]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.exec.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
man: add a mapping for external manpages
[thirdparty/systemd.git] / man / systemd.exec.xml
CommitLineData
dd1eb43b
LP		 1<?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4
5<!--
6 This file is part of systemd.
7
8 Copyright 2010 Lennart Poettering
9
10 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
dd1eb43b
LP		 13 (at your option) any later version.
14
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 18 Lesser General Public License for more details.
dd1eb43b 19
5430f7f2 20 You should have received a copy of the GNU Lesser General Public License
dd1eb43b
LP		 21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22-->
23
24<refentry id="systemd.exec">
25 <refentryinfo>
26 <title>systemd.exec</title>
27 <productname>systemd</productname>
28
29 <authorgroup>
30 <author>
31 <contrib>Developer</contrib>
32 <firstname>Lennart</firstname>
33 <surname>Poettering</surname>
34 <email>lennart@poettering.net</email>
35 </author>
36 </authorgroup>
37 </refentryinfo>
38
39 <refmeta>
40 <refentrytitle>systemd.exec</refentrytitle>
41 <manvolnum>5</manvolnum>
42 </refmeta>
43
44 <refnamediv>
45 <refname>systemd.exec</refname>
34511ca7 46 <refpurpose>Execution environment configuration</refpurpose>
dd1eb43b
LP		 47 </refnamediv>
48
49 <refsynopsisdiv>
e670b166
ZJS		 50 <para><filename><replaceable>service</replaceable>.service</filename>,
51 <filename><replaceable>socket</replaceable>.socket</filename>,
52 <filename><replaceable>mount</replaceable>.mount</filename>,
53 <filename><replaceable>swap</replaceable>.swap</filename></para>
dd1eb43b
LP		 54 </refsynopsisdiv>
55
56 <refsect1>
57 <title>Description</title>
58
9a666408 59 <para>Unit configuration files for services, sockets,
43638332 60 mount points, and swap devices share a subset of
2292707d
LP		 61 configuration options which define the execution
62 environment of spawned processes.</para>
dd1eb43b
LP		 63
64 <para>This man page lists the configuration options
9a666408 65 shared by these four unit types. See
dd1eb43b
LP		 66 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
67 for the common options of all unit configuration
68 files, and
2292707d
LP		 69 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
70 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
d868475a 71 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
dd1eb43b
LP		 72 and
73 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
74 for more information on the specific unit
75 configuration files. The execution specific
76 configuration options are configured in the [Service],
16dad32e 77 [Socket], [Mount], or [Swap] sections, depending on the unit
dd1eb43b
LP		 78 type.</para>
79 </refsect1>
80
81 <refsect1>
82 <title>Options</title>
83
ccc9a4f9 84 <variablelist class='unit-directives'>
dd1eb43b
LP		 85
86 <varlistentry>
87 <term><varname>WorkingDirectory=</varname></term>
88
89 <listitem><para>Takes an absolute
90 directory path. Sets the working
e06c73cc 91 directory for executed processes. If
79640424 92 not set, defaults to the root directory
e06c73cc
LP		 93 when systemd is running as a system
94 instance and the respective user's
95 home directory if run as
96 user.</para></listitem>
dd1eb43b
LP		 97 </varlistentry>
98
99 <varlistentry>
100 <term><varname>RootDirectory=</varname></term>
101
102 <listitem><para>Takes an absolute
103 directory path. Sets the root
104 directory for executed processes, with
105 the
5aded369 106 <citerefentry project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
79640424 107 system call. If this is used, it must
dd1eb43b
LP		 108 be ensured that the process and all
109 its auxiliary files are available in
110 the <function>chroot()</function>
111 jail.</para></listitem>
112 </varlistentry>
113
114 <varlistentry>
115 <term><varname>User=</varname></term>
116 <term><varname>Group=</varname></term>
117
118 <listitem><para>Sets the Unix user
16dad32e
AE		 119 or group that the processes are executed
120 as, respectively. Takes a single user or group
dd1eb43b 121 name or ID as argument. If no group is
16dad32e 122 set, the default group of the user is
dd1eb43b
LP		 123 chosen.</para></listitem>
124 </varlistentry>
125
126 <varlistentry>
127 <term><varname>SupplementaryGroups=</varname></term>
128
129 <listitem><para>Sets the supplementary
130 Unix groups the processes are executed
e9dd9f95 131 as. This takes a space-separated list
dd1eb43b
LP		 132 of group names or IDs. This option may
133 be specified more than once in which
134 case all listed groups are set as
74051b9b
LP		 135 supplementary groups. When the empty
136 string is assigned the list of
137 supplementary groups is reset, and all
138 assignments prior to this one will
139 have no effect. In any way, this
140 option does not override, but extends
141 the list of supplementary groups
142 configured in the system group
143 database for the
dd1eb43b
LP		 144 user.</para></listitem>
145 </varlistentry>
146
147 <varlistentry>
148 <term><varname>Nice=</varname></term>
149
150 <listitem><para>Sets the default nice
151 level (scheduling priority) for
152 executed processes. Takes an integer
153 between -20 (highest priority) and 19
154 (lowest priority). See
155 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
156 for details.</para></listitem>
157 </varlistentry>
158
159 <varlistentry>
dd6c17b1 160 <term><varname>OOMScoreAdjust=</varname></term>
dd1eb43b
LP		 161
162 <listitem><para>Sets the adjustment
163 level for the Out-Of-Memory killer for
164 executed processes. Takes an integer
dd6c17b1
LP		 165 between -1000 (to disable OOM killing
166 for this process) and 1000 (to make
dd1eb43b
LP		 167 killing of this process under memory
168 pressure very likely). See <ulink
6ed80a4e 169 url="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
dd1eb43b
LP		 170 for details.</para></listitem>
171 </varlistentry>
172
173 <varlistentry>
174 <term><varname>IOSchedulingClass=</varname></term>
175
176 <listitem><para>Sets the IO scheduling
177 class for executed processes. Takes an
178 integer between 0 and 3 or one of the
179 strings <option>none</option>,
180 <option>realtime</option>,
181 <option>best-effort</option> or
182 <option>idle</option>. See
183 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
184 for details.</para></listitem>
185 </varlistentry>
186
187 <varlistentry>
188 <term><varname>IOSchedulingPriority=</varname></term>
189
190 <listitem><para>Sets the IO scheduling
191 priority for executed processes. Takes
192 an integer between 0 (highest
193 priority) and 7 (lowest priority). The
194 available priorities depend on the
195 selected IO scheduling class (see
196 above). See
197 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
198 for details.</para></listitem>
199 </varlistentry>
200
201 <varlistentry>
202 <term><varname>CPUSchedulingPolicy=</varname></term>
203
204 <listitem><para>Sets the CPU
205 scheduling policy for executed
206 processes. Takes one of
207 <option>other</option>,
208 <option>batch</option>,
209 <option>idle</option>,
210 <option>fifo</option> or
211 <option>rr</option>. See
212 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
213 for details.</para></listitem>
214 </varlistentry>
215
216 <varlistentry>
217 <term><varname>CPUSchedulingPriority=</varname></term>
218
219 <listitem><para>Sets the CPU
220 scheduling priority for executed
bb112710 221 processes. The available priority
dd1eb43b 222 range depends on the selected CPU
bb112710
HHPF		 223 scheduling policy (see above). For
224 real-time scheduling policies an
225 integer between 1 (lowest priority)
226 and 99 (highest priority) can be used.
227 See <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
228 for details.
229 </para></listitem>
dd1eb43b
LP		 230 </varlistentry>
231
232 <varlistentry>
233 <term><varname>CPUSchedulingResetOnFork=</varname></term>
234
235 <listitem><para>Takes a boolean
79640424 236 argument. If true, elevated CPU
dd1eb43b
LP		 237 scheduling priorities and policies
238 will be reset when the executed
239 processes fork, and can hence not leak
240 into child processes. See
241 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
242 for details. Defaults to false.</para></listitem>
243 </varlistentry>
244
245 <varlistentry>
246 <term><varname>CPUAffinity=</varname></term>
247
248 <listitem><para>Controls the CPU
249 affinity of the executed
96d4ce01 250 processes. Takes a space-separated
66f756d4 251 list of CPU indices. This option may
74051b9b
LP		 252 be specified more than once in which
253 case the specificed CPU affinity masks
254 are merged. If the empty string is
79640424 255 assigned, the mask is reset, all
74051b9b
LP		 256 assignments prior to this will have no
257 effect. See
dd1eb43b
LP		 258 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
259 for details.</para></listitem>
260 </varlistentry>
261
262 <varlistentry>
263 <term><varname>UMask=</varname></term>
264
265 <listitem><para>Controls the file mode
266 creation mask. Takes an access mode in
267 octal notation. See
268 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
269 for details. Defaults to
260d3708 270 0022.</para></listitem>
dd1eb43b
LP		 271 </varlistentry>
272
273 <varlistentry>
274 <term><varname>Environment=</varname></term>
275
276 <listitem><para>Sets environment
277 variables for executed
96d4ce01 278 processes. Takes a space-separated
dd1eb43b
LP		 279 list of variable assignments. This
280 option may be specified more than once
281 in which case all listed variables
282 will be set. If the same variable is
79640424 283 set twice, the later setting will
74051b9b
LP		 284 override the earlier setting. If the
285 empty string is assigned to this
79640424 286 option, the list of environment
74051b9b 287 variables is reset, all prior
0ae9c92a
FC		 288 assignments have no effect.
289 Variable expansion is not performed
97d0e5f8 290 inside the strings, however, specifier
79640424 291 expansion is possible. The $ character has
97d0e5f8 292 no special meaning.
0ae9c92a
FC		 293 If you need to assign a value containing spaces
294 to a variable, use double quotes (")
295 for the assignment.</para>
296
297 <para>Example:
c5b37953 298 <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"</programlisting>
0ae9c92a 299 gives three variables <literal>VAR1</literal>,
c5b37953
ZJS		 300 <literal>VAR2</literal>, <literal>VAR3</literal>
301 with the values <literal>word1 word2</literal>,
302 <literal>word3</literal>, <literal>$word 5 6</literal>.
0ae9c92a
FC		 303 </para>
304
305 <para>
306 See
5aded369 307 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
0ae9c92a 308 for details about environment variables.</para></listitem>
dd1eb43b
LP		 309 </varlistentry>
310 <varlistentry>
311 <term><varname>EnvironmentFile=</varname></term>
312 <listitem><para>Similar to
313 <varname>Environment=</varname> but
314 reads the environment variables from a
315 text file. The text file should
e9dd9f95 316 contain new-line-separated variable
dd1eb43b
LP		 317 assignments. Empty lines and lines
318 starting with ; or # will be ignored,
565d91fd
MV		 319 which may be used for commenting. A line
320 ending with a backslash will be concatenated
321 with the following one, allowing multiline variable
322 definitions. The parser strips leading
323 and trailing whitespace from the values
7734f773 324 of assignments, unless you use
74051b9b
LP		 325 double quotes (").</para>
326
327 <para>The argument passed should be an
e9dd9f95 328 absolute filename or wildcard
74051b9b 329 expression, optionally prefixed with
05cc7267 330 <literal>-</literal>, which indicates
6b4991cf
JE		 331 that if the file does not exist, it
332 will not be read and no error or warning
05cc7267
ZJS		 333 message is logged. This option may be
334 specified more than once in which case
335 all specified files are read. If the
336 empty string is assigned to this
79640424 337 option, the list of file to read is
05cc7267
ZJS		 338 reset, all prior assignments have no
339 effect.</para>
74051b9b
LP		 340
341 <para>The files listed with this
f1779fd2 342 directive will be read shortly before
90582615 343 the process is executed (more
dca348bc 344 specifically, after all
90582615
LP		 345 processes from a previous unit state
346 terminated. This means you can
347 generate these files in one unit
348 state, and read it with this option in
349 the next). Settings from these files
350 override settings made with
f1779fd2
LP		 351 <varname>Environment=</varname>. If
352 the same variable is set twice from
79640424 353 these files, the files will be read in
f1779fd2
LP		 354 the order they are specified and the
355 later setting will override the
74051b9b 356 earlier setting.</para></listitem>
dd1eb43b
LP		 357 </varlistentry>
358
359 <varlistentry>
360 <term><varname>StandardInput=</varname></term>
361 <listitem><para>Controls where file
362 descriptor 0 (STDIN) of the executed
363 processes is connected to. Takes one
364 of <option>null</option>,
365 <option>tty</option>,
366 <option>tty-force</option>,
367 <option>tty-fail</option> or
368 <option>socket</option>. If
79640424 369 <option>null</option> is selected,
dd1eb43b
LP		 370 standard input will be connected to
371 <filename>/dev/null</filename>,
372 i.e. all read attempts by the process
373 will result in immediate EOF. If
79640424 374 <option>tty</option> is selected,
dd1eb43b
LP		 375 standard input is connected to a TTY
376 (as configured by
377 <varname>TTYPath=</varname>, see
378 below) and the executed process
379 becomes the controlling process of the
380 terminal. If the terminal is already
79640424 381 being controlled by another process, the
f8553ccb
AE		 382 executed process waits until the current
383 controlling process releases the
384 terminal.
385 <option>tty-force</option>
dd1eb43b
LP		 386 is similar to <option>tty</option>,
387 but the executed process is forcefully
388 and immediately made the controlling
389 process of the terminal, potentially
390 removing previous controlling
391 processes from the
392 terminal. <option>tty-fail</option> is
393 similar to <option>tty</option> but if
394 the terminal already has a controlling
395 process start-up of the executed
396 process fails. The
397 <option>socket</option> option is only
398 valid in socket-activated services,
399 and only when the socket configuration
400 file (see
401 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
402 for details) specifies a single socket
79640424 403 only. If this option is set, standard
dd1eb43b
LP		 404 input will be connected to the socket
405 the service was activated from, which
406 is primarily useful for compatibility
407 with daemons designed for use with the
408 traditional
409 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
410 daemon. This setting defaults to
411 <option>null</option>.</para></listitem>
412 </varlistentry>
413 <varlistentry>
414 <term><varname>StandardOutput=</varname></term>
415 <listitem><para>Controls where file
416 descriptor 1 (STDOUT) of the executed
417 processes is connected to. Takes one
418 of <option>inherit</option>,
419 <option>null</option>,
420 <option>tty</option>,
421 <option>syslog</option>,
28dbc1e8 422 <option>kmsg</option>,
706343f4
LP		 423 <option>journal</option>,
424 <option>syslog+console</option>,
28dbc1e8 425 <option>kmsg+console</option>,
706343f4 426 <option>journal+console</option> or
dd1eb43b 427 <option>socket</option>. If set to
79640424 428 <option>inherit</option>, the file
dd1eb43b
LP		 429 descriptor of standard input is
430 duplicated for standard output. If set
79640424 431 to <option>null</option>, standard
dd1eb43b
LP		 432 output will be connected to
433 <filename>/dev/null</filename>,
434 i.e. everything written to it will be
79640424 435 lost. If set to <option>tty</option>,
dd1eb43b
LP		 436 standard output will be connected to a
437 tty (as configured via
438 <varname>TTYPath=</varname>, see
439 below). If the TTY is used for output
79640424 440 only, the executed process will not
dd1eb43b
LP		 441 become the controlling process of the
442 terminal, and will not fail or wait
443 for other processes to release the
444 terminal. <option>syslog</option>
445 connects standard output to the
5aded369 446 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
346bce1f
LP		 447 system syslog
448 service. <option>kmsg</option>
dd1eb43b
LP		 449 connects it with the kernel log buffer
450 which is accessible via
706343f4
LP		 451 <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>journal</option>
452 connects it with the journal which is
453 accessible via
169c4f65 454 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
706343f4
LP		 455 (Note that everything that is written
456 to syslog or kmsg is implicitly stored
457 in the journal as well, those options
458 are hence supersets of this
459 one). <option>syslog+console</option>,
460 <option>journal+console</option> and
461 <option>kmsg+console</option> work
28dbc1e8
LP		 462 similarly but copy the output to the
463 system console as
464 well. <option>socket</option> connects
465 standard output to a socket from
466 socket activation, semantics are
dd1eb43b
LP		 467 similar to the respective option of
468 <varname>StandardInput=</varname>.
de6c78f8
LP		 469 This setting defaults to the value set
470 with
471 <option>DefaultStandardOutput=</option>
472 in
5f9cfd4c 473 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
de6c78f8 474 which defaults to
706343f4 475 <option>journal</option>.</para></listitem>
dd1eb43b
LP		 476 </varlistentry>
477 <varlistentry>
ad678a06 478 <term><varname>StandardError=</varname></term>
dd1eb43b 479 <listitem><para>Controls where file
b67f562c 480 descriptor 2 (STDERR) of the
6db27428
ZJS		 481 executed processes is connected to.
482 The available options are identical to
dd1eb43b 483 those of
ad678a06 484 <varname>StandardOutput=</varname>,
5471472d 485 with one exception: if set to
dd1eb43b
LP		 486 <option>inherit</option> the file
487 descriptor used for standard output is
488 duplicated for standard error. This
de6c78f8
LP		 489 setting defaults to the value set with
490 <option>DefaultStandardError=</option>
491 in
5f9cfd4c 492 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
de6c78f8 493 which defaults to
dd1eb43b
LP		 494 <option>inherit</option>.</para></listitem>
495 </varlistentry>
496 <varlistentry>
497 <term><varname>TTYPath=</varname></term>
498 <listitem><para>Sets the terminal
6db27428
ZJS		 499 device node to use if standard input, output,
500 or error are connected to a
dd1eb43b
LP		 501 TTY (see above). Defaults to
502 <filename>/dev/console</filename>.</para></listitem>
503 </varlistentry>
6ea832a2
LP		 504 <varlistentry>
505 <term><varname>TTYReset=</varname></term>
506 <listitem><para>Reset the terminal
507 device specified with
508 <varname>TTYPath=</varname> before and
509 after execution. Defaults to
510 <literal>no</literal>.</para></listitem>
511 </varlistentry>
512 <varlistentry>
513 <term><varname>TTYVHangup=</varname></term>
514 <listitem><para>Disconnect all clients
515 which have opened the terminal device
516 specified with
517 <varname>TTYPath=</varname>
518 before and after execution. Defaults
519 to
520 <literal>no</literal>.</para></listitem>
521 </varlistentry>
522 <varlistentry>
523 <term><varname>TTYVTDisallocate=</varname></term>
c5315881 524 <listitem><para>If the terminal
6ea832a2
LP		 525 device specified with
526 <varname>TTYPath=</varname> is a
79640424 527 virtual console terminal, try to
6ea832a2
LP		 528 deallocate the TTY before and after
529 execution. This ensures that the
530 screen and scrollback buffer is
531 cleared. Defaults to
532 <literal>no</literal>.</para></listitem>
533 </varlistentry>
dd1eb43b 534 <varlistentry>
48c4fad9 535 <term><varname>SyslogIdentifier=</varname></term>
dd1eb43b
LP		 536 <listitem><para>Sets the process name
537 to prefix log lines sent to syslog or
79640424 538 the kernel log buffer with. If not set,
dd1eb43b
LP		 539 defaults to the process name of the
540 executed process. This option is only
541 useful when
542 <varname>StandardOutput=</varname> or
543 <varname>StandardError=</varname> are
544 set to <option>syslog</option> or
545 <option>kmsg</option>.</para></listitem>
546 </varlistentry>
547 <varlistentry>
548 <term><varname>SyslogFacility=</varname></term>
549 <listitem><para>Sets the syslog
550 facility to use when logging to
551 syslog. One of <option>kern</option>,
552 <option>user</option>,
553 <option>mail</option>,
554 <option>daemon</option>,
555 <option>auth</option>,
556 <option>syslog</option>,
557 <option>lpr</option>,
558 <option>news</option>,
559 <option>uucp</option>,
560 <option>cron</option>,
561 <option>authpriv</option>,
562 <option>ftp</option>,
563 <option>local0</option>,
564 <option>local1</option>,
565 <option>local2</option>,
566 <option>local3</option>,
567 <option>local4</option>,
568 <option>local5</option>,
569 <option>local6</option> or
570 <option>local7</option>. See
5aded369 571 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
dd1eb43b
LP		 572 for details. This option is only
573 useful when
574 <varname>StandardOutput=</varname> or
575 <varname>StandardError=</varname> are
576 set to <option>syslog</option>.
577 Defaults to
578 <option>daemon</option>.</para></listitem>
579 </varlistentry>
580 <varlistentry>
581 <term><varname>SyslogLevel=</varname></term>
582 <listitem><para>Default syslog level
583 to use when logging to syslog or the
584 kernel log buffer. One of
585 <option>emerg</option>,
586 <option>alert</option>,
587 <option>crit</option>,
588 <option>err</option>,
589 <option>warning</option>,
590 <option>notice</option>,
591 <option>info</option>,
592 <option>debug</option>. See
5aded369 593 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
dd1eb43b
LP		 594 for details. This option is only
595 useful when
596 <varname>StandardOutput=</varname> or
597 <varname>StandardError=</varname> are
598 set to <option>syslog</option> or
599 <option>kmsg</option>. Note that
600 individual lines output by the daemon
601 might be prefixed with a different log
602 level which can be used to override
603 the default log level specified
604 here. The interpretation of these
605 prefixes may be disabled with
74922904 606 <varname>SyslogLevelPrefix=</varname>,
dd1eb43b 607 see below. For details see
cb07866b 608 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
dd1eb43b
LP		 609
610 Defaults to
611 <option>info</option>.</para></listitem>
612 </varlistentry>
613
614 <varlistentry>
74922904 615 <term><varname>SyslogLevelPrefix=</varname></term>
dd1eb43b 616 <listitem><para>Takes a boolean
74922904 617 argument. If true and
dd1eb43b
LP		 618 <varname>StandardOutput=</varname> or
619 <varname>StandardError=</varname> are
df688b23
LP		 620 set to <option>syslog</option>,
621 <option>kmsg</option> or
622 <option>journal</option>, log lines
dd1eb43b
LP		 623 written by the executed process that
624 are prefixed with a log level will be
625 passed on to syslog with this log
626 level set but the prefix removed. If
74922904 627 set to false, the interpretation of
dd1eb43b
LP		 628 these prefixes is disabled and the
629 logged lines are passed on as-is. For
630 details about this prefixing see
cb07866b 631 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
74922904 632 Defaults to true.</para></listitem>
dd1eb43b
LP		 633 </varlistentry>
634
635 <varlistentry>
03fae018 636 <term><varname>TimerSlackNSec=</varname></term>
dd1eb43b
LP		 637 <listitem><para>Sets the timer slack
638 in nanoseconds for the executed
d88a251b
LP		 639 processes. The timer slack controls
640 the accuracy of wake-ups triggered by
03fae018 641 timers. See
dd1eb43b 642 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
03fae018
LP		 643 for more information. Note that in
644 contrast to most other time span
f8553ccb 645 definitions this parameter takes an
d88a251b
LP		 646 integer value in nano-seconds if no
647 unit is specified. The usual time
648 units are understood
649 too.</para></listitem>
dd1eb43b
LP		 650 </varlistentry>
651
652 <varlistentry>
653 <term><varname>LimitCPU=</varname></term>
654 <term><varname>LimitFSIZE=</varname></term>
655 <term><varname>LimitDATA=</varname></term>
656 <term><varname>LimitSTACK=</varname></term>
657 <term><varname>LimitCORE=</varname></term>
658 <term><varname>LimitRSS=</varname></term>
659 <term><varname>LimitNOFILE=</varname></term>
660 <term><varname>LimitAS=</varname></term>
661 <term><varname>LimitNPROC=</varname></term>
662 <term><varname>LimitMEMLOCK=</varname></term>
663 <term><varname>LimitLOCKS=</varname></term>
664 <term><varname>LimitSIGPENDING=</varname></term>
665 <term><varname>LimitMSGQUEUE=</varname></term>
666 <term><varname>LimitNICE=</varname></term>
667 <term><varname>LimitRTPRIO=</varname></term>
668 <term><varname>LimitRTTIME=</varname></term>
669 <listitem><para>These settings control
670 various resource limits for executed
671 processes. See
672 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
3d57c6ab
LP		 673 for details. Use the string
674 <varname>infinity</varname> to
675 configure no limit on a specific
676 resource.</para></listitem>
dd1eb43b
LP		 677 </varlistentry>
678
679 <varlistentry>
680 <term><varname>PAMName=</varname></term>
681 <listitem><para>Sets the PAM service
79640424 682 name to set up a session as. If set,
dd1eb43b
LP		 683 the executed process will be
684 registered as a PAM session under the
685 specified service name. This is only
686 useful in conjunction with the
687 <varname>User=</varname> setting. If
79640424 688 not set, no PAM session will be opened
dd1eb43b 689 for the executed processes. See
5aded369 690 <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
dd1eb43b
LP		 691 for details.</para></listitem>
692 </varlistentry>
693
dd1eb43b 694 <varlistentry>
260abb78
LP		 695 <term><varname>CapabilityBoundingSet=</varname></term>
696
697 <listitem><para>Controls which
698 capabilities to include in the
699 capability bounding set for the
700 executed process. See
5aded369 701 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
e9dd9f95
JSJ		 702 for details. Takes a whitespace-separated
703 list of capability names as read by
d91c34f2 704 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
74d00578
ZJS		 705 e.g. <constant>CAP_SYS_ADMIN</constant>,
706 <constant>CAP_DAC_OVERRIDE</constant>,
707 <constant>CAP_SYS_PTRACE</constant>.
260abb78
LP		 708 Capabilities listed will be included
709 in the bounding set, all others are
710 removed. If the list of capabilities
79640424 711 is prefixed with <literal>~</literal>,
d91c34f2
LP		 712 all but the listed capabilities will
713 be included, the effect of the
714 assignment inverted. Note that this
715 option also affects the respective
716 capabilities in the effective,
717 permitted and inheritable capability
718 sets, on top of what
719 <varname>Capabilities=</varname>
79640424 720 does. If this option is not used, the
260abb78
LP		 721 capability bounding set is not
722 modified on process execution, hence
723 no limits on the capabilities of the
74051b9b
LP		 724 process are enforced. This option may
725 appear more than once in which case
d91c34f2
LP		 726 the bounding sets are merged. If the
727 empty string is assigned to this
79640424 728 option, the bounding set is reset to
d91c34f2
LP		 729 the empty capability set, and all
730 prior settings have no effect. If set
731 to <literal>~</literal> (without any
79640424 732 further argument), the bounding set is
d91c34f2
LP		 733 reset to the full set of available
734 capabilities, also undoing any
735 previous settings.</para></listitem>
dd1eb43b
LP		 736 </varlistentry>
737
738 <varlistentry>
739 <term><varname>SecureBits=</varname></term>
740 <listitem><para>Controls the secure
741 bits set for the executed process. See
5aded369 742 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
dd1eb43b
LP		 743 for details. Takes a list of strings:
744 <option>keep-caps</option>,
745 <option>keep-caps-locked</option>,
746 <option>no-setuid-fixup</option>,
747 <option>no-setuid-fixup-locked</option>,
3377af3e 748 <option>noroot</option> and/or
74051b9b
LP		 749 <option>noroot-locked</option>. This
750 option may appear more than once in
751 which case the secure bits are
752 ORed. If the empty string is assigned
79640424 753 to this option, the bits are reset to
74051b9b 754 0.</para></listitem>
dd1eb43b
LP		 755 </varlistentry>
756
757 <varlistentry>
260abb78 758 <term><varname>Capabilities=</varname></term>
dd1eb43b 759 <listitem><para>Controls the
5aded369 760 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
260abb78
LP		 761 set for the executed process. Take a
762 capability string describing the
763 effective, permitted and inherited
764 capability sets as documented in
765 <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
766 Note that these capability sets are
417116f2 767 usually influenced (and filtered) by the capabilities
260abb78
LP		 768 attached to the executed file. Due to
769 that
770 <varname>CapabilityBoundingSet=</varname>
771 is probably the much more useful
772 setting.</para></listitem>
dd1eb43b
LP		 773 </varlistentry>
774
dd1eb43b
LP		 775 <varlistentry>
776 <term><varname>ReadWriteDirectories=</varname></term>
777 <term><varname>ReadOnlyDirectories=</varname></term>
778 <term><varname>InaccessibleDirectories=</varname></term>
779
d6797c92
LP		 780 <listitem><para>Sets up a new file
781 system namespace for executed
dd1eb43b
LP		 782 processes. These options may be used
783 to limit access a process might have
12f25b6e 784 to the main file system
dd1eb43b 785 hierarchy. Each setting takes a
96d4ce01 786 space-separated list of absolute
dd1eb43b
LP		 787 directory paths. Directories listed in
788 <varname>ReadWriteDirectories=</varname>
789 are accessible from within the
790 namespace with the same access rights
791 as from outside. Directories listed in
792 <varname>ReadOnlyDirectories=</varname>
793 are accessible for reading only,
794 writing will be refused even if the
795 usual file access controls would
796 permit this. Directories listed in
797 <varname>InaccessibleDirectories=</varname>
74051b9b
LP		 798 will be made inaccessible for
799 processes inside the namespace. Note
800 that restricting access with these
801 options does not extend to submounts
d6797c92
LP		 802 of a directory that are created later
803 on. These options may be specified
74051b9b
LP		 804 more than once in which case all
805 directories listed will have limited
806 access from within the namespace. If
807 the empty string is assigned to this
d6797c92
LP		 808 option, the specific list is reset,
809 and all prior assignments have no
ea92ae33
MW		 810 effect.</para>
811 <para>Paths in
812 <varname>ReadOnlyDirectories=</varname>
813 and
814 <varname>InaccessibleDirectories=</varname>
815 may be prefixed with
816 <literal>-</literal>, in which case
6b4991cf 817 they will be ignored when they do not
907afa06
LP		 818 exist. Note that using this
819 setting will disconnect propagation of
820 mounts from the service to the host
821 (propagation in the opposite direction
822 continues to work). This means that
823 this setting may not be used for
824 services which shall be able to
825 install mount points in the main mount
826 namespace.</para></listitem>
dd1eb43b
LP		 827 </varlistentry>
828
829 <varlistentry>
830 <term><varname>PrivateTmp=</varname></term>
831
832 <listitem><para>Takes a boolean
79640424 833 argument. If true, sets up a new file
ff01d048 834 system namespace for the executed
652d0dd7
ZJS		 835 processes and mounts private
836 <filename>/tmp</filename> and
613b411c 837 <filename>/var/tmp</filename>
e0e009c0 838 directories inside it that is not
613b411c 839 shared by processes outside of the
dd1eb43b
LP		 840 namespace. This is useful to secure
841 access to temporary files of the
842 process, but makes sharing between
843 processes via
652d0dd7
ZJS		 844 <filename>/tmp</filename> or
845 <filename>/var/tmp</filename>
b8bde116 846 impossible. If this is enabled, all
907afa06
LP		 847 temporary files created by a service
848 in these directories will be removed
849 after the service is stopped. Defaults
850 to false. It is possible to run two or
851 more units within the same private
852 <filename>/tmp</filename> and
613b411c
LP		 853 <filename>/var/tmp</filename>
854 namespace by using the
855 <varname>JoinsNamespaceOf=</varname>
856 directive, see
857 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
907afa06
LP		 858 for details. Note that using this
859 setting will disconnect propagation of
860 mounts from the service to the host
861 (propagation in the opposite direction
862 continues to work). This means that
863 this setting may not be used for
864 services which shall be able to install
865 mount points in the main mount
866 namespace.</para></listitem>
867 </varlistentry>
868
869 <varlistentry>
870 <term><varname>PrivateDevices=</varname></term>
871
872 <listitem><para>Takes a boolean
873 argument. If true, sets up a new /dev
874 namespace for the executed processes
875 and only adds API pseudo devices such
876 as <filename>/dev/null</filename>,
877 <filename>/dev/zero</filename> or
878 <filename>/dev/random</filename> (as
879 well as the pseudo TTY subsystem) to
880 it, but no physical devices such as
881 <filename>/dev/sda</filename>. This is
882 useful to securely turn off physical
883 device access by the executed
884 process. Defaults to false. Enabling
885 this option will also remove
886 <constant>CAP_MKNOD</constant> from
887 the capability bounding set for the
888 unit (see above), and set
889 <varname>DevicePolicy=closed</varname>
890 (see
891 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
892 for details). Note that using this
893 setting will disconnect propagation of
894 mounts from the service to the host
895 (propagation in the opposite direction
896 continues to work). This means that
897 this setting may not be used for
898 services which shall be able to
899 install mount points in the main mount
900 namespace.</para></listitem>
ff01d048
LP		 901 </varlistentry>
902
903 <varlistentry>
904 <term><varname>PrivateNetwork=</varname></term>
905
906 <listitem><para>Takes a boolean
79640424 907 argument. If true, sets up a new
ff01d048
LP		 908 network namespace for the executed
909 processes and configures only the
910 loopback network device
911 <literal>lo</literal> inside it. No
912 other network devices will be
913 available to the executed process.
914 This is useful to securely turn off
915 network access by the executed
907afa06
LP		 916 process. Defaults to false. It is
917 possible to run two or more units
918 within the same private network
613b411c
LP		 919 namespace by using the
920 <varname>JoinsNamespaceOf=</varname>
921 directive, see
922 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
907afa06
LP		 923 for details. Note that this option
924 will disconnect all socket families
925 from the host, this includes
926 AF_NETLINK and AF_UNIX. The latter has
927 the effect that AF_UNIX sockets in the
928 abstract socket namespace will become
929 unavailable to the processes (however,
930 those located in the file system will
931 continue to be
932 accessible).</para></listitem>
7f112f50
LP		 933 </varlistentry>
934
417116f2 935 <varlistentry>
1b8689f9 936 <term><varname>ProtectSystem=</varname></term>
417116f2
LP		 937
938 <listitem><para>Takes a boolean
1b8689f9
LP		 939 argument or
940 <literal>full</literal>. If true,
941 mounts the <filename>/usr</filename>
5331194c 942 directory read-only for processes
1b8689f9 943 invoked by this unit. If set to
8d0e0ddd
JE		 944 <literal>full</literal>, the
945 <filename>/etc</filename> directory is mounted
1b8689f9
LP		 946 read-only, too. This setting ensures
947 that any modification of the vendor
948 supplied operating system (and
949 optionally its configuration) is
417116f2
LP		 950 prohibited for the service. It is
951 recommended to enable this setting for
952 all long-running services, unless they
953 are involved with system updates or
954 need to modify the operating system in
8d0e0ddd 955 other ways. Note however that
417116f2
LP		 956 processes retaining the CAP_SYS_ADMIN
957 capability can undo the effect of this
958 setting. This setting is hence
959 particularly useful for daemons which
960 have this capability removed, for
961 example with
962 <varname>CapabilityBoundingSet=</varname>. Defaults
963 to off.</para></listitem>
964 </varlistentry>
965
966 <varlistentry>
1b8689f9 967 <term><varname>ProtectHome=</varname></term>
417116f2
LP		 968
969 <listitem><para>Takes a boolean
970 argument or
971 <literal>read-only</literal>. If true,
972 the directories
973 <filename>/home</filename> and
974 <filename>/run/user</filename> are
975 made inaccessible and empty for
976 processes invoked by this unit. If set
8d0e0ddd 977 to <literal>read-only</literal>, the
417116f2
LP		 978 two directores are made read-only
979 instead. It is recommended to enable
980 this setting for all long-running
981 services (in particular network-facing
1b8689f9 982 ones), to ensure they cannot get access
417116f2
LP		 983 to private user data, unless the
984 services actually require access to
8d0e0ddd 985 the user's private data. Note however
417116f2
LP		 986 that processes retaining the
987 CAP_SYS_ADMIN capability can undo the
988 effect of this setting. This setting
989 is hence particularly useful for
990 daemons which have this capability
991 removed, for example with
992 <varname>CapabilityBoundingSet=</varname>. Defaults
993 to off.</para></listitem>
994 </varlistentry>
995
dd1eb43b
LP		 996 <varlistentry>
997 <term><varname>MountFlags=</varname></term>
998
999 <listitem><para>Takes a mount
1000 propagation flag:
1001 <option>shared</option>,
1002 <option>slave</option> or
1003 <option>private</option>, which
c2c13f2d
LP		 1004 control whether mounts in the file
1005 system namespace set up for this
1006 unit's processes will receive or
1007 propagate mounts or unmounts. See
8050c221 1008 <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
c2c13f2d
LP		 1009 for details. Defaults to
1010 <option>shared</option>. Use
1011 <option>shared</option> to ensure that
1012 mounts and unmounts are propagated
1013 from the host to the container and
1014 vice versa. Use <option>slave</option>
1015 to run processes so that none of their
1016 mounts and unmounts will propagate to
1017 the host. Use <option>private</option>
1018 to also ensure that no mounts and
1019 unmounts from the host will propagate
1020 into the unit processes'
1021 namespace. Note that
1022 <option>slave</option> means that file
1023 systems mounted on the host might stay
1024 mounted continously in the unit's
1025 namespace, and thus keep the device
1026 busy. Note that the file system
1027 namespace related options
1028 (<varname>PrivateTmp=</varname>,
1029 <varname>PrivateDevices=</varname>,
417116f2
LP		 1030 <varname>ReadOnlySystem=</varname>,
1031 <varname>ProtectedHome=</varname>,
c2c13f2d
LP		 1032 <varname>ReadOnlyDirectories=</varname>,
1033 <varname>InaccessibleDirectories=</varname>
1034 and
1035 <varname>ReadWriteDirectories=</varname>)
1036 require that mount and unmount
1037 propagation from the unit's file
1038 system namespace is disabled, and
1039 hence downgrade
1040 <option>shared</option> to
1041 <option>slave</option>.
1042 </para></listitem>
dd1eb43b
LP		 1043 </varlistentry>
1044
169c1bda
LP		 1045 <varlistentry>
1046 <term><varname>UtmpIdentifier=</varname></term>
1047
c5315881 1048 <listitem><para>Takes a four
169c1bda
LP		 1049 character identifier string for an
1050 utmp/wtmp entry for this service. This
1051 should only be set for services such
1052 as <command>getty</command>
1053 implementations where utmp/wtmp
1054 entries must be created and cleared
1055 before and after execution. If the
1056 configured string is longer than four
79640424 1057 characters, it is truncated and the
169c1bda
LP		 1058 terminal four characters are
1059 used. This setting interprets %I style
1060 string replacements. This setting is
1061 unset by default, i.e. no utmp/wtmp
1062 entries are created or cleaned up for
1063 this service.</para></listitem>
1064 </varlistentry>
1065
7b52a628
MS		 1066 <varlistentry>
1067 <term><varname>SELinuxContext=</varname></term>
1068
82adf6af
LP		 1069 <listitem><para>Set the SELinux
1070 security context of the executed
1071 process. If set, this will override
1072 the automated domain
1073 transition. However, the policy still
1074 needs to autorize the transition. This
1075 directive is ignored if SELinux is
1076 disabled. If prefixed by
1077 <literal>-</literal>, all errors will
1078 be ignored. See
7b52a628
MS		 1079 <citerefentry><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1080 for details.</para></listitem>
1081 </varlistentry>
1082
eef65bf3
MS		 1083 <varlistentry>
1084 <term><varname>AppArmorProfile=</varname></term>
1085
dca348bc 1086 <listitem><para>Takes a profile name as argument.
eef65bf3
MS		 1087 The process executed by the unit will switch to
1088 this profile when started. Profiles must already
1089 be loaded in the kernel, or the unit will fail.
1090 This result in a non operation if AppArmor is not
1091 enabled. If prefixed by <literal>-</literal>, all errors
1092 will be ignored.
1093 </para></listitem>
1094 </varlistentry>
1095
353e12c2
LP		 1096 <varlistentry>
1097 <term><varname>IgnoreSIGPIPE=</varname></term>
1098
1099 <listitem><para>Takes a boolean
05cc7267 1100 argument. If true, causes <constant>SIGPIPE</constant> to be
353e12c2 1101 ignored in the executed
e9dd9f95 1102 process. Defaults to true because
05cc7267 1103 <constant>SIGPIPE</constant> generally is useful only in
353e12c2
LP		 1104 shell pipelines.</para></listitem>
1105 </varlistentry>
1106
8351ceae
LP		 1107 <varlistentry>
1108 <term><varname>NoNewPrivileges=</varname></term>
1109
1110 <listitem><para>Takes a boolean
e9dd9f95 1111 argument. If true, ensures that the
8351ceae
LP		 1112 service process and all its children
1113 can never gain new privileges. This
1114 option is more powerful than the respective
1115 secure bits flags (see above), as it
1116 also prohibits UID changes of any
1117 kind. This is the simplest, most
1118 effective way to ensure that a process
1119 and its children can never elevate
1120 privileges again.</para></listitem>
1121 </varlistentry>
1122
1123 <varlistentry>
1124 <term><varname>SystemCallFilter=</varname></term>
1125
f513e420
LP		 1126 <listitem><para>Takes a
1127 space-separated list of system call
e9dd9f95 1128 names. If this setting is used, all
8351ceae 1129 system calls executed by the unit
17df7223 1130 processes except for the listed ones
8351ceae 1131 will result in immediate process
74d00578
ZJS		 1132 termination with the
1133 <constant>SIGSYS</constant> signal
8351ceae 1134 (whitelisting). If the first character
79640424 1135 of the list is <literal>~</literal>,
8351ceae
LP		 1136 the effect is inverted: only the
1137 listed system calls will result in
1138 immediate process termination
f513e420
LP		 1139 (blacklisting). If running in user
1140 mode and this option is used,
8351ceae 1141 <varname>NoNewPrivileges=yes</varname>
f513e420
LP		 1142 is implied. This feature makes use of the
1143 Secure Computing Mode 2 interfaces of
1144 the kernel ('seccomp filtering') and
1145 is useful for enforcing a minimal
8351ceae
LP		 1146 sandboxing environment. Note that the
1147 <function>execve</function>,
1148 <function>rt_sigreturn</function>,
1149 <function>sigreturn</function>,
1150 <function>exit_group</function>,
1151 <function>exit</function> system calls
6b4991cf 1152 are implicitly whitelisted and do not
74051b9b
LP		 1153 need to be listed explicitly. This
1154 option may be specified more than once
1155 in which case the filter masks are
1156 merged. If the empty string is
79640424 1157 assigned, the filter is reset, all
74051b9b 1158 prior assignments will have no
c0467cf3
RC		 1159 effect.</para>
1160
17df7223
LP		 1161 <para>If you specify both types of
1162 this option (i.e. whitelisting and
73e231ab 1163 blacklisting), the first encountered
17df7223
LP		 1164 will take precedence and will dictate
1165 the default action (termination or
1166 approval of a system call). Then the
1167 next occurrences of this option will
1168 add or delete the listed system calls
1169 from the set of the filtered system
1170 calls, depending of its type and the
66f756d4 1171 default action. (For example, if you have started
17df7223
LP		 1172 with a whitelisting of
1173 <function>read</function> and
73e231ab 1174 <function>write</function>, and right
17df7223
LP		 1175 after it add a blacklisting of
1176 <function>write</function>, then
1177 <function>write</function> will be
66f756d4 1178 removed from the set.)
c0467cf3 1179 </para></listitem>
8351ceae
LP		 1180 </varlistentry>
1181
17df7223
LP		 1182 <varlistentry>
1183 <term><varname>SystemCallErrorNumber=</varname></term>
1184
1185 <listitem><para>Takes an
1186 <literal>errno</literal> error number
1187 name to return when the system call
1188 filter configured with
1189 <varname>SystemCallFilter=</varname>
1190 is triggered, instead of terminating
1191 the process immediately. Takes an
1192 error name such as
ac45f971
LP		 1193 <constant>EPERM</constant>,
1194 <constant>EACCES</constant> or
1195 <constant>EUCLEAN</constant>. When this
17df7223 1196 setting is not used, or when the empty
73e231ab 1197 string is assigned, the process will be
17df7223
LP		 1198 terminated immediately when the filter
1199 is triggered.</para></listitem>
1200 </varlistentry>
1201
57183d11
LP		 1202 <varlistentry>
1203 <term><varname>SystemCallArchitectures=</varname></term>
1204
1205 <listitem><para>Takes a space
1206 separated list of architecture
1207 identifiers to include in the system
1208 call filter. The known architecture
1209 identifiers are
ac45f971
LP		 1210 <constant>x86</constant>,
1211 <constant>x86-64</constant>,
1212 <constant>x32</constant>,
f513e420
LP		 1213 <constant>arm</constant> as well as
1214 the special identifier
1215 <constant>native</constant>. Only
1216 system calls of the specified
1217 architectures will be permitted to
1218 processes of this unit. This is an
1219 effective way to disable compatibility
1220 with non-native architectures for
1221 processes, for example to prohibit
1222 execution of 32-bit x86 binaries on
1223 64-bit x86-64 systems. The special
ac45f971 1224 <constant>native</constant> identifier
57183d11
LP		 1225 implicitly maps to the native
1226 architecture of the system (or more
1227 strictly: to the architecture the
f513e420
LP		 1228 system manager is compiled for). If
1229 running in user mode and this option
1230 is used,
1231 <varname>NoNewPrivileges=yes</varname>
1232 is implied. Note that setting this
1233 option to a non-empty list implies
1234 that <constant>native</constant> is
1235 included too. By default, this option
1236 is set to the empty list, i.e. no
1237 architecture system call filtering is
e9642be2 1238 applied.</para></listitem>
57183d11
LP		 1239 </varlistentry>
1240
4298d0b5
LP		 1241 <varlistentry>
1242 <term><varname>RestrictAddressFamilies=</varname></term>
1243
1244 <listitem><para>Restricts the set of
1245 socket address families accessible to
1246 the processes of this unit. Takes a
1247 space-separated list of address family
1248 names to whitelist, such as
1249 <constant>AF_UNIX</constant>,
1250 <constant>AF_INET</constant> or
1251 <constant>AF_INET6</constant>. When
1252 prefixed with <constant>~</constant>
1253 the listed address families will be
1254 applied as blacklist, otherwise as
1255 whitelist. Note that this restricts
1256 access to the
1257 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1258 system call only. Sockets passed into
1259 the process by other means (for
1260 example, by using socket activation
1261 with socket units, see
1262 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1263 are unaffected. Also, sockets created
1264 with <function>socketpair()</function>
1265 (which creates connected AF_UNIX
1266 sockets only) are unaffected. Note
1267 that this option has no effect on
70a44afe 1268 32-bit x86 and is ignored (but works
f513e420
LP		 1269 correctly on x86-64). If running in user
1270 mode and this option is used,
1271 <varname>NoNewPrivileges=yes</varname>
b8bde116 1272 is implied. By default, no
4298d0b5
LP		 1273 restriction applies, all address
1274 families are accessible to
1275 processes. If assigned the empty
b8bde116 1276 string, any previous list changes are
4298d0b5
LP		 1277 undone.</para>
1278
1279 <para>Use this option to limit
1280 exposure of processes to remote
1281 systems, in particular via exotic
1282 network protocols. Note that in most
b8bde116 1283 cases, the local
4298d0b5
LP		 1284 <constant>AF_UNIX</constant> address
1285 family should be included in the
1286 configured whitelist as it is
1287 frequently used for local
1288 communication, including for
1289 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1290 logging.</para></listitem>
1291 </varlistentry>
1292
ac45f971
LP		 1293 <varlistentry>
1294 <term><varname>Personality=</varname></term>
1295
1296 <listitem><para>Controls which
1297 kernel architecture
1298 <citerefentry><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1299 shall report, when invoked by unit
1300 processes. Takes one of
1301 <constant>x86</constant> and
1302 <constant>x86-64</constant>. This is
70a44afe 1303 useful when running 32-bit services on
b8bde116 1304 a 64-bit host system. If not specified,
ac45f971
LP		 1305 the personality is left unmodified and
1306 thus reflects the personality of the
1307 host system's
1308 kernel.</para></listitem>
1309 </varlistentry>
4298d0b5 1310
e66cf1a3
LP		 1311 <varlistentry>
1312 <term><varname>RuntimeDirectory=</varname></term>
1313 <term><varname>RuntimeDirectoryMode=</varname></term>
1314
1315 <listitem><para>Takes a list of
b8bde116 1316 directory names. If set, one or more
e66cf1a3
LP		 1317 directories by the specified names
1318 will be created below
1319 <filename>/run</filename> (for system
1320 services) or below
1321 <varname>$XDG_RUNTIME_DIR</varname>
1322 (for user services) when the unit is
b8bde116 1323 started, and removed when the unit is
e66cf1a3
LP		 1324 stopped. The directories will have the
1325 access mode specified in
1326 <varname>RuntimeDirectoryMode=</varname>,
1327 and will be owned by the user and
1328 group specified in
1329 <varname>User=</varname> and
1330 <varname>Group=</varname>. Use this to
1331 manage one or more runtime directories
1332 of the unit and bind their lifetime to
1333 the daemon runtime. The specified
1334 directory names must be relative, and
1335 may not include a
1336 <literal>/</literal>, i.e. must refer
1337 to simple directories to create or
1338 remove. This is particularly useful
f1721625 1339 for unprivileged daemons that cannot
e66cf1a3
LP		 1340 create runtime directories in
1341 <filename>/run</filename> due to lack
1342 of privileges, and to make sure the
1343 runtime directory is cleaned up
1344 automatically after use. For runtime
1345 directories that require more complex
1346 or different configuration or lifetime
1347 guarantees, please consider using
1348 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
1349 </varlistentry>
1350
dd1eb43b
LP		 1351 </variablelist>
1352 </refsect1>
1353
43638332
ZJS		 1354 <refsect1>
1355 <title>Environment variables in spawned processes</title>
1356
1357 <para>Processes started by the system are executed in
1358 a clean environment in which select variables
1359 listed below are set. System processes started by systemd
1360 do not inherit variables from PID 1, but processes
1361 started by user systemd instances inherit all
1362 environment variables from the user systemd instance.
1363 </para>
1364
1365 <variablelist class='environment-variables'>
1366 <varlistentry>
1367 <term><varname>$PATH</varname></term>
1368
1369 <listitem><para>Colon-separated list
1370 of directiories to use when launching
1371 executables. Systemd uses a fixed
1372 value of
1373 <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
1374 </para></listitem>
1375 </varlistentry>
1376
1377 <varlistentry>
1378 <term><varname>$LANG</varname></term>
1379
1380 <listitem><para>Locale. Can be set in
1381 <citerefentry><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1382 or on the kernel command line (see
1383 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1384 and
1385 <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
1386 </para></listitem>
1387 </varlistentry>
1388
1389 <varlistentry>
1390 <term><varname>$USER</varname></term>
59fccd82 1391 <term><varname>$LOGNAME</varname></term>
43638332 1392 <term><varname>$HOME</varname></term>
59fccd82 1393 <term><varname>$SHELL</varname></term>
43638332 1394
59fccd82
ZJS		 1395 <listitem><para>User name (twice), home
1396 directory, and the login shell.
72f4d966 1397 The variables are set for the units that
43638332
ZJS		 1398 have <varname>User=</varname> set,
1399 which includes user
1400 <command>systemd</command> instances.
1401 See
1402 <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1403 </para></listitem>
1404 </varlistentry>
1405
1406 <varlistentry>
1407 <term><varname>$XDG_RUNTIME_DIR</varname></term>
1408
1409 <listitem><para>The directory for volatile
1410 state. Set for the user <command>systemd</command>
1411 instance, and also in user sessions.
1412 See
1413 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
1414 </para></listitem>
1415 </varlistentry>
1416
1417 <varlistentry>
1418 <term><varname>$XDG_SESSION_ID</varname></term>
1419 <term><varname>$XDG_SEAT</varname></term>
1420 <term><varname>$XDG_VTNR</varname></term>
1421
1422 <listitem><para>The identifier of the
72f4d966 1423 session, the seat name, and
43638332
ZJS		 1424 virtual terminal of the session. Set
1425 by
1426 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
1427 for login sessions.
1428 <varname>$XDG_SEAT</varname> and
72f4d966
JE		 1429 <varname>$XDG_VTNR</varname> will
1430 only be set when attached to a seat and a
43638332
ZJS		 1431 tty.</para></listitem>
1432 </varlistentry>
1433
b67f562c
LP		 1434 <varlistentry>
1435 <term><varname>$MAINPID</varname></term>
1436
1437 <listitem><para>The PID of the units
1438 main process if it is known. This is
1439 only set for control processes as
1440 invoked by
1441 <varname>ExecReload=</varname> and
1442 similar. </para></listitem>
1443 </varlistentry>
1444
43638332
ZJS		 1445 <varlistentry>
1446 <term><varname>$MANAGERPID</varname></term>
1447
1448 <listitem><para>The PID of the user
1449 <command>systemd</command> instance,
1450 set for processes spawned by it.
1451 </para></listitem>
1452 </varlistentry>
1453
1454 <varlistentry>
1455 <term><varname>$LISTEN_FDS</varname></term>
1456 <term><varname>$LISTEN_PID</varname></term>
1457
1458 <listitem><para>Information about file
1459 descriptors passed to a service for
1460 socket activation. See
1461 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
1462 </para></listitem>
1463 </varlistentry>
59fccd82
ZJS		 1464
1465 <varlistentry>
1466 <term><varname>$TERM</varname></term>
1467
1468 <listitem><para>Terminal type, set
1469 only for units connected to a terminal
1470 (<varname>StandardInput=tty</varname>,
1471 <varname>StandardOutput=tty</varname>,
1472 or
1473 <varname>StandardError=tty</varname>).
1474 See
5aded369 1475 <citerefentry project='man-pages'><refentrytitle>termcap</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
59fccd82
ZJS		 1476 </para></listitem>
1477 </varlistentry>
43638332
ZJS		 1478 </variablelist>
1479
1480 <para>Additional variables may be configured by the
1481 following means: for processes spawned in specific
1482 units, use the <varname>Environment=</varname> and
1483 <varname>EnvironmentFile=</varname> options above; to
1484 specify variables globally, use
1485 <varname>DefaultEnvironment=</varname> (see
1486 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1487 or the kernel option
1488 <varname>systemd.setenv=</varname> (see
1489 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>). Additional
1490 variables may also be set through PAM,
5aded369 1491 cf. <citerefentry project='man-pages'><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
43638332
ZJS		 1492 </refsect1>
1493
dd1eb43b
LP		 1494 <refsect1>
1495 <title>See Also</title>
1496 <para>
f3e219a2 1497 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
dd1eb43b 1498 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
169c4f65 1499 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
dd1eb43b
LP		 1500 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1501 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1502 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
2292707d 1503 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
4819ff03 1504 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
9cc2c8b7 1505 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
3fde5f30 1506 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
43638332 1507 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
e66cf1a3 1508 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
5aded369 1509 <citerefentry project='man-pages'><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>
dd1eb43b
LP		 1510 </para>
1511 </refsect1>
1512
1513</refentry>
Unnamed repository; edit this file 'description' to name the repository.