]>
<!--
+ SPDX-License-Identifier: LGPL-2.1+
+
This file is part of systemd.
Copyright 2010 Lennart Poettering
<filename><replaceable>slice</replaceable>.slice</filename>,
<filename><replaceable>scope</replaceable>.scope</filename></para>
- <para><literallayout><filename>/etc/systemd/system/*</filename>
+ <para><literallayout><filename>/etc/systemd/system.control/*</filename>
+<filename>/run/systemd/system.control/*</filename>
+<filename>/run/systemd/transient/*</filename>
+<filename>/run/systemd/generator.early/*</filename>
+<filename>/etc/systemd/system/*</filename>
<filename>/run/systemd/system/*</filename>
-<filename>/usr/lib/systemd/system/*</filename>
+<filename>/run/systemd/generator/*</filename>
<filename>…</filename>
+<filename>/usr/lib/systemd/system/*</filename>
+<filename>/run/systemd/generator.late/*</filename>
</literallayout></para>
- <para><literallayout><filename>~/.config/systemd/user/*</filename>
+ <para><literallayout><filename>~/.config/systemd/user.control/*</filename>
+<filename>$XDG_RUNTIME_DIR/systemd/user.control/*</filename>
+<filename>$XDG_RUNTIME_DIR/systemd/transient/*</filename>
+<filename>$XDG_RUNTIME_DIR/systemd/generator.early/*</filename>
+<filename>~/.config/systemd/user/*</filename>
<filename>/etc/systemd/user/*</filename>
<filename>$XDG_RUNTIME_DIR/systemd/user/*</filename>
<filename>/run/systemd/user/*</filename>
+<filename>$XDG_RUNTIME_DIR/systemd/generator/*</filename>
<filename>~/.local/share/systemd/user/*</filename>
-<filename>/usr/lib/systemd/user/*</filename>
<filename>…</filename>
+<filename>/usr/lib/systemd/user/*</filename>
+<filename>$XDG_RUNTIME_DIR/systemd/generator.late/*</filename>
</literallayout></para>
</refsynopsisdiv>
modify unit files. Each drop-in file must have appropriate section headers. Note that for
instantiated units, this logic will first look for the instance <literal>.d/</literal>
subdirectory and read its <literal>.conf</literal> files, followed by the template
- <literal>.d/</literal> subdirectory and the <literal>.conf</literal> files there. Also note that
- settings from the <literal>[Install]</literal> section are not honored in drop-in unit files,
- and have no effect.</para>
+ <literal>.d/</literal> subdirectory and the <literal>.conf</literal> files there.</para>
<para>In addition to <filename>/etc/systemd/system</filename>, the drop-in <literal>.d</literal>
directories for system services can be placed in <filename>/usr/lib/systemd/system</filename> or
socket-based activation which make dependencies implicit,
resulting in a both simpler and more flexible system.</para>
- <para>Some unit names reflect paths existing in the file system
- namespace. Example: a device unit
- <filename>dev-sda.device</filename> refers to a device with the
- device node <filename noindex='true'>/dev/sda</filename> in the
- file system namespace. If this applies, a special way to escape
- the path name is used, so that the result is usable as part of a
- filename. Basically, given a path, "/" is replaced by "-", and all
- other characters which are not ASCII alphanumerics are replaced by
- C-style "\x2d" escapes (except that "_" is never replaced and "."
- is only replaced when it would be the first character in the
- escaped path). The root directory "/" is encoded as single dash,
- while otherwise the initial and ending "/" are removed from all
- paths during transformation. This escaping is reversible. Properly
- escaped paths can be generated using the
- <citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- command.</para>
-
<para>Optionally, units may be instantiated from a
template file at runtime. This allows creation of
multiple units from a single configuration file. If
</refsect1>
+ <refsect1>
+ <title>String Escaping for Inclusion in Unit Names</title>
+
+ <para>Sometimes it is useful to convert arbitrary strings into unit names. To facilitate this, a method of string
+ escaping is used, in order to map strings containing arbitrary byte values (except NUL) into valid unit names and
+ their restricted character set. A common special case are unit names that reflect paths to objects in the file
+ system hierarchy. Example: a device unit <filename>dev-sda.device</filename> refers to a device with the device
+ node <filename noindex='true'>/dev/sda</filename> in the file system.</para>
+
+ <para>The escaping algorithm operates as follows: given a string, any <literal>/</literal> character is replaced by
+ <literal>-</literal>, and all other characters which are not ASCII alphanumerics or <literal>_</literal> are
+ replaced by C-style <literal>\x2d</literal> escapes. In addition, <literal>.</literal> is replaced with such a
+ C-style escape when it would appear as the first character in the escaped string.</para>
+
+ <para>When the input qualifies as absolute file system path, this algorithm is extended slightly: the path to the
+ root directory <literal>/</literal> is encoded as single dash <literal>-</literal>. In addition, any leading,
+ trailing or duplicate <literal>/</literal> characters are removed from the string before transformation. Example:
+ <filename>/foo//bar/baz/</filename> becomes <literal>foo-bar-baz</literal>.</para>
+
+ <para>This escaping is fully reversible, as long as it is known whether the escaped string was a path (the
+ unescaping results are different for paths and non-path strings). The
+ <citerefentry><refentrytitle>systemd-escape</refentrytitle><manvolnum>1</manvolnum></citerefentry> command may be
+ used to apply and reverse escaping on arbitrary strings. Use <command>systemd-escape --path</command> to escape
+ path strings, and <command>systemd-escape</command> without <option>--path</option> otherwise.</para>
+ </refsect1>
+
<refsect1>
<title>Implicit Dependencies</title>
<colspec colname='expl' />
<thead>
<row>
- <entry>Path</entry>
- <entry>Description</entry>
+ <entry>Path</entry>
+ <entry>Description</entry>
</row>
</thead>
<tbody>
<row>
- <entry><filename>/etc/systemd/system</filename></entry>
- <entry>Local configuration</entry>
+ <entry><filename>/etc/systemd/system.control</filename></entry>
+ <entry morerows="1">Persistent and transient configuration created using the dbus API</entry>
+ </row>
+ <row>
+ <entry><filename>/run/systemd/system.control</filename></entry>
+ </row>
+ <row>
+ <entry><filename>/run/systemd/transient</filename></entry>
+ <entry>Dynamic configuration for transient units</entry>
+ </row>
+ <row>
+ <entry><filename>/run/systemd/generator.early</filename></entry>
+ <entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry
+ ><refentrytitle>system.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
</row>
<row>
- <entry><filename>/run/systemd/system</filename></entry>
- <entry>Runtime units</entry>
+ <entry><filename>/etc/systemd/system</filename></entry>
+ <entry>Local configuration</entry>
</row>
<row>
- <entry><filename>/usr/lib/systemd/system</filename></entry>
- <entry>Units of installed packages</entry>
+ <entry><filename>/run/systemd/system</filename></entry>
+ <entry>Runtime units</entry>
+ </row>
+ <row>
+ <entry><filename>/run/systemd/generator</filename></entry>
+ <entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry
+ ><refentrytitle>system.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
+ </row>
+ <row>
+ <entry><filename>/usr/local/lib/systemd/system</filename></entry>
+ <entry morerows="1">Units of installed packages</entry>
+ </row>
+ <row>
+ <entry><filename>/usr/lib/systemd/system</filename></entry>
+ </row>
+ <row>
+ <entry><filename>/run/systemd/generator.late</filename></entry>
+ <entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry
+ ><refentrytitle>system.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
</row>
</tbody>
</tgroup>
<colspec colname='expl' />
<thead>
<row>
- <entry>Path</entry>
- <entry>Description</entry>
+ <entry>Path</entry>
+ <entry>Description</entry>
</row>
</thead>
<tbody>
<row>
- <entry><filename>$XDG_CONFIG_HOME/systemd/user</filename></entry>
- <entry>User configuration (only used when $XDG_CONFIG_HOME is set)</entry>
+ <entry><filename>$XDG_CONFIG_HOME/systemd/user.control</filename> or <filename
+ >~/.config/systemd/user.control</filename></entry>
+ <entry morerows="1">Persistent and transient configuration created using the dbus API (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry>
+ </row>
+ <row>
+ <entry><filename>$XDG_RUNTIME_DIR/systemd/user.control</filename></entry>
+ </row>
+ <row>
+ <entry><filename>/run/systemd/transient</filename></entry>
+ <entry>Dynamic configuration for transient units</entry>
+ </row>
+ <row>
+ <entry><filename>/run/systemd/generator.early</filename></entry>
+ <entry>Generated units with high priority (see <replaceable>early-dir</replaceable> in <citerefentry
+ ><refentrytitle>system.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
</row>
<row>
- <entry><filename>$HOME/.config/systemd/user</filename></entry>
- <entry>User configuration (only used when $XDG_CONFIG_HOME is not set)</entry>
+ <entry><filename>$XDG_CONFIG_HOME/systemd/user</filename> or <filename>$HOME/.config/systemd/user</filename></entry>
+ <entry>User configuration (<varname>$XDG_CONFIG_HOME</varname> is used if set, <filename>~/.config</filename> otherwise)</entry>
</row>
<row>
- <entry><filename>/etc/systemd/user</filename></entry>
- <entry>Local configuration</entry>
+ <entry><filename>/etc/systemd/user</filename></entry>
+ <entry>Local configuration</entry>
</row>
<row>
- <entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry>
- <entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry>
+ <entry><filename>$XDG_RUNTIME_DIR/systemd/user</filename></entry>
+ <entry>Runtime units (only used when $XDG_RUNTIME_DIR is set)</entry>
</row>
<row>
- <entry><filename>/run/systemd/user</filename></entry>
- <entry>Runtime units</entry>
+ <entry><filename>/run/systemd/user</filename></entry>
+ <entry>Runtime units</entry>
</row>
<row>
- <entry><filename>$XDG_DATA_HOME/systemd/user</filename></entry>
- <entry>Units of packages that have been installed in the home directory (only used when $XDG_DATA_HOME is set)</entry>
+ <entry><filename>$XDG_RUNTIME_DIR/systemd/generator</filename></entry>
+ <entry>Generated units with medium priority (see <replaceable>normal-dir</replaceable> in <citerefentry
+ ><refentrytitle>system.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
</row>
<row>
- <entry><filename>$HOME/.local/share/systemd/user</filename></entry>
- <entry>Units of packages that have been installed in the home directory (only used when $XDG_DATA_HOME is not set)</entry>
+ <entry><filename>$XDG_DATA_HOME/systemd/user</filename> or <filename>$HOME/.local/share/systemd/user</filename></entry>
+ <entry>Units of packages that have been installed in the home directory (<varname>$XDG_DATA_HOME</varname> is used if set, <filename>~/.local/share</filename> otherwise)</entry>
</row>
<row>
- <entry><filename>/usr/lib/systemd/user</filename></entry>
- <entry>Units of packages that have been installed system-wide</entry>
+ <entry><filename>$dir/systemd/user</filename> for each <varname noindex='true'>$dir</varname> in <varname>$XDG_DATA_DIRS</varname></entry>
+ <entry>Additional locations for installed user units, one for each entry in <varname>$XDG_DATA_DIRS</varname></entry>
+ </row>
+ <row>
+ <entry><filename>/usr/local/lib/systemd/user</filename></entry>
+ <entry morerows="1">Units of packages that have been installed system-wide</entry>
+ </row>
+ <row>
+ <entry><filename>/usr/lib/systemd/user</filename></entry>
+ </row>
+ <row>
+ <entry><filename>$XDG_RUNTIME_DIR/systemd/generator.late</filename></entry>
+ <entry>Generated units with low priority (see <replaceable>late-dir</replaceable> in <citerefentry
+ ><refentrytitle>system.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>)</entry>
</row>
</tbody>
</tgroup>
</table>
- <para>Additional units might be loaded into systemd ("linked")
- from directories not on the unit load path. See the
- <command>link</command> command for
+ <para>The set of load paths for the user manager instance may be augmented or
+ changed using various environment variables. And environment variables may in
+ turn be set using environment generators, see
+ <citerefentry><refentrytitle>system.environment-generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+ In particular, <varname>$XDG_DATA_HOME</varname> and
+ <varname>$XDG_DATA_DIRS</varname> may be easily set using
+ <citerefentry><refentrytitle>systemd-environment-d-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ Thus, directories listed here are just the defaults. To see the actual list that
+ would be used based on compilation options and current environment use
+ <programlisting>systemd-analyze --user unit-paths</programlisting>
+ </para>
+
+ <para>Moreover, additional units might be loaded into systemd ("linked") from
+ directories not on the unit load path. See the <command>link</command> command
+ for
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
- Also, some units are dynamically created via a
- <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
</refsect1>
+ <refsect1>
+ <title>Unit Garbage Collection</title>
+
+ <para>The system and service manager loads a unit's configuration automatically when a unit is referenced for the
+ first time. It will automatically unload the unit configuration and state again when the unit is not needed anymore
+ ("garbage collection"). A unit may be referenced through a number of different mechanisms:</para>
+
+ <orderedlist>
+ <listitem><para>Another loaded unit references it with a dependency such as <varname>After=</varname>,
+ <varname>Wants=</varname>, …</para></listitem>
+
+ <listitem><para>The unit is currently starting, running, reloading or stopping.</para></listitem>
+
+ <listitem><para>The unit is currently in the <constant>failed</constant> state. (But see below.)</para></listitem>
+
+ <listitem><para>A job for the unit is pending.</para></listitem>
+
+ <listitem><para>The unit is pinned by an active IPC client program.</para></listitem>
+
+ <listitem><para>The unit is a special "perpetual" unit that is always active and loaded. Examples for perpetual
+ units are the root mount unit <filename>-.mount</filename> or the scope unit <filename>init.scope</filename> that
+ the service manager itself lives in.</para></listitem>
+
+ <listitem><para>The unit has running processes associated with it.</para></listitem>
+ </orderedlist>
+
+ <para>The garbage collection logic may be altered with the <varname>CollectMode=</varname> option, which allows
+ configuration whether automatic unloading of units that are in <constant>failed</constant> state is permissible,
+ see below.</para>
+
+ <para>Note that when a unit's configuration and state is unloaded, all execution results, such as exit codes, exit
+ signals, resource consumption and other statistics are lost, except for what is stored in the log subsystem.</para>
+
+ <para>Use <command>systemctl daemon-reload</command> or an equivalent command to reload unit configuration while
+ the unit is already loaded. In this case all configuration settings are flushed out and replaced with the new
+ configuration (which however might not be in effect immediately), however all runtime state is
+ saved/restored.</para>
+ </refsect1>
+
<refsect1>
<title>[Unit] Section Options</title>
<listitem><para>Configures requirement dependencies on other units. If this unit gets activated, the units
listed here will be activated as well. If one of the other units fails to activate, and an ordering dependency
- <varname>After=</varname> on the failing unit is set, this
- unit will not be started. This option may be specified more than once or multiple space-separated units may be
+ <varname>After=</varname> on the failing unit is set, this unit will not be started. Besides, with or without
+ specifying <varname>After=</varname>, this unit will be stopped if one of the other units is explicitly
+ stopped. This option may be specified more than once or multiple space-separated units may be
specified in one option in which case requirement dependencies for all listed names will be created. Note that
requirement dependencies do not influence the order in which services are started or stopped. This has to be
configured independently with the <varname>After=</varname> or <varname>Before=</varname> options. If a unit
<listitem><para>Similar to <varname>Requires=</varname>.
However, if the units listed here are not started already,
they will not be started and the transaction will fail
- immediately. </para></listitem>
+ immediately.</para>
+
+ <para>When <varname>Requisite=b.service</varname> is used on
+ <filename>a.service</filename>, this dependency will show as
+ <varname>RequisiteOf=a.service</varname> in property listing of
+ <filename>b.service</filename>. <varname>RequisiteOf=</varname>
+ dependency cannot be specified directly.</para>
+ </listitem>
</varlistentry>
<varlistentry>
enters inactive state, but also one that is bound to another unit that gets skipped due to a failed condition
check (such as <varname>ConditionPathExists=</varname>, <varname>ConditionPathIsSymbolicLink=</varname>, … —
see below) will be stopped, should it be running. Hence, in many cases it is best to combine
- <varname>BindsTo=</varname> with <varname>After=</varname>.</para></listitem>
+ <varname>BindsTo=</varname> with <varname>After=</varname>.</para>
+
+ <para>When <varname>BindsTo=b.service</varname> is used on
+ <filename>a.service</filename>, this dependency will show as
+ <varname>BoundBy=a.service</varname> in property listing of
+ <filename>b.service</filename>. <varname>BoundBy=</varname>
+ dependency cannot be specified directly.</para>
+ </listitem>
</varlistentry>
<varlistentry>
restarting of units. When systemd stops or restarts the units
listed here, the action is propagated to this unit. Note that
this is a one-way dependency — changes to this unit do not
- affect the listed units. </para></listitem>
+ affect the listed units.</para>
+
+ <para>When <varname>PartOf=b.service</varname> is used on
+ <filename>a.service</filename>, this dependency will show as
+ <varname>ConsistsOf=a.service</varname> in property listing of
+ <filename>b.service</filename>. <varname>ConsistsOf=</varname>
+ dependency cannot be specified directly.</para>
+ </listitem>
</varlistentry>
<varlistentry>
<listitem><para>A space-separated list of one or more units
that are activated when this unit enters the
- <literal>failed</literal> state.</para></listitem>
+ <literal>failed</literal> state. A service unit using
+ <varname>Restart=</varname> enters the failed state only after
+ the start limits are reached.</para></listitem>
</varlistentry>
<varlistentry>
ones.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>CollectMode=</varname></term>
+
+ <listitem><para>Tweaks the "garbage collection" algorithm for this unit. Takes one of <option>inactive</option>
+ or <option>inactive-or-failed</option>. If set to <option>inactive</option> the unit will be unloaded if it is
+ in the <constant>inactive</constant> state and is not referenced by clients, jobs or other units — however it
+ is not unloaded if it is in the <constant>failed</constant> state. In <option>failed</option> mode, failed
+ units are not unloaded until the user invoked <command>systemctl reset-failed</command> on them to reset the
+ <constant>failed</constant> state, or an equivalent command. This behaviour is altered if this option is set to
+ <option>inactive-or-failed</option>: in this case the unit is unloaded even if the unit is in a
+ <constant>failed</constant> state, and thus an explicitly resetting of the <constant>failed</constant> state is
+ not necessary. Note that if this mode is used unit results (such as exit codes, exit signals, consumed
+ resources, …) are flushed out immediately after the unit completed, except for what is stored in the logging
+ subsystem. Defaults to <option>inactive</option>.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>JobTimeoutSec=</varname></term>
<term><varname>JobRunningTimeoutSec=</varname></term>
<term><varname>StartLimitBurst=<replaceable>burst</replaceable></varname></term>
<listitem><para>Configure unit start rate limiting. Units which are started more than
- <replaceable>burst</replaceable> times within an <replaceable>interval</replaceable> time interval
- are not permitted to start any more. Use <varname>StartLimitIntervalSec=</varname> to configure the
- checking interval (defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file,
- set it to 0 to disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many
- starts per interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager
- configuration file). These configuration options are particularly useful in conjunction with the service
- setting <varname>Restart=</varname> (see
+ <replaceable>burst</replaceable> times within an <replaceable>interval</replaceable> time interval are not
+ permitted to start any more. Use <varname>StartLimitIntervalSec=</varname> to configure the checking interval
+ (defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file, set it to 0 to
+ disable any kind of rate limiting). Use <varname>StartLimitBurst=</varname> to configure how many starts per
+ interval are allowed (defaults to <varname>DefaultStartLimitBurst=</varname> in manager configuration
+ file). These configuration options are particularly useful in conjunction with the service setting
+ <varname>Restart=</varname> (see
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>); however,
they apply to all kinds of starts (including manual), not just those triggered by the
<varname>Restart=</varname> logic. Note that units which are configured for <varname>Restart=</varname> and
which reach the start limit are not attempted to be restarted anymore; however, they may still be restarted
- manually at a later point, after the <replaceable>interval</replaceable> has passed.
- From this point on, the restart logic is activated again. Note that
- <command>systemctl reset-failed</command> will cause the restart rate counter for a service to be flushed,
- which is useful if the administrator wants to manually start a unit and the start limit interferes with
- that. Note that this rate-limiting is enforced after any unit condition checks are executed, and hence unit
- activations with failing conditions do not count towards this rate limit. This setting does not apply to
- slice, target, device, and scope units, since they are unit types whose activation may either never fail, or
- may succeed only a single time.</para></listitem>
+ manually at a later point, after the <replaceable>interval</replaceable> has passed. From this point on, the
+ restart logic is activated again. Note that <command>systemctl reset-failed</command> will cause the restart
+ rate counter for a service to be flushed, which is useful if the administrator wants to manually start a unit
+ and the start limit interferes with that. Note that this rate-limiting is enforced after any unit condition
+ checks are executed, and hence unit activations with failing conditions do not count towards this rate
+ limit. This setting does not apply to slice, target, device, and scope units, since they are unit types whose
+ activation may either never fail, or may succeed only a single time.</para>
+
+ <para>When a unit is unloaded due to the garbage collection logic (see above) its rate limit counters are
+ flushed out too. This means that configuring start rate limiting for a unit that is not referenced continously
+ has no effect.</para></listitem>
</varlistentry>
<varlistentry>
semantics. Defaults to <option>none</option>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>FailureAction=</varname></term>
+ <term><varname>SuccessAction=</varname></term>
+ <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
+ state. Takes the same values as the setting <varname>StartLimitAction=</varname> setting and executes the same
+ actions. Both options default to <option>none</option>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>RebootArgument=</varname></term>
<listitem><para>Configure the optional argument for the
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call if
- <varname>StartLimitAction=</varname> or a service's <varname>FailureAction=</varname> is a reboot action. This
+ <varname>StartLimitAction=</varname> or <varname>FailureAction=</varname> is a reboot action. This
works just like the optional argument to <command>systemctl reboot</command> command.</para></listitem>
</varlistentry>
<term><varname>ConditionVirtualization=</varname></term>
<term><varname>ConditionHost=</varname></term>
<term><varname>ConditionKernelCommandLine=</varname></term>
+ <term><varname>ConditionKernelVersion=</varname></term>
<term><varname>ConditionSecurity=</varname></term>
<term><varname>ConditionCapability=</varname></term>
<term><varname>ConditionACPower=</varname></term>
<term><varname>ConditionFileIsExecutable=</varname></term>
<term><varname>ConditionUser=</varname></term>
<term><varname>ConditionGroup=</varname></term>
+ <term><varname>ConditionControlGroupController=</varname></term>
<!-- We do not document ConditionNull=
here, as it is not particularly
<varname>xen</varname>,
<varname>bochs</varname>,
<varname>uml</varname>,
+ <varname>bhyve</varname>,
+ <varname>qnx</varname>,
<varname>openvz</varname>,
<varname>lxc</varname>,
<varname>lxc-libvirt</varname>,
the exact assignment is looked for with right and left hand
side matching.</para>
+ <para><varname>ConditionKernelVersion=</varname> may be used to check whether the kernel version (as reported
+ by <command>uname -r</command>) matches a certain expression (or if prefixed with the exclamation mark does not
+ match it). The argument must be a single string. If the string starts with one of <literal><</literal>,
+ <literal><=</literal>, <literal>=</literal>, <literal>>=</literal>, <literal>></literal> a relative
+ version comparison is done, otherwise the specified string is matched with shell-style globs.</para>
+
+ <para>Note that using the kernel version string is an unreliable way to determine which features are supported
+ by a kernel, because of the widespread practice of backporting drivers, features, and fixes from newer upstream
+ kernels into older versions provided by distributions. Hence, this check is inherently unportable and should
+ not be used for units which may be used on different distributions.</para>
+
<para><varname>ConditionSecurity=</varname> may be used to
check whether the given security module is enabled on the
system. Currently, the recognized values are
<varname>selinux</varname>,
<varname>apparmor</varname>,
+ <varname>tomoyo</varname>,
<varname>ima</varname>,
<varname>smack</varname> and
<varname>audit</varname>. The test may be negated by
auxiliary groups match the specified group or GID. This setting
does not have a special value <literal>@system</literal>.</para>
+ <para><varname>ConditionControlGroupController=</varname> takes a
+ cgroup controller name (eg. <option>cpu</option>), verifying that it is
+ available for use on the system. For example, a particular controller
+ may not be available if it was disabled on the kernel command line with
+ <literal>cgroup_disable=</literal><replaceable>controller</replaceable>.
+ Multiple controllers may be passed with a space separating them; in
+ this case the condition will only pass if all listed controllers are
+ available for use. Controllers unknown to systemd are ignored. Valid
+ controllers are <option>cpu</option>, <option>cpuacct</option>,
+ <option>io</option>, <option>blkio</option>, <option>memory</option>,
+ <option>devices</option>, and <option>pids</option>.</para>
+
<para>If multiple conditions are specified, the unit will be
executed if all of them apply (i.e. a logical AND is applied).
Condition checks can be prefixed with a pipe symbol (|) in
<term><varname>AssertVirtualization=</varname></term>
<term><varname>AssertHost=</varname></term>
<term><varname>AssertKernelCommandLine=</varname></term>
+ <term><varname>AssertKernelVersion=</varname></term>
<term><varname>AssertSecurity=</varname></term>
<term><varname>AssertCapability=</varname></term>
<term><varname>AssertACPower=</varname></term>
<term><varname>AssertFileIsExecutable=</varname></term>
<term><varname>AssertUser=</varname></term>
<term><varname>AssertGroup=</varname></term>
+ <term><varname>AssertControlGroupController=</varname></term>
<listitem><para>Similar to the <varname>ConditionArchitecture=</varname>,
<varname>ConditionVirtualization=</varname>, …, condition settings described above, these settings add
files. This functionality should not be used in normal
units.</para></listitem>
</varlistentry>
-
</variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Mapping of unit properties to their inverses</title>
+
+ <para>Unit settings that create a relationship with a second unit usually show up
+ in properties of both units, for example in <command>systemctl show</command>
+ output. In some cases the name of the property is the same as the name of the
+ configuration setting, but not always. This table lists the pairs of properties
+ that are shown on two units which are connected through some dependency, and shows
+ which property on "source" unit corresponds to which property on the "target" unit.
+ </para>
+
+ <table>
+ <title>
+ "Forward" and "reverse" unit properties
+ </title>
+
+ <tgroup cols='2'>
+ <colspec colname='forward' />
+ <colspec colname='reverse' />
+ <colspec colname='notes' />
+ <thead>
+ <row>
+ <entry>"Forward" property</entry>
+ <entry>"Reverse" property</entry>
+ <entry>Where used</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><varname>Before=</varname></entry>
+ <entry><varname>After=</varname></entry>
+ <entry morerows='1' valign='middle'>Both are unit file options</entry>
+ </row>
+ <row>
+ <entry><varname>After=</varname></entry>
+ <entry><varname>Before=</varname></entry>
+ </row>
+ <row>
+ <entry><varname>Requires=</varname></entry>
+ <entry><varname>RequiredBy=</varname></entry>
+ <entry>A unit file option; an option in the [Install] section</entry>
+ </row>
+ <row>
+ <entry><varname>Wants=</varname></entry>
+ <entry><varname>WantedBy=</varname></entry>
+ <entry>A unit file option; an option in the [Install] section</entry>
+ </row>
+ <row>
+ <entry><varname>PartOf=</varname></entry>
+ <entry><varname>ConsistsOf=</varname></entry>
+ <entry>A unit file option; an automatic property</entry>
+ </row>
+ <row>
+ <entry><varname>BindsTo=</varname></entry>
+ <entry><varname>BoundBy=</varname></entry>
+ <entry>A unit file option; an automatic property</entry>
+ </row>
+ <row>
+ <entry><varname>Requisite=</varname></entry>
+ <entry><varname>RequisiteOf=</varname></entry>
+ <entry>A unit file option; an automatic property</entry>
+ </row>
+ <row>
+ <entry><varname>Triggers=</varname></entry>
+ <entry><varname>TriggeredBy=</varname></entry>
+ <entry>Automatic properties, see notes below</entry>
+ </row>
+ <row>
+ <entry><varname>Conflicts=</varname></entry>
+ <entry><varname>ConflictedBy=</varname></entry>
+ <entry>A unit file option; an automatic property</entry>
+ </row>
+ <row>
+ <entry><varname>PropagatesReloadTo=</varname></entry>
+ <entry><varname>ReloadPropagatedFrom=</varname></entry>
+ <entry morerows='1' valign='middle'>Both are unit file options</entry>
+ </row>
+ <row>
+ <entry><varname>ReloadPropagatedFrom=</varname></entry>
+ <entry><varname>PropagatesReloadTo=</varname></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>Note: <varname>WantedBy=</varname> and <varname>RequiredBy=</varname> are
+ used in the [Install] section to create symlinks in <filename>.wants/</filename>
+ and <filename>.requires/</filename> directories. They cannot be used directly as a
+ unit configuration setting.</para>
+ <para>Note: <varname>ConsistsOf=</varname>, <varname>BoundBy=</varname>,
+ <varname>RequisiteOf=</varname>, <varname>ConflictedBy=</varname> are created
+ implicitly along with their reverse and cannot be specified directly.</para>
+
+ <para>Note: <varname>Triggers=</varname> is created implicitly between a socket,
+ path unit, or an automount unit, and the unit they activate. By default a unit
+ with the same name is triggered, but this can be overriden using
+ <varname>Sockets=</varname>, <varname>Service=</varname>, and <varname>Unit=</varname>
+ settings. See
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ and
+ <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details. <varname>TriggersBy=</varname> is created implicitly on the
+ triggered unit.</para>
</refsect1>
<refsect1>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> during runtime; it is
used by the <command>enable</command> and <command>disable</command> commands of the
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool during
- installation of a unit. Note that settings in the <literal>[Install]</literal> section may not appear in
- <filename>.d/*.conf</filename> unit file drop-ins (see above).</para>
+ installation of a unit.</para>
<variablelist class='unit-directives'>
<varlistentry>
<para>Many settings resolve specifiers which may be used to write
generic unit files referring to runtime or unit parameters that
- are replaced when the unit files are loaded. The following
+ are replaced when the unit files are loaded. Specifiers must be known
+ and resolvable for the setting to be valid. The following
specifiers are understood:</para>
<table>
<colspec colname="detail" />
<thead>
<row>
- <entry>Specifier</entry>
- <entry>Meaning</entry>
- <entry>Details</entry>
+ <entry>Specifier</entry>
+ <entry>Meaning</entry>
+ <entry>Details</entry>
</row>
</thead>
<tbody>
<row>
- <entry><literal>%n</literal></entry>
- <entry>Full unit name</entry>
- <entry></entry>
+ <entry><literal>%n</literal></entry>
+ <entry>Full unit name</entry>
+ <entry></entry>
</row>
<row>
- <entry><literal>%N</literal></entry>
- <entry>Unescaped full unit name</entry>
- <entry>Same as <literal>%n</literal>, but with escaping undone</entry>
+ <entry><literal>%N</literal></entry>
+ <entry>Unescaped full unit name</entry>
+ <entry>Same as <literal>%n</literal>, but with escaping undone. This undoes the escaping used when generating unit names from arbitrary strings (see above). </entry>
</row>
<row>
- <entry><literal>%p</literal></entry>
- <entry>Prefix name</entry>
- <entry>For instantiated units, this refers to the string before the <literal>@</literal> character of the unit name. For non-instantiated units, this refers to the name of the unit with the type suffix removed.</entry>
+ <entry><literal>%p</literal></entry>
+ <entry>Prefix name</entry>
+ <entry>For instantiated units, this refers to the string before the <literal>@</literal> character of the unit name. For non-instantiated units, this refers to the name of the unit with the type suffix removed.</entry>
</row>
<row>
- <entry><literal>%P</literal></entry>
- <entry>Unescaped prefix name</entry>
- <entry>Same as <literal>%p</literal>, but with escaping undone</entry>
+ <entry><literal>%P</literal></entry>
+ <entry>Unescaped prefix name</entry>
+ <entry>Same as <literal>%p</literal>, but with escaping undone</entry>
</row>
<row>
- <entry><literal>%i</literal></entry>
- <entry>Instance name</entry>
- <entry>For instantiated units: this is the string between the <literal>@</literal> character and the suffix of the unit name.</entry>
+ <entry><literal>%i</literal></entry>
+ <entry>Instance name</entry>
+ <entry>For instantiated units: this is the string between the <literal>@</literal> character and the suffix of the unit name.</entry>
</row>
<row>
- <entry><literal>%I</literal></entry>
- <entry>Unescaped instance name</entry>
- <entry>Same as <literal>%i</literal>, but with escaping undone</entry>
+ <entry><literal>%I</literal></entry>
+ <entry>Unescaped instance name</entry>
+ <entry>Same as <literal>%i</literal>, but with escaping undone</entry>
</row>
<row>
- <entry><literal>%f</literal></entry>
- <entry>Unescaped filename</entry>
- <entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>.</entry>
+ <entry><literal>%f</literal></entry>
+ <entry>Unescaped filename</entry>
+ <entry>This is either the unescaped instance name (if applicable) with <filename>/</filename> prepended (if applicable), or the unescaped prefix name prepended with <filename>/</filename>. This implements unescaping according to the rules for escaping absolute file system paths discussed above.</entry>
</row>
<row>
- <entry><literal>%t</literal></entry>
- <entry>Runtime directory root</entry>
- <entry>This is either <filename>/run</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry>
+ <entry><literal>%t</literal></entry>
+ <entry>Runtime directory root</entry>
+ <entry>This is either <filename>/run</filename> (for the system manager) or the path <literal>$XDG_RUNTIME_DIR</literal> resolves to (for user managers).</entry>
</row>
<row>
- <entry><literal>%S</literal></entry>
- <entry>State directory root </entry>
- <entry>This is either <filename>/var/lib</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry>
+ <entry><literal>%S</literal></entry>
+ <entry>State directory root</entry>
+ <entry>This is either <filename>/var/lib</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to (for user managers).</entry>
</row>
<row>
- <entry><literal>%C</literal></entry>
- <entry>Cache directory root </entry>
- <entry>This is either <filename>/var/cache</filename> (for the system manager) or the path <literal>$XDG_CACHE_HOME</literal> resolves to (for user managers).</entry>
+ <entry><literal>%C</literal></entry>
+ <entry>Cache directory root</entry>
+ <entry>This is either <filename>/var/cache</filename> (for the system manager) or the path <literal>$XDG_CACHE_HOME</literal> resolves to (for user managers).</entry>
</row>
<row>
- <entry><literal>%L</literal></entry>
- <entry>Logs directory root </entry>
- <entry>This is either <filename>/var/log</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to with <filename>/log</filename> appended (for user managers).</entry>
+ <entry><literal>%L</literal></entry>
+ <entry>Log directory root</entry>
+ <entry>This is either <filename>/var/log</filename> (for the system manager) or the path <literal>$XDG_CONFIG_HOME</literal> resolves to with <filename noindex='true'>/log</filename> appended (for user managers).</entry>
</row>
<row>
- <entry><literal>%u</literal></entry>
- <entry>User name</entry>
- <entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry>
+ <entry><literal>%u</literal></entry>
+ <entry>User name</entry>
+ <entry>This is the name of the user running the service manager instance. In case of the system manager this resolves to <literal>root</literal>.</entry>
</row>
<row>
- <entry><literal>%U</literal></entry>
- <entry>User UID</entry>
- <entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry>
+ <entry><literal>%U</literal></entry>
+ <entry>User UID</entry>
+ <entry>This is the numeric UID of the user running the service manager instance. In case of the system manager this resolves to <literal>0</literal>.</entry>
</row>
<row>
- <entry><literal>%h</literal></entry>
- <entry>User home directory</entry>
- <entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry>
+ <entry><literal>%h</literal></entry>
+ <entry>User home directory</entry>
+ <entry>This is the home directory of the user running the service manager instance. In case of the system manager this resolves to <literal>/root</literal>.</entry>
</row>
<row>
- <entry><literal>%s</literal></entry>
- <entry>User shell</entry>
- <entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry>
+ <entry><literal>%s</literal></entry>
+ <entry>User shell</entry>
+ <entry>This is the shell of the user running the service manager instance. In case of the system manager this resolves to <literal>/bin/sh</literal>.</entry>
</row>
<row>
- <entry><literal>%m</literal></entry>
- <entry>Machine ID</entry>
- <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry>
+ <entry><literal>%m</literal></entry>
+ <entry>Machine ID</entry>
+ <entry>The machine ID of the running system, formatted as string. See <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information.</entry>
</row>
<row>
- <entry><literal>%b</literal></entry>
- <entry>Boot ID</entry>
- <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry>
+ <entry><literal>%b</literal></entry>
+ <entry>Boot ID</entry>
+ <entry>The boot ID of the running system, formatted as string. See <citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more information.</entry>
</row>
<row>
- <entry><literal>%H</literal></entry>
- <entry>Host name</entry>
- <entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry>
+ <entry><literal>%H</literal></entry>
+ <entry>Host name</entry>
+ <entry>The hostname of the running system at the point in time the unit configuration is loaded.</entry>
</row>
<row>
- <entry><literal>%v</literal></entry>
- <entry>Kernel release</entry>
- <entry>Identical to <command>uname -r</command> output</entry>
+ <entry><literal>%v</literal></entry>
+ <entry>Kernel release</entry>
+ <entry>Identical to <command>uname -r</command> output</entry>
</row>
<row>
- <entry><literal>%%</literal></entry>
- <entry>Single percent sign</entry>
- <entry>Use <literal>%%</literal> in place of <literal>%</literal> to specify a single percent sign.</entry>
+ <entry><literal>%%</literal></entry>
+ <entry>Single percent sign</entry>
+ <entry>Use <literal>%%</literal> in place of <literal>%</literal> to specify a single percent sign.</entry>
</row>
</tbody>
</tgroup>
</table>
-
</refsect1>
<refsect1>
disadvantage that some future updates by the vendor might be
incompatible with the local changes.</para>
- <para>Note that for drop-in files, if one wants to remove
- entries from a setting that is parsed as a list (and is not a
- dependency), such as <varname>ConditionPathExists=</varname> (or
- e.g. <varname>ExecStart=</varname> in service units), one needs
- to first clear the list before re-adding all entries except the
- one that is to be removed. See below for an example.</para>
-
<para>This also applies for user instances of systemd, but with
different locations for the unit files. See the section on unit
load paths for further details.</para>
Nice=0
PrivateTmp=yes</programlisting>
- <para>Note that dependencies (<varname>After=</varname>, etc.)
+ <para>Note that for drop-in files, if one wants to remove
+ entries from a setting that is parsed as a list (and is not a
+ dependency), such as <varname>AssertPathExists=</varname> (or
+ e.g. <varname>ExecStart=</varname> in service units), one needs
+ to first clear the list before re-adding all entries except the
+ one that is to be removed. Dependencies (<varname>After=</varname>, etc.)
cannot be reset to an empty list, so dependencies can only be
added in drop-ins. If you want to remove dependencies, you have
to override the entire unit.</para>
projects / thirdparty / systemd.git / blobdiff