expected format is six groups of two hexadecimal digits separated by colons,
e.g. `SYSTEMD_NSPAWN_NETWORK_MAC=12:34:56:78:90:AB`
+`systemd-vmspawn`:
+
+* `$SYSTEMD_VMSPAWN_NETWORK_MAC=...` — if set, allows users to set a specific MAC
+ address for a VM, ensuring that it uses the provided value instead of
+ generating a random one. It is effective when used with `--network-tap`. The
+ expected format is six groups of two hexadecimal digits separated by colons,
+ e.g. `SYSTEMD_VMSPAWN_NETWORK_MAC=12:34:56:78:90:AB`
+
+* `$SYSTEMD_VMSPAWN_QEMU_EXTRA=…` – may contain additional command line
+ arguments to append the qemu command line.
+
`systemd-logind`:
* `$SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1` — if set, report that
for cases where we don't need to track given unit type, e.g. `--user` manager
often doesn't need to deal with device or swap units because they are
handled by the `--system` manager (PID 1). Note that setting certain unit
- type as unsupported may not prevent loading some units of that type if they
+ type as unsupported might not prevent loading some units of that type if they
are referenced by other units of another supported type.
* `$SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST` — can be set to override the mount
`systemd-gpt-auto-generator` to ensure the root partition is mounted writable
in accordance to the GPT partition flags.
-`systemd-firstboot` and `localectl`:
+`systemd-firstboot`, `localectl`, and `systemd-localed`:
* `$SYSTEMD_LIST_NON_UTF8_LOCALES=1` — if set, non-UTF-8 locales are listed among
the installed ones. By default non-UTF-8 locales are suppressed from the
selection, since we are living in the 21st century.
+* `$SYSTEMD_KEYMAP_DIRECTORIES=` — takes a colon (`:`) separated list of keymap
+ directories. The directories must be absolute and normalized. If unset, the
+ default keymap directories (/usr/share/keymaps/, /usr/share/kbd/keymaps/, and
+ /usr/lib/kbd/keymaps/) will be used.
+
`systemd-resolved`:
* `$SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME` — if set to "0", `systemd-resolved`
`$SYSTEMD_CONFEXT_HIERARCHIES` works for confext images and supports the
systemd-confext multi-call functionality of sysext.
+* `$SYSTEMD_SYSEXT_MUTABLE_MODE` — this variable may be used to override the
+ default mutability mode for hierarchies managed by `systemd-sysext`. It takes
+ the same values the `--mutable=` command line switch does. Note that the
+ command line still overrides the effect of the environment
+ variable. Similarly, `$SYSTEMD_CONFEXT_MUTABLE_MODE` works for confext images
+ and supports the systemd-confext multi-call functionality of sysext.
+
`systemd-tmpfiles`:
* `$SYSTEMD_TMPFILES_FORCE_SUBVOL` — if unset, `v`/`q`/`Q` lines will create
`mkfs` when formatting LUKS home directories. There's one variable for each
of the supported file systems for the LUKS home directory backend.
+* `$SYSTEMD_HOME_LOCK_FREEZE_SESSION` - Takes a boolean. When false, the user's
+ session will not be frozen when the home directory is locked. Note that the kernel
+ may still freeze any task that tries to access data from the user's locked home
+ directory. This can lead to data loss, security leaks, or other undesired behavior
+ caused by parts of the session becoming unresponsive due to disk I/O while other
+ parts of the session continue running. Thus, we highly recommend that this variable
+ isn't used unless necessary. Defaults to true.
+
`kernel-install`:
* `$KERNEL_INSTALL_BYPASS` – If set to "1", execution of kernel-install is skipped
`nftables`. Selects the firewall backend to use. If not specified tries to
use `nftables` and falls back to `iptables` if that's not available.
+`systemd-networkd`:
+
+* `$SYSTEMD_NETWORK_PERSISTENT_STORAGE_READY` – takes a boolean. If true,
+ systemd-networkd tries to open the persistent storage on start. To make this
+ work, ProtectSystem=strict in systemd-networkd.service needs to be downgraded
+ or disabled.
+
`systemd-storagetm`:
* `$SYSTEMD_NVME_MODEL`, `$SYSTEMD_NVME_FIRMWARE`, `$SYSTEMD_NVME_SERIAL`,
file (containing firmware measurement data) to read. This allows overriding
the default of `/sys/kernel/security/tpm0/binary_bios_measurements`.
+`systemd-sleep`:
+
+* `$SYSTEMD_SLEEP_FREEZE_USER_SESSIONS` - Takes a boolean. When true (the default),
+ `user.slice` will be frozen during sleep. When false it will not be. We recommend
+ against using this variable, because it can lead to undesired behavior, especially
+ for systems that use home directory encryption and for
+ `systemd-suspend-then-hibernate.service`.
+
Tools using the Varlink protocol (such as `varlinkctl`) or sd-bus (such as
`busctl`):
service. Takes a file system path: if specified the tool will listen on an
`AF_UNIX` stream socket on the specified path in addition to whatever else it
would listen on.
+
+`systemd-mountfsd`:
+
+* `$SYSTEMD_MOUNTFSD_TRUSTED_DIRECTORIES` – takes a boolean argument. If true
+ disk images from the usual disk image directories (`/var/lib/machines/`,
+ `/var/lib/confexts/`, …) will be considered "trusted", i.e. are validated
+ with a more relaxed image policy (typically not requiring Verity signature
+ checking) than those from other directories (where Verity signature checks
+ are mandatory). If false all images are treated the same, regardless if
+ placed in the usual disk image directories or elsewhere. If not set defaults
+ to a compile time setting.
+
+* `$SYSTEMD_MOUNTFSD_IMAGE_POLICY_TRUSTED`,
+ `$SYSTEMD_MOUNTFSD_IMAGE_POLICY_UNTRUSTED` – the default image policy to
+ apply to trusted and untrusted disk images. An image is considered trusted if
+ placed in a trusted disk image directory (see above), or if suitable polkit
+ authentication was acquired. See `systemd.image-policy(7)` for the valid
+ syntax for image policy strings.
+
+`systemd-run`, `run0`, `systemd-nspawn`, `systemd-vmspawn`:
+
+* `$SYSTEMD_TINT_BACKGROUND` – Takes a boolean. When false the automatic
+ tinting of the background for containers, VMs, and interactive `systemd-run`
+ and `run0` invocations is turned off. Note that this environment variable has
+ no effect if the background color is explicitly selected via the relevant
+ `--background=` switch of the tool.
projects / thirdparty / systemd.git / blobdiff