]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.exec.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #288 from phomes/cgroup-util
[thirdparty/systemd.git] / man / systemd.exec.xml
CommitLineData
dd1eb43b 1<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
681eb9cf
FB		 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
3<!ENTITY % entities SYSTEM "custom-entities.ent" >
4%entities;
5]>
dd1eb43b
LP		 6
7<!--
8 This file is part of systemd.
9
10 Copyright 2010 Lennart Poettering
11
12 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 13 under the terms of the GNU Lesser General Public License as published by
14 the Free Software Foundation; either version 2.1 of the License, or
dd1eb43b
LP		 15 (at your option) any later version.
16
17 systemd is distributed in the hope that it will be useful, but
18 WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 20 Lesser General Public License for more details.
dd1eb43b 21
5430f7f2 22 You should have received a copy of the GNU Lesser General Public License
dd1eb43b
LP		 23 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24-->
25
26<refentry id="systemd.exec">
798d3a52
ZJS		 27 <refentryinfo>
28 <title>systemd.exec</title>
29 <productname>systemd</productname>
30
31 <authorgroup>
32 <author>
33 <contrib>Developer</contrib>
34 <firstname>Lennart</firstname>
35 <surname>Poettering</surname>
36 <email>lennart@poettering.net</email>
37 </author>
38 </authorgroup>
39 </refentryinfo>
40
41 <refmeta>
42 <refentrytitle>systemd.exec</refentrytitle>
43 <manvolnum>5</manvolnum>
44 </refmeta>
45
46 <refnamediv>
47 <refname>systemd.exec</refname>
48 <refpurpose>Execution environment configuration</refpurpose>
49 </refnamediv>
50
51 <refsynopsisdiv>
52 <para><filename><replaceable>service</replaceable>.service</filename>,
53 <filename><replaceable>socket</replaceable>.socket</filename>,
54 <filename><replaceable>mount</replaceable>.mount</filename>,
55 <filename><replaceable>swap</replaceable>.swap</filename></para>
56 </refsynopsisdiv>
57
58 <refsect1>
59 <title>Description</title>
60
61 <para>Unit configuration files for services, sockets, mount
62 points, and swap devices share a subset of configuration options
63 which define the execution environment of spawned
64 processes.</para>
65
66 <para>This man page lists the configuration options shared by
67 these four unit types. See
68 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
69 for the common options of all unit configuration files, and
70 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
71 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
72 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
73 and
74 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
75 for more information on the specific unit configuration files. The
76 execution specific configuration options are configured in the
77 [Service], [Socket], [Mount], or [Swap] sections, depending on the
78 unit type.</para>
79 </refsect1>
80
81 <refsect1>
82 <title>Options</title>
83
84 <variablelist class='unit-directives'>
85
86 <varlistentry>
87 <term><varname>WorkingDirectory=</varname></term>
88
89 <listitem><para>Takes an absolute directory path. Sets the
90 working directory for executed processes. If not set, defaults
91 to the root directory when systemd is running as a system
92 instance and the respective user's home directory if run as
93 user.</para></listitem>
94 </varlistentry>
95
96 <varlistentry>
97 <term><varname>RootDirectory=</varname></term>
98
99 <listitem><para>Takes an absolute directory path. Sets the
100 root directory for executed processes, with the
101 <citerefentry project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
102 system call. If this is used, it must be ensured that the
103 process and all its auxiliary files are available in the
104 <function>chroot()</function> jail.</para></listitem>
105 </varlistentry>
106
107 <varlistentry>
108 <term><varname>User=</varname></term>
109 <term><varname>Group=</varname></term>
110
111 <listitem><para>Sets the Unix user or group that the processes
112 are executed as, respectively. Takes a single user or group
113 name or ID as argument. If no group is set, the default group
114 of the user is chosen.</para></listitem>
115 </varlistentry>
116
117 <varlistentry>
118 <term><varname>SupplementaryGroups=</varname></term>
119
120 <listitem><para>Sets the supplementary Unix groups the
121 processes are executed as. This takes a space-separated list
122 of group names or IDs. This option may be specified more than
123 once in which case all listed groups are set as supplementary
124 groups. When the empty string is assigned the list of
125 supplementary groups is reset, and all assignments prior to
126 this one will have no effect. In any way, this option does not
127 override, but extends the list of supplementary groups
128 configured in the system group database for the
129 user.</para></listitem>
130 </varlistentry>
131
132 <varlistentry>
133 <term><varname>Nice=</varname></term>
134
135 <listitem><para>Sets the default nice level (scheduling
136 priority) for executed processes. Takes an integer between -20
137 (highest priority) and 19 (lowest priority). See
138 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
139 for details.</para></listitem>
140 </varlistentry>
141
142 <varlistentry>
143 <term><varname>OOMScoreAdjust=</varname></term>
144
145 <listitem><para>Sets the adjustment level for the
146 Out-Of-Memory killer for executed processes. Takes an integer
147 between -1000 (to disable OOM killing for this process) and
148 1000 (to make killing of this process under memory pressure
149 very likely). See <ulink
150 url="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
151 for details.</para></listitem>
152 </varlistentry>
153
154 <varlistentry>
155 <term><varname>IOSchedulingClass=</varname></term>
156
157 <listitem><para>Sets the IO scheduling class for executed
158 processes. Takes an integer between 0 and 3 or one of the
159 strings <option>none</option>, <option>realtime</option>,
160 <option>best-effort</option> or <option>idle</option>. See
161 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
162 for details.</para></listitem>
163 </varlistentry>
164
165 <varlistentry>
166 <term><varname>IOSchedulingPriority=</varname></term>
167
168 <listitem><para>Sets the IO scheduling priority for executed
169 processes. Takes an integer between 0 (highest priority) and 7
170 (lowest priority). The available priorities depend on the
171 selected IO scheduling class (see above). See
172 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
173 for details.</para></listitem>
174 </varlistentry>
175
176 <varlistentry>
177 <term><varname>CPUSchedulingPolicy=</varname></term>
178
179 <listitem><para>Sets the CPU scheduling policy for executed
180 processes. Takes one of
181 <option>other</option>,
182 <option>batch</option>,
183 <option>idle</option>,
184 <option>fifo</option> or
185 <option>rr</option>. See
186 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
187 for details.</para></listitem>
188 </varlistentry>
189
190 <varlistentry>
191 <term><varname>CPUSchedulingPriority=</varname></term>
192
193 <listitem><para>Sets the CPU scheduling priority for executed
194 processes. The available priority range depends on the
195 selected CPU scheduling policy (see above). For real-time
196 scheduling policies an integer between 1 (lowest priority) and
197 99 (highest priority) can be used. See
198 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
199 for details. </para></listitem>
200 </varlistentry>
201
202 <varlistentry>
203 <term><varname>CPUSchedulingResetOnFork=</varname></term>
204
205 <listitem><para>Takes a boolean argument. If true, elevated
206 CPU scheduling priorities and policies will be reset when the
207 executed processes fork, and can hence not leak into child
208 processes. See
209 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
210 for details. Defaults to false.</para></listitem>
211 </varlistentry>
212
213 <varlistentry>
214 <term><varname>CPUAffinity=</varname></term>
215
216 <listitem><para>Controls the CPU affinity of the executed
217 processes. Takes a space-separated list of CPU indices. This
218 option may be specified more than once in which case the
219 specified CPU affinity masks are merged. If the empty string
220 is assigned, the mask is reset, all assignments prior to this
221 will have no effect. See
222 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
223 for details.</para></listitem>
224 </varlistentry>
225
226 <varlistentry>
227 <term><varname>UMask=</varname></term>
228
229 <listitem><para>Controls the file mode creation mask. Takes an
230 access mode in octal notation. See
231 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
232 for details. Defaults to 0022.</para></listitem>
233 </varlistentry>
234
235 <varlistentry>
236 <term><varname>Environment=</varname></term>
237
238 <listitem><para>Sets environment variables for executed
239 processes. Takes a space-separated list of variable
240 assignments. This option may be specified more than once in
241 which case all listed variables will be set. If the same
242 variable is set twice, the later setting will override the
243 earlier setting. If the empty string is assigned to this
244 option, the list of environment variables is reset, all prior
245 assignments have no effect. Variable expansion is not
246 performed inside the strings, however, specifier expansion is
247 possible. The $ character has no special meaning. If you need
248 to assign a value containing spaces to a variable, use double
249 quotes (") for the assignment.</para>
250
251 <para>Example:
252 <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"</programlisting>
253 gives three variables <literal>VAR1</literal>,
254 <literal>VAR2</literal>, <literal>VAR3</literal>
255 with the values <literal>word1 word2</literal>,
256 <literal>word3</literal>, <literal>$word 5 6</literal>.
257 </para>
258
259 <para>
260 See
261 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
262 for details about environment variables.</para></listitem>
263 </varlistentry>
264 <varlistentry>
265 <term><varname>EnvironmentFile=</varname></term>
266 <listitem><para>Similar to <varname>Environment=</varname> but
267 reads the environment variables from a text file. The text
268 file should contain new-line-separated variable assignments.
269 Empty lines and lines starting with ; or # will be ignored,
270 which may be used for commenting. A line ending with a
271 backslash will be concatenated with the following one,
272 allowing multiline variable definitions. The parser strips
273 leading and trailing whitespace from the values of
274 assignments, unless you use double quotes (").</para>
275
276 <para>The argument passed should be an absolute filename or
277 wildcard expression, optionally prefixed with
278 <literal>-</literal>, which indicates that if the file does
279 not exist, it will not be read and no error or warning message
280 is logged. This option may be specified more than once in
281 which case all specified files are read. If the empty string
282 is assigned to this option, the list of file to read is reset,
283 all prior assignments have no effect.</para>
284
285 <para>The files listed with this directive will be read
286 shortly before the process is executed (more specifically,
287 after all processes from a previous unit state terminated.
288 This means you can generate these files in one unit state, and
f407824d
DH		 289 read it with this option in the next).</para>
290
291 <para>Settings from these
798d3a52
ZJS		 292 files override settings made with
293 <varname>Environment=</varname>. If the same variable is set
294 twice from these files, the files will be read in the order
295 they are specified and the later setting will override the
296 earlier setting.</para></listitem>
297 </varlistentry>
298
299 <varlistentry>
300 <term><varname>StandardInput=</varname></term>
301 <listitem><para>Controls where file descriptor 0 (STDIN) of
302 the executed processes is connected to. Takes one of
303 <option>null</option>,
304 <option>tty</option>,
305 <option>tty-force</option>,
306 <option>tty-fail</option> or
307 <option>socket</option>.</para>
308
309 <para>If <option>null</option> is selected, standard input
310 will be connected to <filename>/dev/null</filename>, i.e. all
311 read attempts by the process will result in immediate
312 EOF.</para>
313
314 <para>If <option>tty</option> is selected, standard input is
315 connected to a TTY (as configured by
316 <varname>TTYPath=</varname>, see below) and the executed
317 process becomes the controlling process of the terminal. If
318 the terminal is already being controlled by another process,
319 the executed process waits until the current controlling
320 process releases the terminal.</para>
321
322 <para><option>tty-force</option> is similar to
323 <option>tty</option>, but the executed process is forcefully
324 and immediately made the controlling process of the terminal,
325 potentially removing previous controlling processes from the
326 terminal.</para>
327
328 <para><option>tty-fail</option> is similar to
329 <option>tty</option> but if the terminal already has a
330 controlling process start-up of the executed process
331 fails.</para>
332
333 <para>The <option>socket</option> option is only valid in
334 socket-activated services, and only when the socket
335 configuration file (see
336 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
337 for details) specifies a single socket only. If this option is
338 set, standard input will be connected to the socket the
339 service was activated from, which is primarily useful for
340 compatibility with daemons designed for use with the
341 traditional
b5c7d097 342 <citerefentry project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
798d3a52
ZJS		 343 daemon.</para>
344
345 <para>This setting defaults to
346 <option>null</option>.</para></listitem>
347 </varlistentry>
348 <varlistentry>
349 <term><varname>StandardOutput=</varname></term>
350 <listitem><para>Controls where file descriptor 1 (STDOUT) of
351 the executed processes is connected to. Takes one of
352 <option>inherit</option>,
353 <option>null</option>,
354 <option>tty</option>,
355 <option>journal</option>,
356 <option>syslog</option>,
357 <option>kmsg</option>,
358 <option>journal+console</option>,
359 <option>syslog+console</option>,
360 <option>kmsg+console</option> or
361 <option>socket</option>.</para>
362
363 <para><option>inherit</option> duplicates the file descriptor
364 of standard input for standard output.</para>
365
366 <para><option>null</option> connects standard output to
367 <filename>/dev/null</filename>, i.e. everything written to it
368 will be lost.</para>
369
370 <para><option>tty</option> connects standard output to a tty
371 (as configured via <varname>TTYPath=</varname>, see below). If
372 the TTY is used for output only, the executed process will not
373 become the controlling process of the terminal, and will not
374 fail or wait for other processes to release the
375 terminal.</para>
376
377 <para><option>journal</option> connects standard output with
378 the journal which is accessible via
379 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
380 Note that everything that is written to syslog or kmsg (see
381 below) is implicitly stored in the journal as well, the
382 specific two options listed below are hence supersets of this
383 one.</para>
384
385 <para><option>syslog</option> connects standard output to the
386 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
387 system syslog service, in addition to the journal. Note that
388 the journal daemon is usually configured to forward everything
389 it receives to syslog anyway, in which case this option is no
390 different from <option>journal</option>.</para>
391
392 <para><option>kmsg</option> connects standard output with the
393 kernel log buffer which is accessible via
394 <citerefentry project='man-pages'><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
395 in addition to the journal. The journal daemon might be
396 configured to send all logs to kmsg anyway, in which case this
397 option is no different from <option>journal</option>.</para>
398
399 <para><option>journal+console</option>,
400 <option>syslog+console</option> and
401 <option>kmsg+console</option> work in a similar way as the
402 three options above but copy the output to the system console
403 as well.</para>
404
405 <para><option>socket</option> connects standard output to a
406 socket acquired via socket activation. The semantics are
407 similar to the same option of
408 <varname>StandardInput=</varname>.</para>
409
410 <para>This setting defaults to the value set with
411 <option>DefaultStandardOutput=</option> in
412 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
413 which defaults to <option>journal</option>.</para></listitem>
414 </varlistentry>
415 <varlistentry>
416 <term><varname>StandardError=</varname></term>
417 <listitem><para>Controls where file descriptor 2 (STDERR) of
418 the executed processes is connected to. The available options
419 are identical to those of <varname>StandardOutput=</varname>,
420 with one exception: if set to <option>inherit</option> the
421 file descriptor used for standard output is duplicated for
422 standard error. This setting defaults to the value set with
423 <option>DefaultStandardError=</option> in
424 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
425 which defaults to <option>inherit</option>.</para></listitem>
426 </varlistentry>
427 <varlistentry>
428 <term><varname>TTYPath=</varname></term>
429 <listitem><para>Sets the terminal device node to use if
430 standard input, output, or error are connected to a TTY (see
431 above). Defaults to
432 <filename>/dev/console</filename>.</para></listitem>
433 </varlistentry>
434 <varlistentry>
435 <term><varname>TTYReset=</varname></term>
436 <listitem><para>Reset the terminal device specified with
437 <varname>TTYPath=</varname> before and after execution.
438 Defaults to <literal>no</literal>.</para></listitem>
439 </varlistentry>
440 <varlistentry>
441 <term><varname>TTYVHangup=</varname></term>
442 <listitem><para>Disconnect all clients which have opened the
443 terminal device specified with <varname>TTYPath=</varname>
444 before and after execution. Defaults to
445 <literal>no</literal>.</para></listitem>
446 </varlistentry>
447 <varlistentry>
448 <term><varname>TTYVTDisallocate=</varname></term>
449 <listitem><para>If the terminal device specified with
450 <varname>TTYPath=</varname> is a virtual console terminal, try
451 to deallocate the TTY before and after execution. This ensures
452 that the screen and scrollback buffer is cleared. Defaults to
453 <literal>no</literal>.</para></listitem>
454 </varlistentry>
455 <varlistentry>
456 <term><varname>SyslogIdentifier=</varname></term>
457 <listitem><para>Sets the process name to prefix log lines sent
458 to the logging system or the kernel log buffer with. If not
459 set, defaults to the process name of the executed process.
460 This option is only useful when
461 <varname>StandardOutput=</varname> or
462 <varname>StandardError=</varname> are set to
463 <option>syslog</option>, <option>journal</option> or
464 <option>kmsg</option> (or to the same settings in combination
465 with <option>+console</option>).</para></listitem>
466 </varlistentry>
467 <varlistentry>
468 <term><varname>SyslogFacility=</varname></term>
469 <listitem><para>Sets the syslog facility to use when logging
470 to syslog. One of <option>kern</option>,
471 <option>user</option>, <option>mail</option>,
472 <option>daemon</option>, <option>auth</option>,
473 <option>syslog</option>, <option>lpr</option>,
474 <option>news</option>, <option>uucp</option>,
475 <option>cron</option>, <option>authpriv</option>,
476 <option>ftp</option>, <option>local0</option>,
477 <option>local1</option>, <option>local2</option>,
478 <option>local3</option>, <option>local4</option>,
479 <option>local5</option>, <option>local6</option> or
480 <option>local7</option>. See
481 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
482 for details. This option is only useful when
483 <varname>StandardOutput=</varname> or
484 <varname>StandardError=</varname> are set to
485 <option>syslog</option>. Defaults to
486 <option>daemon</option>.</para></listitem>
487 </varlistentry>
488 <varlistentry>
489 <term><varname>SyslogLevel=</varname></term>
490 <listitem><para>Default syslog level to use when logging to
491 syslog or the kernel log buffer. One of
492 <option>emerg</option>,
493 <option>alert</option>,
494 <option>crit</option>,
495 <option>err</option>,
496 <option>warning</option>,
497 <option>notice</option>,
498 <option>info</option>,
499 <option>debug</option>. See
500 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
501 for details. This option is only useful when
502 <varname>StandardOutput=</varname> or
503 <varname>StandardError=</varname> are set to
504 <option>syslog</option> or <option>kmsg</option>. Note that
505 individual lines output by the daemon might be prefixed with a
506 different log level which can be used to override the default
507 log level specified here. The interpretation of these prefixes
508 may be disabled with <varname>SyslogLevelPrefix=</varname>,
509 see below. For details see
510 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
511
512 Defaults to
513 <option>info</option>.</para></listitem>
514 </varlistentry>
515
516 <varlistentry>
517 <term><varname>SyslogLevelPrefix=</varname></term>
518 <listitem><para>Takes a boolean argument. If true and
519 <varname>StandardOutput=</varname> or
520 <varname>StandardError=</varname> are set to
521 <option>syslog</option>, <option>kmsg</option> or
522 <option>journal</option>, log lines written by the executed
523 process that are prefixed with a log level will be passed on
524 to syslog with this log level set but the prefix removed. If
525 set to false, the interpretation of these prefixes is disabled
526 and the logged lines are passed on as-is. For details about
527 this prefixing see
528 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
529 Defaults to true.</para></listitem>
530 </varlistentry>
531
532 <varlistentry>
533 <term><varname>TimerSlackNSec=</varname></term>
534 <listitem><para>Sets the timer slack in nanoseconds for the
535 executed processes. The timer slack controls the accuracy of
536 wake-ups triggered by timers. See
537 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
538 for more information. Note that in contrast to most other time
539 span definitions this parameter takes an integer value in
540 nano-seconds if no unit is specified. The usual time units are
541 understood too.</para></listitem>
542 </varlistentry>
543
544 <varlistentry>
545 <term><varname>LimitCPU=</varname></term>
546 <term><varname>LimitFSIZE=</varname></term>
547 <term><varname>LimitDATA=</varname></term>
548 <term><varname>LimitSTACK=</varname></term>
549 <term><varname>LimitCORE=</varname></term>
550 <term><varname>LimitRSS=</varname></term>
551 <term><varname>LimitNOFILE=</varname></term>
552 <term><varname>LimitAS=</varname></term>
553 <term><varname>LimitNPROC=</varname></term>
554 <term><varname>LimitMEMLOCK=</varname></term>
555 <term><varname>LimitLOCKS=</varname></term>
556 <term><varname>LimitSIGPENDING=</varname></term>
557 <term><varname>LimitMSGQUEUE=</varname></term>
558 <term><varname>LimitNICE=</varname></term>
559 <term><varname>LimitRTPRIO=</varname></term>
560 <term><varname>LimitRTTIME=</varname></term>
561 <listitem><para>These settings set both soft and hard limits
562 of various resources for executed processes. See
563 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
564 for details. Use the string <varname>infinity</varname> to
565 configure no limit on a specific resource.</para></listitem>
566
567 <table>
568 <title>Limit directives and their equivalent with ulimit</title>
569
570 <tgroup cols='2'>
571 <colspec colname='directive' />
572 <colspec colname='equivalent' />
573 <thead>
574 <row>
575 <entry>Directive</entry>
576 <entry>ulimit equivalent</entry>
577 </row>
578 </thead>
579 <tbody>
580 <row>
581 <entry>LimitCPU</entry>
582 <entry>ulimit -t</entry>
583 </row>
584 <row>
585 <entry>LimitFSIZE</entry>
586 <entry>ulimit -f</entry>
587 </row>
588 <row>
589 <entry>LimitDATA</entry>
590 <entry>ulimit -d</entry>
591 </row>
592 <row>
593 <entry>LimitSTACK</entry>
594 <entry>ulimit -s</entry>
595 </row>
596 <row>
597 <entry>LimitCORE</entry>
598 <entry>ulimit -c</entry>
599 </row>
600 <row>
601 <entry>LimitRSS</entry>
602 <entry>ulimit -m</entry>
603 </row>
604 <row>
605 <entry>LimitNOFILE</entry>
606 <entry>ulimit -n</entry>
607 </row>
608 <row>
609 <entry>LimitAS</entry>
610 <entry>ulimit -v</entry>
611 </row>
612 <row>
613 <entry>LimitNPROC</entry>
614 <entry>ulimit -u</entry>
615 </row>
616 <row>
617 <entry>LimitMEMLOCK</entry>
618 <entry>ulimit -l</entry>
619 </row>
620 <row>
621 <entry>LimitLOCKS</entry>
622 <entry>ulimit -x</entry>
623 </row>
624 <row>
625 <entry>LimitSIGPENDING</entry>
626 <entry>ulimit -i</entry>
627 </row>
628 <row>
629 <entry>LimitMSGQUEUE</entry>
630 <entry>ulimit -q</entry>
631 </row>
632 <row>
633 <entry>LimitNICE</entry>
634 <entry>ulimit -e</entry>
635 </row>
636 <row>
637 <entry>LimitRTPRIO</entry>
638 <entry>ulimit -r</entry>
639 </row>
640 <row>
641 <entry>LimitRTTIME</entry>
642 <entry>No equivalent</entry>
643 </row>
644 </tbody>
645 </tgroup>
646 </table>
647 </varlistentry>
648
649 <varlistentry>
650 <term><varname>PAMName=</varname></term>
651 <listitem><para>Sets the PAM service name to set up a session
652 as. If set, the executed process will be registered as a PAM
653 session under the specified service name. This is only useful
654 in conjunction with the <varname>User=</varname> setting. If
655 not set, no PAM session will be opened for the executed
656 processes. See
657 <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
658 for details.</para></listitem>
659 </varlistentry>
660
661 <varlistentry>
662 <term><varname>CapabilityBoundingSet=</varname></term>
663
664 <listitem><para>Controls which capabilities to include in the
665 capability bounding set for the executed process. See
666 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
667 for details. Takes a whitespace-separated list of capability
668 names as read by
3ba3a79d 669 <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
798d3a52
ZJS		 670 e.g. <constant>CAP_SYS_ADMIN</constant>,
671 <constant>CAP_DAC_OVERRIDE</constant>,
672 <constant>CAP_SYS_PTRACE</constant>. Capabilities listed will
673 be included in the bounding set, all others are removed. If
674 the list of capabilities is prefixed with
675 <literal>~</literal>, all but the listed capabilities will be
676 included, the effect of the assignment inverted. Note that
677 this option also affects the respective capabilities in the
678 effective, permitted and inheritable capability sets, on top
679 of what <varname>Capabilities=</varname> does. If this option
680 is not used, the capability bounding set is not modified on
681 process execution, hence no limits on the capabilities of the
682 process are enforced. This option may appear more than once in
683 which case the bounding sets are merged. If the empty string
684 is assigned to this option, the bounding set is reset to the
685 empty capability set, and all prior settings have no effect.
686 If set to <literal>~</literal> (without any further argument),
687 the bounding set is reset to the full set of available
688 capabilities, also undoing any previous
689 settings.</para></listitem>
690 </varlistentry>
691
692 <varlistentry>
693 <term><varname>SecureBits=</varname></term>
694 <listitem><para>Controls the secure bits set for the executed
695 process. Takes a space-separated combination of options from
696 the following list:
697 <option>keep-caps</option>,
698 <option>keep-caps-locked</option>,
699 <option>no-setuid-fixup</option>,
700 <option>no-setuid-fixup-locked</option>,
701 <option>noroot</option>, and
702 <option>noroot-locked</option>.
703 This option may appear more than once in which case the secure
704 bits are ORed. If the empty string is assigned to this option,
705 the bits are reset to 0. See
706 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
707 for details.</para></listitem>
708 </varlistentry>
709
710 <varlistentry>
711 <term><varname>Capabilities=</varname></term>
712 <listitem><para>Controls the
713 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
714 set for the executed process. Take a capability string
715 describing the effective, permitted and inherited capability
716 sets as documented in
3ba3a79d 717 <citerefentry project='mankier'><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a52
ZJS		 718 Note that these capability sets are usually influenced (and
719 filtered) by the capabilities attached to the executed file.
720 Due to that <varname>CapabilityBoundingSet=</varname> is
721 probably a much more useful setting.</para></listitem>
722 </varlistentry>
723
724 <varlistentry>
725 <term><varname>ReadWriteDirectories=</varname></term>
726 <term><varname>ReadOnlyDirectories=</varname></term>
727 <term><varname>InaccessibleDirectories=</varname></term>
728
729 <listitem><para>Sets up a new file system namespace for
730 executed processes. These options may be used to limit access
731 a process might have to the main file system hierarchy. Each
732 setting takes a space-separated list of absolute directory
733 paths. Directories listed in
734 <varname>ReadWriteDirectories=</varname> are accessible from
735 within the namespace with the same access rights as from
736 outside. Directories listed in
737 <varname>ReadOnlyDirectories=</varname> are accessible for
738 reading only, writing will be refused even if the usual file
739 access controls would permit this. Directories listed in
740 <varname>InaccessibleDirectories=</varname> will be made
741 inaccessible for processes inside the namespace. Note that
742 restricting access with these options does not extend to
743 submounts of a directory that are created later on. These
744 options may be specified more than once in which case all
745 directories listed will have limited access from within the
746 namespace. If the empty string is assigned to this option, the
747 specific list is reset, and all prior assignments have no
748 effect.</para>
749 <para>Paths in
750 <varname>ReadOnlyDirectories=</varname>
751 and
752 <varname>InaccessibleDirectories=</varname>
753 may be prefixed with
754 <literal>-</literal>, in which case
755 they will be ignored when they do not
756 exist. Note that using this
757 setting will disconnect propagation of
758 mounts from the service to the host
759 (propagation in the opposite direction
760 continues to work). This means that
761 this setting may not be used for
762 services which shall be able to
763 install mount points in the main mount
764 namespace.</para></listitem>
765 </varlistentry>
766
767 <varlistentry>
768 <term><varname>PrivateTmp=</varname></term>
769
770 <listitem><para>Takes a boolean argument. If true, sets up a
771 new file system namespace for the executed processes and
772 mounts private <filename>/tmp</filename> and
773 <filename>/var/tmp</filename> directories inside it that is
774 not shared by processes outside of the namespace. This is
775 useful to secure access to temporary files of the process, but
776 makes sharing between processes via <filename>/tmp</filename>
777 or <filename>/var/tmp</filename> impossible. If this is
778 enabled, all temporary files created by a service in these
779 directories will be removed after the service is stopped.
780 Defaults to false. It is possible to run two or more units
781 within the same private <filename>/tmp</filename> and
782 <filename>/var/tmp</filename> namespace by using the
783 <varname>JoinsNamespaceOf=</varname> directive, see
784 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
785 for details. Note that using this setting will disconnect
786 propagation of mounts from the service to the host
787 (propagation in the opposite direction continues to work).
788 This means that this setting may not be used for services
789 which shall be able to install mount points in the main mount
790 namespace.</para></listitem>
791 </varlistentry>
792
793 <varlistentry>
794 <term><varname>PrivateDevices=</varname></term>
795
796 <listitem><para>Takes a boolean argument. If true, sets up a
797 new /dev namespace for the executed processes and only adds
798 API pseudo devices such as <filename>/dev/null</filename>,
799 <filename>/dev/zero</filename> or
800 <filename>/dev/random</filename> (as well as the pseudo TTY
801 subsystem) to it, but no physical devices such as
802 <filename>/dev/sda</filename>. This is useful to securely turn
803 off physical device access by the executed process. Defaults
804 to false. Enabling this option will also remove
805 <constant>CAP_MKNOD</constant> from the capability bounding
806 set for the unit (see above), and set
807 <varname>DevicePolicy=closed</varname> (see
808 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
809 for details). Note that using this setting will disconnect
810 propagation of mounts from the service to the host
811 (propagation in the opposite direction continues to work).
812 This means that this setting may not be used for services
813 which shall be able to install mount points in the main mount
814 namespace.</para></listitem>
815 </varlistentry>
816
817 <varlistentry>
818 <term><varname>PrivateNetwork=</varname></term>
819
820 <listitem><para>Takes a boolean argument. If true, sets up a
821 new network namespace for the executed processes and
822 configures only the loopback network device
823 <literal>lo</literal> inside it. No other network devices will
824 be available to the executed process. This is useful to
825 securely turn off network access by the executed process.
826 Defaults to false. It is possible to run two or more units
827 within the same private network namespace by using the
828 <varname>JoinsNamespaceOf=</varname> directive, see
829 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
830 for details. Note that this option will disconnect all socket
831 families from the host, this includes AF_NETLINK and AF_UNIX.
832 The latter has the effect that AF_UNIX sockets in the abstract
833 socket namespace will become unavailable to the processes
834 (however, those located in the file system will continue to be
835 accessible).</para></listitem>
836 </varlistentry>
837
838 <varlistentry>
839 <term><varname>ProtectSystem=</varname></term>
840
841 <listitem><para>Takes a boolean argument or
842 <literal>full</literal>. If true, mounts the
843 <filename>/usr</filename> and <filename>/boot</filename>
844 directories read-only for processes invoked by this unit. If
845 set to <literal>full</literal>, the <filename>/etc</filename>
846 directory is mounted read-only, too. This setting ensures that
847 any modification of the vendor supplied operating system (and
848 optionally its configuration) is prohibited for the service.
849 It is recommended to enable this setting for all long-running
850 services, unless they are involved with system updates or need
851 to modify the operating system in other ways. Note however
852 that processes retaining the CAP_SYS_ADMIN capability can undo
853 the effect of this setting. This setting is hence particularly
854 useful for daemons which have this capability removed, for
855 example with <varname>CapabilityBoundingSet=</varname>.
856 Defaults to off.</para></listitem>
857 </varlistentry>
858
859 <varlistentry>
860 <term><varname>ProtectHome=</varname></term>
861
862 <listitem><para>Takes a boolean argument or
863 <literal>read-only</literal>. If true, the directories
864 <filename>/home</filename> and <filename>/run/user</filename>
865 are made inaccessible and empty for processes invoked by this
866 unit. If set to <literal>read-only</literal>, the two
867 directories are made read-only instead. It is recommended to
868 enable this setting for all long-running services (in
869 particular network-facing ones), to ensure they cannot get
870 access to private user data, unless the services actually
871 require access to the user's private data. Note however that
872 processes retaining the CAP_SYS_ADMIN capability can undo the
873 effect of this setting. This setting is hence particularly
874 useful for daemons which have this capability removed, for
875 example with <varname>CapabilityBoundingSet=</varname>.
876 Defaults to off.</para></listitem>
877 </varlistentry>
878
879 <varlistentry>
880 <term><varname>MountFlags=</varname></term>
881
882 <listitem><para>Takes a mount propagation flag:
883 <option>shared</option>, <option>slave</option> or
884 <option>private</option>, which control whether mounts in the
885 file system namespace set up for this unit's processes will
886 receive or propagate mounts or unmounts. See
3ba3a79d 887 <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 888 for details. Defaults to <option>shared</option>. Use
889 <option>shared</option> to ensure that mounts and unmounts are
890 propagated from the host to the container and vice versa. Use
891 <option>slave</option> to run processes so that none of their
892 mounts and unmounts will propagate to the host. Use
893 <option>private</option> to also ensure that no mounts and
894 unmounts from the host will propagate into the unit processes'
895 namespace. Note that <option>slave</option> means that file
896 systems mounted on the host might stay mounted continuously in
897 the unit's namespace, and thus keep the device busy. Note that
898 the file system namespace related options
899 (<varname>PrivateTmp=</varname>,
900 <varname>PrivateDevices=</varname>,
901 <varname>ProtectSystem=</varname>,
902 <varname>ProtectHome=</varname>,
903 <varname>ReadOnlyDirectories=</varname>,
904 <varname>InaccessibleDirectories=</varname> and
905 <varname>ReadWriteDirectories=</varname>) require that mount
906 and unmount propagation from the unit's file system namespace
907 is disabled, and hence downgrade <option>shared</option> to
908 <option>slave</option>. </para></listitem>
909 </varlistentry>
910
911 <varlistentry>
912 <term><varname>UtmpIdentifier=</varname></term>
913
914 <listitem><para>Takes a four character identifier string for
915 an utmp/wtmp entry for this service. This should only be set
916 for services such as <command>getty</command> implementations
917 where utmp/wtmp entries must be created and cleared before and
918 after execution. If the configured string is longer than four
919 characters, it is truncated and the terminal four characters
920 are used. This setting interprets %I style string
921 replacements. This setting is unset by default, i.e. no
922 utmp/wtmp entries are created or cleaned up for this
923 service.</para></listitem>
924 </varlistentry>
925
926 <varlistentry>
927 <term><varname>SELinuxContext=</varname></term>
928
929 <listitem><para>Set the SELinux security context of the
930 executed process. If set, this will override the automated
931 domain transition. However, the policy still needs to
932 authorize the transition. This directive is ignored if SELinux
933 is disabled. If prefixed by <literal>-</literal>, all errors
934 will be ignored. See
3ba3a79d 935 <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a52
ZJS		 936 for details.</para></listitem>
937 </varlistentry>
938
939 <varlistentry>
940 <term><varname>AppArmorProfile=</varname></term>
941
942 <listitem><para>Takes a profile name as argument. The process
943 executed by the unit will switch to this profile when started.
944 Profiles must already be loaded in the kernel, or the unit
945 will fail. This result in a non operation if AppArmor is not
946 enabled. If prefixed by <literal>-</literal>, all errors will
947 be ignored. </para></listitem>
948 </varlistentry>
949
950 <varlistentry>
951 <term><varname>SmackProcessLabel=</varname></term>
952
953 <listitem><para>Takes a <option>SMACK64</option> security
954 label as argument. The process executed by the unit will be
955 started under this label and SMACK will decide whether the
956 processes is allowed to run or not based on it. The process
957 will continue to run under the label specified here unless the
958 executable has its own <option>SMACK64EXEC</option> label, in
959 which case the process will transition to run under that
960 label. When not specified, the label that systemd is running
961 under is used. This directive is ignored if SMACK is
962 disabled.</para>
963
964 <para>The value may be prefixed by <literal>-</literal>, in
965 which case all errors will be ignored. An empty value may be
966 specified to unset previous assignments.</para>
967 </listitem>
968 </varlistentry>
969
970 <varlistentry>
971 <term><varname>IgnoreSIGPIPE=</varname></term>
972
973 <listitem><para>Takes a boolean argument. If true, causes
974 <constant>SIGPIPE</constant> to be ignored in the executed
975 process. Defaults to true because <constant>SIGPIPE</constant>
976 generally is useful only in shell pipelines.</para></listitem>
977 </varlistentry>
978
979 <varlistentry>
980 <term><varname>NoNewPrivileges=</varname></term>
981
982 <listitem><para>Takes a boolean argument. If true, ensures
983 that the service process and all its children can never gain
984 new privileges. This option is more powerful than the
985 respective secure bits flags (see above), as it also prohibits
986 UID changes of any kind. This is the simplest, most effective
987 way to ensure that a process and its children can never
988 elevate privileges again.</para></listitem>
989 </varlistentry>
990
991 <varlistentry>
992 <term><varname>SystemCallFilter=</varname></term>
993
994 <listitem><para>Takes a space-separated list of system call
995 names. If this setting is used, all system calls executed by
996 the unit processes except for the listed ones will result in
997 immediate process termination with the
998 <constant>SIGSYS</constant> signal (whitelisting). If the
999 first character of the list is <literal>~</literal>, the
1000 effect is inverted: only the listed system calls will result
1001 in immediate process termination (blacklisting). If running in
1002 user mode and this option is used,
1003 <varname>NoNewPrivileges=yes</varname> is implied. This
1004 feature makes use of the Secure Computing Mode 2 interfaces of
1005 the kernel ('seccomp filtering') and is useful for enforcing a
1006 minimal sandboxing environment. Note that the
1007 <function>execve</function>,
1008 <function>rt_sigreturn</function>,
1009 <function>sigreturn</function>,
1010 <function>exit_group</function>, <function>exit</function>
1011 system calls are implicitly whitelisted and do not need to be
1012 listed explicitly. This option may be specified more than once
1013 in which case the filter masks are merged. If the empty string
1014 is assigned, the filter is reset, all prior assignments will
1015 have no effect.</para>
1016
1017 <para>If you specify both types of this option (i.e.
1018 whitelisting and blacklisting), the first encountered will
1019 take precedence and will dictate the default action
1020 (termination or approval of a system call). Then the next
1021 occurrences of this option will add or delete the listed
1022 system calls from the set of the filtered system calls,
1023 depending of its type and the default action. (For example, if
1024 you have started with a whitelisting of
1025 <function>read</function> and <function>write</function>, and
1026 right after it add a blacklisting of
1027 <function>write</function>, then <function>write</function>
1028 will be removed from the set.) </para></listitem>
1029 </varlistentry>
1030
1031 <varlistentry>
1032 <term><varname>SystemCallErrorNumber=</varname></term>
1033
1034 <listitem><para>Takes an <literal>errno</literal> error number
1035 name to return when the system call filter configured with
1036 <varname>SystemCallFilter=</varname> is triggered, instead of
1037 terminating the process immediately. Takes an error name such
1038 as <constant>EPERM</constant>, <constant>EACCES</constant> or
1039 <constant>EUCLEAN</constant>. When this setting is not used,
1040 or when the empty string is assigned, the process will be
1041 terminated immediately when the filter is
1042 triggered.</para></listitem>
1043 </varlistentry>
1044
1045 <varlistentry>
1046 <term><varname>SystemCallArchitectures=</varname></term>
1047
1048 <listitem><para>Takes a space separated list of architecture
1049 identifiers to include in the system call filter. The known
1050 architecture identifiers are <constant>x86</constant>,
1051 <constant>x86-64</constant>, <constant>x32</constant>,
1052 <constant>arm</constant> as well as the special identifier
1053 <constant>native</constant>. Only system calls of the
1054 specified architectures will be permitted to processes of this
1055 unit. This is an effective way to disable compatibility with
1056 non-native architectures for processes, for example to
1057 prohibit execution of 32-bit x86 binaries on 64-bit x86-64
1058 systems. The special <constant>native</constant> identifier
1059 implicitly maps to the native architecture of the system (or
1060 more strictly: to the architecture the system manager is
1061 compiled for). If running in user mode and this option is
1062 used, <varname>NoNewPrivileges=yes</varname> is implied. Note
1063 that setting this option to a non-empty list implies that
1064 <constant>native</constant> is included too. By default, this
1065 option is set to the empty list, i.e. no architecture system
1066 call filtering is applied.</para></listitem>
1067 </varlistentry>
1068
1069 <varlistentry>
1070 <term><varname>RestrictAddressFamilies=</varname></term>
1071
1072 <listitem><para>Restricts the set of socket address families
1073 accessible to the processes of this unit. Takes a
1074 space-separated list of address family names to whitelist,
1075 such as
1076 <constant>AF_UNIX</constant>,
1077 <constant>AF_INET</constant> or
1078 <constant>AF_INET6</constant>. When
1079 prefixed with <constant>~</constant> the listed address
1080 families will be applied as blacklist, otherwise as whitelist.
1081 Note that this restricts access to the
3ba3a79d 1082 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 1083 system call only. Sockets passed into the process by other
1084 means (for example, by using socket activation with socket
1085 units, see
1086 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1087 are unaffected. Also, sockets created with
1088 <function>socketpair()</function> (which creates connected
1089 AF_UNIX sockets only) are unaffected. Note that this option
1090 has no effect on 32-bit x86 and is ignored (but works
1091 correctly on x86-64). If running in user mode and this option
1092 is used, <varname>NoNewPrivileges=yes</varname> is implied. By
1093 default, no restriction applies, all address families are
1094 accessible to processes. If assigned the empty string, any
1095 previous list changes are undone.</para>
1096
1097 <para>Use this option to limit exposure of processes to remote
1098 systems, in particular via exotic network protocols. Note that
1099 in most cases, the local <constant>AF_UNIX</constant> address
1100 family should be included in the configured whitelist as it is
1101 frequently used for local communication, including for
1102 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1103 logging.</para></listitem>
1104 </varlistentry>
1105
1106 <varlistentry>
1107 <term><varname>Personality=</varname></term>
1108
1109 <listitem><para>Controls which kernel architecture
3ba3a79d 1110 <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 1111 shall report, when invoked by unit processes. Takes one of
1112 <constant>x86</constant> and <constant>x86-64</constant>. This
1113 is useful when running 32-bit services on a 64-bit host
1114 system. If not specified, the personality is left unmodified
1115 and thus reflects the personality of the host system's
1116 kernel.</para></listitem>
1117 </varlistentry>
1118
1119 <varlistentry>
1120 <term><varname>RuntimeDirectory=</varname></term>
1121 <term><varname>RuntimeDirectoryMode=</varname></term>
1122
1123 <listitem><para>Takes a list of directory names. If set, one
1124 or more directories by the specified names will be created
1125 below <filename>/run</filename> (for system services) or below
1126 <varname>$XDG_RUNTIME_DIR</varname> (for user services) when
1127 the unit is started, and removed when the unit is stopped. The
1128 directories will have the access mode specified in
1129 <varname>RuntimeDirectoryMode=</varname>, and will be owned by
1130 the user and group specified in <varname>User=</varname> and
1131 <varname>Group=</varname>. Use this to manage one or more
1132 runtime directories of the unit and bind their lifetime to the
1133 daemon runtime. The specified directory names must be
1134 relative, and may not include a <literal>/</literal>, i.e.
1135 must refer to simple directories to create or remove. This is
1136 particularly useful for unprivileged daemons that cannot
1137 create runtime directories in <filename>/run</filename> due to
1138 lack of privileges, and to make sure the runtime directory is
1139 cleaned up automatically after use. For runtime directories
1140 that require more complex or different configuration or
1141 lifetime guarantees, please consider using
1142 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
1143 </varlistentry>
1144
1145 </variablelist>
1146 </refsect1>
1147
1148 <refsect1>
1149 <title>Environment variables in spawned processes</title>
1150
1151 <para>Processes started by the system are executed in a clean
1152 environment in which select variables listed below are set. System
1153 processes started by systemd do not inherit variables from PID 1,
1154 but processes started by user systemd instances inherit all
1155 environment variables from the user systemd instance.
1156 </para>
1157
1158 <variablelist class='environment-variables'>
1159 <varlistentry>
1160 <term><varname>$PATH</varname></term>
1161
1162 <listitem><para>Colon-separated list of directories to use
1163 when launching executables. Systemd uses a fixed value of
1164 <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
1165 </para></listitem>
1166 </varlistentry>
1167
1168 <varlistentry>
1169 <term><varname>$LANG</varname></term>
1170
1171 <listitem><para>Locale. Can be set in
3ba3a79d 1172 <citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a52
ZJS		 1173 or on the kernel command line (see
1174 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1175 and
1176 <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
1177 </para></listitem>
1178 </varlistentry>
1179
1180 <varlistentry>
1181 <term><varname>$USER</varname></term>
1182 <term><varname>$LOGNAME</varname></term>
1183 <term><varname>$HOME</varname></term>
1184 <term><varname>$SHELL</varname></term>
1185
1186 <listitem><para>User name (twice), home directory, and the
1187 login shell. The variables are set for the units that have
1188 <varname>User=</varname> set, which includes user
1189 <command>systemd</command> instances. See
3ba3a79d 1190 <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
798d3a52
ZJS		 1191 </para></listitem>
1192 </varlistentry>
1193
1194 <varlistentry>
1195 <term><varname>$XDG_RUNTIME_DIR</varname></term>
1196
1197 <listitem><para>The directory for volatile state. Set for the
1198 user <command>systemd</command> instance, and also in user
1199 sessions. See
1200 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
1201 </para></listitem>
1202 </varlistentry>
1203
1204 <varlistentry>
1205 <term><varname>$XDG_SESSION_ID</varname></term>
1206 <term><varname>$XDG_SEAT</varname></term>
1207 <term><varname>$XDG_VTNR</varname></term>
1208
1209 <listitem><para>The identifier of the session, the seat name,
1210 and virtual terminal of the session. Set by
1211 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
1212 for login sessions. <varname>$XDG_SEAT</varname> and
1213 <varname>$XDG_VTNR</varname> will only be set when attached to
1214 a seat and a tty.</para></listitem>
1215 </varlistentry>
1216
1217 <varlistentry>
1218 <term><varname>$MAINPID</varname></term>
1219
1220 <listitem><para>The PID of the units main process if it is
1221 known. This is only set for control processes as invoked by
1222 <varname>ExecReload=</varname> and similar. </para></listitem>
1223 </varlistentry>
1224
1225 <varlistentry>
1226 <term><varname>$MANAGERPID</varname></term>
1227
1228 <listitem><para>The PID of the user <command>systemd</command>
1229 instance, set for processes spawned by it. </para></listitem>
1230 </varlistentry>
1231
1232 <varlistentry>
1233 <term><varname>$LISTEN_FDS</varname></term>
1234 <term><varname>$LISTEN_PID</varname></term>
1235
1236 <listitem><para>Information about file descriptors passed to a
1237 service for socket activation. See
1238 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
1239 </para></listitem>
1240 </varlistentry>
1241
1242 <varlistentry>
1243 <term><varname>$TERM</varname></term>
1244
1245 <listitem><para>Terminal type, set only for units connected to
1246 a terminal (<varname>StandardInput=tty</varname>,
1247 <varname>StandardOutput=tty</varname>, or
1248 <varname>StandardError=tty</varname>). See
1249 <citerefentry project='man-pages'><refentrytitle>termcap</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1250 </para></listitem>
1251 </varlistentry>
1252 </variablelist>
1253
1254 <para>Additional variables may be configured by the following
1255 means: for processes spawned in specific units, use the
1256 <varname>Environment=</varname> and
1257 <varname>EnvironmentFile=</varname> options above; to specify
1258 variables globally, use <varname>DefaultEnvironment=</varname>
1259 (see
1260 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1261 or the kernel option <varname>systemd.setenv=</varname> (see
1262 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
1263 Additional variables may also be set through PAM,
1264 cf. <citerefentry project='man-pages'><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
1265 </refsect1>
1266
1267 <refsect1>
1268 <title>See Also</title>
1269 <para>
1270 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1271 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1272 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1273 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1274 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1275 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1276 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1277 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1278 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1279 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1280 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
1281 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1282 <citerefentry project='man-pages'><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1283 </para>
1284 </refsect1>
dd1eb43b
LP		 1285
1286</refentry>
Unnamed repository; edit this file 'description' to name the repository.