1 <?xml-stylesheet type=
"text/xsl" href=
"http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
6 This file is part of systemd.
8 Copyright 2010 Lennart Poettering
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 <refentry id=
"systemd.exec">
26 <title>systemd.exec
</title>
27 <productname>systemd
</productname>
31 <contrib>Developer
</contrib>
32 <firstname>Lennart
</firstname>
33 <surname>Poettering
</surname>
34 <email>lennart@poettering.net
</email>
40 <refentrytitle>systemd.exec
</refentrytitle>
41 <manvolnum>5</manvolnum>
45 <refname>systemd.exec
</refname>
46 <refpurpose>Execution environment configuration
</refpurpose>
50 <para><filename><replaceable>service
</replaceable>.service
</filename>,
51 <filename><replaceable>socket
</replaceable>.socket
</filename>,
52 <filename><replaceable>mount
</replaceable>.mount
</filename>,
53 <filename><replaceable>swap
</replaceable>.swap
</filename></para>
57 <title>Description
</title>
59 <para>Unit configuration files for services, sockets,
60 mount points, and swap devices share a subset of
61 configuration options which define the execution
62 environment of spawned processes.
</para>
64 <para>This man page lists the configuration options
65 shared by these four unit types. See
66 <citerefentry><refentrytitle>systemd.unit
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
67 for the common options of all unit configuration
69 <citerefentry><refentrytitle>systemd.service
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
70 <citerefentry><refentrytitle>systemd.socket
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
71 <citerefentry><refentrytitle>systemd.swap
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
73 <citerefentry><refentrytitle>systemd.mount
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
74 for more information on the specific unit
75 configuration files. The execution specific
76 configuration options are configured in the [Service],
77 [Socket], [Mount], or [Swap] sections, depending on the unit
82 <title>Options
</title>
84 <variablelist class='unit-directives'
>
87 <term><varname>WorkingDirectory=
</varname></term>
89 <listitem><para>Takes an absolute
90 directory path. Sets the working
91 directory for executed processes. If
92 not set, defaults to the root directory
93 when systemd is running as a system
94 instance and the respective user's
95 home directory if run as
96 user.
</para></listitem>
100 <term><varname>RootDirectory=
</varname></term>
102 <listitem><para>Takes an absolute
103 directory path. Sets the root
104 directory for executed processes, with
106 <citerefentry><refentrytitle>chroot
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
107 system call. If this is used, it must
108 be ensured that the process and all
109 its auxiliary files are available in
110 the
<function>chroot()
</function>
111 jail.
</para></listitem>
115 <term><varname>User=
</varname></term>
116 <term><varname>Group=
</varname></term>
118 <listitem><para>Sets the Unix user
119 or group that the processes are executed
120 as, respectively. Takes a single user or group
121 name or ID as argument. If no group is
122 set, the default group of the user is
123 chosen.
</para></listitem>
127 <term><varname>SupplementaryGroups=
</varname></term>
129 <listitem><para>Sets the supplementary
130 Unix groups the processes are executed
131 as. This takes a space-separated list
132 of group names or IDs. This option may
133 be specified more than once in which
134 case all listed groups are set as
135 supplementary groups. When the empty
136 string is assigned the list of
137 supplementary groups is reset, and all
138 assignments prior to this one will
139 have no effect. In any way, this
140 option does not override, but extends
141 the list of supplementary groups
142 configured in the system group
144 user.
</para></listitem>
148 <term><varname>Nice=
</varname></term>
150 <listitem><para>Sets the default nice
151 level (scheduling priority) for
152 executed processes. Takes an integer
153 between -
20 (highest priority) and
19
154 (lowest priority). See
155 <citerefentry><refentrytitle>setpriority
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
156 for details.
</para></listitem>
160 <term><varname>OOMScoreAdjust=
</varname></term>
162 <listitem><para>Sets the adjustment
163 level for the Out-Of-Memory killer for
164 executed processes. Takes an integer
165 between -
1000 (to disable OOM killing
166 for this process) and
1000 (to make
167 killing of this process under memory
168 pressure very likely). See
<ulink
169 url=
"https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt
</ulink>
170 for details.
</para></listitem>
174 <term><varname>IOSchedulingClass=
</varname></term>
176 <listitem><para>Sets the IO scheduling
177 class for executed processes. Takes an
178 integer between
0 and
3 or one of the
179 strings
<option>none
</option>,
180 <option>realtime
</option>,
181 <option>best-effort
</option> or
182 <option>idle
</option>. See
183 <citerefentry><refentrytitle>ioprio_set
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
184 for details.
</para></listitem>
188 <term><varname>IOSchedulingPriority=
</varname></term>
190 <listitem><para>Sets the IO scheduling
191 priority for executed processes. Takes
192 an integer between
0 (highest
193 priority) and
7 (lowest priority). The
194 available priorities depend on the
195 selected IO scheduling class (see
197 <citerefentry><refentrytitle>ioprio_set
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
198 for details.
</para></listitem>
202 <term><varname>CPUSchedulingPolicy=
</varname></term>
204 <listitem><para>Sets the CPU
205 scheduling policy for executed
206 processes. Takes one of
207 <option>other
</option>,
208 <option>batch
</option>,
209 <option>idle
</option>,
210 <option>fifo
</option> or
211 <option>rr
</option>. See
212 <citerefentry><refentrytitle>sched_setscheduler
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
213 for details.
</para></listitem>
217 <term><varname>CPUSchedulingPriority=
</varname></term>
219 <listitem><para>Sets the CPU
220 scheduling priority for executed
221 processes. The available priority
222 range depends on the selected CPU
223 scheduling policy (see above). For
224 real-time scheduling policies an
225 integer between
1 (lowest priority)
226 and
99 (highest priority) can be used.
227 See
<citerefentry><refentrytitle>sched_setscheduler
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
233 <term><varname>CPUSchedulingResetOnFork=
</varname></term>
235 <listitem><para>Takes a boolean
236 argument. If true, elevated CPU
237 scheduling priorities and policies
238 will be reset when the executed
239 processes fork, and can hence not leak
240 into child processes. See
241 <citerefentry><refentrytitle>sched_setscheduler
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
242 for details. Defaults to false.
</para></listitem>
246 <term><varname>CPUAffinity=
</varname></term>
248 <listitem><para>Controls the CPU
249 affinity of the executed
250 processes. Takes a space-separated
251 list of CPU indices. This option may
252 be specified more than once in which
253 case the specificed CPU affinity masks
254 are merged. If the empty string is
255 assigned, the mask is reset, all
256 assignments prior to this will have no
258 <citerefentry><refentrytitle>sched_setaffinity
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
259 for details.
</para></listitem>
263 <term><varname>UMask=
</varname></term>
265 <listitem><para>Controls the file mode
266 creation mask. Takes an access mode in
268 <citerefentry><refentrytitle>umask
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
269 for details. Defaults to
270 0022.
</para></listitem>
274 <term><varname>Environment=
</varname></term>
276 <listitem><para>Sets environment
277 variables for executed
278 processes. Takes a space-separated
279 list of variable assignments. This
280 option may be specified more than once
281 in which case all listed variables
282 will be set. If the same variable is
283 set twice, the later setting will
284 override the earlier setting. If the
285 empty string is assigned to this
286 option, the list of environment
287 variables is reset, all prior
288 assignments have no effect.
289 Variable expansion is not performed
290 inside the strings, however, specifier
291 expansion is possible. The $ character has
293 If you need to assign a value containing spaces
294 to a variable, use double quotes (
")
295 for the assignment.</para>
298 <programlisting>Environment="VAR1=word1 word2
" VAR2=word3 "VAR3=$word
5 6"</programlisting>
299 gives three variables <literal>VAR1</literal>,
300 <literal>VAR2</literal>, <literal>VAR3</literal>
301 with the values <literal>word1 word2</literal>,
302 <literal>word3</literal>, <literal>$word 5 6</literal>.
307 <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
308 for details about environment variables.</para></listitem>
311 <term><varname>EnvironmentFile=</varname></term>
312 <listitem><para>Similar to
313 <varname>Environment=</varname> but
314 reads the environment variables from a
315 text file. The text file should
316 contain new-line-separated variable
317 assignments. Empty lines and lines
318 starting with ; or # will be ignored,
319 which may be used for commenting. A line
320 ending with a backslash will be concatenated
321 with the following one, allowing multiline variable
322 definitions. The parser strips leading
323 and trailing whitespace from the values
324 of assignments, unless you use
325 double quotes (").
</para>
327 <para>The argument passed should be an
328 absolute filename or wildcard
329 expression, optionally prefixed with
330 <literal>-
</literal>, which indicates
331 that if the file does not exist, it
332 will not be read and no error or warning
333 message is logged. This option may be
334 specified more than once in which case
335 all specified files are read. If the
336 empty string is assigned to this
337 option, the list of file to read is
338 reset, all prior assignments have no
341 <para>The files listed with this
342 directive will be read shortly before
343 the process is executed (more
344 specifically, after all
345 processes from a previous unit state
346 terminated. This means you can
347 generate these files in one unit
348 state, and read it with this option in
349 the next). Settings from these files
350 override settings made with
351 <varname>Environment=
</varname>. If
352 the same variable is set twice from
353 these files, the files will be read in
354 the order they are specified and the
355 later setting will override the
356 earlier setting.
</para></listitem>
360 <term><varname>StandardInput=
</varname></term>
361 <listitem><para>Controls where file
362 descriptor
0 (STDIN) of the executed
363 processes is connected to. Takes one
364 of
<option>null
</option>,
365 <option>tty
</option>,
366 <option>tty-force
</option>,
367 <option>tty-fail
</option> or
368 <option>socket
</option>. If
369 <option>null
</option> is selected,
370 standard input will be connected to
371 <filename>/dev/null
</filename>,
372 i.e. all read attempts by the process
373 will result in immediate EOF. If
374 <option>tty
</option> is selected,
375 standard input is connected to a TTY
377 <varname>TTYPath=
</varname>, see
378 below) and the executed process
379 becomes the controlling process of the
380 terminal. If the terminal is already
381 being controlled by another process, the
382 executed process waits until the current
383 controlling process releases the
385 <option>tty-force
</option>
386 is similar to
<option>tty
</option>,
387 but the executed process is forcefully
388 and immediately made the controlling
389 process of the terminal, potentially
390 removing previous controlling
392 terminal.
<option>tty-fail
</option> is
393 similar to
<option>tty
</option> but if
394 the terminal already has a controlling
395 process start-up of the executed
397 <option>socket
</option> option is only
398 valid in socket-activated services,
399 and only when the socket configuration
401 <citerefentry><refentrytitle>systemd.socket
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
402 for details) specifies a single socket
403 only. If this option is set, standard
404 input will be connected to the socket
405 the service was activated from, which
406 is primarily useful for compatibility
407 with daemons designed for use with the
409 <citerefentry><refentrytitle>inetd
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
410 daemon. This setting defaults to
411 <option>null
</option>.
</para></listitem>
414 <term><varname>StandardOutput=
</varname></term>
415 <listitem><para>Controls where file
416 descriptor
1 (STDOUT) of the executed
417 processes is connected to. Takes one
418 of
<option>inherit
</option>,
419 <option>null
</option>,
420 <option>tty
</option>,
421 <option>syslog
</option>,
422 <option>kmsg
</option>,
423 <option>journal
</option>,
424 <option>syslog+console
</option>,
425 <option>kmsg+console
</option>,
426 <option>journal+console
</option> or
427 <option>socket
</option>. If set to
428 <option>inherit
</option>, the file
429 descriptor of standard input is
430 duplicated for standard output. If set
431 to
<option>null
</option>, standard
432 output will be connected to
433 <filename>/dev/null
</filename>,
434 i.e. everything written to it will be
435 lost. If set to
<option>tty
</option>,
436 standard output will be connected to a
437 tty (as configured via
438 <varname>TTYPath=
</varname>, see
439 below). If the TTY is used for output
440 only, the executed process will not
441 become the controlling process of the
442 terminal, and will not fail or wait
443 for other processes to release the
444 terminal.
<option>syslog
</option>
445 connects standard output to the
446 <citerefentry><refentrytitle>syslog
</refentrytitle><manvolnum>3</manvolnum></citerefentry>
448 service.
<option>kmsg
</option>
449 connects it with the kernel log buffer
450 which is accessible via
451 <citerefentry><refentrytitle>dmesg
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
<option>journal
</option>
452 connects it with the journal which is
454 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>
455 (Note that everything that is written
456 to syslog or kmsg is implicitly stored
457 in the journal as well, those options
458 are hence supersets of this
459 one).
<option>syslog+console
</option>,
460 <option>journal+console
</option> and
461 <option>kmsg+console
</option> work
462 similarly but copy the output to the
464 well.
<option>socket
</option> connects
465 standard output to a socket from
466 socket activation, semantics are
467 similar to the respective option of
468 <varname>StandardInput=
</varname>.
469 This setting defaults to the value set
471 <option>DefaultStandardOutput=
</option>
473 <citerefentry><refentrytitle>systemd-system.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
475 <option>journal
</option>.
</para></listitem>
478 <term><varname>StandardError=
</varname></term>
479 <listitem><para>Controls where file
480 descriptor
2 (STDERR) of the
481 executed processes is connected to.
482 The available options are identical to
484 <varname>StandardOutput=
</varname>,
485 with one exception: if set to
486 <option>inherit
</option> the file
487 descriptor used for standard output is
488 duplicated for standard error. This
489 setting defaults to the value set with
490 <option>DefaultStandardError=
</option>
492 <citerefentry><refentrytitle>systemd-system.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
494 <option>inherit
</option>.
</para></listitem>
497 <term><varname>TTYPath=
</varname></term>
498 <listitem><para>Sets the terminal
499 device node to use if standard input, output,
500 or error are connected to a
501 TTY (see above). Defaults to
502 <filename>/dev/console
</filename>.
</para></listitem>
505 <term><varname>TTYReset=
</varname></term>
506 <listitem><para>Reset the terminal
507 device specified with
508 <varname>TTYPath=
</varname> before and
509 after execution. Defaults to
510 <literal>no
</literal>.
</para></listitem>
513 <term><varname>TTYVHangup=
</varname></term>
514 <listitem><para>Disconnect all clients
515 which have opened the terminal device
517 <varname>TTYPath=
</varname>
518 before and after execution. Defaults
520 <literal>no
</literal>.
</para></listitem>
523 <term><varname>TTYVTDisallocate=
</varname></term>
524 <listitem><para>If the terminal
525 device specified with
526 <varname>TTYPath=
</varname> is a
527 virtual console terminal, try to
528 deallocate the TTY before and after
529 execution. This ensures that the
530 screen and scrollback buffer is
532 <literal>no
</literal>.
</para></listitem>
535 <term><varname>SyslogIdentifier=
</varname></term>
536 <listitem><para>Sets the process name
537 to prefix log lines sent to syslog or
538 the kernel log buffer with. If not set,
539 defaults to the process name of the
540 executed process. This option is only
542 <varname>StandardOutput=
</varname> or
543 <varname>StandardError=
</varname> are
544 set to
<option>syslog
</option> or
545 <option>kmsg
</option>.
</para></listitem>
548 <term><varname>SyslogFacility=
</varname></term>
549 <listitem><para>Sets the syslog
550 facility to use when logging to
551 syslog. One of
<option>kern
</option>,
552 <option>user
</option>,
553 <option>mail
</option>,
554 <option>daemon
</option>,
555 <option>auth
</option>,
556 <option>syslog
</option>,
557 <option>lpr
</option>,
558 <option>news
</option>,
559 <option>uucp
</option>,
560 <option>cron
</option>,
561 <option>authpriv
</option>,
562 <option>ftp
</option>,
563 <option>local0
</option>,
564 <option>local1
</option>,
565 <option>local2
</option>,
566 <option>local3
</option>,
567 <option>local4
</option>,
568 <option>local5
</option>,
569 <option>local6
</option> or
570 <option>local7
</option>. See
571 <citerefentry><refentrytitle>syslog
</refentrytitle><manvolnum>3</manvolnum></citerefentry>
572 for details. This option is only
574 <varname>StandardOutput=
</varname> or
575 <varname>StandardError=
</varname> are
576 set to
<option>syslog
</option>.
578 <option>daemon
</option>.
</para></listitem>
581 <term><varname>SyslogLevel=
</varname></term>
582 <listitem><para>Default syslog level
583 to use when logging to syslog or the
584 kernel log buffer. One of
585 <option>emerg
</option>,
586 <option>alert
</option>,
587 <option>crit
</option>,
588 <option>err
</option>,
589 <option>warning
</option>,
590 <option>notice
</option>,
591 <option>info
</option>,
592 <option>debug
</option>. See
593 <citerefentry><refentrytitle>syslog
</refentrytitle><manvolnum>3</manvolnum></citerefentry>
594 for details. This option is only
596 <varname>StandardOutput=
</varname> or
597 <varname>StandardError=
</varname> are
598 set to
<option>syslog
</option> or
599 <option>kmsg
</option>. Note that
600 individual lines output by the daemon
601 might be prefixed with a different log
602 level which can be used to override
603 the default log level specified
604 here. The interpretation of these
605 prefixes may be disabled with
606 <varname>SyslogLevelPrefix=
</varname>,
607 see below. For details see
608 <citerefentry><refentrytitle>sd-daemon
</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
611 <option>info
</option>.
</para></listitem>
615 <term><varname>SyslogLevelPrefix=
</varname></term>
616 <listitem><para>Takes a boolean
617 argument. If true and
618 <varname>StandardOutput=
</varname> or
619 <varname>StandardError=
</varname> are
620 set to
<option>syslog
</option>,
621 <option>kmsg
</option> or
622 <option>journal
</option>, log lines
623 written by the executed process that
624 are prefixed with a log level will be
625 passed on to syslog with this log
626 level set but the prefix removed. If
627 set to false, the interpretation of
628 these prefixes is disabled and the
629 logged lines are passed on as-is. For
630 details about this prefixing see
631 <citerefentry><refentrytitle>sd-daemon
</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
632 Defaults to true.
</para></listitem>
636 <term><varname>TimerSlackNSec=
</varname></term>
637 <listitem><para>Sets the timer slack
638 in nanoseconds for the executed
639 processes. The timer slack controls
640 the accuracy of wake-ups triggered by
642 <citerefentry><refentrytitle>prctl
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
643 for more information. Note that in
644 contrast to most other time span
645 definitions this parameter takes an
646 integer value in nano-seconds if no
647 unit is specified. The usual time
649 too.
</para></listitem>
653 <term><varname>LimitCPU=
</varname></term>
654 <term><varname>LimitFSIZE=
</varname></term>
655 <term><varname>LimitDATA=
</varname></term>
656 <term><varname>LimitSTACK=
</varname></term>
657 <term><varname>LimitCORE=
</varname></term>
658 <term><varname>LimitRSS=
</varname></term>
659 <term><varname>LimitNOFILE=
</varname></term>
660 <term><varname>LimitAS=
</varname></term>
661 <term><varname>LimitNPROC=
</varname></term>
662 <term><varname>LimitMEMLOCK=
</varname></term>
663 <term><varname>LimitLOCKS=
</varname></term>
664 <term><varname>LimitSIGPENDING=
</varname></term>
665 <term><varname>LimitMSGQUEUE=
</varname></term>
666 <term><varname>LimitNICE=
</varname></term>
667 <term><varname>LimitRTPRIO=
</varname></term>
668 <term><varname>LimitRTTIME=
</varname></term>
669 <listitem><para>These settings control
670 various resource limits for executed
672 <citerefentry><refentrytitle>setrlimit
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
673 for details. Use the string
674 <varname>infinity
</varname> to
675 configure no limit on a specific
676 resource.
</para></listitem>
680 <term><varname>PAMName=
</varname></term>
681 <listitem><para>Sets the PAM service
682 name to set up a session as. If set,
683 the executed process will be
684 registered as a PAM session under the
685 specified service name. This is only
686 useful in conjunction with the
687 <varname>User=
</varname> setting. If
688 not set, no PAM session will be opened
689 for the executed processes. See
690 <citerefentry><refentrytitle>pam
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
691 for details.
</para></listitem>
695 <term><varname>CapabilityBoundingSet=
</varname></term>
697 <listitem><para>Controls which
698 capabilities to include in the
699 capability bounding set for the
700 executed process. See
701 <citerefentry><refentrytitle>capabilities
</refentrytitle><manvolnum>7</manvolnum></citerefentry>
702 for details. Takes a whitespace-separated
703 list of capability names as read by
704 <citerefentry><refentrytitle>cap_from_name
</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
705 e.g.
<constant>CAP_SYS_ADMIN
</constant>,
706 <constant>CAP_DAC_OVERRIDE
</constant>,
707 <constant>CAP_SYS_PTRACE
</constant>.
708 Capabilities listed will be included
709 in the bounding set, all others are
710 removed. If the list of capabilities
711 is prefixed with
<literal>~
</literal>,
712 all but the listed capabilities will
713 be included, the effect of the
714 assignment inverted. Note that this
715 option also affects the respective
716 capabilities in the effective,
717 permitted and inheritable capability
719 <varname>Capabilities=
</varname>
720 does. If this option is not used, the
721 capability bounding set is not
722 modified on process execution, hence
723 no limits on the capabilities of the
724 process are enforced. This option may
725 appear more than once in which case
726 the bounding sets are merged. If the
727 empty string is assigned to this
728 option, the bounding set is reset to
729 the empty capability set, and all
730 prior settings have no effect. If set
731 to
<literal>~
</literal> (without any
732 further argument), the bounding set is
733 reset to the full set of available
734 capabilities, also undoing any
735 previous settings.
</para></listitem>
739 <term><varname>SecureBits=
</varname></term>
740 <listitem><para>Controls the secure
741 bits set for the executed process. See
742 <citerefentry><refentrytitle>capabilities
</refentrytitle><manvolnum>7</manvolnum></citerefentry>
743 for details. Takes a list of strings:
744 <option>keep-caps
</option>,
745 <option>keep-caps-locked
</option>,
746 <option>no-setuid-fixup
</option>,
747 <option>no-setuid-fixup-locked
</option>,
748 <option>noroot
</option> and/or
749 <option>noroot-locked
</option>. This
750 option may appear more than once in
751 which case the secure bits are
752 ORed. If the empty string is assigned
753 to this option, the bits are reset to
758 <term><varname>Capabilities=
</varname></term>
759 <listitem><para>Controls the
760 <citerefentry><refentrytitle>capabilities
</refentrytitle><manvolnum>7</manvolnum></citerefentry>
761 set for the executed process. Take a
762 capability string describing the
763 effective, permitted and inherited
764 capability sets as documented in
765 <citerefentry><refentrytitle>cap_from_text
</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
766 Note that these capability sets are
767 usually influenced (and filtered) by the capabilities
768 attached to the executed file. Due to
770 <varname>CapabilityBoundingSet=
</varname>
771 is probably the much more useful
772 setting.
</para></listitem>
776 <term><varname>ReadWriteDirectories=
</varname></term>
777 <term><varname>ReadOnlyDirectories=
</varname></term>
778 <term><varname>InaccessibleDirectories=
</varname></term>
780 <listitem><para>Sets up a new
781 file system namespace for executed
782 processes. These options may be used
783 to limit access a process might have
784 to the main file system
785 hierarchy. Each setting takes a
786 space-separated list of absolute
787 directory paths. Directories listed in
788 <varname>ReadWriteDirectories=
</varname>
789 are accessible from within the
790 namespace with the same access rights
791 as from outside. Directories listed in
792 <varname>ReadOnlyDirectories=
</varname>
793 are accessible for reading only,
794 writing will be refused even if the
795 usual file access controls would
796 permit this. Directories listed in
797 <varname>InaccessibleDirectories=
</varname>
798 will be made inaccessible for
799 processes inside the namespace. Note
800 that restricting access with these
801 options does not extend to submounts
802 of a directory. You must list
803 submounts separately in these settings
804 to ensure the same limited
805 access. These options may be specified
806 more than once in which case all
807 directories listed will have limited
808 access from within the namespace. If
809 the empty string is assigned to this
810 option, the specific list is reset, and
811 all prior assignments have no
814 <varname>ReadOnlyDirectories=
</varname>
816 <varname>InaccessibleDirectories=
</varname>
818 <literal>-
</literal>, in which case
819 they will be ignored when they do not
820 exist. Note that using this
821 setting will disconnect propagation of
822 mounts from the service to the host
823 (propagation in the opposite direction
824 continues to work). This means that
825 this setting may not be used for
826 services which shall be able to
827 install mount points in the main mount
828 namespace.
</para></listitem>
832 <term><varname>PrivateTmp=
</varname></term>
834 <listitem><para>Takes a boolean
835 argument. If true, sets up a new file
836 system namespace for the executed
837 processes and mounts private
838 <filename>/tmp
</filename> and
839 <filename>/var/tmp
</filename>
840 directories inside it that is not
841 shared by processes outside of the
842 namespace. This is useful to secure
843 access to temporary files of the
844 process, but makes sharing between
846 <filename>/tmp
</filename> or
847 <filename>/var/tmp
</filename>
848 impossible. If this is enabled, all
849 temporary files created by a service
850 in these directories will be removed
851 after the service is stopped. Defaults
852 to false. It is possible to run two or
853 more units within the same private
854 <filename>/tmp
</filename> and
855 <filename>/var/tmp
</filename>
856 namespace by using the
857 <varname>JoinsNamespaceOf=
</varname>
859 <citerefentry><refentrytitle>systemd.unit
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
860 for details. Note that using this
861 setting will disconnect propagation of
862 mounts from the service to the host
863 (propagation in the opposite direction
864 continues to work). This means that
865 this setting may not be used for
866 services which shall be able to install
867 mount points in the main mount
868 namespace.
</para></listitem>
872 <term><varname>PrivateDevices=
</varname></term>
874 <listitem><para>Takes a boolean
875 argument. If true, sets up a new /dev
876 namespace for the executed processes
877 and only adds API pseudo devices such
878 as
<filename>/dev/null
</filename>,
879 <filename>/dev/zero
</filename> or
880 <filename>/dev/random
</filename> (as
881 well as the pseudo TTY subsystem) to
882 it, but no physical devices such as
883 <filename>/dev/sda
</filename>. This is
884 useful to securely turn off physical
885 device access by the executed
886 process. Defaults to false. Enabling
887 this option will also remove
888 <constant>CAP_MKNOD
</constant> from
889 the capability bounding set for the
890 unit (see above), and set
891 <varname>DevicePolicy=closed
</varname>
893 <citerefentry><refentrytitle>systemd.resource-control
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
894 for details). Note that using this
895 setting will disconnect propagation of
896 mounts from the service to the host
897 (propagation in the opposite direction
898 continues to work). This means that
899 this setting may not be used for
900 services which shall be able to
901 install mount points in the main mount
902 namespace.
</para></listitem>
906 <term><varname>PrivateNetwork=
</varname></term>
908 <listitem><para>Takes a boolean
909 argument. If true, sets up a new
910 network namespace for the executed
911 processes and configures only the
912 loopback network device
913 <literal>lo
</literal> inside it. No
914 other network devices will be
915 available to the executed process.
916 This is useful to securely turn off
917 network access by the executed
918 process. Defaults to false. It is
919 possible to run two or more units
920 within the same private network
921 namespace by using the
922 <varname>JoinsNamespaceOf=
</varname>
924 <citerefentry><refentrytitle>systemd.unit
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
925 for details. Note that this option
926 will disconnect all socket families
927 from the host, this includes
928 AF_NETLINK and AF_UNIX. The latter has
929 the effect that AF_UNIX sockets in the
930 abstract socket namespace will become
931 unavailable to the processes (however,
932 those located in the file system will
934 accessible).
</para></listitem>
938 <term><varname>ReadOnlySystem=
</varname></term>
940 <listitem><para>Takes a boolean
941 argument. If true, mounts the
942 <filename>/usr
</filename> and
943 <filename>/boot
</filename> directories
944 read-only for processes invoked by
945 this unit. This setting ensures that
946 any modification of the vendor
947 supplied operating system is
948 prohibited for the service. It is
949 recommended to enable this setting for
950 all long-running services, unless they
951 are involved with system updates or
952 need to modify the operating system in
953 other ways. Note however, that
954 processes retaining the CAP_SYS_ADMIN
955 capability can undo the effect of this
956 setting. This setting is hence
957 particularly useful for daemons which
958 have this capability removed, for
960 <varname>CapabilityBoundingSet=
</varname>. Defaults
961 to off.
</para></listitem>
965 <term><varname>ProtectedHome=
</varname></term>
967 <listitem><para>Takes a boolean
969 <literal>read-only
</literal>. If true,
971 <filename>/home
</filename> and
972 <filename>/run/user
</filename> are
973 made inaccessible and empty for
974 processes invoked by this unit. If set
975 to
<literal>read-only
</literal> the
976 two directores are made read-only
977 instead. It is recommended to enable
978 this setting for all long-running
979 services (in particular network-facing
980 one), to ensure they cannot get access
981 to private user data, unless the
982 services actually require access to
983 the user's private data. Note however,
984 that processes retaining the
985 CAP_SYS_ADMIN capability can undo the
986 effect of this setting. This setting
987 is hence particularly useful for
988 daemons which have this capability
989 removed, for example with
990 <varname>CapabilityBoundingSet=
</varname>. Defaults
991 to off.
</para></listitem>
995 <term><varname>MountFlags=
</varname></term>
997 <listitem><para>Takes a mount
999 <option>shared
</option>,
1000 <option>slave
</option> or
1001 <option>private
</option>, which
1002 control whether mounts in the file
1003 system namespace set up for this
1004 unit's processes will receive or
1005 propagate mounts or unmounts. See
1006 <citerefentry><refentrytitle>mount
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1007 for details. Defaults to
1008 <option>shared
</option>. Use
1009 <option>shared
</option> to ensure that
1010 mounts and unmounts are propagated
1011 from the host to the container and
1012 vice versa. Use
<option>slave
</option>
1013 to run processes so that none of their
1014 mounts and unmounts will propagate to
1015 the host. Use
<option>private
</option>
1016 to also ensure that no mounts and
1017 unmounts from the host will propagate
1018 into the unit processes'
1019 namespace. Note that
1020 <option>slave
</option> means that file
1021 systems mounted on the host might stay
1022 mounted continously in the unit's
1023 namespace, and thus keep the device
1024 busy. Note that the file system
1025 namespace related options
1026 (
<varname>PrivateTmp=
</varname>,
1027 <varname>PrivateDevices=
</varname>,
1028 <varname>ReadOnlySystem=
</varname>,
1029 <varname>ProtectedHome=
</varname>,
1030 <varname>ReadOnlyDirectories=
</varname>,
1031 <varname>InaccessibleDirectories=
</varname>
1033 <varname>ReadWriteDirectories=
</varname>)
1034 require that mount and unmount
1035 propagation from the unit's file
1036 system namespace is disabled, and
1038 <option>shared
</option> to
1039 <option>slave
</option>.
1044 <term><varname>UtmpIdentifier=
</varname></term>
1046 <listitem><para>Takes a four
1047 character identifier string for an
1048 utmp/wtmp entry for this service. This
1049 should only be set for services such
1050 as
<command>getty
</command>
1051 implementations where utmp/wtmp
1052 entries must be created and cleared
1053 before and after execution. If the
1054 configured string is longer than four
1055 characters, it is truncated and the
1056 terminal four characters are
1057 used. This setting interprets %I style
1058 string replacements. This setting is
1059 unset by default, i.e. no utmp/wtmp
1060 entries are created or cleaned up for
1061 this service.
</para></listitem>
1065 <term><varname>SELinuxContext=
</varname></term>
1067 <listitem><para>Set the SELinux
1068 security context of the executed
1069 process. If set, this will override
1070 the automated domain
1071 transition. However, the policy still
1072 needs to autorize the transition. This
1073 directive is ignored if SELinux is
1074 disabled. If prefixed by
1075 <literal>-
</literal>, all errors will
1077 <citerefentry><refentrytitle>setexeccon
</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1078 for details.
</para></listitem>
1082 <term><varname>AppArmorProfile=
</varname></term>
1084 <listitem><para>Takes a profile name as argument.
1085 The process executed by the unit will switch to
1086 this profile when started. Profiles must already
1087 be loaded in the kernel, or the unit will fail.
1088 This result in a non operation if AppArmor is not
1089 enabled. If prefixed by
<literal>-
</literal>, all errors
1095 <term><varname>IgnoreSIGPIPE=
</varname></term>
1097 <listitem><para>Takes a boolean
1098 argument. If true, causes
<constant>SIGPIPE
</constant> to be
1099 ignored in the executed
1100 process. Defaults to true because
1101 <constant>SIGPIPE
</constant> generally is useful only in
1102 shell pipelines.
</para></listitem>
1106 <term><varname>NoNewPrivileges=
</varname></term>
1108 <listitem><para>Takes a boolean
1109 argument. If true, ensures that the
1110 service process and all its children
1111 can never gain new privileges. This
1112 option is more powerful than the respective
1113 secure bits flags (see above), as it
1114 also prohibits UID changes of any
1115 kind. This is the simplest, most
1116 effective way to ensure that a process
1117 and its children can never elevate
1118 privileges again.
</para></listitem>
1122 <term><varname>SystemCallFilter=
</varname></term>
1124 <listitem><para>Takes a
1125 space-separated list of system call
1126 names. If this setting is used, all
1127 system calls executed by the unit
1128 processes except for the listed ones
1129 will result in immediate process
1130 termination with the
1131 <constant>SIGSYS
</constant> signal
1132 (whitelisting). If the first character
1133 of the list is
<literal>~
</literal>,
1134 the effect is inverted: only the
1135 listed system calls will result in
1136 immediate process termination
1137 (blacklisting). If running in user
1138 mode and this option is used,
1139 <varname>NoNewPrivileges=yes
</varname>
1140 is implied. This feature makes use of the
1141 Secure Computing Mode
2 interfaces of
1142 the kernel ('seccomp filtering') and
1143 is useful for enforcing a minimal
1144 sandboxing environment. Note that the
1145 <function>execve
</function>,
1146 <function>rt_sigreturn
</function>,
1147 <function>sigreturn
</function>,
1148 <function>exit_group
</function>,
1149 <function>exit
</function> system calls
1150 are implicitly whitelisted and do not
1151 need to be listed explicitly. This
1152 option may be specified more than once
1153 in which case the filter masks are
1154 merged. If the empty string is
1155 assigned, the filter is reset, all
1156 prior assignments will have no
1159 <para>If you specify both types of
1160 this option (i.e. whitelisting and
1161 blacklisting), the first encountered
1162 will take precedence and will dictate
1163 the default action (termination or
1164 approval of a system call). Then the
1165 next occurrences of this option will
1166 add or delete the listed system calls
1167 from the set of the filtered system
1168 calls, depending of its type and the
1169 default action. (For example, if you have started
1170 with a whitelisting of
1171 <function>read
</function> and
1172 <function>write
</function>, and right
1173 after it add a blacklisting of
1174 <function>write
</function>, then
1175 <function>write
</function> will be
1176 removed from the set.)
1181 <term><varname>SystemCallErrorNumber=
</varname></term>
1183 <listitem><para>Takes an
1184 <literal>errno
</literal> error number
1185 name to return when the system call
1186 filter configured with
1187 <varname>SystemCallFilter=
</varname>
1188 is triggered, instead of terminating
1189 the process immediately. Takes an
1191 <constant>EPERM
</constant>,
1192 <constant>EACCES
</constant> or
1193 <constant>EUCLEAN
</constant>. When this
1194 setting is not used, or when the empty
1195 string is assigned, the process will be
1196 terminated immediately when the filter
1197 is triggered.
</para></listitem>
1201 <term><varname>SystemCallArchitectures=
</varname></term>
1203 <listitem><para>Takes a space
1204 separated list of architecture
1205 identifiers to include in the system
1206 call filter. The known architecture
1208 <constant>x86
</constant>,
1209 <constant>x86-
64</constant>,
1210 <constant>x32
</constant>,
1211 <constant>arm
</constant> as well as
1212 the special identifier
1213 <constant>native
</constant>. Only
1214 system calls of the specified
1215 architectures will be permitted to
1216 processes of this unit. This is an
1217 effective way to disable compatibility
1218 with non-native architectures for
1219 processes, for example to prohibit
1220 execution of
32-bit x86 binaries on
1221 64-bit x86-
64 systems. The special
1222 <constant>native
</constant> identifier
1223 implicitly maps to the native
1224 architecture of the system (or more
1225 strictly: to the architecture the
1226 system manager is compiled for). If
1227 running in user mode and this option
1229 <varname>NoNewPrivileges=yes
</varname>
1230 is implied. Note that setting this
1231 option to a non-empty list implies
1232 that
<constant>native
</constant> is
1233 included too. By default, this option
1234 is set to the empty list, i.e. no
1235 architecture system call filtering is
1236 applied.
</para></listitem>
1240 <term><varname>RestrictAddressFamilies=
</varname></term>
1242 <listitem><para>Restricts the set of
1243 socket address families accessible to
1244 the processes of this unit. Takes a
1245 space-separated list of address family
1246 names to whitelist, such as
1247 <constant>AF_UNIX
</constant>,
1248 <constant>AF_INET
</constant> or
1249 <constant>AF_INET6
</constant>. When
1250 prefixed with
<constant>~
</constant>
1251 the listed address families will be
1252 applied as blacklist, otherwise as
1253 whitelist. Note that this restricts
1255 <citerefentry><refentrytitle>socket
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1256 system call only. Sockets passed into
1257 the process by other means (for
1258 example, by using socket activation
1259 with socket units, see
1260 <citerefentry><refentrytitle>systemd.socket
</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1261 are unaffected. Also, sockets created
1262 with
<function>socketpair()
</function>
1263 (which creates connected AF_UNIX
1264 sockets only) are unaffected. Note
1265 that this option has no effect on
1266 32-bit x86 and is ignored (but works
1267 correctly on x86-
64). If running in user
1268 mode and this option is used,
1269 <varname>NoNewPrivileges=yes
</varname>
1270 is implied. By default, no
1271 restriction applies, all address
1272 families are accessible to
1273 processes. If assigned the empty
1274 string, any previous list changes are
1277 <para>Use this option to limit
1278 exposure of processes to remote
1279 systems, in particular via exotic
1280 network protocols. Note that in most
1282 <constant>AF_UNIX
</constant> address
1283 family should be included in the
1284 configured whitelist as it is
1285 frequently used for local
1286 communication, including for
1287 <citerefentry><refentrytitle>syslog
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1288 logging.
</para></listitem>
1292 <term><varname>Personality=
</varname></term>
1294 <listitem><para>Controls which
1296 <citerefentry><refentrytitle>uname
</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1297 shall report, when invoked by unit
1298 processes. Takes one of
1299 <constant>x86
</constant> and
1300 <constant>x86-
64</constant>. This is
1301 useful when running
32-bit services on
1302 a
64-bit host system. If not specified,
1303 the personality is left unmodified and
1304 thus reflects the personality of the
1306 kernel.
</para></listitem>
1310 <term><varname>RuntimeDirectory=
</varname></term>
1311 <term><varname>RuntimeDirectoryMode=
</varname></term>
1313 <listitem><para>Takes a list of
1314 directory names. If set, one or more
1315 directories by the specified names
1316 will be created below
1317 <filename>/run
</filename> (for system
1319 <varname>$XDG_RUNTIME_DIR
</varname>
1320 (for user services) when the unit is
1321 started, and removed when the unit is
1322 stopped. The directories will have the
1323 access mode specified in
1324 <varname>RuntimeDirectoryMode=
</varname>,
1325 and will be owned by the user and
1327 <varname>User=
</varname> and
1328 <varname>Group=
</varname>. Use this to
1329 manage one or more runtime directories
1330 of the unit and bind their lifetime to
1331 the daemon runtime. The specified
1332 directory names must be relative, and
1334 <literal>/
</literal>, i.e. must refer
1335 to simple directories to create or
1336 remove. This is particularly useful
1337 for unprivileged daemons that cannot
1338 create runtime directories in
1339 <filename>/run
</filename> due to lack
1340 of privileges, and to make sure the
1341 runtime directory is cleaned up
1342 automatically after use. For runtime
1343 directories that require more complex
1344 or different configuration or lifetime
1345 guarantees, please consider using
1346 <citerefentry><refentrytitle>tmpfiles.d
</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para></listitem>
1353 <title>Environment variables in spawned processes
</title>
1355 <para>Processes started by the system are executed in
1356 a clean environment in which select variables
1357 listed below are set. System processes started by systemd
1358 do not inherit variables from PID
1, but processes
1359 started by user systemd instances inherit all
1360 environment variables from the user systemd instance.
1363 <variablelist class='environment-variables'
>
1365 <term><varname>$PATH
</varname></term>
1367 <listitem><para>Colon-separated list
1368 of directiories to use when launching
1369 executables. Systemd uses a fixed
1371 <filename>/usr/local/sbin
</filename>:
<filename>/usr/local/bin
</filename>:
<filename>/usr/sbin
</filename>:
<filename>/usr/bin
</filename>:
<filename>/sbin
</filename>:
<filename>/bin
</filename>.
1376 <term><varname>$LANG
</varname></term>
1378 <listitem><para>Locale. Can be set in
1379 <citerefentry><refentrytitle>locale.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1380 or on the kernel command line (see
1381 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1383 <citerefentry><refentrytitle>kernel-command-line
</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
1388 <term><varname>$USER
</varname></term>
1389 <term><varname>$LOGNAME
</varname></term>
1390 <term><varname>$HOME
</varname></term>
1391 <term><varname>$SHELL
</varname></term>
1393 <listitem><para>User name (twice), home
1394 directory, and the login shell.
1395 The variables are set for the units that
1396 have
<varname>User=
</varname> set,
1398 <command>systemd
</command> instances.
1400 <citerefentry><refentrytitle>passwd
</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1405 <term><varname>$XDG_RUNTIME_DIR
</varname></term>
1407 <listitem><para>The directory for volatile
1408 state. Set for the user
<command>systemd
</command>
1409 instance, and also in user sessions.
1411 <citerefentry><refentrytitle>pam_systemd
</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
1416 <term><varname>$XDG_SESSION_ID
</varname></term>
1417 <term><varname>$XDG_SEAT
</varname></term>
1418 <term><varname>$XDG_VTNR
</varname></term>
1420 <listitem><para>The identifier of the
1421 session, the seat name, and
1422 virtual terminal of the session. Set
1424 <citerefentry><refentrytitle>pam_systemd
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
1426 <varname>$XDG_SEAT
</varname> and
1427 <varname>$XDG_VTNR
</varname> will
1428 only be set when attached to a seat and a
1429 tty.
</para></listitem>
1433 <term><varname>$MAINPID
</varname></term>
1435 <listitem><para>The PID of the units
1436 main process if it is known. This is
1437 only set for control processes as
1439 <varname>ExecReload=
</varname> and
1440 similar.
</para></listitem>
1444 <term><varname>$MANAGERPID
</varname></term>
1446 <listitem><para>The PID of the user
1447 <command>systemd
</command> instance,
1448 set for processes spawned by it.
1453 <term><varname>$LISTEN_FDS
</varname></term>
1454 <term><varname>$LISTEN_PID
</varname></term>
1456 <listitem><para>Information about file
1457 descriptors passed to a service for
1458 socket activation. See
1459 <citerefentry><refentrytitle>sd_listen_fds
</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
1464 <term><varname>$TERM
</varname></term>
1466 <listitem><para>Terminal type, set
1467 only for units connected to a terminal
1468 (
<varname>StandardInput=tty
</varname>,
1469 <varname>StandardOutput=tty
</varname>,
1471 <varname>StandardError=tty
</varname>).
1473 <citerefentry><refentrytitle>termcap
</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1478 <para>Additional variables may be configured by the
1479 following means: for processes spawned in specific
1480 units, use the
<varname>Environment=
</varname> and
1481 <varname>EnvironmentFile=
</varname> options above; to
1482 specify variables globally, use
1483 <varname>DefaultEnvironment=
</varname> (see
1484 <citerefentry><refentrytitle>systemd-system.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
1485 or the kernel option
1486 <varname>systemd.setenv=
</varname> (see
1487 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>). Additional
1488 variables may also be set through PAM,
1489 cf.
<citerefentry><refentrytitle>pam_env
</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
</para>
1493 <title>See Also
</title>
1495 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1496 <citerefentry><refentrytitle>systemctl
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1497 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1498 <citerefentry><refentrytitle>systemd.unit
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1499 <citerefentry><refentrytitle>systemd.service
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1500 <citerefentry><refentrytitle>systemd.socket
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1501 <citerefentry><refentrytitle>systemd.swap
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1502 <citerefentry><refentrytitle>systemd.mount
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1503 <citerefentry><refentrytitle>systemd.kill
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1504 <citerefentry><refentrytitle>systemd.resource-control
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1505 <citerefentry><refentrytitle>systemd.directives
</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
1506 <citerefentry><refentrytitle>tmpfiles.d
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1507 <citerefentry><refentrytitle>exec
</refentrytitle><manvolnum>3</manvolnum></citerefentry>
projects / thirdparty / systemd.git / blob