]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/systemd.service.xml
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
bus: parse BusPolicy directive in service files
[thirdparty/systemd.git] / man / systemd.service.xml
1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5
6 <!--
7 This file is part of systemd.
8
9 Copyright 2010 Lennart Poettering
10
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
15
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 -->
24
25 <refentry id="systemd.service">
26 <refentryinfo>
27 <title>systemd.service</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd.service</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd.service</refname>
47 <refpurpose>Service unit configuration</refpurpose>
48 </refnamediv>
49
50 <refsynopsisdiv>
51 <para><filename><replaceable>service</replaceable>.service</filename></para>
52 </refsynopsisdiv>
53
54 <refsect1>
55 <title>Description</title>
56
57 <para>A unit configuration file whose name ends in
58 <filename>.service</filename> encodes information
59 about a process controlled and supervised by
60 systemd.</para>
61
62 <para>This man page lists the configuration options
63 specific to this unit type. See
64 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
65 for the common options of all unit configuration
66 files. The common configuration items are configured
67 in the generic <literal>[Unit]</literal> and
68 <literal>[Install]</literal> sections. The service
69 specific configuration options are configured in the
70 <literal>[Service]</literal> section.</para>
71
72 <para>Additional options are listed in
73 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
74 which define the execution environment the commands
75 are executed in, and in
76 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
77 which define the way the processes of the service are
78 terminated, and in
79 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
80 which configure resource control settings for the
81 processes of the service.</para>
82
83 <para>Unless <varname>DefaultDependencies=</varname>
84 is set to <option>false</option>, service units will
85 implicitly have dependencies of type
86 <varname>Requires=</varname> and
87 <varname>After=</varname> on
88 <filename>basic.target</filename> as well as
89 dependencies of type <varname>Conflicts=</varname> and
90 <varname>Before=</varname> on
91 <filename>shutdown.target</filename>. These ensure
92 that normal service units pull in basic system
93 initialization, and are terminated cleanly prior to
94 system shutdown. Only services involved with early
95 boot or late system shutdown should disable this
96 option.</para>
97
98 <para>If a service is requested under a certain name
99 but no unit configuration file is found, systemd looks
100 for a SysV init script by the same name (with the
101 <filename>.service</filename> suffix removed) and
102 dynamically creates a service unit from that
103 script. This is useful for compatibility with
104 SysV. Note that this compatibility is quite
105 comprehensive but not 100%. For details about the
106 incompatibilities, see the <ulink
107 url="http://www.freedesktop.org/wiki/Software/systemd/Incompatibilities">Incompatibilities
108 with SysV</ulink> document.
109 </para>
110 </refsect1>
111
112 <refsect1>
113 <title>Options</title>
114
115 <para>Service files must include a
116 <literal>[Service]</literal> section, which carries
117 information about the service and the process it
118 supervises. A number of options that may be used in
119 this section are shared with other unit types. These
120 options are documented in
121 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
122 and
123 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
124 options specific to the <literal>[Service]</literal>
125 section of service units are the following:</para>
126
127 <variablelist class='unit-directives'>
128 <varlistentry>
129 <term><varname>Type=</varname></term>
130
131 <listitem><para>Configures the process
132 start-up type for this service
133 unit. One of <option>simple</option>,
134 <option>forking</option>,
135 <option>oneshot</option>,
136 <option>dbus</option>,
137 <option>notify</option> or
138 <option>idle</option>.</para>
139
140 <para>If set to
141 <option>simple</option> (the default
142 if neither
143 <varname>Type=</varname> nor
144 <varname>BusName=</varname>, but
145 <varname>ExecStart=</varname> are
146 specified), it is expected that the
147 process configured with
148 <varname>ExecStart=</varname> is the
149 main process of the service. In this
150 mode, if the process offers
151 functionality to other processes on
152 the system, its communication channels
153 should be installed before the daemon
154 is started up (e.g. sockets set up by
155 systemd, via socket activation), as
156 systemd will immediately proceed
157 starting follow-up units.</para>
158
159 <para>If set to
160 <option>forking</option>, it is
161 expected that the process configured
162 with <varname>ExecStart=</varname>
163 will call <function>fork()</function>
164 as part of its start-up. The parent process is
165 expected to exit when start-up is
166 complete and all communication
167 channels are set up. The child continues
168 to run as the main daemon
169 process. This is the behavior of
170 traditional UNIX daemons. If this
171 setting is used, it is recommended to
172 also use the
173 <varname>PIDFile=</varname> option, so
174 that systemd can identify the main
175 process of the daemon. systemd will
176 proceed with starting follow-up units
177 as soon as the parent process
178 exits.</para>
179
180 <para>Behavior of
181 <option>oneshot</option> is similar to
182 <option>simple</option>; however, it
183 is expected that the process has to
184 exit before systemd starts follow-up
185 units. <varname>RemainAfterExit=</varname>
186 is particularly useful for this type
187 of service. This is the implied
188 default if neither
189 <varname>Type=</varname> or
190 <varname>ExecStart=</varname> are
191 specified.</para>
192
193 <para>Behavior of
194 <option>dbus</option> is similar to
195 <option>simple</option>; however, it is
196 expected that the daemon acquires a
197 name on the D-Bus bus, as configured
198 by
199 <varname>BusName=</varname>. systemd
200 will proceed with starting follow-up
201 units after the D-Bus bus name has been
202 acquired. Service units with this
203 option configured implicitly gain
204 dependencies on the
205 <filename>dbus.socket</filename>
206 unit. This type is the default if
207 <varname>BusName=</varname> is
208 specified.</para>
209
210 <para>Behavior of
211 <option>notify</option> is similar to
212 <option>simple</option>; however, it is
213 expected that the daemon sends a
214 notification message via
215 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
216 or an equivalent call when it has finished
217 starting up. systemd will proceed with
218 starting follow-up units after this
219 notification message has been sent. If
220 this option is used,
221 <varname>NotifyAccess=</varname> (see
222 below) should be set to open access to
223 the notification socket provided by
224 systemd. If
225 <varname>NotifyAccess=</varname> is
226 not set, it will be implicitly set to
227 <option>main</option>. Note that
228 currently
229 <varname>Type=</varname><option>notify</option>
230 will not work if used in combination with
231 <varname>PrivateNetwork=</varname><option>yes</option>.</para>
232
233 <para>Behavior of
234 <option>idle</option> is very similar
235 to <option>simple</option>; however,
236 actual execution of the service
237 binary is delayed until all jobs are
238 dispatched. This may be used to avoid
239 interleaving of output of shell
240 services with the status output on the
241 console.</para>
242 </listitem>
243 </varlistentry>
244
245 <varlistentry>
246 <term><varname>RemainAfterExit=</varname></term>
247
248 <listitem><para>Takes a boolean value
249 that specifies whether the service
250 shall be considered active even when
251 all its processes exited. Defaults to
252 <option>no</option>.</para>
253 </listitem>
254 </varlistentry>
255
256 <varlistentry>
257 <term><varname>GuessMainPID=</varname></term>
258
259 <listitem><para>Takes a boolean value
260 that specifies whether systemd should
261 try to guess the main PID of a service
262 if it cannot be determined
263 reliably. This option is ignored
264 unless <option>Type=forking</option>
265 is set and <option>PIDFile=</option>
266 is unset because for the other types
267 or with an explicitly configured PID
268 file, the main PID is always known. The
269 guessing algorithm might come to
270 incorrect conclusions if a daemon
271 consists of more than one process. If
272 the main PID cannot be determined,
273 failure detection and automatic
274 restarting of a service will not work
275 reliably. Defaults to
276 <option>yes</option>.</para>
277 </listitem>
278 </varlistentry>
279
280 <varlistentry>
281 <term><varname>PIDFile=</varname></term>
282
283 <listitem><para>Takes an absolute file
284 name pointing to the PID file of this
285 daemon. Use of this option is
286 recommended for services where
287 <varname>Type=</varname> is set to
288 <option>forking</option>. systemd will
289 read the PID of the main process of
290 the daemon after start-up of the
291 service. systemd will not write to the
292 file configured here.</para>
293 </listitem>
294 </varlistentry>
295
296 <varlistentry>
297 <term><varname>BusName=</varname></term>
298
299 <listitem><para>Takes a D-Bus bus
300 name that this service is reachable
301 as. This option is mandatory for
302 services where
303 <varname>Type=</varname> is set to
304 <option>dbus</option>, but its use
305 is otherwise recommended if the process
306 takes a name on the D-Bus bus.</para>
307 </listitem>
308 </varlistentry>
309
310 <varlistentry>
311 <term><varname>BusPolicy=</varname></term>
312
313 <listitem><para>If specfied, a custom kdbus
314 endpoint will be created and installed as the
315 default bus node for the service. Such a custom
316 endpoint can hold an own set of policy rules
317 that are enforced on top of the bus-wide ones.
318 The custom endpoint is named after the service
319 it was created for, and its node will be
320 bind-mounted over the default bus node
321 location, so the service can only access the
322 bus through its own endpoint. Note that custom
323 bus endpoints default to a 'deny all' policy.
324 Hence, if at least one
325 <varname>BusPolicy=</varname> directive is
326 given, you have to make sure to add explicit
327 rules for everything the service should be able
328 to do.</para>
329 <para>The value of this directive is comprised
330 of two parts; the bus name, and a verb to
331 specify to granted access, which is one of
332 <option>see</option>,
333 <option>talk</option> or
334 <option>own</option>.
335 <option>talk</option> implies
336 <option>see</option>, and <option>own</option>
337 implies both <option>talk</option> and
338 <option>see</option>.
339 If multiple access levels are specified for the
340 same bus name, the most powerful one takes
341 effect.
342 </para>
343 <para>Examples:</para>
344 <programlisting>BusPolicy=org.freedesktop.systemd1 talk</programlisting>
345 <programlisting>BusPolicy=org.foo.bar see</programlisting>
346 <para>This option is only available on kdbus enabled systems.</para>
347 </listitem>
348 </varlistentry>
349
350 <varlistentry>
351 <term><varname>ExecStart=</varname></term>
352 <listitem><para>Commands with their
353 arguments that are executed when this
354 service is started. For each of the
355 specified commands, the first argument
356 must be an absolute and literal path
357 to an executable.</para>
358
359 <para>When <varname>Type</varname> is
360 not <option>oneshot</option>, only one
361 command may and must be given. When
362 <varname>Type=oneshot</varname> is
363 used, none or more than one command
364 may be specified. Multiple command
365 lines may be concatenated in a single
366 directive by separating them with
367 semicolons (these semicolons must be
368 passed as separate
369 words). Alternatively, this directive
370 may be specified more than once with
371 the same effect. Lone semicolons may
372 be escaped as
373 <literal>\;</literal>. If the empty
374 string is assigned to this option, the
375 list of commands to start is reset,
376 prior assignments of this option will
377 have no effect. If no
378 <varname>ExecStart=</varname> is
379 specified, then the service must have
380 <varname>RemainAfterExit=yes</varname>
381 set.</para>
382
383 <para>Each command line is split on
384 whitespace, with the first item being
385 the command to execute, and the
386 subsequent items being the arguments.
387 Double quotes ("...") and single
388 quotes ('...') may be used, in which
389 case everything until the next
390 matching quote becomes part of the
391 same argument. Quotes themselves are
392 removed after parsing. In addition, a
393 trailing backslash
394 (<literal>\</literal>) may be used to
395 merge lines. This syntax is intended
396 to be very similar to shell syntax,
397 but only the meta-characters and
398 expansions described in the following
399 paragraphs are understood.
400 Specifically, redirection using
401 <literal>&lt;</literal>,
402 <literal>&lt;&lt;</literal>,
403 <literal>&gt;</literal>, and
404 <literal>&gt;&gt;</literal>, pipes
405 using <literal>|</literal>, and
406 running programs in the background
407 using <literal>&amp;</literal>
408 and <emphasis>other elements of shell
409 syntax are not supported</emphasis>.
410 </para>
411
412 <para>If more than one command is
413 specified, the commands are invoked
414 sequentially in the order they appear
415 in the unit file. If one of the
416 commands fails (and is not prefixed
417 with <literal>-</literal>), other lines
418 are not executed, and the unit is
419 considered failed.</para>
420
421 <para>Unless
422 <varname>Type=forking</varname> is
423 set, the process started via this
424 command line will be considered the
425 main process of the daemon.</para>
426
427 <para>The command line accepts
428 <literal>%</literal> specifiers as
429 described in
430 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
431 Note that the first argument of the
432 command line (i.e. the program to
433 execute) may not include
434 specifiers.</para>
435
436 <para>Basic environment variable
437 substitution is supported. Use
438 <literal>${FOO}</literal> as part of a
439 word, or as a word of its own, on the
440 command line, in which case it will be
441 replaced by the value of the
442 environment variable including all
443 whitespace it contains, resulting in a
444 single argument. Use
445 <literal>$FOO</literal> as a separate
446 word on the command line, in which
447 case it will be replaced by the value
448 of the environment variable split at
449 whitespace, resulting in zero or more
450 arguments. To pass a literal dollar
451 sign, use <literal>$$</literal>.
452 Variables whose value is not known at
453 expansion time are treated as empty
454 strings. Note that the first argument
455 (i.e. the program to execute) may not
456 be a variable.</para>
457
458 <para>Variables to be used in this
459 fashion may be defined through
460 <varname>Environment=</varname> and
461 <varname>EnvironmentFile=</varname>.
462 In addition, variables listed in the
463 section "Environment variables in
464 spawned processes" in
465 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
466 which are considered "static
467 configuration", may be used (this includes
468 e.g. <varname>$USER</varname>, but not
469 <varname>$TERM</varname>).</para>
470
471 <para>Optionally, if the absolute file
472 name is prefixed with
473 <literal>@</literal>, the second token
474 will be passed as
475 <literal>argv[0]</literal> to the
476 executed process, followed by the
477 further arguments specified. If the
478 absolute filename is prefixed with
479 <literal>-</literal>, an exit code of
480 the command normally considered a
481 failure (i.e. non-zero exit status or
482 abnormal exit due to signal) is ignored
483 and considered success. If both
484 <literal>-</literal> and
485 <literal>@</literal> are used, they
486 can appear in either order.</para>
487
488 <para>Note that this setting does not
489 directly support shell command
490 lines. If shell command lines are to
491 be used, they need to be passed
492 explicitly to a shell implementation
493 of some kind. Example:</para>
494 <programlisting>ExecStart=/bin/sh -c 'dmesg | tac'</programlisting>
495 <para>Example:</para>
496 <programlisting>ExecStart=/bin/echo one ; /bin/echo "two two"</programlisting>
497 <para>This will execute
498 <command>/bin/echo</command> two
499 times, each time with one argument:
500 <literal>one</literal> and
501 <literal>two two</literal>,
502 respectively. Because two commands are
503 specified,
504 <varname>Type=oneshot</varname> must
505 be used.</para>
506
507 <para>Example:</para>
508 <programlisting>ExecStart=/bin/echo / &gt;/dev/null &amp; \; \
509 /bin/ls</programlisting>
510 <para>This will execute
511 <command>/bin/echo</command> with five
512 arguments: <literal>/</literal>,
513 <literal>&gt;/dev/null</literal>,
514 <literal>&amp;</literal>,
515 <literal>;</literal>, and
516 <literal>/bin/ls</literal>.</para>
517
518 <para>Example:</para>
519 <programlisting>Environment="ONE=one" 'TWO=two two'
520 ExecStart=/bin/echo $ONE $TWO ${TWO}</programlisting>
521 <para>This will execute
522 <command>/bin/echo</command> with four
523 arguments: <literal>one</literal>,
524 <literal>two</literal>,
525 <literal>two</literal>, and
526 <literal>two two</literal>.</para>
527 </listitem>
528 </varlistentry>
529
530 <varlistentry>
531 <term><varname>ExecStartPre=</varname></term>
532 <term><varname>ExecStartPost=</varname></term>
533 <listitem><para>Additional commands
534 that are executed before or after
535 the command in
536 <varname>ExecStart=</varname>, respectively.
537 Syntax is the same as for
538 <varname>ExecStart=</varname>, except
539 that multiple command lines are allowed
540 and the commands are executed one
541 after the other, serially.</para>
542
543 <para>If any of those commands (not
544 prefixed with <literal>-</literal>)
545 fail, the rest are not executed and
546 the unit is considered failed.</para>
547 </listitem>
548 </varlistentry>
549
550 <varlistentry>
551 <term><varname>ExecReload=</varname></term>
552 <listitem><para>Commands to execute to
553 trigger a configuration reload in the
554 service. This argument takes multiple
555 command lines, following the same
556 scheme as described for
557 <varname>ExecStart=</varname>
558 above. Use of this setting is
559 optional. Specifier and environment
560 variable substitution is supported
561 here following the same scheme as for
562 <varname>ExecStart=</varname>.</para>
563
564 <para>One additional, special
565 environment variable is set: if known,
566 <varname>$MAINPID</varname> is set to
567 the main process of the daemon, and
568 may be used for command lines like the
569 following:</para>
570
571 <programlisting>/bin/kill -HUP $MAINPID</programlisting>
572
573 <para>Note however that reloading a
574 daemon by sending a signal (as with
575 the example line above) is usually not
576 a good choice, because this is an
577 asynchronous operation and hence not
578 suitable to order reloads of multiple
579 services against each other. It is
580 strongly recommended to set
581 <varname>ExecReload=</varname> to a
582 command that not only triggers a
583 configuration reload of the daemon,
584 but also synchronously waits for it to
585 complete.</para>
586 </listitem>
587 </varlistentry>
588
589 <varlistentry>
590 <term><varname>ExecStop=</varname></term>
591 <listitem><para>Commands to execute to
592 stop the service started via
593 <varname>ExecStart=</varname>. This
594 argument takes multiple command lines,
595 following the same scheme as described
596 for <varname>ExecStart=</varname>
597 above. Use of this setting is
598 optional. After the commands configured
599 in this option are run, all processes
600 remaining for a service are
601 terminated according to the
602 <varname>KillMode=</varname> setting
603 (see
604 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>). If
605 this option is not specified, the
606 process is terminated immediately when
607 service stop is requested. Specifier
608 and environment variable substitution
609 is supported (including
610 <varname>$MAINPID</varname>, see
611 above).</para></listitem>
612 </varlistentry>
613
614 <varlistentry>
615 <term><varname>ExecStopPost=</varname></term>
616 <listitem><para>Additional commands
617 that are executed after the service
618 was stopped. This includes cases where
619 the commands configured in
620 <varname>ExecStop=</varname> were used,
621 where the service does not have any
622 <varname>ExecStop=</varname> defined, or
623 where the service exited unexpectedly. This
624 argument takes multiple command lines,
625 following the same scheme as described
626 for <varname>ExecStart</varname>. Use
627 of these settings is
628 optional. Specifier and environment
629 variable substitution is
630 supported.</para></listitem>
631 </varlistentry>
632
633 <varlistentry>
634 <term><varname>RestartSec=</varname></term>
635 <listitem><para>Configures the time to
636 sleep before restarting a service (as
637 configured with
638 <varname>Restart=</varname>). Takes a
639 unit-less value in seconds, or a time
640 span value such as "5min
641 20s". Defaults to
642 100ms.</para></listitem>
643 </varlistentry>
644
645 <varlistentry>
646 <term><varname>TimeoutStartSec=</varname></term>
647 <listitem><para>Configures the time to
648 wait for start-up. If a
649 daemon service does not signal
650 start-up completion within the
651 configured time, the service will be
652 considered failed and will be shut
653 down again.
654 Takes a unit-less value in seconds, or a
655 time span value such as "5min
656 20s". Pass <literal>0</literal> to
657 disable the timeout logic. Defaults to
658 <varname>DefaultTimeoutStartSec=</varname> from
659 the manager configuration file, except
660 when <varname>Type=oneshot</varname> is
661 used, in which case the timeout
662 is disabled by default
663 (see <citerefentry><refentrytitle>systemd-systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
664 </para></listitem>
665 </varlistentry>
666
667 <varlistentry>
668 <term><varname>TimeoutStopSec=</varname></term>
669 <listitem><para>Configures the time to
670 wait for stop. If a service is asked
671 to stop, but does not terminate in the
672 specified time, it will be terminated
673 forcibly via <constant>SIGTERM</constant>,
674 and after another timeout of equal duration
675 with <constant>SIGKILL</constant> (see
676 <varname>KillMode=</varname>
677 in <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
678 Takes a unit-less value in seconds, or a
679 time span value such as "5min
680 20s". Pass <literal>0</literal> to disable
681 the timeout logic. Defaults to
682 <varname>DefaultTimeoutStopSec=</varname> from the
683 manager configuration file
684 (see <citerefentry><refentrytitle>systemd-systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
685 </para></listitem>
686 </varlistentry>
687
688 <varlistentry>
689 <term><varname>TimeoutSec=</varname></term>
690 <listitem><para>A shorthand for configuring
691 both <varname>TimeoutStartSec=</varname>
692 and <varname>TimeoutStopSec=</varname>
693 to the specified value.
694 </para></listitem>
695 </varlistentry>
696
697 <varlistentry>
698 <term><varname>WatchdogSec=</varname></term>
699 <listitem><para>Configures the
700 watchdog timeout for a service. The
701 watchdog is activated when the start-up is
702 completed. The service must call
703 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
704 regularly with <literal>WATCHDOG=1</literal>
705 (i.e. the "keep-alive ping"). If the time
706 between two such calls is larger than
707 the configured time, then the service
708 is placed in a failed state. By
709 setting <varname>Restart=</varname> to
710 <option>on-failure</option> or
711 <option>always</option>, the service
712 will be automatically restarted. The
713 time configured here will be passed to
714 the executed service process in the
715 <varname>WATCHDOG_USEC=</varname>
716 environment variable. This allows
717 daemons to automatically enable the
718 keep-alive pinging logic if watchdog
719 support is enabled for the service. If
720 this option is used,
721 <varname>NotifyAccess=</varname> (see
722 below) should be set to open access to
723 the notification socket provided by
724 systemd. If
725 <varname>NotifyAccess=</varname> is
726 not set, it will be implicitly set to
727 <option>main</option>. Defaults to 0,
728 which disables this
729 feature.</para></listitem>
730 </varlistentry>
731
732 <varlistentry>
733 <term><varname>Restart=</varname></term>
734 <listitem><para>Configures whether the
735 service shall be restarted when the
736 service process exits, is killed,
737 or a timeout is reached. The service
738 process may be the main service
739 process, but it may also be one of the
740 processes specified with
741 <varname>ExecStartPre=</varname>,
742 <varname>ExecStartPost=</varname>,
743 <varname>ExecStop=</varname>,
744 <varname>ExecStopPost=</varname>, or
745 <varname>ExecReload=</varname>.
746 When the death of the process is a
747 result of systemd operation (e.g. service
748 stop or restart), the service will not be
749 restarted. Timeouts include missing
750 the watchdog "keep-alive ping"
751 deadline and a service start, reload,
752 and stop operation timeouts.</para>
753
754 <para>Takes one of
755 <option>no</option>,
756 <option>on-success</option>,
757 <option>on-failure</option>,
758 <option>on-abnormal</option>,
759 <option>on-watchdog</option>,
760 <option>on-abort</option>, or
761 <option>always</option>. If set to
762 <option>no</option> (the default), the
763 service will not be restarted. If set
764 to <option>on-success</option>, it
765 will be restarted only when the
766 service process exits cleanly. In
767 this context, a clean exit means an
768 exit code of 0, or one of the signals
769 <constant>SIGHUP</constant>,
770 <constant>SIGINT</constant>,
771 <constant>SIGTERM</constant> or
772 <constant>SIGPIPE</constant>, and
773 additionally, exit statuses and
774 signals specified in
775 <varname>SuccessExitStatus=</varname>.
776 If set to <option>on-failure</option>,
777 the service will be restarted when the
778 process exits with a non-zero exit
779 code, is terminated by a signal
780 (including on core dump, but excluding
781 the aforementiond four signals), when
782 an operation (such as service reload)
783 times out, and when the configured
784 watchdog timeout is triggered. If set
785 to <option>on-abnormal</option>, the
786 service will be restarted when the
787 process is terminated by a signal
788 (including on core dump, excluding the
789 aforementioned four signals), when an
790 operation times out, or when the
791 watchdog timeout is triggered. If set
792 to <option>on-abort</option>, the
793 service will be restarted only if the
794 service process exits due to an
795 uncaught signal not specified as a
796 clean exit status. If set to
797 <option>on-watchdog</option>, the
798 service will be restarted only if the
799 watchdog timeout for the service
800 expires. If set to
801 <option>always</option>, the service
802 will be restarted regardless of
803 whether it exited cleanly or not, got
804 terminated abnormally by a signal, or
805 hit a timeout.</para>
806
807 <table>
808 <title>Exit causes and the effect of the <varname>Restart=</varname> settings on them</title>
809
810 <tgroup cols='2'>
811 <colspec colname='path' />
812 <colspec colname='expl' />
813 <thead>
814 <row>
815 <entry>Restart settings/Exit causes</entry>
816 <entry><option>no</option></entry>
817 <entry><option>always</option></entry>
818 <entry><option>on-success</option></entry>
819 <entry><option>on-failure</option></entry>
820 <entry><option>on-abnormal</option></entry>
821 <entry><option>on-abort</option></entry>
822 <entry><option>on-watchdog</option></entry>
823 </row>
824 </thead>
825 <tbody>
826 <row>
827 <entry>Clean exit code or signal</entry>
828 <entry/>
829 <entry>X</entry>
830 <entry>X</entry>
831 <entry/>
832 <entry/>
833 <entry/>
834 <entry/>
835 </row>
836 <row>
837 <entry>Unclean exit code</entry>
838 <entry/>
839 <entry>X</entry>
840 <entry/>
841 <entry>X</entry>
842 <entry/>
843 <entry/>
844 <entry/>
845 </row>
846 <row>
847 <entry>Unclean signal</entry>
848 <entry/>
849 <entry>X</entry>
850 <entry/>
851 <entry>X</entry>
852 <entry>X</entry>
853 <entry>X</entry>
854 <entry/>
855 </row>
856 <row>
857 <entry>Timeout</entry>
858 <entry/>
859 <entry>X</entry>
860 <entry/>
861 <entry>X</entry>
862 <entry>X</entry>
863 <entry/>
864 <entry/>
865 </row>
866 <row>
867 <entry>Watchdog</entry>
868 <entry/>
869 <entry>X</entry>
870 <entry/>
871 <entry>X</entry>
872 <entry>X</entry>
873 <entry/>
874 <entry>X</entry>
875 </row>
876 </tbody>
877 </tgroup>
878 </table>
879
880 <para>As exceptions to the setting
881 above the service will not be
882 restarted if the exit code or signal
883 is specified in
884 <varname>RestartPreventExitStatus=</varname>
885 (see below). Also, the services will
886 always be restarted if the exit code
887 or signal is specified in
888 <varname>RestartForceExitStatus=</varname>
889 (see below).</para>
890
891 <para>Setting this to
892 <option>on-failure</option> is the
893 recommended choice for long-running
894 services, in order to increase
895 reliability by attempting automatic
896 recovery from errors. For services
897 that shall be able to terminate on
898 their own choice (and avoid
899 immediate restarting),
900 <option>on-abnormal</option> is an
901 alternative choice.</para>
902 </listitem>
903 </varlistentry>
904
905 <varlistentry>
906 <term><varname>SuccessExitStatus=</varname></term>
907 <listitem><para>Takes a list of exit
908 status definitions that when returned
909 by the main service process will be
910 considered successful termination, in
911 addition to the normal successful exit
912 code 0 and the signals <constant>SIGHUP</constant>, <constant>SIGINT</constant>,
913 <constant>SIGTERM</constant>, and <constant>SIGPIPE</constant>. Exit status
914 definitions can either be numeric exit
915 codes or termination signal names,
916 separated by spaces. For example:
917 <programlisting>SuccessExitStatus=1 2 8 SIGKILL</programlisting>
918 ensures that exit codes 1, 2, 8 and
919 the termination signal
920 <constant>SIGKILL</constant> are
921 considered clean service terminations.
922 </para>
923
924 <para>Note that if a process has a
925 signal handler installed and exits by
926 calling
927 <citerefentry><refentrytitle>_exit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
928 in response to a signal, the
929 information about the signal is lost.
930 Programs should instead perform cleanup and kill themselves with the same signal instead. See
931 <ulink url="http://www.cons.org/cracauer/sigint.html">Proper handling of SIGINT/SIGQUIT — How to be a proper program</ulink>.</para>
932
933 <para>This option may appear more than once,
934 in which case the list of successful
935 exit statuses is merged. If the empty
936 string is assigned to this option, the
937 list is reset, all prior assignments
938 of this option will have no
939 effect.</para></listitem>
940 </varlistentry>
941
942 <varlistentry>
943 <term><varname>RestartPreventExitStatus=</varname></term>
944 <listitem><para>Takes a list of exit
945 status definitions that when returned
946 by the main service process will
947 prevent automatic service restarts,
948 regardless of the restart setting
949 configured with
950 <varname>Restart=</varname>. Exit
951 status definitions can either be
952 numeric exit codes or termination
953 signal names, and are separated by
954 spaces. Defaults to the empty list, so
955 that, by default, no exit status is
956 excluded from the configured restart
957 logic. For example:
958 <programlisting>RestartPreventExitStatus=1 6 SIGABRT</programlisting> ensures that exit
959 codes 1 and 6 and the termination
960 signal <constant>SIGABRT</constant> will
961 not result in automatic service
962 restarting. This
963 option may appear more than once, in
964 which case the list of restart-preventing
965 statuses is merged. If the empty
966 string is assigned to this option, the
967 list is reset and all prior assignments
968 of this option will have no
969 effect.</para></listitem>
970 </varlistentry>
971
972 <varlistentry>
973 <term><varname>RestartForceExitStatus=</varname></term>
974 <listitem><para>Takes a list of exit
975 status definitions that when returned
976 by the main service process will force
977 automatic service restarts, regardless
978 of the restart setting configured with
979 <varname>Restart=</varname>. The
980 argument format is similar to
981 <varname>RestartPreventExitStatus=</varname>.</para></listitem>
982 </varlistentry>
983
984 <varlistentry>
985 <term><varname>PermissionsStartOnly=</varname></term>
986 <listitem><para>Takes a boolean
987 argument. If true, the permission-related
988 execution options, as
989 configured with
990 <varname>User=</varname> and similar
991 options (see
992 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
993 for more information), are only applied
994 to the process started with
995 <varname>ExecStart=</varname>, and not
996 to the various other
997 <varname>ExecStartPre=</varname>,
998 <varname>ExecStartPost=</varname>,
999 <varname>ExecReload=</varname>,
1000 <varname>ExecStop=</varname>, and
1001 <varname>ExecStopPost=</varname>
1002 commands. If false, the setting is
1003 applied to all configured commands the
1004 same way. Defaults to
1005 false.</para></listitem>
1006 </varlistentry>
1007
1008 <varlistentry>
1009 <term><varname>RootDirectoryStartOnly=</varname></term>
1010 <listitem><para>Takes a boolean
1011 argument. If true, the root directory,
1012 as configured with the
1013 <varname>RootDirectory=</varname>
1014 option (see
1015 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1016 for more information), is only applied
1017 to the process started with
1018 <varname>ExecStart=</varname>, and not
1019 to the various other
1020 <varname>ExecStartPre=</varname>,
1021 <varname>ExecStartPost=</varname>,
1022 <varname>ExecReload=</varname>,
1023 <varname>ExecStop=</varname>, and
1024 <varname>ExecStopPost=</varname>
1025 commands. If false, the setting is
1026 applied to all configured commands the
1027 same way. Defaults to
1028 false.</para></listitem>
1029 </varlistentry>
1030
1031 <varlistentry>
1032 <term><varname>NonBlocking=</varname></term>
1033 <listitem><para>Set the
1034 <constant>O_NONBLOCK</constant> flag
1035 for all file descriptors passed via
1036 socket-based activation. If true, all
1037 file descriptors >= 3 (i.e. all except
1038 stdin, stdout, and stderr) will have
1039 the <constant>O_NONBLOCK</constant> flag
1040 set and hence are in
1041 non-blocking mode. This option is only
1042 useful in conjunction with a socket
1043 unit, as described in
1044 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Defaults
1045 to false.</para></listitem>
1046 </varlistentry>
1047
1048 <varlistentry>
1049 <term><varname>NotifyAccess=</varname></term>
1050 <listitem><para>Controls access to the
1051 service status notification socket, as
1052 accessible via the
1053 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
1054 call. Takes one of
1055 <option>none</option> (the default),
1056 <option>main</option> or
1057 <option>all</option>. If
1058 <option>none</option>, no daemon status
1059 updates are accepted from the service
1060 processes, all status update messages
1061 are ignored. If <option>main</option>,
1062 only service updates sent from the
1063 main process of the service are
1064 accepted. If <option>all</option>, all
1065 services updates from all members of
1066 the service's control group are
1067 accepted. This option should be set to
1068 open access to the notification socket
1069 when using
1070 <varname>Type=notify</varname> or
1071 <varname>WatchdogSec=</varname> (see
1072 above). If those options are used but
1073 <varname>NotifyAccess=</varname> is not
1074 configured, it will be implicitly set
1075 to
1076 <option>main</option>.</para></listitem>
1077 </varlistentry>
1078
1079 <varlistentry>
1080 <term><varname>Sockets=</varname></term>
1081 <listitem><para>Specifies the name of
1082 the socket units this service shall
1083 inherit the sockets from when the
1084 service is started. Normally it
1085 should not be necessary to use this
1086 setting as all sockets whose unit
1087 shares the same name as the service
1088 (ignoring the different suffix of course)
1089 are passed to the spawned
1090 process.</para>
1091
1092 <para>Note that the same socket may be
1093 passed to multiple processes at the
1094 same time. Also note that a different
1095 service may be activated on incoming
1096 traffic than that which inherits the
1097 sockets. Or in other words: the
1098 <varname>Service=</varname> setting of
1099 <filename>.socket</filename> units
1100 does not have to match the inverse of
1101 the <varname>Sockets=</varname>
1102 setting of the
1103 <filename>.service</filename> it
1104 refers to.</para>
1105
1106 <para>This option may appear more than
1107 once, in which case the list of socket
1108 units is merged. If the empty string
1109 is assigned to this option, the list of
1110 sockets is reset, and all prior uses of
1111 this setting will have no
1112 effect.</para></listitem>
1113 </varlistentry>
1114
1115 <varlistentry>
1116 <term><varname>StartLimitInterval=</varname></term>
1117 <term><varname>StartLimitBurst=</varname></term>
1118
1119 <listitem><para>Configure service
1120 start rate limiting. By default,
1121 services which are started more
1122 than 5 times within 10 seconds are not
1123 permitted to start any more times
1124 until the 10 second interval ends. With
1125 these two options, this rate limiting
1126 may be modified. Use
1127 <varname>StartLimitInterval=</varname>
1128 to configure the checking interval (defaults to
1129 <varname>DefaultStartLimitInterval=</varname> in
1130 manager configuration file, set to 0 to disable
1131 any kind of rate limiting). Use
1132 <varname>StartLimitBurst=</varname> to
1133 configure how many starts per interval
1134 are allowed (defaults to
1135 <varname>DefaultStartLimitBurst=</varname> in
1136 manager configuration file). These
1137 configuration options are particularly
1138 useful in conjunction with
1139 <varname>Restart=</varname>; however,
1140 they apply to all kinds of starts
1141 (including manual), not just those
1142 triggered by the
1143 <varname>Restart=</varname> logic.
1144 Note that units which are configured
1145 for <varname>Restart=</varname> and
1146 which reach the start limit are not
1147 attempted to be restarted anymore;
1148 however, they may still be restarted
1149 manually at a later point, from which
1150 point on, the restart logic is again
1151 activated. Note that
1152 <command>systemctl
1153 reset-failed</command> will cause the
1154 restart rate counter for a service to
1155 be flushed, which is useful if the
1156 administrator wants to manually start
1157 a service and the start limit
1158 interferes with
1159 that.</para></listitem>
1160 </varlistentry>
1161
1162 <varlistentry>
1163 <term><varname>StartLimitAction=</varname></term>
1164
1165 <listitem><para>Configure the action
1166 to take if the rate limit configured
1167 with
1168 <varname>StartLimitInterval=</varname>
1169 and
1170 <varname>StartLimitBurst=</varname> is
1171 hit. Takes one of
1172 <option>none</option>,
1173 <option>reboot</option>,
1174 <option>reboot-force</option>,
1175 <option>reboot-immediate</option>,
1176 <option>poweroff</option>,
1177 <option>poweroff-force</option> or
1178 <option>poweroff-immediate</option>. If
1179 <option>none</option> is set, hitting
1180 the rate limit will trigger no action
1181 besides that the start will not be
1182 permitted. <option>reboot</option>
1183 causes a reboot following the normal
1184 shutdown procedure (i.e. equivalent to
1185 <command>systemctl reboot</command>).
1186 <option>reboot-force</option> causes a
1187 forced reboot which will terminate all
1188 processes forcibly but should cause no
1189 dirty file systems on reboot
1190 (i.e. equivalent to <command>systemctl
1191 reboot -f</command>) and
1192 <option>reboot-immediate</option>
1193 causes immediate execution of the
1194 <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1195 system call, which might result in
1196 data loss. Similar,
1197 <option>poweroff</option>,
1198 <option>poweroff-force</option>,
1199 <option>poweroff-immediate</option>
1200 have the effect of powering down the
1201 system with similar
1202 semantics. Defaults to
1203 <option>none</option>.</para></listitem>
1204 </varlistentry>
1205
1206 <varlistentry>
1207 <term><varname>FailureAction=</varname></term>
1208 <listitem><para>Configure the action
1209 to take when the service enters a failed
1210 state. Takes the same values as
1211 <varname>StartLimitAction=</varname>
1212 and executes the same actions.
1213 Defaults to <option>none</option>.
1214 </para></listitem>
1215 </varlistentry>
1216
1217 <varlistentry>
1218 <term><varname>RebootArgument=</varname></term>
1219 <listitem><para>Configure the optional
1220 argument for the
1221 <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
1222 system call if
1223 <varname>StartLimitAction=</varname>
1224 or <varname>FailureAction=</varname>
1225 is a reboot action. This works just
1226 like the optional argument to
1227 <command>systemctl reboot</command>
1228 command.</para></listitem>
1229 </varlistentry>
1230
1231 </variablelist>
1232
1233 <para>Check
1234 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1235 and
1236 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1237 for more settings.</para>
1238
1239 </refsect1>
1240
1241 <refsect1>
1242 <title>Compatibility Options</title>
1243
1244 <para>The following options are also available in the
1245 <literal>[Service]</literal> section, but exist purely
1246 for compatibility reasons and should not be used in
1247 newly written service files.</para>
1248
1249 <variablelist class='unit-directives'>
1250 <varlistentry>
1251 <term><varname>SysVStartPriority=</varname></term>
1252 <listitem><para>Set the SysV start
1253 priority to use to order this service
1254 in relation to SysV services lacking
1255 LSB headers. This option is only
1256 necessary to fix ordering in relation
1257 to legacy SysV services that have no
1258 ordering information encoded in the
1259 script headers. As such, it should only
1260 be used as a temporary compatibility
1261 option and should not be used in new unit
1262 files. Almost always, it is a better
1263 choice to add explicit ordering
1264 directives via
1265 <varname>After=</varname> or
1266 <varname>Before=</varname>,
1267 instead. For more details, see
1268 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1269 If used, pass an integer value in the
1270 range 0-99.</para></listitem>
1271 </varlistentry>
1272 </variablelist>
1273 </refsect1>
1274
1275 <refsect1>
1276 <title>See Also</title>
1277 <para>
1278 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1279 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1280 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1281 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1282 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1283 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1284 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
1285 </para>
1286 </refsect1>
1287
1288 </refentry>
Unnamed repository; edit this file 'description' to name the repository.