para>Sets the IO scheduling priority for executed
166 processes. Takes an integer between 0 (highest priority) and 7
167 (lowest priority). The available priorities depend on the
168 selected IO scheduling class (see above). See
169 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
170 for details.</para></listitem>
171 </varlistentry>
172
173 <varlistentry>
174 <term><varname>CPUSchedulingPolicy=</varname></term>
175
176 <listitem><para>Sets the CPU scheduling policy for executed
177 processes. Takes one of
178 <option>other</option>,
179 <option>batch</option>,
180 <option>idle</option>,
181 <option>fifo</option> or
182 <option>rr</option>. See
183 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
184 for details.</para></listitem>
185 </varlistentry>
186
187 <varlistentry>
188 <term><varname>CPUSchedulingPriority=</varname></term>
189
190 <listitem><para>Sets the CPU scheduling priority for executed
191 processes. The available priority range depends on the
192 selected CPU scheduling policy (see above). For real-time
193 scheduling policies an integer between 1 (lowest priority) and
194 99 (highest priority) can be used. See
195 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
196 for details. </para></listitem>
197 </varlistentry>
198
199 <varlistentry>
200 <term><varname>CPUSchedulingResetOnFork=</varname></term>
201
202 <listitem><para>Takes a boolean argument. If true, elevated
203 CPU scheduling priorities and policies will be reset when the
204 executed processes fork, and can hence not leak into child
205 processes. See
206 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
207 for details. Defaults to false.</para></listitem>
208 </varlistentry>
209
210 <varlistentry>
211 <term><varname>CPUAffinity=</varname></term>
212
213 <listitem><para>Controls the CPU affinity of the executed
214 processes. Takes a space-separated list of CPU indices. This
215 option may be specified more than once in which case the
216 specified CPU affinity masks are merged. If the empty string
217 is assigned, the mask is reset, all assignments prior to this
218 will have no effect. See
219 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
220 for details.</para></listitem>
221 </varlistentry>
222
223 <varlistentry>
224 <term><varname>UMask=</varname></term>
225
226 <listitem><para>Controls the file mode creation mask. Takes an
227 access mode in octal notation. See
228 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
229 for details. Defaults to 0022.</para></listitem>
230 </varlistentry>
231
232 <varlistentry>
233 <term><varname>Environment=</varname></term>
234
235 <listitem><para>Sets environment variables for executed
236 processes. Takes a space-separated list of variable
237 assignments. This option may be specified more than once in
238 which case all listed variables will be set. If the same
239 variable is set twice, the later setting will override the
240 earlier setting. If the empty string is assigned to this
241 option, the list of environment variables is reset, all prior
242 assignments have no effect. Variable expansion is not
243 performed inside the strings, however, specifier expansion is
244 possible. The $ character has no special meaning. If you need
245 to assign a value containing spaces to a variable, use double
246 quotes (") for the assignment.</para>
247
248 <para>Example:
249 <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"</programlisting>
250 gives three variables <literal>VAR1</literal>,
251 <literal>VAR2</literal>, <literal>VAR3</literal>
252 with the values <literal>word1 word2</literal>,
253 <literal>word3</literal>, <literal>$word 5 6</literal>.
254 </para>
255
256 <para>
257 See
258 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
259 for details about environment variables.</para></listitem>
260 </varlistentry>
261 <varlistentry>
262 <term><varname>EnvironmentFile=</varname></term>
263 <listitem><para>Similar to <varname>Environment=</varname> but
264 reads the environment variables from a text file. The text
265 file should contain new-line-separated variable assignments.
8f0d2981
RM		 266 Empty lines, lines without an <literal>=</literal> separator,
267 or lines starting with ; or # will be ignored,
798d3a52
ZJS		 268 which may be used for commenting. A line ending with a
269 backslash will be concatenated with the following one,
270 allowing multiline variable definitions. The parser strips
271 leading and trailing whitespace from the values of
272 assignments, unless you use double quotes (").</para>
273
274 <para>The argument passed should be an absolute filename or
275 wildcard expression, optionally prefixed with
276 <literal>-</literal>, which indicates that if the file does
277 not exist, it will not be read and no error or warning message
278 is logged. This option may be specified more than once in
279 which case all specified files are read. If the empty string
280 is assigned to this option, the list of file to read is reset,
281 all prior assignments have no effect.</para>
282
283 <para>The files listed with this directive will be read
284 shortly before the process is executed (more specifically,
285 after all processes from a previous unit state terminated.
286 This means you can generate these files in one unit state, and
f407824d
DH		 287 read it with this option in the next).</para>
288
289 <para>Settings from these
798d3a52
ZJS		 290 files override settings made with
291 <varname>Environment=</varname>. If the same variable is set
292 twice from these files, the files will be read in the order
293 they are specified and the later setting will override the
294 earlier setting.</para></listitem>
295 </varlistentry>
296
297 <varlistentry>
298 <term><varname>StandardInput=</varname></term>
299 <listitem><para>Controls where file descriptor 0 (STDIN) of
300 the executed processes is connected to. Takes one of
301 <option>null</option>,
302 <option>tty</option>,
303 <option>tty-force</option>,
304 <option>tty-fail</option> or
305 <option>socket</option>.</para>
306
307 <para>If <option>null</option> is selected, standard input
308 will be connected to <filename>/dev/null</filename>, i.e. all
309 read attempts by the process will result in immediate
310 EOF.</para>
311
312 <para>If <option>tty</option> is selected, standard input is
313 connected to a TTY (as configured by
314 <varname>TTYPath=</varname>, see below) and the executed
315 process becomes the controlling process of the terminal. If
316 the terminal is already being controlled by another process,
317 the executed process waits until the current controlling
318 process releases the terminal.</para>
319
320 <para><option>tty-force</option> is similar to
321 <option>tty</option>, but the executed process is forcefully
322 and immediately made the controlling process of the terminal,
323 potentially removing previous controlling processes from the
324 terminal.</para>
325
326 <para><option>tty-fail</option> is similar to
327 <option>tty</option> but if the terminal already has a
328 controlling process start-up of the executed process
329 fails.</para>
330
331 <para>The <option>socket</option> option is only valid in
332 socket-activated services, and only when the socket
333 configuration file (see
334 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
335 for details) specifies a single socket only. If this option is
336 set, standard input will be connected to the socket the
337 service was activated from, which is primarily useful for
338 compatibility with daemons designed for use with the
339 traditional
b5c7d097 340 <citerefentry project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
798d3a52
ZJS		 341 daemon.</para>
342
343 <para>This setting defaults to
344 <option>null</option>.</para></listitem>
345 </varlistentry>
346 <varlistentry>
347 <term><varname>StandardOutput=</varname></term>
348 <listitem><para>Controls where file descriptor 1 (STDOUT) of
349 the executed processes is connected to. Takes one of
350 <option>inherit</option>,
351 <option>null</option>,
352 <option>tty</option>,
353 <option>journal</option>,
354 <option>syslog</option>,
355 <option>kmsg</option>,
356 <option>journal+console</option>,
357 <option>syslog+console</option>,
358 <option>kmsg+console</option> or
359 <option>socket</option>.</para>
360
361 <para><option>inherit</option> duplicates the file descriptor
362 of standard input for standard output.</para>
363
364 <para><option>null</option> connects standard output to
365 <filename>/dev/null</filename>, i.e. everything written to it
366 will be lost.</para>
367
368 <para><option>tty</option> connects standard output to a tty
369 (as configured via <varname>TTYPath=</varname>, see below). If
370 the TTY is used for output only, the executed process will not
371 become the controlling process of the terminal, and will not
372 fail or wait for other processes to release the
373 terminal.</para>
374
375 <para><option>journal</option> connects standard output with
376 the journal which is accessible via
377 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
378 Note that everything that is written to syslog or kmsg (see
379 below) is implicitly stored in the journal as well, the
380 specific two options listed below are hence supersets of this
381 one.</para>
382
383 <para><option>syslog</option> connects standard output to the
384 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
385 system syslog service, in addition to the journal. Note that
386 the journal daemon is usually configured to forward everything
387 it receives to syslog anyway, in which case this option is no
388 different from <option>journal</option>.</para>
389
390 <para><option>kmsg</option> connects standard output with the
391 kernel log buffer which is accessible via
392 <citerefentry project='man-pages'><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
393 in addition to the journal. The journal daemon might be
394 configured to send all logs to kmsg anyway, in which case this
395 option is no different from <option>journal</option>.</para>
396
397 <para><option>journal+console</option>,
398 <option>syslog+console</option> and
399 <option>kmsg+console</option> work in a similar way as the
400 three options above but copy the output to the system console
401 as well.</para>
402
403 <para><option>socket</option> connects standard output to a
404 socket acquired via socket activation. The semantics are
405 similar to the same option of
406 <varname>StandardInput=</varname>.</para>
407
408 <para>This setting defaults to the value set with
409 <option>DefaultStandardOutput=</option> in
410 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
411 which defaults to <option>journal</option>.</para></listitem>
412 </varlistentry>
413 <varlistentry>
414 <term><varname>StandardError=</varname></term>
415 <listitem><para>Controls where file descriptor 2 (STDERR) of
416 the executed processes is connected to. The available options
417 are identical to those of <varname>StandardOutput=</varname>,
418 with one exception: if set to <option>inherit</option> the
419 file descriptor used for standard output is duplicated for
420 standard error. This setting defaults to the value set with
421 <option>DefaultStandardError=</option> in
422 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
423 which defaults to <option>inherit</option>.</para></listitem>
424 </varlistentry>
425 <varlistentry>
426 <term><varname>TTYPath=</varname></term>
427 <listitem><para>Sets the terminal device node to use if
428 standard input, output, or error are connected to a TTY (see
429 above). Defaults to
430 <filename>/dev/console</filename>.</para></listitem>
431 </varlistentry>
432 <varlistentry>
433 <term><varname>TTYReset=</varname></term>
434 <listitem><para>Reset the terminal device specified with
435 <varname>TTYPath=</varname> before and after execution.
436 Defaults to <literal>no</literal>.</para></listitem>
437 </varlistentry>
438 <varlistentry>
439 <term><varname>TTYVHangup=</varname></term>
440 <listitem><para>Disconnect all clients which have opened the
441 terminal device specified with <varname>TTYPath=</varname>
442 before and after execution. Defaults to
443 <literal>no</literal>.</para></listitem>
444 </varlistentry>
445 <varlistentry>
446 <term><varname>TTYVTDisallocate=</varname></term>
447 <listitem><para>If the terminal device specified with
448 <varname>TTYPath=</varname> is a virtual console terminal, try
449 to deallocate the TTY before and after execution. This ensures
450 that the screen and scrollback buffer is cleared. Defaults to
451 <literal>no</literal>.</para></listitem>
452 </varlistentry>
453 <varlistentry>
454 <term><varname>SyslogIdentifier=</varname></term>
455 <listitem><para>Sets the process name to prefix log lines sent
456 to the logging system or the kernel log buffer with. If not
457 set, defaults to the process name of the executed process.
458 This option is only useful when
459 <varname>StandardOutput=</varname> or
460 <varname>StandardError=</varname> are set to
461 <option>syslog</option>, <option>journal</option> or
462 <option>kmsg</option> (or to the same settings in combination
463 with <option>+console</option>).</para></listitem>
464 </varlistentry>
465 <varlistentry>
466 <term><varname>SyslogFacility=</varname></term>
467 <listitem><para>Sets the syslog facility to use when logging
468 to syslog. One of <option>kern</option>,
469 <option>user</option>, <option>mail</option>,
470 <option>daemon</option>, <option>auth</option>,
471 <option>syslog</option>, <option>lpr</option>,
472 <option>news</option>, <option>uucp</option>,
473 <option>cron</option>, <option>authpriv</option>,
474 <option>ftp</option>, <option>local0</option>,
475 <option>local1</option>, <option>local2</option>,
476 <option>local3</option>, <option>local4</option>,
477 <option>local5</option>, <option>local6</option> or
478 <option>local7</option>. See
479 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
480 for details. This option is only useful when
481 <varname>StandardOutput=</varname> or
482 <varname>StandardError=</varname> are set to
483 <option>syslog</option>. Defaults to
484 <option>daemon</option>.</para></listitem>
485 </varlistentry>
486 <varlistentry>
487 <term><varname>SyslogLevel=</varname></term>
488 <listitem><para>Default syslog level to use when logging to
489 syslog or the kernel log buffer. One of
490 <option>emerg</option>,
491 <option>alert</option>,
492 <option>crit</option>,
493 <option>err</option>,
494 <option>warning</option>,
495 <option>notice</option>,
496 <option>info</option>,
497 <option>debug</option>. See
498 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
499 for details. This option is only useful when
500 <varname>StandardOutput=</varname> or
501 <varname>StandardError=</varname> are set to
502 <option>syslog</option> or <option>kmsg</option>. Note that
503 individual lines output by the daemon might be prefixed with a
504 different log level which can be used to override the default
505 log level specified here. The interpretation of these prefixes
506 may be disabled with <varname>SyslogLevelPrefix=</varname>,
507 see below. For details see
508 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
509
510 Defaults to
511 <option>info</option>.</para></listitem>
512 </varlistentry>
513
514 <varlistentry>
515 <term><varname>SyslogLevelPrefix=</varname></term>
516 <listitem><para>Takes a boolean argument. If true and
517 <varname>StandardOutput=</varname> or
518 <varname>StandardError=</varname> are set to
519 <option>syslog</option>, <option>kmsg</option> or
520 <option>journal</option>, log lines written by the executed
521 process that are prefixed with a log level will be passed on
522 to syslog with this log level set but the prefix removed. If
523 set to false, the interpretation of these prefixes is disabled
524 and the logged lines are passed on as-is. For details about
525 this prefixing see
526 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
527 Defaults to true.</para></listitem>
528 </varlistentry>
529
530 <varlistentry>
531 <term><varname>TimerSlackNSec=</varname></term>
532 <listitem><para>Sets the timer slack in nanoseconds for the
533 executed processes. The timer slack controls the accuracy of
534 wake-ups triggered by timers. See
535 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
536 for more information. Note that in contrast to most other time
537 span definitions this parameter takes an integer value in
538 nano-seconds if no unit is specified. The usual time units are
539 understood too.</para></listitem>
540 </varlistentry>
541
542 <varlistentry>
543 <term><varname>LimitCPU=</varname></term>
544 <term><varname>LimitFSIZE=</varname></term>
545 <term><varname>LimitDATA=</varname></term>
546 <term><varname>LimitSTACK=</varname></term>
547 <term><varname>LimitCORE=</varname></term>
548 <term><varname>LimitRSS=</varname></term>
549 <term><varname>LimitNOFILE=</varname></term>
550 <term><varname>LimitAS=</varname></term>
551 <term><varname>LimitNPROC=</varname></term>
552 <term><varname>LimitMEMLOCK=</varname></term>
553 <term><varname>LimitLOCKS=</varname></term>
554 <term><varname>LimitSIGPENDING=</varname></term>
555 <term><varname>LimitMSGQUEUE=</varname></term>
556 <term><varname>LimitNICE=</varname></term>
557 <term><varname>LimitRTPRIO=</varname></term>
558 <term><varname>LimitRTTIME=</varname></term>
559 <listitem><para>These settings set both soft and hard limits
560 of various resources for executed processes. See
561 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
562 for details. Use the string <varname>infinity</varname> to
563 configure no limit on a specific resource.</para></listitem>
564
565 <table>
566 <title>Limit directives and their equivalent with ulimit</title>
567
568 <tgroup cols='2'>
569 <colspec colname='directive' />
570 <colspec colname='equivalent' />
571 <thead>
572 <row>
573 <entry>Directive</entry>
574 <entry>ulimit equivalent</entry>
575 </row>
576 </thead>
577 <tbody>
578 <row>
579 <entry>LimitCPU</entry>
580 <entry>ulimit -t</entry>
581 </row>
582 <row>
583 <entry>LimitFSIZE</entry>
584 <entry>ulimit -f</entry>
585 </row>
586 <row>
587 <entry>LimitDATA</entry>
588 <entry>ulimit -d</entry>
589 </row>
590 <row>
591 <entry>LimitSTACK</entry>
592 <entry>ulimit -s</entry>
593 </row>
594 <row>
595 <entry>LimitCORE</entry>
596 <entry>ulimit -c</entry>
597 </row>
598 <row>
599 <entry>LimitRSS</entry>
600 <entry>ulimit -m</entry>
601 </row>
602 <row>
603 <entry>LimitNOFILE</entry>
604 <entry>ulimit -n</entry>
605 </row>
606 <row>
607 <entry>LimitAS</entry>
608 <entry>ulimit -v</entry>
609 </row>
610 <row>
611 <entry>LimitNPROC</entry>
612 <entry>ulimit -u</entry>
613 </row>
614 <row>
615 <entry>LimitMEMLOCK</entry>
616 <entry>ulimit -l</entry>
617 </row>
618 <row>
619 <entry>LimitLOCKS</entry>
620 <entry>ulimit -x</entry>
621 </row>
622 <row>
623 <entry>LimitSIGPENDING</entry>
624 <entry>ulimit -i</entry>
625 </row>
626 <row>
627 <entry>LimitMSGQUEUE</entry>
628 <entry>ulimit -q</entry>
629 </row>
630 <row>
631 <entry>LimitNICE</entry>
632 <entry>ulimit -e</entry>
633 </row>
634 <row>
635 <entry>LimitRTPRIO</entry>
636 <entry>ulimit -r</entry>
637 </row>
638 <row>
639 <entry>LimitRTTIME</entry>
640 <entry>No equivalent</entry>
641 </row>
642 </tbody>
643 </tgroup>
644 </table>
645 </varlistentry>
646
647 <varlistentry>
648 <term><varname>PAMName=</varname></term>
649 <listitem><para>Sets the PAM service name to set up a session
650 as. If set, the executed process will be registered as a PAM
651 session under the specified service name. This is only useful
652 in conjunction with the <varname>User=</varname> setting. If
653 not set, no PAM session will be opened for the executed
654 processes. See
655 <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
656 for details.</para></listitem>
657 </varlistentry>
658
659 <varlistentry>
660 <term><varname>CapabilityBoundingSet=</varname></term>
661
662 <listitem><para>Controls which capabilities to include in the
663 capability bounding set for the executed process. See
664 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
665 for details. Takes a whitespace-separated list of capability
666 names as read by
3ba3a79d 667 <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
798d3a52
ZJS		 668 e.g. <constant>CAP_SYS_ADMIN</constant>,
669 <constant>CAP_DAC_OVERRIDE</constant>,
670 <constant>CAP_SYS_PTRACE</constant>. Capabilities listed will
671 be included in the bounding set, all others are removed. If
672 the list of capabilities is prefixed with
673 <literal>~</literal>, all but the listed capabilities will be
674 included, the effect of the assignment inverted. Note that
675 this option also affects the respective capabilities in the
676 effective, permitted and inheritable capability sets, on top
677 of what <varname>Capabilities=</varname> does. If this option
678 is not used, the capability bounding set is not modified on
679 process execution, hence no limits on the capabilities of the
680 process are enforced. This option may appear more than once in
681 which case the bounding sets are merged. If the empty string
682 is assigned to this option, the bounding set is reset to the
683 empty capability set, and all prior settings have no effect.
684 If set to <literal>~</literal> (without any further argument),
685 the bounding set is reset to the full set of available
686 capabilities, also undoing any previous
687 settings.</para></listitem>
688 </varlistentry>
689
690 <varlistentry>
691 <term><varname>SecureBits=</varname></term>
692 <listitem><para>Controls the secure bits set for the executed
693 process. Takes a space-separated combination of options from
694 the following list:
695 <option>keep-caps</option>,
696 <option>keep-caps-locked</option>,
697 <option>no-setuid-fixup</option>,
698 <option>no-setuid-fixup-locked</option>,
699 <option>noroot</option>, and
700 <option>noroot-locked</option>.
701 This option may appear more than once in which case the secure
702 bits are ORed. If the empty string is assigned to this option,
703 the bits are reset to 0. See
704 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
705 for details.</para></listitem>
706 </varlistentry>
707
708 <varlistentry>
709 <term><varname>Capabilities=</varname></term>
710 <listitem><para>Controls the
711 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
712 set for the executed process. Take a capability string
713 describing the effective, permitted and inherited capability
714 sets as documented in
3ba3a79d 715 <citerefentry project='mankier'><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a52
ZJS		 716 Note that these capability sets are usually influenced (and
717 filtered) by the capabilities attached to the executed file.
718 Due to that <varname>CapabilityBoundingSet=</varname> is
719 probably a much more useful setting.</para></listitem>
720 </varlistentry>
721
722 <varlistentry>
723 <term><varname>ReadWriteDirectories=</varname></term>
724 <term><varname>ReadOnlyDirectories=</varname></term>
725 <term><varname>InaccessibleDirectories=</varname></term>
726
727 <listitem><para>Sets up a new file system namespace for
728 executed processes. These options may be used to limit access
729 a process might have to the main file system hierarchy. Each
730 setting takes a space-separated list of absolute directory
731 paths. Directories listed in
732 <varname>ReadWriteDirectories=</varname> are accessible from
733 within the namespace with the same access rights as from
734 outside. Directories listed in
735 <varname>ReadOnlyDirectories=</varname> are accessible for
736 reading only, writing will be refused even if the usual file
737 access controls would permit this. Directories listed in
738 <varname>InaccessibleDirectories=</varname> will be made
739 inaccessible for processes inside the namespace. Note that
740 restricting access with these options does not extend to
741 submounts of a directory that are created later on. These
742 options may be specified more than once in which case all
743 directories listed will have limited access from within the
744 namespace. If the empty string is assigned to this option, the
745 specific list is reset, and all prior assignments have no
746 effect.</para>
747 <para>Paths in
748 <varname>ReadOnlyDirectories=</varname>
749 and
750 <varname>InaccessibleDirectories=</varname>
751 may be prefixed with
752 <literal>-</literal>, in which case
753 they will be ignored when they do not
754 exist. Note that using this
755 setting will disconnect propagation of
756 mounts from the service to the host
757 (propagation in the opposite direction
758 continues to work). This means that
759 this setting may not be used for
760 services which shall be able to
761 install mount points in the main mount
762 namespace.</para></listitem>
763 </varlistentry>
764
765 <varlistentry>
766 <term><varname>PrivateTmp=</varname></term>
767
768 <listitem><para>Takes a boolean argument. If true, sets up a
769 new file system namespace for the executed processes and
770 mounts private <filename>/tmp</filename> and
771 <filename>/var/tmp</filename> directories inside it that is
772 not shared by processes outside of the namespace. This is
773 useful to secure access to temporary files of the process, but
774 makes sharing between processes via <filename>/tmp</filename>
775 or <filename>/var/tmp</filename> impossible. If this is
776 enabled, all temporary files created by a service in these
777 directories will be removed after the service is stopped.
778 Defaults to false. It is possible to run two or more units
779 within the same private <filename>/tmp</filename> and
780 <filename>/var/tmp</filename> namespace by using the
781 <varname>JoinsNamespaceOf=</varname> directive, see
782 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
783 for details. Note that using this setting will disconnect
784 propagation of mounts from the service to the host
785 (propagation in the opposite direction continues to work).
786 This means that this setting may not be used for services
787 which shall be able to install mount points in the main mount
788 namespace.</para></listitem>
789 </varlistentry>
790
791 <varlistentry>
792 <term><varname>PrivateDevices=</varname></term>
793
794 <listitem><para>Takes a boolean argument. If true, sets up a
795 new /dev namespace for the executed processes and only adds
796 API pseudo devices such as <filename>/dev/null</filename>,
797 <filename>/dev/zero</filename> or
798 <filename>/dev/random</filename> (as well as the pseudo TTY
799 subsystem) to it, but no physical devices such as
800 <filename>/dev/sda</filename>. This is useful to securely turn
801 off physical device access by the executed process. Defaults
802 to false. Enabling this option will also remove
803 <constant>CAP_MKNOD</constant> from the capability bounding
804 set for the unit (see above), and set
805 <varname>DevicePolicy=closed</varname> (see
806 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
807 for details). Note that using this setting will disconnect
808 propagation of mounts from the service to the host
809 (propagation in the opposite direction continues to work).
810 This means that this setting may not be used for services
811 which shall be able to install mount points in the main mount
812 namespace.</para></listitem>
813 </varlistentry>
814
815 <varlistentry>
816 <term><varname>PrivateNetwork=</varname></term>
817
818 <listitem><para>Takes a boolean argument. If true, sets up a
819 new network namespace for the executed processes and
820 configures only the loopback network device
821 <literal>lo</literal> inside it. No other network devices will
822 be available to the executed process. This is useful to
823 securely turn off network access by the executed process.
824 Defaults to false. It is possible to run two or more units
825 within the same private network namespace by using the
826 <varname>JoinsNamespaceOf=</varname> directive, see
827 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
828 for details. Note that this option will disconnect all socket
829 families from the host, this includes AF_NETLINK and AF_UNIX.
830 The latter has the effect that AF_UNIX sockets in the abstract
831 socket namespace will become unavailable to the processes
832 (however, those located in the file system will continue to be
833 accessible).</para></listitem>
834 </varlistentry>
835
836 <varlistentry>
837 <term><varname>ProtectSystem=</varname></term>
838
839 <listitem><para>Takes a boolean argument or
840 <literal>full</literal>. If true, mounts the
841 <filename>/usr</filename> and <filename>/boot</filename>
842 directories read-only for processes invoked by this unit. If
843 set to <literal>full</literal>, the <filename>/etc</filename>
844 directory is mounted read-only, too. This setting ensures that
845 any modification of the vendor supplied operating system (and
846 optionally its configuration) is prohibited for the service.
847 It is recommended to enable this setting for all long-running
848 services, unless they are involved with system updates or need
849 to modify the operating system in other ways. Note however
850 that processes retaining the CAP_SYS_ADMIN capability can undo
851 the effect of this setting. This setting is hence particularly
852 useful for daemons which have this capability removed, for
853 example with <varname>CapabilityBoundingSet=</varname>.
854 Defaults to off.</para></listitem>
855 </varlistentry>
856
857 <varlistentry>
858 <term><varname>ProtectHome=</varname></term>
859
860 <listitem><para>Takes a boolean argument or
861 <literal>read-only</literal>. If true, the directories
58331437
CH		 862 <filename>/home</filename>, <filename>/root</filename> and
863 <filename>/run/user</filename>
798d3a52 864 are made inaccessible and empty for processes invoked by this
58331437 865 unit. If set to <literal>read-only</literal>, the three
798d3a52
ZJS		 866 directories are made read-only instead. It is recommended to
867 enable this setting for all long-running services (in
868 particular network-facing ones), to ensure they cannot get
869 access to private user data, unless the services actually
870 require access to the user's private data. Note however that
871 processes retaining the CAP_SYS_ADMIN capability can undo the
872 effect of this setting. This setting is hence particularly
873 useful for daemons which have this capability removed, for
874 example with <varname>CapabilityBoundingSet=</varname>.
875 Defaults to off.</para></listitem>
876 </varlistentry>
877
878 <varlistentry>
879 <term><varname>MountFlags=</varname></term>
880
881 <listitem><para>Takes a mount propagation flag:
882 <option>shared</option>, <option>slave</option> or
883 <option>private</option>, which control whether mounts in the
884 file system namespace set up for this unit's processes will
885 receive or propagate mounts or unmounts. See
3ba3a79d 886 <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 887 for details. Defaults to <option>shared</option>. Use
888 <option>shared</option> to ensure that mounts and unmounts are
889 propagated from the host to the container and vice versa. Use
890 <option>slave</option> to run processes so that none of their
891 mounts and unmounts will propagate to the host. Use
892 <option>private</option> to also ensure that no mounts and
893 unmounts from the host will propagate into the unit processes'
894 namespace. Note that <option>slave</option> means that file
895 systems mounted on the host might stay mounted continuously in
896 the unit's namespace, and thus keep the device busy. Note that
897 the file system namespace related options
898 (<varname>PrivateTmp=</varname>,
899 <varname>PrivateDevices=</varname>,
900 <varname>ProtectSystem=</varname>,
901 <varname>ProtectHome=</varname>,
902 <varname>ReadOnlyDirectories=</varname>,
903 <varname>InaccessibleDirectories=</varname> and
904 <varname>ReadWriteDirectories=</varname>) require that mount
905 and unmount propagation from the unit's file system namespace
906 is disabled, and hence downgrade <option>shared</option> to
907 <option>slave</option>. </para></listitem>
908 </varlistentry>
909
910 <varlistentry>
911 <term><varname>UtmpIdentifier=</varname></term>
912
913 <listitem><para>Takes a four character identifier string for
914 an utmp/wtmp entry for this service. This should only be set
915 for services such as <command>getty</command> implementations
916 where utmp/wtmp entries must be created and cleared before and
917 after execution. If the configured string is longer than four
918 characters, it is truncated and the terminal four characters
919 are used. This setting interprets %I style string
920 replacements. This setting is unset by default, i.e. no
921 utmp/wtmp entries are created or cleaned up for this
922 service.</para></listitem>
923 </varlistentry>
924
925 <varlistentry>
926 <term><varname>SELinuxContext=</varname></term>
927
928 <listitem><para>Set the SELinux security context of the
929 executed process. If set, this will override the automated
930 domain transition. However, the policy still needs to
931 authorize the transition. This directive is ignored if SELinux
932 is disabled. If prefixed by <literal>-</literal>, all errors
933 will be ignored. See
3ba3a79d 934 <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a52
ZJS		 935 for details.</para></listitem>
936 </varlistentry>
937
938 <varlistentry>
939 <term><varname>AppArmorProfile=</varname></term>
940
941 <listitem><para>Takes a profile name as argument. The process
942 executed by the unit will switch to this profile when started.
943 Profiles must already be loaded in the kernel, or the unit
944 will fail. This result in a non operation if AppArmor is not
945 enabled. If prefixed by <literal>-</literal>, all errors will
946 be ignored. </para></listitem>
947 </varlistentry>
948
949 <varlistentry>
950 <term><varname>SmackProcessLabel=</varname></term>
951
952 <listitem><para>Takes a <option>SMACK64</option> security
953 label as argument. The process executed by the unit will be
954 started under this label and SMACK will decide whether the
955 processes is allowed to run or not based on it. The process
956 will continue to run under the label specified here unless the
957 executable has its own <option>SMACK64EXEC</option> label, in
958 which case the process will transition to run under that
959 label. When not specified, the label that systemd is running
960 under is used. This directive is ignored if SMACK is
961 disabled.</para>
962
963 <para>The value may be prefixed by <literal>-</literal>, in
964 which case all errors will be ignored. An empty value may be
965 specified to unset previous assignments.</para>
966 </listitem>
967 </varlistentry>
968
969 <varlistentry>
970 <term><varname>IgnoreSIGPIPE=</varname></term>
971
972 <listitem><para>Takes a boolean argument. If true, causes
973 <constant>SIGPIPE</constant> to be ignored in the executed
974 process. Defaults to true because <constant>SIGPIPE</constant>
975 generally is useful only in shell pipelines.</para></listitem>
976 </varlistentry>
977
978 <varlistentry>
979 <term><varname>NoNewPrivileges=</varname></term>
980
981 <listitem><para>Takes a boolean argument. If true, ensures
982 that the service process and all its children can never gain
983 new privileges. This option is more powerful than the
984 respective secure bits flags (see above), as it also prohibits
985 UID changes of any kind. This is the simplest, most effective
986 way to ensure that a process and its children can never
987 elevate privileges again.</para></listitem>
988 </varlistentry>
989
990 <varlistentry>
991 <term><varname>SystemCallFilter=</varname></term>
992
993 <listitem><para>Takes a space-separated list of system call
994 names. If this setting is used, all system calls executed by
995 the unit processes except for the listed ones will result in
996 immediate process termination with the
997 <constant>SIGSYS</constant> signal (whitelisting). If the
998 first character of the list is <literal>~</literal>, the
999 effect is inverted: only the listed system calls will result
1000 in immediate process termination (blacklisting). If running in
1001 user mode and this option is used,
1002 <varname>NoNewPrivileges=yes</varname> is implied. This
1003 feature makes use of the Secure Computing Mode 2 interfaces of
1004 the kernel ('seccomp filtering') and is useful for enforcing a
1005 minimal sandboxing environment. Note that the
1006 <function>execve</function>,
1007 <function>rt_sigreturn</function>,
1008 <function>sigreturn</function>,
1009 <function>exit_group</function>, <function>exit</function>
1010 system calls are implicitly whitelisted and do not need to be
1011 listed explicitly. This option may be specified more than once
1012 in which case the filter masks are merged. If the empty string
1013 is assigned, the filter is reset, all prior assignments will
1014 have no effect.</para>
1015
1016 <para>If you specify both types of this option (i.e.
1017 whitelisting and blacklisting), the first encountered will
1018 take precedence and will dictate the default action
1019 (termination or approval of a system call). Then the next
1020 occurrences of this option will add or delete the listed
1021 system calls from the set of the filtered system calls,
1022 depending of its type and the default action. (For example, if
1023 you have started with a whitelisting of
1024 <function>read</function> and <function>write</function>, and
1025 right after it add a blacklisting of
1026 <function>write</function>, then <function>write</function>
1027 will be removed from the set.) </para></listitem>
1028 </varlistentry>
1029
1030 <varlistentry>
1031 <term><varname>SystemCallErrorNumber=</varname></term>
1032
1033 <listitem><para>Takes an <literal>errno</literal> error number
1034 name to return when the system call filter configured with
1035 <varname>SystemCallFilter=</varname> is triggered, instead of
1036 terminating the process immediately. Takes an error name such
1037 as <constant>EPERM</constant>, <constant>EACCES</constant> or
1038 <constant>EUCLEAN</constant>. When this setting is not used,
1039 or when the empty string is assigned, the process will be
1040 terminated immediately when the filter is
1041 triggered.</para></listitem>
1042 </varlistentry>
1043
1044 <varlistentry>
1045 <term><varname>SystemCallArchitectures=</varname></term>
1046
1047 <listitem><para>Takes a space separated list of architecture
1048 identifiers to include in the system call filter. The known
1049 architecture identifiers are <constant>x86</constant>,
1050 <constant>x86-64</constant>, <constant>x32</constant>,
1051 <constant>arm</constant> as well as the special identifier
1052 <constant>native</constant>. Only system calls of the
1053 specified architectures will be permitted to processes of this
1054 unit. This is an effective way to disable compatibility with
1055 non-native architectures for processes, for example to
1056 prohibit execution of 32-bit x86 binaries on 64-bit x86-64
1057 systems. The special <constant>native</constant> identifier
1058 implicitly maps to the native architecture of the system (or
1059 more strictly: to the architecture the system manager is
1060 compiled for). If running in user mode and this option is
1061 used, <varname>NoNewPrivileges=yes</varname> is implied. Note
1062 that setting this option to a non-empty list implies that
1063 <constant>native</constant> is included too. By default, this
1064 option is set to the empty list, i.e. no architecture system
1065 call filtering is applied.</para></listitem>
1066 </varlistentry>
1067
1068 <varlistentry>
1069 <term><varname>RestrictAddressFamilies=</varname></term>
1070
1071 <listitem><para>Restricts the set of socket address families
1072 accessible to the processes of this unit. Takes a
1073 space-separated list of address family names to whitelist,
1074 such as
1075 <constant>AF_UNIX</constant>,
1076 <constant>AF_INET</constant> or
1077 <constant>AF_INET6</constant>. When
1078 prefixed with <constant>~</constant> the listed address
1079 families will be applied as blacklist, otherwise as whitelist.
1080 Note that this restricts access to the
3ba3a79d 1081 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 1082 system call only. Sockets passed into the process by other
1083 means (for example, by using socket activation with socket
1084 units, see
1085 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1086 are unaffected. Also, sockets created with
1087 <function>socketpair()</function> (which creates connected
1088 AF_UNIX sockets only) are unaffected. Note that this option
1089 has no effect on 32-bit x86 and is ignored (but works
1090 correctly on x86-64). If running in user mode and this option
1091 is used, <varname>NoNewPrivileges=yes</varname> is implied. By
1092 default, no restriction applies, all address families are
1093 accessible to processes. If assigned the empty string, any
1094 previous list changes are undone.</para>
1095
1096 <para>Use this option to limit exposure of processes to remote
1097 systems, in particular via exotic network protocols. Note that
1098 in most cases, the local <constant>AF_UNIX</constant> address
1099 family should be included in the configured whitelist as it is
1100 frequently used for local communication, including for
1101 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1102 logging.</para></listitem>
1103 </varlistentry>
1104
1105 <varlistentry>
1106 <term><varname>Personality=</varname></term>
1107
1108 <listitem><para>Controls which kernel architecture
3ba3a79d 1109 <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 1110 shall report, when invoked by unit processes. Takes one of
1111 <constant>x86</constant> and <constant>x86-64</constant>. This
1112 is useful when running 32-bit services on a 64-bit host
1113 system. If not specified, the personality is left unmodified
1114 and thus reflects the personality of the host system's
1115 kernel.</para></listitem>
1116 </varlistentry>
1117
1118 <varlistentry>
1119 <term><varname>RuntimeDirectory=</varname></term>
1120 <term><varname>RuntimeDirectoryMode=</varname></term>
1121
1122 <listitem><para>Takes a list of directory names. If set, one
1123 or more directories by the specified names will be created
1124 below <filename>/run</filename> (for system services) or below
1125 <varname>$XDG_RUNTIME_DIR</varname> (for user services) when
1126 the unit is started, and removed when the unit is stopped. The
1127 directories will have the access mode specified in
1128 <varname>RuntimeDirectoryMode=</varname>, and will be owned by
1129 the user and group specified in <varname>User=</varname> and
1130 <varname>Group=</varname>. Use this to manage one or more
1131 runtime directories of the unit and bind their lifetime to the
1132 daemon runtime. The specified directory names must be
1133 relative, and may not include a <literal>/</literal>, i.e.
1134 must refer to simple directories to create or remove. This is
1135 particularly useful for unprivileged daemons that cannot
1136 create runtime directories in <filename>/run</filename> due to
1137 lack of privileges, and to make sure the runtime directory is
1138 cleaned up automatically after use. For runtime directories
1139 that require more complex or different configuration or
1140 lifetime guarantees, please consider using
1141 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
1142 </varlistentry>
1143
1144 </variablelist>
1145 </refsect1>
1146
1147 <refsect1>
1148 <title>Environment variables in spawned processes</title>
1149
1150 <para>Processes started by the system are executed in a clean
1151 environment in which select variables listed below are set. System
1152 processes started by systemd do not inherit variables from PID 1,
1153 but processes started by user systemd instances inherit all
1154 environment variables from the user systemd instance.
1155 </para>
1156
1157 <variablelist class='environment-variables'>
1158 <varlistentry>
1159 <term><varname>$PATH</varname></term>
1160
1161 <listitem><para>Colon-separated list of directories to use
1162 when launching executables. Systemd uses a fixed value of
1163 <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
1164 </para></listitem>
1165 </varlistentry>
1166
1167 <varlistentry>
1168 <term><varname>$LANG</varname></term>
1169
1170 <listitem><para>Locale. Can be set in
3ba3a79d 1171 <citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a52
ZJS		 1172 or on the kernel command line (see
1173 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1174 and
1175 <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
1176 </para></listitem>
1177 </varlistentry>
1178
1179 <varlistentry>
1180 <term><varname>$USER</varname></term>
1181 <term><varname>$LOGNAME</varname></term>
1182 <term><varname>$HOME</varname></term>
1183 <term><varname>$SHELL</varname></term>
1184
1185 <listitem><para>User name (twice), home directory, and the
1186 login shell. The variables are set for the units that have
1187 <varname>User=</varname> set, which includes user
1188 <command>systemd</command> instances. See
3ba3a79d 1189 <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
798d3a52
ZJS		 1190 </para></listitem>
1191 </varlistentry>
1192
1193 <varlistentry>
1194 <term><varname>$XDG_RUNTIME_DIR</varname></term>
1195
1196 <listitem><para>The directory for volatile state. Set for the
1197 user <command>systemd</command> instance, and also in user
1198 sessions. See
1199 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
1200 </para></listitem>
1201 </varlistentry>
1202
1203 <varlistentry>
1204 <term><varname>$XDG_SESSION_ID</varname></term>
1205 <term><varname>$XDG_SEAT</varname></term>
1206 <term><varname>$XDG_VTNR</varname></term>
1207
1208 <listitem><para>The identifier of the session, the seat name,
1209 and virtual terminal of the session. Set by
1210 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
1211 for login sessions. <varname>$XDG_SEAT</varname> and
1212 <varname>$XDG_VTNR</varname> will only be set when attached to
1213 a seat and a tty.</para></listitem>
1214 </varlistentry>
1215
1216 <varlistentry>
1217 <term><varname>$MAINPID</varname></term>
1218
1219 <listitem><para>The PID of the units main process if it is
1220 known. This is only set for control processes as invoked by
1221 <varname>ExecReload=</varname> and similar. </para></listitem>
1222 </varlistentry>
1223
1224 <varlistentry>
1225 <term><varname>$MANAGERPID</varname></term>
1226
1227 <listitem><para>The PID of the user <command>systemd</command>
1228 instance, set for processes spawned by it. </para></listitem>
1229 </varlistentry>
1230
1231 <varlistentry>
1232 <term><varname>$LISTEN_FDS</varname></term>
1233 <term><varname>$LISTEN_PID</varname></term>
1234
1235 <listitem><para>Information about file descriptors passed to a
1236 service for socket activation. See
1237 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
1238 </para></listitem>
1239 </varlistentry>
1240
1241 <varlistentry>
1242 <term><varname>$TERM</varname></term>
1243
1244 <listitem><para>Terminal type, set only for units connected to
1245 a terminal (<varname>StandardInput=tty</varname>,
1246 <varname>StandardOutput=tty</varname>, or
1247 <varname>StandardError=tty</varname>). See
1248 <citerefentry project='man-pages'><refentrytitle>termcap</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1249 </para></listitem>
1250 </varlistentry>
1251 </variablelist>
1252
1253 <para>Additional variables may be configured by the following
1254 means: for processes spawned in specific units, use the
1255 <varname>Environment=</varname> and
1256 <varname>EnvironmentFile=</varname> options above; to specify
1257 variables globally, use <varname>DefaultEnvironment=</varname>
1258 (see
1259 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1260 or the kernel option <varname>systemd.setenv=</varname> (see
1261 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
1262 Additional variables may also be set through PAM,
1263 cf. <citerefentry project='man-pages'><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
1264 </refsect1>
1265
1266 <refsect1>
1267 <title>See Also</title>
1268 <para>
1269 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1270 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1271 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1272 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1273 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1274 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1275 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1276 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1277 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1278 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1279 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
1280 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1281 <citerefentry project='man-pages'><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1282 </para>
1283 </refsect1>
dd1eb43b
LP		 1284
1285</refentry>
Unnamed repository; edit this file 'description' to name the repository.