]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.exec.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
core: drop spurious new line
[thirdparty/systemd.git] / man / systemd.exec.xml
CommitLineData
023a4f67 1<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
dd1eb43b 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
dd1eb43b
LP		 4
5<!--
6 This file is part of systemd.
7
8 Copyright 2010 Lennart Poettering
9
10 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
dd1eb43b
LP		 13 (at your option) any later version.
14
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 18 Lesser General Public License for more details.
dd1eb43b 19
5430f7f2 20 You should have received a copy of the GNU Lesser General Public License
dd1eb43b
LP		 21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22-->
23
24<refentry id="systemd.exec">
798d3a52
ZJS		 25 <refentryinfo>
26 <title>systemd.exec</title>
27 <productname>systemd</productname>
28
29 <authorgroup>
30 <author>
31 <contrib>Developer</contrib>
32 <firstname>Lennart</firstname>
33 <surname>Poettering</surname>
34 <email>lennart@poettering.net</email>
35 </author>
36 </authorgroup>
37 </refentryinfo>
38
39 <refmeta>
40 <refentrytitle>systemd.exec</refentrytitle>
41 <manvolnum>5</manvolnum>
42 </refmeta>
43
44 <refnamediv>
45 <refname>systemd.exec</refname>
46 <refpurpose>Execution environment configuration</refpurpose>
47 </refnamediv>
48
49 <refsynopsisdiv>
50 <para><filename><replaceable>service</replaceable>.service</filename>,
51 <filename><replaceable>socket</replaceable>.socket</filename>,
52 <filename><replaceable>mount</replaceable>.mount</filename>,
53 <filename><replaceable>swap</replaceable>.swap</filename></para>
54 </refsynopsisdiv>
55
56 <refsect1>
57 <title>Description</title>
58
59 <para>Unit configuration files for services, sockets, mount
60 points, and swap devices share a subset of configuration options
61 which define the execution environment of spawned
62 processes.</para>
63
64 <para>This man page lists the configuration options shared by
65 these four unit types. See
66 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
67 for the common options of all unit configuration files, and
68 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
69 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
70 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
71 and
72 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
73 for more information on the specific unit configuration files. The
74 execution specific configuration options are configured in the
75 [Service], [Socket], [Mount], or [Swap] sections, depending on the
76 unit type.</para>
77 </refsect1>
78
79 <refsect1>
80 <title>Options</title>
81
82 <variablelist class='unit-directives'>
83
84 <varlistentry>
85 <term><varname>WorkingDirectory=</varname></term>
86
87 <listitem><para>Takes an absolute directory path. Sets the
88 working directory for executed processes. If not set, defaults
89 to the root directory when systemd is running as a system
90 instance and the respective user's home directory if run as
91 user.</para></listitem>
92 </varlistentry>
93
94 <varlistentry>
95 <term><varname>RootDirectory=</varname></term>
96
97 <listitem><para>Takes an absolute directory path. Sets the
98 root directory for executed processes, with the
99 <citerefentry project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
100 system call. If this is used, it must be ensured that the
101 process and all its auxiliary files are available in the
102 <function>chroot()</function> jail.</para></listitem>
103 </varlistentry>
104
105 <varlistentry>
106 <term><varname>User=</varname></term>
107 <term><varname>Group=</varname></term>
108
109 <listitem><para>Sets the Unix user or group that the processes
110 are executed as, respectively. Takes a single user or group
111 name or ID as argument. If no group is set, the default group
112 of the user is chosen.</para></listitem>
113 </varlistentry>
114
115 <varlistentry>
116 <term><varname>SupplementaryGroups=</varname></term>
117
118 <listitem><para>Sets the supplementary Unix groups the
119 processes are executed as. This takes a space-separated list
120 of group names or IDs. This option may be specified more than
121 once in which case all listed groups are set as supplementary
122 groups. When the empty string is assigned the list of
123 supplementary groups is reset, and all assignments prior to
124 this one will have no effect. In any way, this option does not
125 override, but extends the list of supplementary groups
126 configured in the system group database for the
127 user.</para></listitem>
128 </varlistentry>
129
130 <varlistentry>
131 <term><varname>Nice=</varname></term>
132
133 <listitem><para>Sets the default nice level (scheduling
134 priority) for executed processes. Takes an integer between -20
135 (highest priority) and 19 (lowest priority). See
136 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
137 for details.</para></listitem>
138 </varlistentry>
139
140 <varlistentry>
141 <term><varname>OOMScoreAdjust=</varname></term>
142
143 <listitem><para>Sets the adjustment level for the
144 Out-Of-Memory killer for executed processes. Takes an integer
145 between -1000 (to disable OOM killing for this process) and
146 1000 (to make killing of this process under memory pressure
147 very likely). See <ulink
148 url="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
149 for details.</para></listitem>
150 </varlistentry>
151
152 <varlistentry>
153 <term><varname>IOSchedulingClass=</varname></term>
154
155 <listitem><para>Sets the IO scheduling class for executed
156 processes. Takes an integer between 0 and 3 or one of the
157 strings <option>none</option>, <option>realtime</option>,
158 <option>best-effort</option> or <option>idle</option>. See
159 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
160 for details.</para></listitem>
161 </varlistentry>
162
163 <varlistentry>
164 <term><varname>IOSchedulingPriority=</varname></term>
165
166 <listitem><para>Sets the IO scheduling priority for executed
167 processes. Takes an integer between 0 (highest priority) and 7
168 (lowest priority). The available priorities depend on the
169 selected IO scheduling class (see above). See
170 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
171 for details.</para></listitem>
172 </varlistentry>
173
174 <varlistentry>
175 <term><varname>CPUSchedulingPolicy=</varname></term>
176
177 <listitem><para>Sets the CPU scheduling policy for executed
178 processes. Takes one of
179 <option>other</option>,
180 <option>batch</option>,
181 <option>idle</option>,
182 <option>fifo</option> or
183 <option>rr</option>. See
184 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
185 for details.</para></listitem>
186 </varlistentry>
187
188 <varlistentry>
189 <term><varname>CPUSchedulingPriority=</varname></term>
190
191 <listitem><para>Sets the CPU scheduling priority for executed
192 processes. The available priority range depends on the
193 selected CPU scheduling policy (see above). For real-time
194 scheduling policies an integer between 1 (lowest priority) and
195 99 (highest priority) can be used. See
196 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
197 for details. </para></listitem>
198 </varlistentry>
199
200 <varlistentry>
201 <term><varname>CPUSchedulingResetOnFork=</varname></term>
202
203 <listitem><para>Takes a boolean argument. If true, elevated
204 CPU scheduling priorities and policies will be reset when the
205 executed processes fork, and can hence not leak into child
206 processes. See
207 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
208 for details. Defaults to false.</para></listitem>
209 </varlistentry>
210
211 <varlistentry>
212 <term><varname>CPUAffinity=</varname></term>
213
214 <listitem><para>Controls the CPU affinity of the executed
215 processes. Takes a space-separated list of CPU indices. This
216 option may be specified more than once in which case the
217 specified CPU affinity masks are merged. If the empty string
218 is assigned, the mask is reset, all assignments prior to this
219 will have no effect. See
220 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
221 for details.</para></listitem>
222 </varlistentry>
223
224 <varlistentry>
225 <term><varname>UMask=</varname></term>
226
227 <listitem><para>Controls the file mode creation mask. Takes an
228 access mode in octal notation. See
229 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
230 for details. Defaults to 0022.</para></listitem>
231 </varlistentry>
232
233 <varlistentry>
234 <term><varname>Environment=</varname></term>
235
236 <listitem><para>Sets environment variables for executed
237 processes. Takes a space-separated list of variable
238 assignments. This option may be specified more than once in
239 which case all listed variables will be set. If the same
240 variable is set twice, the later setting will override the
241 earlier setting. If the empty string is assigned to this
242 option, the list of environment variables is reset, all prior
243 assignments have no effect. Variable expansion is not
244 performed inside the strings, however, specifier expansion is
245 possible. The $ character has no special meaning. If you need
246 to assign a value containing spaces to a variable, use double
247 quotes (") for the assignment.</para>
248
249 <para>Example:
250 <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"</programlisting>
251 gives three variables <literal>VAR1</literal>,
252 <literal>VAR2</literal>, <literal>VAR3</literal>
253 with the values <literal>word1 word2</literal>,
254 <literal>word3</literal>, <literal>$word 5 6</literal>.
255 </para>
256
257 <para>
258 See
259 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
260 for details about environment variables.</para></listitem>
261 </varlistentry>
262 <varlistentry>
263 <term><varname>EnvironmentFile=</varname></term>
264 <listitem><para>Similar to <varname>Environment=</varname> but
265 reads the environment variables from a text file. The text
266 file should contain new-line-separated variable assignments.
8f0d2981
RM		 267 Empty lines, lines without an <literal>=</literal> separator,
268 or lines starting with ; or # will be ignored,
798d3a52
ZJS		 269 which may be used for commenting. A line ending with a
270 backslash will be concatenated with the following one,
271 allowing multiline variable definitions. The parser strips
272 leading and trailing whitespace from the values of
273 assignments, unless you use double quotes (").</para>
274
275 <para>The argument passed should be an absolute filename or
276 wildcard expression, optionally prefixed with
277 <literal>-</literal>, which indicates that if the file does
278 not exist, it will not be read and no error or warning message
279 is logged. This option may be specified more than once in
280 which case all specified files are read. If the empty string
281 is assigned to this option, the list of file to read is reset,
282 all prior assignments have no effect.</para>
283
284 <para>The files listed with this directive will be read
285 shortly before the process is executed (more specifically,
286 after all processes from a previous unit state terminated.
287 This means you can generate these files in one unit state, and
f407824d
DH		 288 read it with this option in the next).</para>
289
290 <para>Settings from these
798d3a52
ZJS		 291 files override settings made with
292 <varname>Environment=</varname>. If the same variable is set
293 twice from these files, the files will be read in the order
294 they are specified and the later setting will override the
295 earlier setting.</para></listitem>
296 </varlistentry>
297
298 <varlistentry>
299 <term><varname>StandardInput=</varname></term>
300 <listitem><para>Controls where file descriptor 0 (STDIN) of
301 the executed processes is connected to. Takes one of
302 <option>null</option>,
303 <option>tty</option>,
304 <option>tty-force</option>,
305 <option>tty-fail</option> or
306 <option>socket</option>.</para>
307
308 <para>If <option>null</option> is selected, standard input
309 will be connected to <filename>/dev/null</filename>, i.e. all
310 read attempts by the process will result in immediate
311 EOF.</para>
312
313 <para>If <option>tty</option> is selected, standard input is
314 connected to a TTY (as configured by
315 <varname>TTYPath=</varname>, see below) and the executed
316 process becomes the controlling process of the terminal. If
317 the terminal is already being controlled by another process,
318 the executed process waits until the current controlling
319 process releases the terminal.</para>
320
321 <para><option>tty-force</option> is similar to
322 <option>tty</option>, but the executed process is forcefully
323 and immediately made the controlling process of the terminal,
324 potentially removing previous controlling processes from the
325 terminal.</para>
326
327 <para><option>tty-fail</option> is similar to
328 <option>tty</option> but if the terminal already has a
329 controlling process start-up of the executed process
330 fails.</para>
331
332 <para>The <option>socket</option> option is only valid in
333 socket-activated services, and only when the socket
334 configuration file (see
335 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
336 for details) specifies a single socket only. If this option is
337 set, standard input will be connected to the socket the
338 service was activated from, which is primarily useful for
339 compatibility with daemons designed for use with the
340 traditional
b5c7d097 341 <citerefentry project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
798d3a52
ZJS		 342 daemon.</para>
343
344 <para>This setting defaults to
345 <option>null</option>.</para></listitem>
346 </varlistentry>
347 <varlistentry>
348 <term><varname>StandardOutput=</varname></term>
349 <listitem><para>Controls where file descriptor 1 (STDOUT) of
350 the executed processes is connected to. Takes one of
351 <option>inherit</option>,
352 <option>null</option>,
353 <option>tty</option>,
354 <option>journal</option>,
355 <option>syslog</option>,
356 <option>kmsg</option>,
357 <option>journal+console</option>,
358 <option>syslog+console</option>,
359 <option>kmsg+console</option> or
360 <option>socket</option>.</para>
361
362 <para><option>inherit</option> duplicates the file descriptor
363 of standard input for standard output.</para>
364
365 <para><option>null</option> connects standard output to
366 <filename>/dev/null</filename>, i.e. everything written to it
367 will be lost.</para>
368
369 <para><option>tty</option> connects standard output to a tty
370 (as configured via <varname>TTYPath=</varname>, see below). If
371 the TTY is used for output only, the executed process will not
372 become the controlling process of the terminal, and will not
373 fail or wait for other processes to release the
374 terminal.</para>
375
376 <para><option>journal</option> connects standard output with
377 the journal which is accessible via
378 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
379 Note that everything that is written to syslog or kmsg (see
380 below) is implicitly stored in the journal as well, the
381 specific two options listed below are hence supersets of this
382 one.</para>
383
384 <para><option>syslog</option> connects standard output to the
385 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
386 system syslog service, in addition to the journal. Note that
387 the journal daemon is usually configured to forward everything
388 it receives to syslog anyway, in which case this option is no
389 different from <option>journal</option>.</para>
390
391 <para><option>kmsg</option> connects standard output with the
392 kernel log buffer which is accessible via
393 <citerefentry project='man-pages'><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
394 in addition to the journal. The journal daemon might be
395 configured to send all logs to kmsg anyway, in which case this
396 option is no different from <option>journal</option>.</para>
397
398 <para><option>journal+console</option>,
399 <option>syslog+console</option> and
400 <option>kmsg+console</option> work in a similar way as the
401 three options above but copy the output to the system console
402 as well.</para>
403
404 <para><option>socket</option> connects standard output to a
405 socket acquired via socket activation. The semantics are
406 similar to the same option of
407 <varname>StandardInput=</varname>.</para>
408
409 <para>This setting defaults to the value set with
410 <option>DefaultStandardOutput=</option> in
411 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
412 which defaults to <option>journal</option>.</para></listitem>
413 </varlistentry>
414 <varlistentry>
415 <term><varname>StandardError=</varname></term>
416 <listitem><para>Controls where file descriptor 2 (STDERR) of
417 the executed processes is connected to. The available options
418 are identical to those of <varname>StandardOutput=</varname>,
419 with one exception: if set to <option>inherit</option> the
420 file descriptor used for standard output is duplicated for
421 standard error. This setting defaults to the value set with
422 <option>DefaultStandardError=</option> in
423 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
424 which defaults to <option>inherit</option>.</para></listitem>
425 </varlistentry>
426 <varlistentry>
427 <term><varname>TTYPath=</varname></term>
428 <listitem><para>Sets the terminal device node to use if
429 standard input, output, or error are connected to a TTY (see
430 above). Defaults to
431 <filename>/dev/console</filename>.</para></listitem>
432 </varlistentry>
433 <varlistentry>
434 <term><varname>TTYReset=</varname></term>
435 <listitem><para>Reset the terminal device specified with
436 <varname>TTYPath=</varname> before and after execution.
437 Defaults to <literal>no</literal>.</para></listitem>
438 </varlistentry>
439 <varlistentry>
440 <term><varname>TTYVHangup=</varname></term>
441 <listitem><para>Disconnect all clients which have opened the
442 terminal device specified with <varname>TTYPath=</varname>
443 before and after execution. Defaults to
444 <literal>no</literal>.</para></listitem>
445 </varlistentry>
446 <varlistentry>
447 <term><varname>TTYVTDisallocate=</varname></term>
448 <listitem><para>If the terminal device specified with
449 <varname>TTYPath=</varname> is a virtual console terminal, try
450 to deallocate the TTY before and after execution. This ensures
451 that the screen and scrollback buffer is cleared. Defaults to
452 <literal>no</literal>.</para></listitem>
453 </varlistentry>
454 <varlistentry>
455 <term><varname>SyslogIdentifier=</varname></term>
456 <listitem><para>Sets the process name to prefix log lines sent
457 to the logging system or the kernel log buffer with. If not
458 set, defaults to the process name of the executed process.
459 This option is only useful when
460 <varname>StandardOutput=</varname> or
461 <varname>StandardError=</varname> are set to
462 <option>syslog</option>, <option>journal</option> or
463 <option>kmsg</option> (or to the same settings in combination
464 with <option>+console</option>).</para></listitem>
465 </varlistentry>
466 <varlistentry>
467 <term><varname>SyslogFacility=</varname></term>
468 <listitem><para>Sets the syslog facility to use when logging
469 to syslog. One of <option>kern</option>,
470 <option>user</option>, <option>mail</option>,
471 <option>daemon</option>, <option>auth</option>,
472 <option>syslog</option>, <option>lpr</option>,
473 <option>news</option>, <option>uucp</option>,
474 <option>cron</option>, <option>authpriv</option>,
475 <option>ftp</option>, <option>local0</option>,
476 <option>local1</option>, <option>local2</option>,
477 <option>local3</option>, <option>local4</option>,
478 <option>local5</option>, <option>local6</option> or
479 <option>local7</option>. See
480 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
481 for details. This option is only useful when
482 <varname>StandardOutput=</varname> or
483 <varname>StandardError=</varname> are set to
484 <option>syslog</option>. Defaults to
485 <option>daemon</option>.</para></listitem>
486 </varlistentry>
487 <varlistentry>
488 <term><varname>SyslogLevel=</varname></term>
489 <listitem><para>Default syslog level to use when logging to
490 syslog or the kernel log buffer. One of
491 <option>emerg</option>,
492 <option>alert</option>,
493 <option>crit</option>,
494 <option>err</option>,
495 <option>warning</option>,
496 <option>notice</option>,
497 <option>info</option>,
498 <option>debug</option>. See
499 <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
500 for details. This option is only useful when
501 <varname>StandardOutput=</varname> or
502 <varname>StandardError=</varname> are set to
503 <option>syslog</option> or <option>kmsg</option>. Note that
504 individual lines output by the daemon might be prefixed with a
505 different log level which can be used to override the default
506 log level specified here. The interpretation of these prefixes
507 may be disabled with <varname>SyslogLevelPrefix=</varname>,
508 see below. For details see
509 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
510
511 Defaults to
512 <option>info</option>.</para></listitem>
513 </varlistentry>
514
515 <varlistentry>
516 <term><varname>SyslogLevelPrefix=</varname></term>
517 <listitem><para>Takes a boolean argument. If true and
518 <varname>StandardOutput=</varname> or
519 <varname>StandardError=</varname> are set to
520 <option>syslog</option>, <option>kmsg</option> or
521 <option>journal</option>, log lines written by the executed
522 process that are prefixed with a log level will be passed on
523 to syslog with this log level set but the prefix removed. If
524 set to false, the interpretation of these prefixes is disabled
525 and the logged lines are passed on as-is. For details about
526 this prefixing see
527 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
528 Defaults to true.</para></listitem>
529 </varlistentry>
530
531 <varlistentry>
532 <term><varname>TimerSlackNSec=</varname></term>
533 <listitem><para>Sets the timer slack in nanoseconds for the
534 executed processes. The timer slack controls the accuracy of
535 wake-ups triggered by timers. See
536 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
537 for more information. Note that in contrast to most other time
538 span definitions this parameter takes an integer value in
539 nano-seconds if no unit is specified. The usual time units are
540 understood too.</para></listitem>
541 </varlistentry>
542
543 <varlistentry>
544 <term><varname>LimitCPU=</varname></term>
545 <term><varname>LimitFSIZE=</varname></term>
546 <term><varname>LimitDATA=</varname></term>
547 <term><varname>LimitSTACK=</varname></term>
548 <term><varname>LimitCORE=</varname></term>
549 <term><varname>LimitRSS=</varname></term>
550 <term><varname>LimitNOFILE=</varname></term>
551 <term><varname>LimitAS=</varname></term>
552 <term><varname>LimitNPROC=</varname></term>
553 <term><varname>LimitMEMLOCK=</varname></term>
554 <term><varname>LimitLOCKS=</varname></term>
555 <term><varname>LimitSIGPENDING=</varname></term>
556 <term><varname>LimitMSGQUEUE=</varname></term>
557 <term><varname>LimitNICE=</varname></term>
558 <term><varname>LimitRTPRIO=</varname></term>
559 <term><varname>LimitRTTIME=</varname></term>
560 <listitem><para>These settings set both soft and hard limits
561 of various resources for executed processes. See
562 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
563 for details. Use the string <varname>infinity</varname> to
564 configure no limit on a specific resource.</para></listitem>
565
566 <table>
567 <title>Limit directives and their equivalent with ulimit</title>
568
569 <tgroup cols='2'>
570 <colspec colname='directive' />
571 <colspec colname='equivalent' />
572 <thead>
573 <row>
574 <entry>Directive</entry>
575 <entry>ulimit equivalent</entry>
576 </row>
577 </thead>
578 <tbody>
579 <row>
580 <entry>LimitCPU</entry>
581 <entry>ulimit -t</entry>
582 </row>
583 <row>
584 <entry>LimitFSIZE</entry>
585 <entry>ulimit -f</entry>
586 </row>
587 <row>
588 <entry>LimitDATA</entry>
589 <entry>ulimit -d</entry>
590 </row>
591 <row>
592 <entry>LimitSTACK</entry>
593 <entry>ulimit -s</entry>
594 </row>
595 <row>
596 <entry>LimitCORE</entry>
597 <entry>ulimit -c</entry>
598 </row>
599 <row>
600 <entry>LimitRSS</entry>
601 <entry>ulimit -m</entry>
602 </row>
603 <row>
604 <entry>LimitNOFILE</entry>
605 <entry>ulimit -n</entry>
606 </row>
607 <row>
608 <entry>LimitAS</entry>
609 <entry>ulimit -v</entry>
610 </row>
611 <row>
612 <entry>LimitNPROC</entry>
613 <entry>ulimit -u</entry>
614 </row>
615 <row>
616 <entry>LimitMEMLOCK</entry>
617 <entry>ulimit -l</entry>
618 </row>
619 <row>
620 <entry>LimitLOCKS</entry>
621 <entry>ulimit -x</entry>
622 </row>
623 <row>
624 <entry>LimitSIGPENDING</entry>
625 <entry>ulimit -i</entry>
626 </row>
627 <row>
628 <entry>LimitMSGQUEUE</entry>
629 <entry>ulimit -q</entry>
630 </row>
631 <row>
632 <entry>LimitNICE</entry>
633 <entry>ulimit -e</entry>
634 </row>
635 <row>
636 <entry>LimitRTPRIO</entry>
637 <entry>ulimit -r</entry>
638 </row>
639 <row>
640 <entry>LimitRTTIME</entry>
641 <entry>No equivalent</entry>
642 </row>
643 </tbody>
644 </tgroup>
645 </table>
646 </varlistentry>
647
648 <varlistentry>
649 <term><varname>PAMName=</varname></term>
650 <listitem><para>Sets the PAM service name to set up a session
651 as. If set, the executed process will be registered as a PAM
652 session under the specified service name. This is only useful
653 in conjunction with the <varname>User=</varname> setting. If
654 not set, no PAM session will be opened for the executed
655 processes. See
656 <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
657 for details.</para></listitem>
658 </varlistentry>
659
660 <varlistentry>
661 <term><varname>CapabilityBoundingSet=</varname></term>
662
663 <listitem><para>Controls which capabilities to include in the
664 capability bounding set for the executed process. See
665 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
666 for details. Takes a whitespace-separated list of capability
667 names as read by
3ba3a79d 668 <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
798d3a52
ZJS		 669 e.g. <constant>CAP_SYS_ADMIN</constant>,
670 <constant>CAP_DAC_OVERRIDE</constant>,
671 <constant>CAP_SYS_PTRACE</constant>. Capabilities listed will
672 be included in the bounding set, all others are removed. If
673 the list of capabilities is prefixed with
674 <literal>~</literal>, all but the listed capabilities will be
675 included, the effect of the assignment inverted. Note that
676 this option also affects the respective capabilities in the
677 effective, permitted and inheritable capability sets, on top
678 of what <varname>Capabilities=</varname> does. If this option
679 is not used, the capability bounding set is not modified on
680 process execution, hence no limits on the capabilities of the
681 process are enforced. This option may appear more than once in
682 which case the bounding sets are merged. If the empty string
683 is assigned to this option, the bounding set is reset to the
684 empty capability set, and all prior settings have no effect.
685 If set to <literal>~</literal> (without any further argument),
686 the bounding set is reset to the full set of available
687 capabilities, also undoing any previous
688 settings.</para></listitem>
689 </varlistentry>
690
691 <varlistentry>
692 <term><varname>SecureBits=</varname></term>
693 <listitem><para>Controls the secure bits set for the executed
694 process. Takes a space-separated combination of options from
695 the following list:
696 <option>keep-caps</option>,
697 <option>keep-caps-locked</option>,
698 <option>no-setuid-fixup</option>,
699 <option>no-setuid-fixup-locked</option>,
700 <option>noroot</option>, and
701 <option>noroot-locked</option>.
702 This option may appear more than once in which case the secure
703 bits are ORed. If the empty string is assigned to this option,
704 the bits are reset to 0. See
705 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
706 for details.</para></listitem>
707 </varlistentry>
708
709 <varlistentry>
710 <term><varname>Capabilities=</varname></term>
711 <listitem><para>Controls the
712 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
713 set for the executed process. Take a capability string
714 describing the effective, permitted and inherited capability
715 sets as documented in
3ba3a79d 716 <citerefentry project='mankier'><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a52
ZJS		 717 Note that these capability sets are usually influenced (and
718 filtered) by the capabilities attached to the executed file.
719 Due to that <varname>CapabilityBoundingSet=</varname> is
720 probably a much more useful setting.</para></listitem>
721 </varlistentry>
722
723 <varlistentry>
724 <term><varname>ReadWriteDirectories=</varname></term>
725 <term><varname>ReadOnlyDirectories=</varname></term>
726 <term><varname>InaccessibleDirectories=</varname></term>
727
728 <listitem><para>Sets up a new file system namespace for
729 executed processes. These options may be used to limit access
730 a process might have to the main file system hierarchy. Each
731 setting takes a space-separated list of absolute directory
732 paths. Directories listed in
733 <varname>ReadWriteDirectories=</varname> are accessible from
734 within the namespace with the same access rights as from
735 outside. Directories listed in
736 <varname>ReadOnlyDirectories=</varname> are accessible for
737 reading only, writing will be refused even if the usual file
738 access controls would permit this. Directories listed in
739 <varname>InaccessibleDirectories=</varname> will be made
740 inaccessible for processes inside the namespace. Note that
741 restricting access with these options does not extend to
742 submounts of a directory that are created later on. These
743 options may be specified more than once in which case all
744 directories listed will have limited access from within the
745 namespace. If the empty string is assigned to this option, the
746 specific list is reset, and all prior assignments have no
747 effect.</para>
748 <para>Paths in
749 <varname>ReadOnlyDirectories=</varname>
750 and
751 <varname>InaccessibleDirectories=</varname>
752 may be prefixed with
753 <literal>-</literal>, in which case
754 they will be ignored when they do not
755 exist. Note that using this
756 setting will disconnect propagation of
757 mounts from the service to the host
758 (propagation in the opposite direction
759 continues to work). This means that
760 this setting may not be used for
761 services which shall be able to
762 install mount points in the main mount
763 namespace.</para></listitem>
764 </varlistentry>
765
766 <varlistentry>
767 <term><varname>PrivateTmp=</varname></term>
768
769 <listitem><para>Takes a boolean argument. If true, sets up a
770 new file system namespace for the executed processes and
771 mounts private <filename>/tmp</filename> and
772 <filename>/var/tmp</filename> directories inside it that is
773 not shared by processes outside of the namespace. This is
774 useful to secure access to temporary files of the process, but
775 makes sharing between processes via <filename>/tmp</filename>
776 or <filename>/var/tmp</filename> impossible. If this is
777 enabled, all temporary files created by a service in these
778 directories will be removed after the service is stopped.
779 Defaults to false. It is possible to run two or more units
780 within the same private <filename>/tmp</filename> and
781 <filename>/var/tmp</filename> namespace by using the
782 <varname>JoinsNamespaceOf=</varname> directive, see
783 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
784 for details. Note that using this setting will disconnect
785 propagation of mounts from the service to the host
786 (propagation in the opposite direction continues to work).
787 This means that this setting may not be used for services
788 which shall be able to install mount points in the main mount
789 namespace.</para></listitem>
790 </varlistentry>
791
792 <varlistentry>
793 <term><varname>PrivateDevices=</varname></term>
794
795 <listitem><para>Takes a boolean argument. If true, sets up a
796 new /dev namespace for the executed processes and only adds
797 API pseudo devices such as <filename>/dev/null</filename>,
798 <filename>/dev/zero</filename> or
799 <filename>/dev/random</filename> (as well as the pseudo TTY
800 subsystem) to it, but no physical devices such as
801 <filename>/dev/sda</filename>. This is useful to securely turn
802 off physical device access by the executed process. Defaults
803 to false. Enabling this option will also remove
804 <constant>CAP_MKNOD</constant> from the capability bounding
805 set for the unit (see above), and set
806 <varname>DevicePolicy=closed</varname> (see
807 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
808 for details). Note that using this setting will disconnect
809 propagation of mounts from the service to the host
810 (propagation in the opposite direction continues to work).
811 This means that this setting may not be used for services
812 which shall be able to install mount points in the main mount
813 namespace.</para></listitem>
814 </varlistentry>
815
816 <varlistentry>
817 <term><varname>PrivateNetwork=</varname></term>
818
819 <listitem><para>Takes a boolean argument. If true, sets up a
820 new network namespace for the executed processes and
821 configures only the loopback network device
822 <literal>lo</literal> inside it. No other network devices will
823 be available to the executed process. This is useful to
824 securely turn off network access by the executed process.
825 Defaults to false. It is possible to run two or more units
826 within the same private network namespace by using the
827 <varname>JoinsNamespaceOf=</varname> directive, see
828 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
829 for details. Note that this option will disconnect all socket
830 families from the host, this includes AF_NETLINK and AF_UNIX.
831 The latter has the effect that AF_UNIX sockets in the abstract
832 socket namespace will become unavailable to the processes
833 (however, those located in the file system will continue to be
834 accessible).</para></listitem>
835 </varlistentry>
836
837 <varlistentry>
838 <term><varname>ProtectSystem=</varname></term>
839
840 <listitem><para>Takes a boolean argument or
841 <literal>full</literal>. If true, mounts the
842 <filename>/usr</filename> and <filename>/boot</filename>
843 directories read-only for processes invoked by this unit. If
844 set to <literal>full</literal>, the <filename>/etc</filename>
845 directory is mounted read-only, too. This setting ensures that
846 any modification of the vendor supplied operating system (and
847 optionally its configuration) is prohibited for the service.
848 It is recommended to enable this setting for all long-running
849 services, unless they are involved with system updates or need
850 to modify the operating system in other ways. Note however
851 that processes retaining the CAP_SYS_ADMIN capability can undo
852 the effect of this setting. This setting is hence particularly
853 useful for daemons which have this capability removed, for
854 example with <varname>CapabilityBoundingSet=</varname>.
855 Defaults to off.</para></listitem>
856 </varlistentry>
857
858 <varlistentry>
859 <term><varname>ProtectHome=</varname></term>
860
861 <listitem><para>Takes a boolean argument or
862 <literal>read-only</literal>. If true, the directories
58331437
CH		 863 <filename>/home</filename>, <filename>/root</filename> and
864 <filename>/run/user</filename>
798d3a52 865 are made inaccessible and empty for processes invoked by this
58331437 866 unit. If set to <literal>read-only</literal>, the three
798d3a52
ZJS		 867 directories are made read-only instead. It is recommended to
868 enable this setting for all long-running services (in
869 particular network-facing ones), to ensure they cannot get
870 access to private user data, unless the services actually
871 require access to the user's private data. Note however that
872 processes retaining the CAP_SYS_ADMIN capability can undo the
873 effect of this setting. This setting is hence particularly
874 useful for daemons which have this capability removed, for
875 example with <varname>CapabilityBoundingSet=</varname>.
876 Defaults to off.</para></listitem>
877 </varlistentry>
878
879 <varlistentry>
880 <term><varname>MountFlags=</varname></term>
881
882 <listitem><para>Takes a mount propagation flag:
883 <option>shared</option>, <option>slave</option> or
884 <option>private</option>, which control whether mounts in the
885 file system namespace set up for this unit's processes will
886 receive or propagate mounts or unmounts. See
3ba3a79d 887 <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 888 for details. Defaults to <option>shared</option>. Use
889 <option>shared</option> to ensure that mounts and unmounts are
890 propagated from the host to the container and vice versa. Use
891 <option>slave</option> to run processes so that none of their
892 mounts and unmounts will propagate to the host. Use
893 <option>private</option> to also ensure that no mounts and
894 unmounts from the host will propagate into the unit processes'
895 namespace. Note that <option>slave</option> means that file
896 systems mounted on the host might stay mounted continuously in
897 the unit's namespace, and thus keep the device busy. Note that
898 the file system namespace related options
899 (<varname>PrivateTmp=</varname>,
900 <varname>PrivateDevices=</varname>,
901 <varname>ProtectSystem=</varname>,
902 <varname>ProtectHome=</varname>,
903 <varname>ReadOnlyDirectories=</varname>,
904 <varname>InaccessibleDirectories=</varname> and
905 <varname>ReadWriteDirectories=</varname>) require that mount
906 and unmount propagation from the unit's file system namespace
907 is disabled, and hence downgrade <option>shared</option> to
908 <option>slave</option>. </para></listitem>
909 </varlistentry>
910
911 <varlistentry>
912 <term><varname>UtmpIdentifier=</varname></term>
913
914 <listitem><para>Takes a four character identifier string for
023a4f67
LP		 915 an <citerefentry
916 project='man-pages'><refentrytitle>utmp</refentrytitle><manvolnum>5</manvolnum></citerefentry>
917 and wtmp entry for this service. This should only be
918 set for services such as <command>getty</command>
919 implementations (such as <citerefentry
920 project='die-net'><refentrytitle>agetty</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
798d3a52 921 where utmp/wtmp entries must be created and cleared before and
023a4f67
LP		 922 after execution, or for services that shall be executed as if
923 they were run by a <command>getty</command> process (see
924 below). If the configured string is longer than four
798d3a52
ZJS		 925 characters, it is truncated and the terminal four characters
926 are used. This setting interprets %I style string
927 replacements. This setting is unset by default, i.e. no
928 utmp/wtmp entries are created or cleaned up for this
929 service.</para></listitem>
930 </varlistentry>
931
023a4f67
LP		 932 <varlistentry>
933 <term><varname>UtmpMode=</varname></term>
934
935 <listitem><para>Takes one of <literal>init</literal>,
936 <literal>login</literal> or <literal>user</literal>. If
937 <varname>UtmpIdentifier=</varname> is set, controls which
938 type of <citerefentry
939 project='man-pages'><refentrytitle>utmp</refentrytitle><manvolnum>5</manvolnum></citerefentry>/wtmp
940 entries for this service are generated. This setting has no
941 effect unless <varname>UtmpIdentifier=</varname> is set
942 too. If <literal>init</literal> is set, only an
943 <constant>INIT_PROCESS</constant> entry is generated and the
944 invoked process must implement a <command>getty</command>
945 compatible utmp/wtmp logic. If <literal>login</literal> is
946 set, first an <constant>INIT_PROCESS</constant> entry,
947 followed by an <constant>LOGIN_PROCESS</constant> entry is
948 generated. In this case the invoked process must implement a
949 <citerefentry
950 project='die-net'><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>-compatible
951 utmp/wtmp logic. If <literal>user</literal> is set, first an
952 <constant>INIT_PROCESS</constant> entry, then a
953 <constant>LOGIN_PROCESS</constant> entry and finally an
954 <constant>USER_PROCESS</constant> entry is generated. In this
955 case the invoked process may be any process that is suitable
956 to be run as session leader. Defaults to
957 <literal>init</literal>.</para></listitem>
958 </varlistentry>
959
798d3a52
ZJS		 960 <varlistentry>
961 <term><varname>SELinuxContext=</varname></term>
962
963 <listitem><para>Set the SELinux security context of the
964 executed process. If set, this will override the automated
965 domain transition. However, the policy still needs to
966 authorize the transition. This directive is ignored if SELinux
967 is disabled. If prefixed by <literal>-</literal>, all errors
968 will be ignored. See
3ba3a79d 969 <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a52
ZJS		 970 for details.</para></listitem>
971 </varlistentry>
972
973 <varlistentry>
974 <term><varname>AppArmorProfile=</varname></term>
975
976 <listitem><para>Takes a profile name as argument. The process
977 executed by the unit will switch to this profile when started.
978 Profiles must already be loaded in the kernel, or the unit
979 will fail. This result in a non operation if AppArmor is not
980 enabled. If prefixed by <literal>-</literal>, all errors will
981 be ignored. </para></listitem>
982 </varlistentry>
983
984 <varlistentry>
985 <term><varname>SmackProcessLabel=</varname></term>
986
987 <listitem><para>Takes a <option>SMACK64</option> security
988 label as argument. The process executed by the unit will be
989 started under this label and SMACK will decide whether the
990 processes is allowed to run or not based on it. The process
991 will continue to run under the label specified here unless the
992 executable has its own <option>SMACK64EXEC</option> label, in
993 which case the process will transition to run under that
994 label. When not specified, the label that systemd is running
995 under is used. This directive is ignored if SMACK is
996 disabled.</para>
997
998 <para>The value may be prefixed by <literal>-</literal>, in
999 which case all errors will be ignored. An empty value may be
1000 specified to unset previous assignments.</para>
1001 </listitem>
1002 </varlistentry>
1003
1004 <varlistentry>
1005 <term><varname>IgnoreSIGPIPE=</varname></term>
1006
1007 <listitem><para>Takes a boolean argument. If true, causes
1008 <constant>SIGPIPE</constant> to be ignored in the executed
1009 process. Defaults to true because <constant>SIGPIPE</constant>
1010 generally is useful only in shell pipelines.</para></listitem>
1011 </varlistentry>
1012
1013 <varlistentry>
1014 <term><varname>NoNewPrivileges=</varname></term>
1015
1016 <listitem><para>Takes a boolean argument. If true, ensures
1017 that the service process and all its children can never gain
1018 new privileges. This option is more powerful than the
1019 respective secure bits flags (see above), as it also prohibits
1020 UID changes of any kind. This is the simplest, most effective
1021 way to ensure that a process and its children can never
1022 elevate privileges again.</para></listitem>
1023 </varlistentry>
1024
1025 <varlistentry>
1026 <term><varname>SystemCallFilter=</varname></term>
1027
1028 <listitem><para>Takes a space-separated list of system call
1029 names. If this setting is used, all system calls executed by
1030 the unit processes except for the listed ones will result in
1031 immediate process termination with the
1032 <constant>SIGSYS</constant> signal (whitelisting). If the
1033 first character of the list is <literal>~</literal>, the
1034 effect is inverted: only the listed system calls will result
1035 in immediate process termination (blacklisting). If running in
1036 user mode and this option is used,
1037 <varname>NoNewPrivileges=yes</varname> is implied. This
1038 feature makes use of the Secure Computing Mode 2 interfaces of
1039 the kernel ('seccomp filtering') and is useful for enforcing a
1040 minimal sandboxing environment. Note that the
1041 <function>execve</function>,
1042 <function>rt_sigreturn</function>,
1043 <function>sigreturn</function>,
1044 <function>exit_group</function>, <function>exit</function>
1045 system calls are implicitly whitelisted and do not need to be
1046 listed explicitly. This option may be specified more than once
1047 in which case the filter masks are merged. If the empty string
1048 is assigned, the filter is reset, all prior assignments will
1049 have no effect.</para>
1050
1051 <para>If you specify both types of this option (i.e.
1052 whitelisting and blacklisting), the first encountered will
1053 take precedence and will dictate the default action
1054 (termination or approval of a system call). Then the next
1055 occurrences of this option will add or delete the listed
1056 system calls from the set of the filtered system calls,
1057 depending of its type and the default action. (For example, if
1058 you have started with a whitelisting of
1059 <function>read</function> and <function>write</function>, and
1060 right after it add a blacklisting of
1061 <function>write</function>, then <function>write</function>
1062 will be removed from the set.) </para></listitem>
1063 </varlistentry>
1064
1065 <varlistentry>
1066 <term><varname>SystemCallErrorNumber=</varname></term>
1067
1068 <listitem><para>Takes an <literal>errno</literal> error number
1069 name to return when the system call filter configured with
1070 <varname>SystemCallFilter=</varname> is triggered, instead of
1071 terminating the process immediately. Takes an error name such
1072 as <constant>EPERM</constant>, <constant>EACCES</constant> or
1073 <constant>EUCLEAN</constant>. When this setting is not used,
1074 or when the empty string is assigned, the process will be
1075 terminated immediately when the filter is
1076 triggered.</para></listitem>
1077 </varlistentry>
1078
1079 <varlistentry>
1080 <term><varname>SystemCallArchitectures=</varname></term>
1081
1082 <listitem><para>Takes a space separated list of architecture
1083 identifiers to include in the system call filter. The known
1084 architecture identifiers are <constant>x86</constant>,
1085 <constant>x86-64</constant>, <constant>x32</constant>,
1086 <constant>arm</constant> as well as the special identifier
1087 <constant>native</constant>. Only system calls of the
1088 specified architectures will be permitted to processes of this
1089 unit. This is an effective way to disable compatibility with
1090 non-native architectures for processes, for example to
1091 prohibit execution of 32-bit x86 binaries on 64-bit x86-64
1092 systems. The special <constant>native</constant> identifier
1093 implicitly maps to the native architecture of the system (or
1094 more strictly: to the architecture the system manager is
1095 compiled for). If running in user mode and this option is
1096 used, <varname>NoNewPrivileges=yes</varname> is implied. Note
1097 that setting this option to a non-empty list implies that
1098 <constant>native</constant> is included too. By default, this
1099 option is set to the empty list, i.e. no architecture system
1100 call filtering is applied.</para></listitem>
1101 </varlistentry>
1102
1103 <varlistentry>
1104 <term><varname>RestrictAddressFamilies=</varname></term>
1105
1106 <listitem><para>Restricts the set of socket address families
1107 accessible to the processes of this unit. Takes a
1108 space-separated list of address family names to whitelist,
1109 such as
1110 <constant>AF_UNIX</constant>,
1111 <constant>AF_INET</constant> or
1112 <constant>AF_INET6</constant>. When
1113 prefixed with <constant>~</constant> the listed address
1114 families will be applied as blacklist, otherwise as whitelist.
1115 Note that this restricts access to the
3ba3a79d 1116 <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 1117 system call only. Sockets passed into the process by other
1118 means (for example, by using socket activation with socket
1119 units, see
1120 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1121 are unaffected. Also, sockets created with
1122 <function>socketpair()</function> (which creates connected
1123 AF_UNIX sockets only) are unaffected. Note that this option
1124 has no effect on 32-bit x86 and is ignored (but works
1125 correctly on x86-64). If running in user mode and this option
1126 is used, <varname>NoNewPrivileges=yes</varname> is implied. By
1127 default, no restriction applies, all address families are
1128 accessible to processes. If assigned the empty string, any
1129 previous list changes are undone.</para>
1130
1131 <para>Use this option to limit exposure of processes to remote
1132 systems, in particular via exotic network protocols. Note that
1133 in most cases, the local <constant>AF_UNIX</constant> address
1134 family should be included in the configured whitelist as it is
1135 frequently used for local communication, including for
1136 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1137 logging.</para></listitem>
1138 </varlistentry>
1139
1140 <varlistentry>
1141 <term><varname>Personality=</varname></term>
1142
1143 <listitem><para>Controls which kernel architecture
3ba3a79d 1144 <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a52
ZJS		 1145 shall report, when invoked by unit processes. Takes one of
1146 <constant>x86</constant> and <constant>x86-64</constant>. This
1147 is useful when running 32-bit services on a 64-bit host
1148 system. If not specified, the personality is left unmodified
1149 and thus reflects the personality of the host system's
1150 kernel.</para></listitem>
1151 </varlistentry>
1152
1153 <varlistentry>
1154 <term><varname>RuntimeDirectory=</varname></term>
1155 <term><varname>RuntimeDirectoryMode=</varname></term>
1156
1157 <listitem><para>Takes a list of directory names. If set, one
1158 or more directories by the specified names will be created
1159 below <filename>/run</filename> (for system services) or below
1160 <varname>$XDG_RUNTIME_DIR</varname> (for user services) when
1161 the unit is started, and removed when the unit is stopped. The
1162 directories will have the access mode specified in
1163 <varname>RuntimeDirectoryMode=</varname>, and will be owned by
1164 the user and group specified in <varname>User=</varname> and
1165 <varname>Group=</varname>. Use this to manage one or more
1166 runtime directories of the unit and bind their lifetime to the
1167 daemon runtime. The specified directory names must be
1168 relative, and may not include a <literal>/</literal>, i.e.
1169 must refer to simple directories to create or remove. This is
1170 particularly useful for unprivileged daemons that cannot
1171 create runtime directories in <filename>/run</filename> due to
1172 lack of privileges, and to make sure the runtime directory is
1173 cleaned up automatically after use. For runtime directories
1174 that require more complex or different configuration or
1175 lifetime guarantees, please consider using
1176 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
1177 </varlistentry>
1178
1179 </variablelist>
1180 </refsect1>
1181
1182 <refsect1>
1183 <title>Environment variables in spawned processes</title>
1184
1185 <para>Processes started by the system are executed in a clean
1186 environment in which select variables listed below are set. System
1187 processes started by systemd do not inherit variables from PID 1,
1188 but processes started by user systemd instances inherit all
1189 environment variables from the user systemd instance.
1190 </para>
1191
1192 <variablelist class='environment-variables'>
1193 <varlistentry>
1194 <term><varname>$PATH</varname></term>
1195
1196 <listitem><para>Colon-separated list of directories to use
1197 when launching executables. Systemd uses a fixed value of
1198 <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
1199 </para></listitem>
1200 </varlistentry>
1201
1202 <varlistentry>
1203 <term><varname>$LANG</varname></term>
1204
1205 <listitem><para>Locale. Can be set in
3ba3a79d 1206 <citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a52
ZJS		 1207 or on the kernel command line (see
1208 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1209 and
1210 <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
1211 </para></listitem>
1212 </varlistentry>
1213
1214 <varlistentry>
1215 <term><varname>$USER</varname></term>
1216 <term><varname>$LOGNAME</varname></term>
1217 <term><varname>$HOME</varname></term>
1218 <term><varname>$SHELL</varname></term>
1219
1220 <listitem><para>User name (twice), home directory, and the
1221 login shell. The variables are set for the units that have
1222 <varname>User=</varname> set, which includes user
1223 <command>systemd</command> instances. See
3ba3a79d 1224 <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
798d3a52
ZJS		 1225 </para></listitem>
1226 </varlistentry>
1227
1228 <varlistentry>
1229 <term><varname>$XDG_RUNTIME_DIR</varname></term>
1230
1231 <listitem><para>The directory for volatile state. Set for the
1232 user <command>systemd</command> instance, and also in user
1233 sessions. See
1234 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
1235 </para></listitem>
1236 </varlistentry>
1237
1238 <varlistentry>
1239 <term><varname>$XDG_SESSION_ID</varname></term>
1240 <term><varname>$XDG_SEAT</varname></term>
1241 <term><varname>$XDG_VTNR</varname></term>
1242
1243 <listitem><para>The identifier of the session, the seat name,
1244 and virtual terminal of the session. Set by
1245 <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
1246 for login sessions. <varname>$XDG_SEAT</varname> and
1247 <varname>$XDG_VTNR</varname> will only be set when attached to
1248 a seat and a tty.</para></listitem>
1249 </varlistentry>
1250
1251 <varlistentry>
1252 <term><varname>$MAINPID</varname></term>
1253
1254 <listitem><para>The PID of the units main process if it is
1255 known. This is only set for control processes as invoked by
1256 <varname>ExecReload=</varname> and similar. </para></listitem>
1257 </varlistentry>
1258
1259 <varlistentry>
1260 <term><varname>$MANAGERPID</varname></term>
1261
1262 <listitem><para>The PID of the user <command>systemd</command>
1263 instance, set for processes spawned by it. </para></listitem>
1264 </varlistentry>
1265
1266 <varlistentry>
1267 <term><varname>$LISTEN_FDS</varname></term>
1268 <term><varname>$LISTEN_PID</varname></term>
1269
1270 <listitem><para>Information about file descriptors passed to a
1271 service for socket activation. See
1272 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
1273 </para></listitem>
1274 </varlistentry>
1275
1276 <varlistentry>
1277 <term><varname>$TERM</varname></term>
1278
1279 <listitem><para>Terminal type, set only for units connected to
1280 a terminal (<varname>StandardInput=tty</varname>,
1281 <varname>StandardOutput=tty</varname>, or
1282 <varname>StandardError=tty</varname>). See
1283 <citerefentry project='man-pages'><refentrytitle>termcap</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1284 </para></listitem>
1285 </varlistentry>
1286 </variablelist>
1287
1288 <para>Additional variables may be configured by the following
1289 means: for processes spawned in specific units, use the
1290 <varname>Environment=</varname> and
1291 <varname>EnvironmentFile=</varname> options above; to specify
1292 variables globally, use <varname>DefaultEnvironment=</varname>
1293 (see
1294 <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1295 or the kernel option <varname>systemd.setenv=</varname> (see
1296 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
1297 Additional variables may also be set through PAM,
1298 cf. <citerefentry project='man-pages'><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
1299 </refsect1>
1300
1301 <refsect1>
1302 <title>See Also</title>
1303 <para>
1304 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1305 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1306 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1307 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1308 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1309 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1310 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1311 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1312 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1313 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1314 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
1315 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1316 <citerefentry project='man-pages'><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1317 </para>
1318 </refsect1>
dd1eb43b
LP		 1319
1320</refentry>
Unnamed repository; edit this file 'description' to name the repository.