]>
Commit | Line | Data |
---|---|---|
dd1eb43b LP |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?> | |
3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | |
4 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
5 | ||
6 | <!-- | |
7 | This file is part of systemd. | |
8 | ||
9 | Copyright 2010 Lennart Poettering | |
10 | ||
11 | systemd is free software; you can redistribute it and/or modify it | |
12 | under the terms of the GNU General Public License as published by | |
13 | the Free Software Foundation; either version 2 of the License, or | |
14 | (at your option) any later version. | |
15 | ||
16 | systemd is distributed in the hope that it will be useful, but | |
17 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
19 | General Public License for more details. | |
20 | ||
21 | You should have received a copy of the GNU General Public License | |
22 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
23 | --> | |
24 | ||
25 | <refentry id="systemd.exec"> | |
26 | <refentryinfo> | |
27 | <title>systemd.exec</title> | |
28 | <productname>systemd</productname> | |
29 | ||
30 | <authorgroup> | |
31 | <author> | |
32 | <contrib>Developer</contrib> | |
33 | <firstname>Lennart</firstname> | |
34 | <surname>Poettering</surname> | |
35 | <email>lennart@poettering.net</email> | |
36 | </author> | |
37 | </authorgroup> | |
38 | </refentryinfo> | |
39 | ||
40 | <refmeta> | |
41 | <refentrytitle>systemd.exec</refentrytitle> | |
42 | <manvolnum>5</manvolnum> | |
43 | </refmeta> | |
44 | ||
45 | <refnamediv> | |
46 | <refname>systemd.exec</refname> | |
47 | <refpurpose>systemd execution environment configuration</refpurpose> | |
48 | </refnamediv> | |
49 | ||
50 | <refsynopsisdiv> | |
51 | <para><filename>systemd.service</filename>, | |
52 | <filename>systemd.socket</filename>, | |
53 | <filename>systemd.mount</filename></para> | |
54 | </refsynopsisdiv> | |
55 | ||
56 | <refsect1> | |
57 | <title>Description</title> | |
58 | ||
59 | <para>Unit configuration files for services, sockets | |
60 | and mount points share a subset of configuration | |
61 | options which define the execution environment of | |
62 | spawned processes.</para> | |
63 | ||
64 | <para>This man page lists the configuration options | |
65 | shared by these three unit types. See | |
66 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
67 | for the common options of all unit configuration | |
68 | files, and | |
69 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
70 | and | |
71 | <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
72 | for more information on the specific unit | |
73 | configuration files. The execution specific | |
74 | configuration options are configured in the [Service], | |
75 | [Socket] resp. [Mount] section, depending on the unit | |
76 | type.</para> | |
77 | </refsect1> | |
78 | ||
79 | <refsect1> | |
80 | <title>Options</title> | |
81 | ||
82 | <variablelist> | |
83 | ||
84 | <varlistentry> | |
85 | <term><varname>WorkingDirectory=</varname></term> | |
86 | ||
87 | <listitem><para>Takes an absolute | |
88 | directory path. Sets the working | |
89 | directory for executed | |
90 | processes.</para></listitem> | |
91 | </varlistentry> | |
92 | ||
93 | <varlistentry> | |
94 | <term><varname>RootDirectory=</varname></term> | |
95 | ||
96 | <listitem><para>Takes an absolute | |
97 | directory path. Sets the root | |
98 | directory for executed processes, with | |
99 | the | |
100 | <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
101 | system call. If this is used it must | |
102 | be ensured that the process and all | |
103 | its auxiliary files are available in | |
104 | the <function>chroot()</function> | |
105 | jail.</para></listitem> | |
106 | </varlistentry> | |
107 | ||
108 | <varlistentry> | |
109 | <term><varname>User=</varname></term> | |
110 | <term><varname>Group=</varname></term> | |
111 | ||
112 | <listitem><para>Sets the Unix user | |
113 | resp. group the processes are executed | |
114 | as. Takes a single user resp. group | |
115 | name or ID as argument. If no group is | |
116 | set the default group of the user is | |
117 | chosen.</para></listitem> | |
118 | </varlistentry> | |
119 | ||
120 | <varlistentry> | |
121 | <term><varname>SupplementaryGroups=</varname></term> | |
122 | ||
123 | <listitem><para>Sets the supplementary | |
124 | Unix groups the processes are executed | |
125 | as. This takes a space seperated list | |
126 | of group names or IDs. This option may | |
127 | be specified more than once in which | |
128 | case all listed groups are set as | |
129 | supplementary groups. This option does | |
130 | not override but extend the list of | |
131 | supplementary groups configured in the | |
132 | system group database for the | |
133 | user.</para></listitem> | |
134 | </varlistentry> | |
135 | ||
136 | <varlistentry> | |
137 | <term><varname>Nice=</varname></term> | |
138 | ||
139 | <listitem><para>Sets the default nice | |
140 | level (scheduling priority) for | |
141 | executed processes. Takes an integer | |
142 | between -20 (highest priority) and 19 | |
143 | (lowest priority). See | |
144 | <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
145 | for details.</para></listitem> | |
146 | </varlistentry> | |
147 | ||
148 | <varlistentry> | |
149 | <term><varname>OOMAdjust=</varname></term> | |
150 | ||
151 | <listitem><para>Sets the adjustment | |
152 | level for the Out-Of-Memory killer for | |
153 | executed processes. Takes an integer | |
154 | between -17 (to disable OOM killing | |
155 | for this process) and 15 (to make | |
156 | killing of this process under memory | |
157 | pressure very likely). See <ulink | |
158 | url="http://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink> | |
159 | for details.</para></listitem> | |
160 | </varlistentry> | |
161 | ||
162 | <varlistentry> | |
163 | <term><varname>IOSchedulingClass=</varname></term> | |
164 | ||
165 | <listitem><para>Sets the IO scheduling | |
166 | class for executed processes. Takes an | |
167 | integer between 0 and 3 or one of the | |
168 | strings <option>none</option>, | |
169 | <option>realtime</option>, | |
170 | <option>best-effort</option> or | |
171 | <option>idle</option>. See | |
172 | <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
173 | for details.</para></listitem> | |
174 | </varlistentry> | |
175 | ||
176 | <varlistentry> | |
177 | <term><varname>IOSchedulingPriority=</varname></term> | |
178 | ||
179 | <listitem><para>Sets the IO scheduling | |
180 | priority for executed processes. Takes | |
181 | an integer between 0 (highest | |
182 | priority) and 7 (lowest priority). The | |
183 | available priorities depend on the | |
184 | selected IO scheduling class (see | |
185 | above). See | |
186 | <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
187 | for details.</para></listitem> | |
188 | </varlistentry> | |
189 | ||
190 | <varlistentry> | |
191 | <term><varname>CPUSchedulingPolicy=</varname></term> | |
192 | ||
193 | <listitem><para>Sets the CPU | |
194 | scheduling policy for executed | |
195 | processes. Takes one of | |
196 | <option>other</option>, | |
197 | <option>batch</option>, | |
198 | <option>idle</option>, | |
199 | <option>fifo</option> or | |
200 | <option>rr</option>. See | |
201 | <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
202 | for details.</para></listitem> | |
203 | </varlistentry> | |
204 | ||
205 | <varlistentry> | |
206 | <term><varname>CPUSchedulingPriority=</varname></term> | |
207 | ||
208 | <listitem><para>Sets the CPU | |
209 | scheduling priority for executed | |
210 | processes. Takes an integer between 1 | |
211 | (lowest priority) and 99 (highest | |
212 | priority). The available priority | |
213 | range depends on the selected CPU | |
214 | scheduling policy (see above). See | |
215 | <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
216 | for details.</para></listitem> | |
217 | </varlistentry> | |
218 | ||
219 | <varlistentry> | |
220 | <term><varname>CPUSchedulingResetOnFork=</varname></term> | |
221 | ||
222 | <listitem><para>Takes a boolean | |
223 | argument. If true elevated CPU | |
224 | scheduling priorities and policies | |
225 | will be reset when the executed | |
226 | processes fork, and can hence not leak | |
227 | into child processes. See | |
228 | <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
229 | for details. Defaults to false.</para></listitem> | |
230 | </varlistentry> | |
231 | ||
232 | <varlistentry> | |
233 | <term><varname>CPUAffinity=</varname></term> | |
234 | ||
235 | <listitem><para>Controls the CPU | |
236 | affinity of the executed | |
237 | processes. Takes a space-seperated | |
238 | list of CPU indexes. See | |
239 | <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
240 | for details.</para></listitem> | |
241 | </varlistentry> | |
242 | ||
243 | <varlistentry> | |
244 | <term><varname>UMask=</varname></term> | |
245 | ||
246 | <listitem><para>Controls the file mode | |
247 | creation mask. Takes an access mode in | |
248 | octal notation. See | |
249 | <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
250 | for details. Defaults to | |
251 | 0002.</para></listitem> | |
252 | </varlistentry> | |
253 | ||
254 | <varlistentry> | |
255 | <term><varname>Environment=</varname></term> | |
256 | ||
257 | <listitem><para>Sets environment | |
258 | variables for executed | |
259 | processes. Takes a space-seperated | |
260 | list of variable assignments. This | |
261 | option may be specified more than once | |
262 | in which case all listed variables | |
263 | will be set. If the same variable is | |
264 | set twice the later setting will | |
265 | override the earlier setting. See | |
266 | <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
267 | for details.</para></listitem> | |
268 | </varlistentry> | |
269 | <varlistentry> | |
270 | <term><varname>EnvironmentFile=</varname></term> | |
271 | <listitem><para>Similar to | |
272 | <varname>Environment=</varname> but | |
273 | reads the environment variables from a | |
274 | text file. The text file should | |
275 | contain new-line seperated variable | |
276 | assignments. Empty lines and lines | |
277 | starting with ; or # will be ignored, | |
278 | which may be used for | |
279 | commenting.</para></listitem> | |
280 | </varlistentry> | |
281 | ||
282 | <varlistentry> | |
283 | <term><varname>StandardInput=</varname></term> | |
284 | <listitem><para>Controls where file | |
285 | descriptor 0 (STDIN) of the executed | |
286 | processes is connected to. Takes one | |
287 | of <option>null</option>, | |
288 | <option>tty</option>, | |
289 | <option>tty-force</option>, | |
290 | <option>tty-fail</option> or | |
291 | <option>socket</option>. If | |
292 | <option>null</option> is selected | |
293 | standard input will be connected to | |
294 | <filename>/dev/null</filename>, | |
295 | i.e. all read attempts by the process | |
296 | will result in immediate EOF. If | |
297 | <option>tty</option> is selected | |
298 | standard input is connected to a TTY | |
299 | (as configured by | |
300 | <varname>TTYPath=</varname>, see | |
301 | below) and the executed process | |
302 | becomes the controlling process of the | |
303 | terminal. If the terminal is already | |
304 | being controlled by another process it | |
305 | is waited until that process releases | |
306 | the | |
307 | terminal. <option>tty-force</option> | |
308 | is similar to <option>tty</option>, | |
309 | but the executed process is forcefully | |
310 | and immediately made the controlling | |
311 | process of the terminal, potentially | |
312 | removing previous controlling | |
313 | processes from the | |
314 | terminal. <option>tty-fail</option> is | |
315 | similar to <option>tty</option> but if | |
316 | the terminal already has a controlling | |
317 | process start-up of the executed | |
318 | process fails. The | |
319 | <option>socket</option> option is only | |
320 | valid in socket-activated services, | |
321 | and only when the socket configuration | |
322 | file (see | |
323 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
324 | for details) specifies a single socket | |
325 | only. If this option is set standard | |
326 | input will be connected to the socket | |
327 | the service was activated from, which | |
328 | is primarily useful for compatibility | |
329 | with daemons designed for use with the | |
330 | traditional | |
331 | <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
332 | daemon. This setting defaults to | |
333 | <option>null</option>.</para></listitem> | |
334 | </varlistentry> | |
335 | <varlistentry> | |
336 | <term><varname>StandardOutput=</varname></term> | |
337 | <listitem><para>Controls where file | |
338 | descriptor 1 (STDOUT) of the executed | |
339 | processes is connected to. Takes one | |
340 | of <option>inherit</option>, | |
341 | <option>null</option>, | |
342 | <option>tty</option>, | |
343 | <option>syslog</option>, | |
344 | <option>kmsg</option> or | |
345 | <option>socket</option>. If set to | |
346 | <option>inherit</option> the file | |
347 | descriptor of standard input is | |
348 | duplicated for standard output. If set | |
349 | to <option>null</option> standard | |
350 | output will be connected to | |
351 | <filename>/dev/null</filename>, | |
352 | i.e. everything written to it will be | |
353 | lost. If set to <option>tty</option> | |
354 | standard output will be connected to a | |
355 | tty (as configured via | |
356 | <varname>TTYPath=</varname>, see | |
357 | below). If the TTY is used for output | |
358 | only the executed process will not | |
359 | become the controlling process of the | |
360 | terminal, and will not fail or wait | |
361 | for other processes to release the | |
362 | terminal. <option>syslog</option> | |
363 | connects standard output to the | |
364 | <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry> | |
365 | system logger. <option>kmsg</option> | |
366 | connects it with the kernel log buffer | |
367 | which is accessible via | |
368 | <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>socket</option> | |
369 | connects standard output to a socket | |
370 | from socket activation, semantics are | |
371 | similar to the respective option of | |
372 | <varname>StandardInput=</varname>. | |
373 | This setting defaults to | |
374 | <option>inherit</option>.</para></listitem> | |
375 | </varlistentry> | |
376 | <varlistentry> | |
377 | <term><varname>StandardOutput=</varname></term> | |
378 | <listitem><para>Controls where file | |
379 | descriptor 2 (STDERR) of the executed | |
380 | processes is connected to. The | |
381 | available options are identical to | |
382 | those of | |
383 | <varname>StandardError=</varname>, | |
384 | whith one exception: if set to | |
385 | <option>inherit</option> the file | |
386 | descriptor used for standard output is | |
387 | duplicated for standard error. This | |
388 | setting defaults to | |
389 | <option>inherit</option>.</para></listitem> | |
390 | </varlistentry> | |
391 | <varlistentry> | |
392 | <term><varname>TTYPath=</varname></term> | |
393 | <listitem><para>Sets the terminal | |
394 | device node to use if standard input, | |
395 | output or stderr are connected to a | |
396 | TTY (see above). Defaults to | |
397 | <filename>/dev/console</filename>.</para></listitem> | |
398 | </varlistentry> | |
399 | <varlistentry> | |
400 | <term><varname>SyslogIdentifer=</varname></term> | |
401 | <listitem><para>Sets the process name | |
402 | to prefix log lines sent to syslog or | |
403 | the kernel log buffer with. If not set | |
404 | defaults to the process name of the | |
405 | executed process. This option is only | |
406 | useful when | |
407 | <varname>StandardOutput=</varname> or | |
408 | <varname>StandardError=</varname> are | |
409 | set to <option>syslog</option> or | |
410 | <option>kmsg</option>.</para></listitem> | |
411 | </varlistentry> | |
412 | <varlistentry> | |
413 | <term><varname>SyslogFacility=</varname></term> | |
414 | <listitem><para>Sets the syslog | |
415 | facility to use when logging to | |
416 | syslog. One of <option>kern</option>, | |
417 | <option>user</option>, | |
418 | <option>mail</option>, | |
419 | <option>daemon</option>, | |
420 | <option>auth</option>, | |
421 | <option>syslog</option>, | |
422 | <option>lpr</option>, | |
423 | <option>news</option>, | |
424 | <option>uucp</option>, | |
425 | <option>cron</option>, | |
426 | <option>authpriv</option>, | |
427 | <option>ftp</option>, | |
428 | <option>local0</option>, | |
429 | <option>local1</option>, | |
430 | <option>local2</option>, | |
431 | <option>local3</option>, | |
432 | <option>local4</option>, | |
433 | <option>local5</option>, | |
434 | <option>local6</option> or | |
435 | <option>local7</option>. See | |
436 | <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry> | |
437 | for details. This option is only | |
438 | useful when | |
439 | <varname>StandardOutput=</varname> or | |
440 | <varname>StandardError=</varname> are | |
441 | set to <option>syslog</option>. | |
442 | Defaults to | |
443 | <option>daemon</option>.</para></listitem> | |
444 | </varlistentry> | |
445 | <varlistentry> | |
446 | <term><varname>SyslogLevel=</varname></term> | |
447 | <listitem><para>Default syslog level | |
448 | to use when logging to syslog or the | |
449 | kernel log buffer. One of | |
450 | <option>emerg</option>, | |
451 | <option>alert</option>, | |
452 | <option>crit</option>, | |
453 | <option>err</option>, | |
454 | <option>warning</option>, | |
455 | <option>notice</option>, | |
456 | <option>info</option>, | |
457 | <option>debug</option>. See | |
458 | <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry> | |
459 | for details. This option is only | |
460 | useful when | |
461 | <varname>StandardOutput=</varname> or | |
462 | <varname>StandardError=</varname> are | |
463 | set to <option>syslog</option> or | |
464 | <option>kmsg</option>. Note that | |
465 | individual lines output by the daemon | |
466 | might be prefixed with a different log | |
467 | level which can be used to override | |
468 | the default log level specified | |
469 | here. The interpretation of these | |
470 | prefixes may be disabled with | |
471 | <varname>SyslogNoPrefix=</varname>, | |
472 | see below. For details see | |
473 | <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>. | |
474 | ||
475 | Defaults to | |
476 | <option>info</option>.</para></listitem> | |
477 | </varlistentry> | |
478 | ||
479 | <varlistentry> | |
480 | <term><varname>SyslogNoPrefix=</varname></term> | |
481 | <listitem><para>Takes a boolean | |
482 | argument. If false and | |
483 | <varname>StandardOutput=</varname> or | |
484 | <varname>StandardError=</varname> are | |
485 | set to <option>syslog</option> or | |
486 | <option>kmsg</option> log lines | |
487 | written by the executed process that | |
488 | are prefixed with a log level will be | |
489 | passed on to syslog with this log | |
490 | level set but the prefix removed. If | |
491 | set to true, the interpretation of | |
492 | these prefixes is disabled and the | |
493 | logged lines are passed on as-is. For | |
494 | details about this prefixing see | |
495 | <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>. | |
496 | Defaults to false.</para></listitem> | |
497 | </varlistentry> | |
498 | ||
499 | <varlistentry> | |
500 | <term><varname>TimerSlackNS=</varname></term> | |
501 | <listitem><para>Sets the timer slack | |
502 | in nanoseconds for the executed | |
503 | processes The timer slack controls the accuracy | |
504 | of wake-ups triggered by timers. See | |
505 | <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
506 | for more information.</para></listitem> | |
507 | </varlistentry> | |
508 | ||
509 | <varlistentry> | |
510 | <term><varname>LimitCPU=</varname></term> | |
511 | <term><varname>LimitFSIZE=</varname></term> | |
512 | <term><varname>LimitDATA=</varname></term> | |
513 | <term><varname>LimitSTACK=</varname></term> | |
514 | <term><varname>LimitCORE=</varname></term> | |
515 | <term><varname>LimitRSS=</varname></term> | |
516 | <term><varname>LimitNOFILE=</varname></term> | |
517 | <term><varname>LimitAS=</varname></term> | |
518 | <term><varname>LimitNPROC=</varname></term> | |
519 | <term><varname>LimitMEMLOCK=</varname></term> | |
520 | <term><varname>LimitLOCKS=</varname></term> | |
521 | <term><varname>LimitSIGPENDING=</varname></term> | |
522 | <term><varname>LimitMSGQUEUE=</varname></term> | |
523 | <term><varname>LimitNICE=</varname></term> | |
524 | <term><varname>LimitRTPRIO=</varname></term> | |
525 | <term><varname>LimitRTTIME=</varname></term> | |
526 | <listitem><para>These settings control | |
527 | various resource limits for executed | |
528 | processes. See | |
529 | <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
530 | for details.</para></listitem> | |
531 | </varlistentry> | |
532 | ||
533 | <varlistentry> | |
534 | <term><varname>PAMName=</varname></term> | |
535 | <listitem><para>Sets the PAM service | |
536 | name to set up a session as. If set | |
537 | the executed process will be | |
538 | registered as a PAM session under the | |
539 | specified service name. This is only | |
540 | useful in conjunction with the | |
541 | <varname>User=</varname> setting. If | |
542 | not set no PAM session will be opened | |
543 | for the executed processes. See | |
544 | <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
545 | for details.</para></listitem> | |
546 | </varlistentry> | |
547 | ||
548 | <varlistentry> | |
549 | <term><varname>TCPWrapName=</varname></term> | |
550 | <listitem><para>If this is a | |
551 | socket-activated service this sets the | |
552 | tcpwrap service name to check the | |
553 | permission for the current connection | |
554 | with. This is only useful in | |
555 | conjunction with socket-activated | |
556 | services, and stream sockets (TCP) in | |
557 | particular. It has no effect on other | |
558 | socket types (e.g. datagram/UDP) and on processes | |
559 | unrelated to socket-based | |
560 | activation. If the tcpwrap | |
561 | verification fails daemon start-up | |
562 | will fail and the connection is | |
563 | terminated. See | |
564 | <citerefentry><refentrytitle>tcpd</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
565 | for details.</para></listitem> | |
566 | </varlistentry> | |
567 | ||
568 | <varlistentry> | |
569 | <term><varname>Capabilities=</varname></term> | |
570 | <listitem><para>Controls the | |
571 | <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
572 | set for the executed process. Take a | |
573 | capability string as described in | |
574 | <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>. | |
575 | Note that this capability set is | |
576 | usually influenced by the capabilities | |
577 | attached to the executed | |
578 | file.</para></listitem> | |
579 | </varlistentry> | |
580 | ||
581 | <varlistentry> | |
582 | <term><varname>SecureBits=</varname></term> | |
583 | <listitem><para>Controls the secure | |
584 | bits set for the executed process. See | |
585 | <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
586 | for details. Takes a list of strings: | |
587 | <option>keep-caps</option>, | |
588 | <option>keep-caps-locked</option>, | |
589 | <option>no-setuid-fixup</option>, | |
590 | <option>no-setuid-fixup-locked</option>, | |
591 | <option>no-setuid-noroot</option> and/or | |
592 | <option>no-setuid-noroot-locked</option>. | |
593 | </para></listitem> | |
594 | </varlistentry> | |
595 | ||
596 | <varlistentry> | |
597 | <term><varname>CapabilityBoundingSetDrop=</varname></term> | |
598 | ||
599 | <listitem><para>Controls the | |
600 | capability bounding set drop set for | |
601 | the executed process. See | |
602 | <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
603 | for details. Takes a list of | |
604 | capability names as read by | |
605 | <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>. | |
606 | </para></listitem> | |
607 | </varlistentry> | |
608 | ||
609 | <varlistentry> | |
610 | <term><varname>ControlGroup=</varname></term> | |
611 | ||
612 | <listitem><para>Controls the control | |
613 | groups the executed processes shall be | |
614 | made member of. Takes a | |
615 | space-seperated list of cgroup | |
616 | identifiers. A cgroup identifier has a | |
617 | format like | |
618 | <filename>cpu:/foo/bar</filename>, | |
619 | where "cpu" identifies the kernel | |
620 | control group controller used, and | |
621 | <filename>/foo/bar</filename> is the | |
622 | control group path. The controller name | |
623 | and ":" may be omitted in which case | |
624 | the named systemd control group | |
625 | hierarchy is implied. Alternatively, | |
626 | the path and ":" may be omitted, in | |
627 | which case the default control group | |
628 | path for this unit is implied. This | |
629 | option may be used to place executed | |
630 | processes in arbitrary groups in | |
631 | arbitrary hierachies -- which can be | |
632 | configured externally with additional execution limits. By default | |
633 | systemd will place all executed | |
634 | processes in seperate per-unit control | |
635 | groups (named after the unit) in the | |
636 | systemd named hierarchy. Since every | |
637 | process can be in one group per | |
638 | hierarchy only overriding the control group | |
639 | path in the named systemd hierarchy | |
640 | will disable automatic placement in | |
641 | the default group. For details about control | |
642 | groups see <ulink | |
643 | url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>.</para></listitem> | |
644 | </varlistentry> | |
645 | ||
646 | <varlistentry> | |
647 | <term><varname>ReadWriteDirectories=</varname></term> | |
648 | <term><varname>ReadOnlyDirectories=</varname></term> | |
649 | <term><varname>InaccessibleDirectories=</varname></term> | |
650 | ||
651 | <listitem><para>Sets up a new | |
652 | file-system name space for executed | |
653 | processes. These options may be used | |
654 | to limit access a process might have | |
655 | to the main file-system | |
656 | hierarchy. Each setting takes a | |
657 | space-seperated list of absolute | |
658 | directory paths. Directories listed in | |
659 | <varname>ReadWriteDirectories=</varname> | |
660 | are accessible from within the | |
661 | namespace with the same access rights | |
662 | as from outside. Directories listed in | |
663 | <varname>ReadOnlyDirectories=</varname> | |
664 | are accessible for reading only, | |
665 | writing will be refused even if the | |
666 | usual file access controls would | |
667 | permit this. Directories listed in | |
668 | <varname>InaccessibleDirectories=</varname> | |
669 | will be made inaccesible for processes | |
670 | inside the namespace. Note that | |
671 | restricting access with these options | |
672 | does not extend to submounts of a | |
673 | directory. You must list submounts | |
674 | seperately in these setttings to | |
675 | ensure the same limited access. These | |
676 | options may be specified more than | |
677 | once in which case all directories | |
678 | listed will have limited access from | |
679 | within the | |
680 | namespace.</para></listitem> | |
681 | </varlistentry> | |
682 | ||
683 | <varlistentry> | |
684 | <term><varname>PrivateTmp=</varname></term> | |
685 | ||
686 | <listitem><para>Takes a boolean | |
687 | argument. If true sets up a new | |
688 | namespace for the executed processes | |
689 | and mounts a private | |
690 | <filename>/tmp</filename> directory | |
691 | inside it, that is not shared by | |
692 | processes outside of the | |
693 | namespace. This is useful to secure | |
694 | access to temporary files of the | |
695 | process, but makes sharing between | |
696 | processes via | |
697 | <filename>/tmp</filename> | |
698 | impossible. Defaults to false.</para></listitem> | |
699 | </varlistentry> | |
700 | ||
701 | <varlistentry> | |
702 | <term><varname>MountFlags=</varname></term> | |
703 | ||
704 | <listitem><para>Takes a mount | |
705 | propagation flag: | |
706 | <option>shared</option>, | |
707 | <option>slave</option> or | |
708 | <option>private</option>, which | |
709 | control whether namespaces set up with | |
710 | <varname>ReadWriteDirectories=</varname>, | |
711 | <varname>ReadOnlyDirectories=</varname> | |
712 | and | |
713 | <varname>InaccessibleDirectories=</varname> | |
714 | receive or propagate new mounts | |
715 | from/to the main namespace. See | |
716 | <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
717 | for details. Defaults to | |
718 | <option>shared</option>, i.e. the new | |
719 | namespace will both receive new mount | |
720 | points from the main namespace as well | |
721 | as propagate new mounts to | |
722 | it.</para></listitem> | |
723 | </varlistentry> | |
724 | ||
725 | </variablelist> | |
726 | </refsect1> | |
727 | ||
728 | <refsect1> | |
729 | <title>See Also</title> | |
730 | <para> | |
731 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
732 | <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
733 | <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
734 | <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
735 | <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
736 | <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
737 | </para> | |
738 | </refsect1> | |
739 | ||
740 | </refentry> |