]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.exec.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #850 from ssahani/dhcp
[thirdparty/systemd.git] / man / systemd.exec.xml
CommitLineData
dd1eb43b 1<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
dd1eb43b
LP		 3
4<!--
5 This file is part of systemd.
6
7 Copyright 2010 Lennart Poettering
8
9 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
dd1eb43b
LP		 12 (at your option) any later version.
13
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 17 Lesser General Public License for more details.
dd1eb43b 18
5430f7f2 19 You should have received a copy of the GNU Lesser General Public License
dd1eb43b
LP		 20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21-->
22
23<refentry id="systemd.exec">
798d3a52
ZJS		 24 <refentryinfo>
25 <title>systemd.exec</title>
26 <productname>systemd</productname>
27
28 <authorgroup>
29 <author>
30 <contrib>Developer</contrib>
31 <firstname>Lennart</firstname>
32 <surname>Poettering</surname>
33 <email>lennart@poettering.net</email>
34 </author>
35 </authorgroup>
36 </refentryinfo>
37
38 <refmeta>
39 <refentrytitle>systemd.exec</refentrytitle>
40 <manvolnum>5</manvolnum>
41 </refmeta>
42
43 <refnamediv>
44 <refname>systemd.exec</refname>
45 <refpurpose>Execution environment configuration</refpurpose>
46 </refnamediv>
47
48 <refsynopsisdiv>
49 <para><filename><replaceable>service</replaceable>.service</filename>,
50 <filename><replaceable>socket</replaceable>.socket</filename>,
51 <filename><replaceable>mount</replaceable>.mount</filename>,
52 <filename><replaceable>swap</replaceable>.swap</filename></para>
53 </refsynopsisdiv>
54
55 <refsect1>
56 <title>Description</title>
57
58 <para>Unit configuration files for services, sockets, mount
59 points, and swap devices share a subset of configuration options
60 which define the execution environment of spawned
61 processes.</para>
62
63 <para>This man page lists the configuration options shared by
64 these four unit types. See
65 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
66 for the common options of all unit configuration files, and
67 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
68 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
69 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
70 and
71 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
72 for more information on the specific unit configuration files. The
73 execution specific configuration options are configured in the
74 [Service], [Socket], [Mount], or [Swap] sections, depending on the
75 unit type.</para>
76 </refsect1>
77
78 <refsect1>
79 <title>Options</title>
80
81 <variablelist class='unit-directives'>
82
83 <varlistentry>
84 <term><varname>WorkingDirectory=</varname></term>
85
86 <listitem><para>Takes an absolute directory path. Sets the
87 working directory for executed processes. If not set, defaults
88 to the root directory when systemd is running as a system
89 instance and the respective user's home directory if run as
90 user.</para></listitem>
91 </varlistentry>
92
93 <varlistentry>
94 <term><varname>RootDirectory=</varname></term>
95
96 <listitem><para>Takes an absolute directory path. Sets the
97 root directory for executed processes, with the
98 <citerefentry project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
99 system call. If this is used, it must be ensured that the
100 process and all its auxiliary files are available in the
101 <function>chroot()</function> jail.</para></listitem>
102 </varlistentry>
103
104 <varlistentry>
105 <term><varname>User=</varname></term>
106 <term><varname>Group=</varname></term>
107
108 <listitem><para>Sets the Unix user or group that the processes
109 are executed as, respectively. Takes a single user or group
110 name or ID as argument. If no group is set, the default group
111 of the user is chosen.</para></listitem>
112 </varlistentry>
113
114 <varlistentry>
115 <term><varname>SupplementaryGroups=</varname></term>
116
117 <listitem><para>Sets the supplementary Unix groups the
118 processes are executed as. This takes a space-separated list
119 of group names or IDs. This option may be specified more than
120 once in which case all listed groups are set as supplementary
121 groups. When the empty string is assigned the list of
122 supplementary groups is reset, and all assignments prior to
123 this one will have no effect. In any way, this option does not
124 override, but extends the list of supplementary groups
125 configured in the system group database for the
126 user.</para></listitem>
127 </varlistentry>
128
129 <varlistentry>
130 <term><varname>Nice=</varname></term>
131
132 <listitem><para>Sets the default nice level (scheduling
133 priority) for executed processes. Takes an integer between -20
134 (highest priority) and 19 (lowest priority). See
135 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
136 for details.</para></listitem>
137 </varlistentry>
138
139 <varlistentry>
140 <term><varname>OOMScoreAdjust=</varname></term>
141
142 <listitem><para>Sets the adjustment level for the
143 Out-Of-Memory killer for executed processes. Takes an integer
144 between -1000 (to disable OOM killing for this process) and
145 1000 (to make killing of this process under memory pressure
146 very likely). See <ulink
147 url="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
148 for details.</para></listitem>
149 </varlistentry>
150
151 <varlistentry>
152 <term><varname>IOSchedulingClass=</varname></term>
153
154 <listitem><para>Sets the IO scheduling class for executed
155 processes. Takes an integer between 0 and 3 or one of the
156 strings <option>none</option>, <option>realtime</option>,
157 <option>best-effort</option> or <option>idle</option>. See
158 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
159 for details.</para></listitem>
160 </varlistentry>
161
162 <varlistentry>
163 <term><varname>IOSchedulingPriority=</varname></term>
164
165 <listitem><para>Sets the IO scheduling priority for executed
166 processes. Takes an integer between 0 (highest priority) and 7
167 (lowest priority). The available priorities depend on the
168 selected IO scheduling class (see above). See
169 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
170 for details.</para></listitem>
171 </varlistentry>
172
173 <varlistentry>
174 <term><varname>CPUSchedulingPolicy=</varname></term>
175
176 <listitem><para>Sets the CPU scheduling policy for executed
177 processes. Takes one of
178 <option>other</option>,
179 <option>batch</option>,
180 <option>idle</option>,
181 <option>fifo</option> or
182 <option>rr</option>. See
183 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
184 for details.</para></listitem>
185 </varlistentry>
186
187 <varlistentry>
188 <term><varname>CPUSchedulingPriority=</varname></term>
189
190 <listitem><para>Sets the CPU scheduling priority for executed
191 processes. The available priority range depends on the
192 selected CPU scheduling policy (see above). For real-time
193 scheduling policies an integer between 1 (lowest priority) and
194 99 (highest priority) can be used. See
195 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
196 for details. </para></listitem>
197 </varlistentry>
198
199 <varlistentry>
200 <term><varname>CPUSchedulingResetOnFork=</varname></term>
201
202 <listitem><para>Takes a boolean argument. If true, elevated
203 CPU scheduling priorities and policies will be reset when the
204 executed processes fork, and can hence not leak into child
205 processes. See
206 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
207 for details. Defaults to false.</para></listitem>
208 </varlistentry>
209
210 <varlistentry>
211 <term><varname>CPUAffinity=</varname></term>
212
213 <listitem><para>Controls the CPU affinity of the executed
214 processes. Takes a space-separated list of CPU indices. This
215 option may be specified more than once in which case the
216 specified CPU affinity masks are merged. If the empty string
217 is assigned, the mask is reset, all assignments prior to this
218 will have no effect. See
219 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
220 for details.</para></listitem>
221 </varlistentry>
222
223 <varlistentry>
224 <term><varname>UMask=</varname></term>
225
226 <listitem><para>Controls the file mode creation mask. Takes an
227 access mode in octal notation. See
228 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
229 for details. Defaults to 0022.</para></listitem>
230 </varlistentry>
231
232 <varlistentry>
233 <term><varname>Environment=</varname></term>
234
235 <listitem><para>Sets environment variables for executed
236 processes. Takes a space-separated list of variable
237 assignments. This option may be specified more than once in
238 which case all listed variables will be set. If the same
239 variable is set twice, the later setting will override the
240 earlier setting. If the empty string is assigned to this
241 option, the list of environment variables is reset, all prior
242 assignments have no effect. Variable expansion is not
243 performed inside the strings, however, specifier expansion is
244 possible. The $ character has no special meaning. If you need
245 to assign a value containing spaces to a variable, use double
246 quotes (") for the assignment.</para>
247
248 <para>Example:
249 <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"</programlisting>
250 gives three variables <literal>VAR1</literal>,
251 <literal>VAR2</literal>, <literal>VAR3</literal>
252 with the values <literal>word1 word2</literal>,
253 <literal>word3</literal>, <literal>$word 5 6</literal>.
254 </para>
255
256 <para>
257 See
258 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
259 for details about environment variables.</para></listitem>
260 </varlistentry>
261 <varlistentry>
262 <term><varname>EnvironmentFile=</varname></term>
263 <listitem><para>Similar to <varname>Environment=</varname> but
264 reads the environment variables from a text file. The text
265 file should contain new-line-separated variable assignments.
266 Empty lines and lines starting with ; or # will be ignored,
267 which may be used for commenting. A line ending with a
268 backslash will be concatenated with the following one,
269 allowing multiline variable definitions. The parser strips
270 leading and trailing whitespace from the values of
271 assignments, unless you use double quotes (").</para>
272
273 <para>The argument passed should be an absolute filename or
274 wildcard expression, optionally prefixed with
275 <literal>-</literal>, which indicates that if the file does
276 not exist, it will not be read and no error or warning message
277 is logged. This option may be specified more than once in
278 which case all specified files are read. If the empty string
279 is assigned to this option, the list of file to read is reset,
280 all prior assignments have no effect.</para>
281
282 <para>The files listed with this directive will be read
283 shortly before the process is executed (more specifically,
284 after all processes from a previous unit state terminated.
285 This means you can generate these files in one unit state, and
f407824d
DH		 286 read it with this option in the next).</para>
287
288 <para>Settings from these
798d3a52
ZJS		 289 files override settings made with
290 <varname>Environment=</varname>. If the same variable is set
291 twice from these files, the files will be read in the order
292 they are specified and the later setting will override the
293 earlier setting.</para></listitem>
294 </varlistentry>
295
296 <varlistentry>
297 <term><varname>StandardInput=</varname></term>
298 <listitem><para>Controls where file descriptor 0 (STDIN) of
299 the executed processes is connected to. Takes one of
300 <option>null</option>,
301 <option>tty</option>,
302 <option>tty-force</option>,
303 <option>tty-fail</option> or
304 <option>socket</option>.</para>
305
306 <para>If <option>null</option> is selected, standard input
307 will be connected to <filename>/dev/null</filename>, i.e. all
308 read attempts by the process will result in immediate
309 EOF.</para>
310
311 <para>If <option>tty</option> is selected, standard input is
312 connected to a TTY (as configured by
313 <varname>TTYPath=</varname>, see below) and the executed
314 process becomes the controlling process of the terminal. If
315 the terminal is already being controlled by another process,
316 the executed process waits until the current controlling
317 process releases the terminal.</para>
318
319 <para><option>tty-force</option> is similar to
320 <option>tty</option>, but the executed process is forcefully
321 and immediately made the controlling process of the terminal,
322 potentially removing previous controlling processes from the
323 terminal.</para>
324
325 <para><option>tty-fail</option> is similar to
326 <option>tty</option> but if the terminal already has a
327 controlling process start-up of the executed process
328 fails.</para>
329
330 <para>The <option>socket</option> option is only valid in
331 socket-activated services, and only when the socket
332 configuration file (see
333 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
334 for details) specifies a single socket only. If this option is
335 set, standard input will be connected to the socket the
336 service was activated from, which is primarily useful for
337 compatibility with daemons designed for use with the
338 traditional
b5c7d097 339 <citerefentry project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
798d3a52
ZJS		 340 daemon.</para>
341
342 <para>This setting defaults to
343 <option>null</option>.</para></listitem>
344 </varlistentry>
345 <varlistentry>
346 <term><varname>StandardOutput=</varname></term>
347 <listitem><para>Controls where file descriptor 1 (STDOUT) of
348 the executed processes is connected to. Takes one of
349 <option>inherit</option>,
350 <option>null</option>,
351 <option>tty</option>,
352 <option>journal</option>,
353 <option>syslog</option>,
354 <option>kmsg</option>,
355 <option>journal+console</option>,
356 <option>syslog+console</option>,
357 <option>kmsg+console</option> or
358 <option>socket</option>.</para>
359
360 <para><option>inherit</option> duplicates the file descriptor
361 of standard input for standard output.</para>
362
363 <para><option>null</option> connects standard output to
364 <filename>/dev/null</filename>, i.e. everything written to it
365 will be lost.</para>
366
367 <para><option>tty</option> connects standard output to a tty
368 (as configured via <varname>TTYPath=</varname>, see below). If
369 the TTY is used for output only, the executed process will not
370 become the controlling process of the terminal, and will not
371 fail or wait for other processes to release the
372 terminal.</para>
373
374 <para><option>journal</option> connects standard output with
375 the journal which is accessible via
376 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
377 Note that everything that is written to syslog or kmsg (see
378 below) is implicitly stored in the journal as well, the
379 specific two options listed below are hence supersets of this
380 one.</para>
381
382 <para><option>syslog</option> connects standard output to the
383 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
384 system syslog service, in addition to the journal. Note that
385 the journal daemon is usually configured to forward everything
386 it receives to syslog anyway, in which case this option is no
387 different from <option>journal</option>.</para>
388
389 <para><option>kmsg</option> connects standard output with the
390 kernel log buffer which is accessible via
391 <citerefentry project='man-pages'><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
392 in addition to the journal. The journal daemon might be
393 configured to send all logs to kmsg anyway, in which case this
394 option is no different from <option>journal</option>.</para>
395
396 <para><option>journal+console</option>,
397 <option>syslog+console</option> and
398 <option>kmsg+console</option> work in a similar way as the
399 three options above but copy the output to the system console
400 as well.</para>
401
402 <para><option>socket</option> connects standard output to a
403 socket acquired via socket activation. The semantics are
404 similar to the same option of
405 <varname>StandardInput=</varname>.</para>
406
407 <para>This setting defaults to the value set with
408 <option>DefaultStandardOutput=</option> in
409 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
410 which defaults to <option>journal</option>.</para></listitem>
411 </varlistentry>
412 <varlistentry>
413 <term><varname>StandardError=</varname></term>
414 <listitem><para>Controls where file descriptor 2 (STDERR) of
415 the executed processes is connected to. The available options
416 are identical to those of <varname>StandardOutput=</varname>,
417 with one exception: if set to <option>inherit</option> the
418 file descriptor used for standard output is duplicated for
419 standard error. This setting defaults to the value set with
420 <option>DefaultStandardError=</option> in
421 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
422 which defaults to <option>inherit</option>.</para></listitem>
423 </varlistentry>
424 <varlistentry>
425 <term><varname>TTYPath=</varname></term>
426 <listitem><para>Sets the terminal device node to use if
427 standard input, output, or error are connected to a TTY (see
428 above). Defaults to
429 <filename>/dev/console</filename>.</para></listitem>
430 </varlistentry>
431 <varlistentry>
432 <term><varname>TTYReset=</varname></term>
433 <listitem><para>Reset the terminal device specified with
434 <varname>TTYPath=</varname> before and after execution.
435 Defaults to <literal>no</literal>.</para></listitem>
436 </varlistentry>
437 <varlistentry>
438 <term><varname>TTYVHangup=</varname></term>
439 <listitem><para>Disconnect all clients which have opened the
440 terminal device specified with <varname>TTYPath=</varname>
441 before and after execution. Defaults to
442 <literal>no</literal>.</para></listitem>
443 </varlistentry>
444 <varlistentry>
445 <term><varname>TTYVTDisallocate=</varname></term>
446 <listitem><para>If the terminal device specified with
447 <varname>TTYPath=</varname> is a virtual console terminal, try
448 to deallocate the TTY before and after execution. This ensures
449 that the screen and scrollback buffer is cleared. Defaults to
450 <literal>no</literal>.</para></listitem>
451 </varlistentry>
452 <varlistentry>
453 <term><varname>SyslogIdentifier=</varname></term>
454 <listitem><para>Sets the process name to prefix log lines sent
455 to the logging system or the kernel log buffer with. If not
456 set, defaults to the process name of the executed process.
457 This option is only useful when
458 <varname>StandardOutput=</varname> or
459 <varname>StandardError=</varname> are set to
460 <option>syslog</option>, <option>journal</option> or
461 <option>kmsg</option> (or to the same settings in combination
462 with <option>+console</option>).</para></listitem>
463 </varlistentry>
464 <varlistentry>
465 <term><varname>SyslogFacility=</varname></term>
466 <listitem><para>Sets the syslog facility to use when logging
467 to syslog. One of <option>kern</option>,
468 <option>user</option>, <option>mail</option>,
469 <option>daemon</option>, <option>auth</option>,
470 <option>syslog</option>, <option>lpr</option>,
471 <option>news</option>, <option>uucp</option>,
472 <option>cron</option>, <option>authpriv</option>,
473 <option>ftp</option>, <option>local0</option>,
474 <option>local1</option>, <option>local2</option>,
475 <option>local3</option>, <option>local4</option>,
476 <option>local5</option>, <option>local6</option> or
477 <option>local7</option>. See
478 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
479 for details. This option is only useful when
480 <varname>StandardOutput=</varname> or
481 <varname>StandardError=</varname> are set to
482 <option>syslog</option>. Defaults to
483 <option>daemon</option>.</para></listitem>
484 </varlistentry>
485 <varlistentry>
486 <term><varname>SyslogLevel=</varname></term>
487 <listitem><para>Default syslog level to use when logging to
488 syslog or the kernel log buffer. One of
489 <option>emerg</option>,
490 <option>alert</option>,
491 <option>crit</option>,
492 <option>err</option>,
493 <option>warning</option>,
494 <option>notice</option>,
495 <option>info</option>,
496 <option>debug</option>. See
497 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
498 for details. This option is only useful when
499 <varname>StandardOutput=</varname> or
500 <varname>StandardError=</varname> are set to
501 <option>syslog</option> or <option>kmsg</option>. Note that
502 individual lines output by the daemon might be prefixed with a
503 different log level which can be used to override the default
504 log level specified here. The interpretation of these prefixes
505 may be disabled with <varname>SyslogLevelPrefix=</varname>,
506 see below. For details see
507 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
508
509 Defaults to
510 <option>info</option>.</para></listitem>
511 </varlistentry>
512
513 <varlistentry>
514 <term><varname>SyslogLevelPrefix=</varname></term>
515 <listitem><para>Takes a boolean argument. If true and
516 <varname>StandardOutput=</varname> or
517 <varname>StandardError=</varname> are set to
518 <option>syslog</option>, <option>kmsg</option> or
519 <option>journal</option>, log lines written by the executed
520 process that are prefixed with a log level will be passed on
521 to syslog with this log level set but the prefix removed. If
522 set to false, the interpretation of these prefixes is disabled
523 and the logged lines are passed on as-is. For details about
524 this prefixing see
525 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
526 Defaults to true.</para></listitem>
527 </varlistentry>
528
529 <varlistentry>
530 <term><varname>TimerSlackNSec=</varname></term>
531 <listitem><para>Sets the timer slack in nanoseconds for the
532 executed processes. The timer slack controls the accuracy of
533 wake-ups triggered by timers. See
534 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
535 for more information. Note that in contrast to most other time
536 span definitions this parameter takes an integer value in
537 nano-seconds if no unit is specified. The usual time units are
538 understood too.</para></listitem>
539 </varlistentry>
540
541 <varlistentry>
542 <term><varname>LimitCPU=</varname></term>
543 <term><varname>LimitFSIZE=</varname></term>
544 <term><varname>LimitDATA=</varname></term>
545 <term><varname>LimitSTACK=</varname></term>
546 <term><varname>LimitCORE=</varname></term>
547 <term><varname>LimitRSS=</varname></term>
548 <term><varname>LimitNOFILE=</varname></term>
549 <term><varname>LimitAS=</varname></term>
550 <term><varname>LimitNPROC=</varname></term>
551 <term><varname>LimitMEMLOCK=</varname></term>
552 <term><varname>LimitLOCKS=</varname></term>
553 <term><varname>LimitSIGPENDING=</varname></term>
554 <term><varname>LimitMSGQUEUE=</varname></term>
555 <term><varname>LimitNICE=</varname></term>
556 <term><varname>LimitRTPRIO=</varname></term>
557 <term><varname>LimitRTTIME=</varname></term>
558 <listitem><para>These settings set both soft and hard limits
559 of various resources for executed processes. See
560 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
561 for details. Use the string <varname>infinity</varname> to
562 configure no limit on a specific resource.</para></listitem>
563
564 <table>
565 <title>Limit directives and their equivalent with ulimit</title>
566
567 <tgroup cols='2'>
568 <colspec colname='directive' />
569 <colspec colname='equivalent' />
570 <thead>
571 <row>
572 <entry>Directive</entry>
573 <entry>ulimit equivalent</entry>
574 </row>
575 </thead>
576 <tbody>
577 <row>
578 <entry>LimitCPU</entry>
579 <entry>ulimit -t</entry>
580 </row>
581 <row>
582 <entry>LimitFSIZE</entry>
583 <entry>ulimit -f</entry>
584 </row>
585 <row>
586 <entry>LimitDATA</entry>
587 <entry>ulimit -d</entry>
588 </row>
589 <row>
590 <entry>LimitSTACK</entry>
591 <entry>ulimit -s</entry>
592 </row>
593 <row>
594 <entry>LimitCORE</entry>
595 <entry>ulimit -c</entry>
596 </row>
597 <row>
598 <entry>LimitRSS</entry>
599 <entry>ulimit -m</entry>
600 </row>
601 <row>
602 <entry>LimitNOFILE</entry>
603 <entry>ulimit -n</entry>
604 </row>
605 <row>
606 <entry>LimitAS</entry>
607 <entry>ulimit -v</entry>
608 </row>
609 <row>
610 <entry>LimitNPROC</entry>
611 <entry>ulimit -u</entry>
612 </row>
613 <row>
614 <entry>LimitMEMLOCK</entry>
615 <entry>ulimit -l</entry>
616 </row>
617 <row>
618 <entry>LimitLOCKS</entry>
619 <entry>ulimit -x</entry>
620 </row>
621 <row>
622 <entry>LimitSIGPENDING</entry>
623 <entry>ulimit -i</entry>
624 </row>
625 <row>
626 <entry>LimitMSGQUEUE</entry>
627 <entry>ulimit -q</entry>
628 </row>
629 <row>
630 <entry>LimitNICE</entry>
631 <entry>ulimit -e</entry>
632 </row>
633 <row>
634 <entry>LimitRTPRIO</entry>
635 <entry>ulimit -r</entry>
636 </row>
637 <row>
638 <entry>LimitRTTIME</entry>
639 <entry>No equivalent</entry>
640 </row>
641 </tbody>
642 </tgroup>
643 </table>
644 </varlistentry>
645
646 <varlistentry>
647 <term><varname>PAMName=</varname></term>
648 <listitem><para>Sets the PAM service name to set up a session
649 as. If set, the executed process will be registered as a PAM
650 session under the specified service name. This is only useful
651 in conjunction with the <varname>User=</varname> setting. If
652 not set, no PAM session will be opened for the executed
653 processes. See
654 <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
655 for details.</para></listitem>
656 </varlistentry>
657
658 <varlistentry>
659 <term><varname>CapabilityBoundingSet=</varname></term>
660
661 <listitem><para>Controls which capabilities to include in the
662 capability bounding set for the executed process. See
663 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
664 for details. Takes a whitespace-separated list of capability
665 names as read by
3ba3a79d 666 <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
798d3a52
ZJS		 667 e.g. <constant>CAP_SYS_ADMIN</constant>,
668 <constant>CAP_DAC_OVERRIDE</constant>,
669 <constant>CAP_SYS_PTRACE</constant>. Capabilities listed will
670 be included in the bounding set, all others are removed. If
671 the list of capabilities is prefixed with
672 <literal>~</literal>, all but the listed capabilities will be
673 included, the effect of the assignment inverted. Note that
674 this option also affects the respective capabilities in the
675 effective, permitted and inheritable capability sets, on top
676 of what <varname>Capabilities=</varname> does. If this option
677 is not used, the capability bounding set is not modified on
678 process execution, hence no limits on the capabilities of the
679 process are enforced. This option may appear more than once in
680 which case the bounding sets are merged. If the empty string
681 is assigned to this option, the bounding set is reset to the
682 empty capability set, and all prior settings have no effect.
683 If set to <literal>~</literal> (without any further argument),
684 the bounding set is reset to the full set of available
685 capabilities, also undoing any previous
686 settings.</para></listitem>
687 </varlistentry>
688
689 <varlistentry>
690 <term><varname>SecureBits=</varname></term>
691 <listitem><para>Controls the secure bits set for the executed
692 process. Takes a space-separated combination of options from
693 the following list:
694 <option>keep-caps</option>,
695 <option>keep-caps-locked</option>,
696 <option>no-setuid-fixup</option>,
697 <option>no-setuid-fixup-locked</option>,
698 <option>noroot</option>, and
699 <option>noroot-locked</option>.
700 This option may appear more than once in which case the secure
701 bits are ORed. If the empty string is assigned to this option,
702 the bits are reset to 0. See
703 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
704 for details.</para></listitem>
705 </varlistentry>
706
707 <varlistentry>
708 <term><varname>Capabilities=</varname></term>
709 <listitem><para>Controls the
710 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
711 set for the executed process. Take a capability string
712 describing the effective, permitted and inherited capability
713 sets as documented in
3ba3a79d 714 <citerefentry project='mankier'><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a52
ZJS		 715 Note that these capability sets are usually influenced (and
716 filtered) by the capabilities attached to the executed file.
717 Due to that <varname>CapabilityBoundingSet=</varname> is
718 probably a much more useful setting.</para></listitem>
719 </varlistentry>
720
721 <varlistentry>
722 <term><varname>ReadWriteDirectories=</varname></term>
723 <term><varname>ReadOnlyDirectories=</varname></term>
724 <term><varname>InaccessibleDirectories=</varname></term>
725
726 <listitem><para>Sets up a new file system namespace for
727 executed processes. These options may be used to limit access
728 a process might have to the main file system hierarchy. Each
729 setting takes a space-separated list of absolute directory
730 paths. Directories listed in
731 <varname>ReadWriteDirectories=</varname> are accessible from
732 within the namespace with the same access rights as from
733 outside. Directories listed in
734 <varname>ReadOnlyDirectories=</varname> are accessible for
735 reading only, writing will be refused even if the usual file
736 access controls would permit this. Directories listed in
737 <varname>InaccessibleDirectories=</varname> will be made
738 inaccessible for processes inside the namespace. Note that
739 restricting access with these options does not extend to
740 submounts of a directory that are created later on. These
741 options may be specified more than once in which case all
742 directories listed will have limited access from within the
743 namespace. If the empty string is assigned to this option, the
744 specific list is reset, and all prior assignments have no
745 effect.</para>
746 <para>Paths in
747 <varname>ReadOnlyDirectories=</varname>
748 and
749 <varname>InaccessibleDirectories=</varname>
750 may be prefixed with
751 <literal>-</literal>, in which case
752 they will be ignored when they do not
753 exist. Note that using this
754 setting will disconnect propagation of
755 mounts from the service to the host
756 (propagation in the opposite direction
757 continues to work). This means that
758 this setting may not be used for
759 services which shall be able to
760 install mount points in the main mount
761 namespace.</para></listitem>
762 </varlistentry>
763
764 <varlistentry>
765 <term><varname>PrivateTmp=</varname></term>
766
767 <listitem><para>Takes a boolean argument. If true, sets up a
768 new file system namespace for the executed processes and
769 mounts private <filename>/tmp</filename> and
770 <filename>/var/tmp</filename> directories inside it that is
771 not shared by processes outside of the namespace. This is
772 useful to secure access to temporary files of the process, but
773 makes sharing between processes via <filename>/tmp</filename>
774 or <filename>/var/tmp</filename> impossible. If this is
775 enabled, all temporary files created by a service in these
776 directories will be removed after the service is stopped.
777 Defaults to false. It is possible to run two or more units
778 within the same private <filename>/tmp</filename> and
779 <filename>/var/tmp</filename> namespace by using the
780 <varname>JoinsNamespaceOf=</varname> directive, see
781 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
782 for details. Note that using this setting will disconnect
783 propagation of mounts from the service to the host
784 (propagation in the opposite direction continues to work).
785 This means that this setting may not be used for services
786 which shall be able to install mount points in the main mount
787 namespace.</para></listitem>
788 </varlistentry>
789
790 <varlistentry>
791 <term><varname>PrivateDevices=</varname></term>
792
793 <listitem><para>Takes a boolean argument. If true, sets up a
794 new /dev namespace for the executed processes and only adds
795 API pseudo devices such as <filename>/dev/null</filename>,
796 <filename>/dev/zero</filename> or
797 <filename>/dev/random</filename> (as well as the pseudo TTY
798 subsystem) to it, but no physical devices such as
799 <filename>/dev/sda</filename>. This is useful to securely turn
800 off physical device access by the executed process. Defaults
801 to false. Enabling this option will also remove
802 <constant>CAP_MKNOD</constant> from the capability bounding
803 set for the unit (see above), and set
804 <varname>DevicePolicy=closed</varname> (see
805 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
806 for details). Note that using this setting will disconnect
807 propagation of mounts from the service to the host
808 (propagation in the opposite direction continues to work).
809 This means that this setting may not be used for services
810 which shall be able to install mount points in the main mount
811 namespace.</para></listitem>
812 </varlistentry>
813
814 <varlistentry>
815 <term><varname>PrivateNetwork=</varname></term>
816
817 <listitem><para>Takes a boolean argument. If true, sets up a
818 new network namespace for the executed processes and
819 configures only the loopback network device
820 <literal>lo</literal> inside it. No other network devices will
821 be available to the executed process. This is useful to
822 securely turn off network access by the executed process.
823 Defaults to false. It is possible to run two or more units
824 within the same private network namespace by using the
825 <varname>JoinsNamespaceOf=</varname> directive, see
826 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
827 for details. Note that this option will disconnect all socket
828 families from the host, this includes AF_NETLINK and AF_UNIX.
829 The latter has the effect that AF_UNIX sockets in the abstract
830 socket namespace will become unavailable to the processes
831 (however, those located in the file system will continue to be
832 accessible).</para></listitem>
833 </varlistentry>
834
835 <varlistentry>
836 <term><varname>ProtectSystem=</varname></term>
837
838 <listitem><para>Takes a boolean argument or
839 <literal>full</literal>. If true, mounts the
840 <filename>/usr</filename> and <filename>/boot</filename>
841 directories read-only for processes invoked by this unit. If
842 set to <literal>full</literal>, the <filename>/etc</filename>
843 directory is mounted read-only, too. This setting ensures that
844 any modification of the vendor supplied operating system (and
845 optionally its configuration) is prohibited for the service.
846 It is recommended to enable this setting for all long-running
847 services, unless they are involved with system updates or need
848 to modify the operating system in other ways. Note however
849 that processes retaining the CAP_SYS_ADMIN capability can undo
850 the effect of this setting. This setting is hence particularly
851 useful for daemons which have this capability removed, for
852 example with <varname>CapabilityBoundingSet=</varname>.
853 Defaults to off.</para></listitem>
854 </varlistentry>
855
856 <varlistentry>
857 <term><varname>ProtectHome=</varname></term>
858
859 <listitem><para>Takes a boolean argument or
860 <literal>read-only</literal>. If true, the directories
58331437
CH		 861 <filename>/home</filename>, <filename>/root</filename> and
862 <filename>/run/user</filename>
798d3a52 863 are made inaccessible and empty for processes invoked by this
58331437 864 unit. If set to <literal>read-only</literal>, the three
798d3a52
ZJS		 865 directories are made read-only instead. It is recommended to
866 enable this setting for all long-running services (in
867 particular network-facing ones), to ensure they cannot get
868 access to private user data, unless the services actually
869 require access to the user's private data. Note however that
870 processes retaining the CAP_SYS_ADMIN capability can undo the
871 effect of this setting. This setting is hence particularly
872 useful for daemons which have this capability removed, for
873 example with <varname>CapabilityBoundingSet=</varname>.
874 Defaults to off.</para></listitem>
875 </varlistentry>
876
877 <varlistentry>
878 <term><varname>MountFlags=</varname></term>
879
880 <listitem><para>Takes a mount propagation flag:
881 <option>shared</option>, <option>slave</option> or
882 <option>private</option>, which control whether mounts in the
883 file system namespace set up for this unit's processes will
884 receive or propagate mounts or unmounts. See
3ba3a79d 885 <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 886 for details. Defaults to <option>shared</option>. Use
887 <option>shared</option> to ensure that mounts and unmounts are
888 propagated from the host to the container and vice versa. Use
889 <option>slave</option> to run processes so that none of their
890 mounts and unmounts will propagate to the host. Use
891 <option>private</option> to also ensure that no mounts and
892 unmounts from the host will propagate into the unit processes'
893 namespace. Note that <option>slave</option> means that file
894 systems mounted on the host might stay mounted continuously in
895 the unit's namespace, and thus keep the device busy. Note that
896 the file system namespace related options
897 (<varname>PrivateTmp=</varname>,
898 <varname>PrivateDevices=</varname>,
899 <varname>ProtectSystem=</varname>,
900 <varname>ProtectHome=</varname>,
901 <varname>ReadOnlyDirectories=</varname>,
902 <varname>InaccessibleDirectories=</varname> and
903 <varname>ReadWriteDirectories=</varname>) require that mount
904 and unmount propagation from the unit's file system namespace
905 is disabled, and hence downgrade <option>shared</option> to
906 <option>slave</option>. </para></listitem>
907 </varlistentry>
908
909 <varlistentry>
910 <term><varname>UtmpIdentifier=</varname></term>
911
912 <listitem><para>Takes a four character identifier string for
913 an utmp/wtmp entry for this service. This should only be set
914 for services such as <command>getty</command> implementations
915 where utmp/wtmp entries must be created and cleared before and
916 after execution. If the configured string is longer than four
917 characters, it is truncated and the terminal four characters
918 are used. This setting interprets %I style string
919 replacements. This setting is unset by default, i.e. no
920 utmp/wtmp entries are created or cleaned up for this
921 service.</para></listitem>
922 </varlistentry>
923
924 <varlistentry>
925 <term><varname>SELinuxContext=</varname></term>
926
927 <listitem><para>Set the SELinux security context of the
928 executed process. If set, this will override the automated
929 domain transition. However, the policy still needs to
930 authorize the transition. This directive is ignored if SELinux
931 is disabled. If prefixed by <literal>-</literal>, all errors
932 will be ignored. See
3ba3a79d 933 <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a52
ZJS		 934 for details.</para></listitem>
935 </varlistentry>
936
937 <varlistentry>
938 <term><varname>AppArmorProfile=</varname></term>
939
940 <listitem><para>Takes a profile name as argument. The process
941 executed by the unit will switch to this profile when started.
942 Profiles must already be loaded in the kernel, or the unit
943 will fail. This result in a non operation if AppArmor is not
944 enabled. If prefixed by <literal>-</literal>, all errors will
945 be ignored. </para></listitem>
946 </varlistentry>
947
948 <varlistentry>
949 <term><varname>SmackProcessLabel=</varname></term>
950
951 <listitem><para>Takes a <option>SMACK64</option> security
952 label as argument. The process executed by the unit will be
953 started under this label and SMACK will decide whether the
954 processes is allowed to run or not based on it. The process
955 will continue to run under the label specified here unless the
956 executable has its own <option>SMACK64EXEC</option> label, in
957 which case the process will transition to run under that
958 label. When not specified, the label that systemd is running
959 under is used. This directive is ignored if SMACK is
960 disabled.</para>
961
962 <para>The value may be prefixed by <literal>-</literal>, in
963 which case all errors will be ignored. An empty value may be
964 specified to unset previous assignments.</para>
965 </listitem>
966 </varlistentry>
967
968 <varlistentry>
969 <term><varname>IgnoreSIGPIPE=</varname></term>
970
971 <listitem><para>Takes a boolean argument. If true, causes
972 <constant>SIGPIPE</constant> to be ignored in the executed
973 process. Defaults to true because <constant>SIGPIPE</constant>
974 generally is useful only in shell pipelines.</para></listitem>
975 </varlistentry>
976
977 <varlistentry>
978 <term><varname>NoNewPrivileges=</varname></term>
979
980 <listitem><para>Takes a boolean argument. If true, ensures
981 that the service process and all its children can never gain
982 new privileges. This option is more powerful than the
983 respective secure bits flags (see above), as it also prohibits
984 UID changes of any kind. This is the simplest, most effective
985 way to ensure that a process and its children can never
986 elevate privileges again.</para></listitem>
987 </varlistentry>
988
989 <varlistentry>
990 <term><varname>SystemCallFilter=</varname></term>
991
992 <listitem><para>Takes a space-separated list of system call
993 names. If this setting is used, all system calls executed by
994 the unit processes except for the listed ones will result in
995 immediate process termination with the
996 <constant>SIGSYS</constant> signal (whitelisting). If the
997 first character of the list is <literal>~</literal>, the
998 effect is inverted: only the listed system calls will result
999 in immediate process termination (blacklisting). If running in
1000 user mode and this option is used,
1001 <varname>NoNewPrivileges=yes</varname> is implied. This
1002 feature makes use of the Secure Computing Mode 2 interfaces of
1003 the kernel ('seccomp filtering') and is useful for enforcing a
1004 minimal sandboxing environment. Note that the
1005 <function>execve</function>,
1006 <function>rt_sigreturn</function>,
1007 <function>sigreturn</function>,
1008 <function>exit_group</function>, <function>exit</function>
1009 system calls are implicitly whitelisted and do not need to be
1010 listed explicitly. This option may be specified more than once
1011 in which case the filter masks are merged. If the empty string
1012 is assigned, the filter is reset, all prior assignments will
1013 have no effect.</para>
1014
1015 <para>If you specify both types of this option (i.e.
1016 whitelisting and blacklisting), the first encountered will
1017 take precedence and will dictate the default action
1018 (termination or approval of a system call). Then the next
1019 occurrences of this option will add or delete the listed
1020 system calls from the set of the filtered system calls,
1021 depending of its type and the default action. (For example, if
1022 you have started with a whitelisting of
1023 <function>read</function> and <function>write</function>, and
1024 right after it add a blacklisting of
1025 <function>write</function>, then <function>write</function>
1026 will be removed from the set.) </para></listitem>
1027 </varlistentry>
1028
1029 <varlistentry>
1030 <term><varname>SystemCallErrorNumber=</varname></term>
1031
1032 <listitem><para>Takes an <literal>errno</literal> error number
1033 name to return when the system call filter configured with
1034 <varname>SystemCallFilter=</varname> is triggered, instead of
1035 terminating the process immediately. Takes an error name such
1036 as <constant>EPERM</constant>, <constant>EACCES</constant> or
1037 <constant>EUCLEAN</constant>. When this setting is not used,
1038 or when the empty string is assigned, the process will be
1039 terminated immediately when the filter is
1040 triggered.</para></listitem>
1041 </varlistentry>
1042
1043 <varlistentry>
1044 <term><varname>SystemCallArchitectures=</varname></term>
1045
1046 <listitem><para>Takes a space separated list of architecture
1047 identifiers to include in the system call filter. The known
1048 architecture identifiers are <constant>x86</constant>,
1049 <constant>x86-64</constant>, <constant>x32</constant>,
1050 <constant>arm</constant> as well as the special identifier
1051 <constant>native</constant>. Only system calls of the
1052 specified architectures will be permitted to processes of this
1053 unit. This is an effective way to disable compatibility with
1054 non-native architectures for processes, for example to
1055 prohibit execution of 32-bit x86 binaries on 64-bit x86-64
1056 systems. The special <constant>native</constant> identifier
1057 implicitly maps to the native architecture of the system (or
1058 more strictly: to the architecture the system manager is
1059 compiled for). If running in user mode and this option is
1060 used, <varname>NoNewPrivileges=yes</varname> is implied. Note
1061 that setting this option to a non-empty list implies that
1062 <constant>native</constant> is included too. By default, this
1063 option is set to the empty list, i.e. no architecture system
1064 call filtering is applied.</para></listitem>
1065 </varlistentry>
1066
1067 <varlistentry>
1068 <term><varname>RestrictAddressFamilies=</varname></term>
1069
1070 <listitem><para>Restricts the set of socket address families
1071 accessible to the processes of this unit. Takes a
1072 space-separated list of address family names to whitelist,
1073 such as
1074 <constant>AF_UNIX</constant>,
1075 <constant>AF_INET</constant> or
1076 <constant>AF_INET6</constant>. When
1077 prefixed with <constant>~</constant> the listed address
1078 families will be applied as blacklist, otherwise as whitelist.
1079 Note that this restricts access to the
3ba3a79d 1080 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 1081 system call only. Sockets passed into the process by other
1082 means (for example, by using socket activation with socket
1083 units, see
1084 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1085 are unaffected. Also, sockets created with
1086 <function>socketpair()</function> (which creates connected
1087 AF_UNIX sockets only) are unaffected. Note that this option
1088 has no effect on 32-bit x86 and is ignored (but works
1089 correctly on x86-64). If running in user mode and this option
1090 is used, <varname>NoNewPrivileges=yes</varname> is implied. By
1091 default, no restriction applies, all address families are
1092 accessible to processes. If assigned the empty string, any
1093 previous list changes are undone.</para>
1094
1095 <para>Use this option to limit exposure of processes to remote
1096 systems, in particular via exotic network protocols. Note that
1097 in most cases, the local <constant>AF_UNIX</constant> address
1098 family should be included in the configured whitelist as it is
1099 frequently used for local communication, including for
1100 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1101 logging.</para></listitem>
1102 </varlistentry>
1103
1104 <varlistentry>
1105 <term><varname>Personality=</varname></term>
1106
1107 <listitem><para>Controls which kernel architecture
3ba3a79d 1108 <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 1109 shall report, when invoked by unit processes. Takes one of
1110 <constant>x86</constant> and <constant>x86-64</constant>. This
1111 is useful when running 32-bit services on a 64-bit host
1112 system. If not specified, the personality is left unmodified
1113 and thus reflects the personality of the host system's
1114 kernel.</para></listitem>
1115 </varlistentry>
1116
1117 <varlistentry>
1118 <term><varname>RuntimeDirectory=</varname></term>
1119 <term><varname>RuntimeDirectoryMode=</varname></term>
1120
1121 <listitem><para>Takes a list of directory names. If set, one
1122 or more directories by the specified names will be created
1123 below <filename>/run</filename> (for system services) or below
1124 <varname>$XDG_RUNTIME_DIR</varname> (for user services) when
1125 the unit is started, and removed when the unit is stopped. The
1126 directories will have the access mode specified in
1127 <varname>RuntimeDirectoryMode=</varname>, and will be owned by
1128 the user and group specified in <varname>User=</varname> and
1129 <varname>Group=</varname>. Use this to manage one or more
1130 runtime directories of the unit and bind their lifetime to the
1131 daemon runtime. The specified directory names must be
1132 relative, and may not include a <literal>/</literal>, i.e.
1133 must refer to simple directories to create or remove. This is
1134 particularly useful for unprivileged daemons that cannot
1135 create runtime directories in <filename>/run</filename> due to
1136 lack of privileges, and to make sure the runtime directory is
1137 cleaned up automatically after use. For runtime directories
1138 that require more complex or different configuration or
1139 lifetime guarantees, please consider using
1140 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
1141 </varlistentry>
1142
1143 </variablelist>
1144 </refsect1>
1145
1146 <refsect1>
1147 <title>Environment variables in spawned processes</title>
1148
1149 <para>Processes started by the system are executed in a clean
1150 environment in which select variables listed below are set. System
1151 processes started by systemd do not inherit variables from PID 1,
1152 but processes started by user systemd instances inherit all
1153 environment variables from the user systemd instance.
1154 </para>
1155
1156 <variablelist class='environment-variables'>
1157 <varlistentry>
1158 <term><varname>$PATH</varname></term>
1159
1160 <listitem><para>Colon-separated list of directories to use
1161 when launching executables. Systemd uses a fixed value of
1162 <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
1163 </para></listitem>
1164 </varlistentry>
1165
1166 <varlistentry>
1167 <term><varname>$LANG</varname></term>
1168
1169 <listitem><para>Locale. Can be set in
3ba3a79d 1170 <citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a52
ZJS		 1171 or on the kernel command line (see
1172 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1173 and
1174 <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
1175 </para></listitem>
1176 </varlistentry>
1177
1178 <varlistentry>
1179 <term><varname>$USER</varname></term>
1180 <term><varname>$LOGNAME</varname></term>
1181 <term><varname>$HOME</varname></term>
1182 <term><varname>$SHELL</varname></term>
1183
1184 <listitem><para>User name (twice), home directory, and the
1185 login shell. The variables are set for the units that have
1186 <varname>User=</varname> set, which includes user
1187 <command>systemd</command> instances. See
3ba3a79d 1188 <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
798d3a52
ZJS		 1189 </para></listitem>
1190 </varlistentry>
1191
1192 <varlistentry>
1193 <term><varname>$XDG_RUNTIME_DIR</varname></term>
1194
1195 <listitem><para>The directory for volatile state. Set for the
1196 user <command>systemd</command> instance, and also in user
1197 sessions. See
1198 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
1199 </para></listitem>
1200 </varlistentry>
1201
1202 <varlistentry>
1203 <term><varname>$XDG_SESSION_ID</varname></term>
1204 <term><varname>$XDG_SEAT</varname></term>
1205 <term><varname>$XDG_VTNR</varname></term>
1206
1207 <listitem><para>The identifier of the session, the seat name,
1208 and virtual terminal of the session. Set by
1209 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
1210 for login sessions. <varname>$XDG_SEAT</varname> and
1211 <varname>$XDG_VTNR</varname> will only be set when attached to
1212 a seat and a tty.</para></listitem>
1213 </varlistentry>
1214
1215 <varlistentry>
1216 <term><varname>$MAINPID</varname></term>
1217
1218 <listitem><para>The PID of the units main process if it is
1219 known. This is only set for control processes as invoked by
1220 <varname>ExecReload=</varname> and similar. </para></listitem>
1221 </varlistentry>
1222
1223 <varlistentry>
1224 <term><varname>$MANAGERPID</varname></term>
1225
1226 <listitem><para>The PID of the user <command>systemd</command>
1227 instance, set for processes spawned by it. </para></listitem>
1228 </varlistentry>
1229
1230 <varlistentry>
1231 <term><varname>$LISTEN_FDS</varname></term>
1232 <term><varname>$LISTEN_PID</varname></term>
1233
1234 <listitem><para>Information about file descriptors passed to a
1235 service for socket activation. See
1236 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
1237 </para></listitem>
1238 </varlistentry>
1239
1240 <varlistentry>
1241 <term><varname>$TERM</varname></term>
1242
1243 <listitem><para>Terminal type, set only for units connected to
1244 a terminal (<varname>StandardInput=tty</varname>,
1245 <varname>StandardOutput=tty</varname>, or
1246 <varname>StandardError=tty</varname>). See
1247 <citerefentry project='man-pages'><refentrytitle>termcap</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1248 </para></listitem>
1249 </varlistentry>
1250 </variablelist>
1251
1252 <para>Additional variables may be configured by the following
1253 means: for processes spawned in specific units, use the
1254 <varname>Environment=</varname> and
1255 <varname>EnvironmentFile=</varname> options above; to specify
1256 variables globally, use <varname>DefaultEnvironment=</varname>
1257 (see
1258 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1259 or the kernel option <varname>systemd.setenv=</varname> (see
1260 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
1261 Additional variables may also be set through PAM,
1262 cf. <citerefentry project='man-pages'><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
1263 </refsect1>
1264
1265 <refsect1>
1266 <title>See Also</title>
1267 <para>
1268 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1269 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1270 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1271 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1272 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1273 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1274 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1275 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1276 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1277 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1278 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
1279 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1280 <citerefentry project='man-pages'><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1281 </para>
1282 </refsect1>
dd1eb43b
LP		 1283
1284</refentry>
Unnamed repository; edit this file 'description' to name the repository.