From 92033d8fba24872728955de7bcc41aedb1c693f7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 27 Nov 2024 10:15:41 +0100 Subject: [PATCH] man: split systemd.conf(5) into multiple sections No changes in wording, let's just make a very long man page a bit more digestable by adding sections, and then reordering settings to fit into them. --- man/systemd-system.conf.xml | 461 +++++++++++++++++++----------------- 1 file changed, 244 insertions(+), 217 deletions(-) diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml index 7c0ba8cb8be..580da9d75f5 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml @@ -64,11 +64,9 @@ Options - All options are configured in the - [Manager] section: + All options are configured in the [Manager] section: - LogColor= LogLevel= @@ -105,6 +103,65 @@ + + StatusUnitFormat= + + Takes , or + as the value. If , the system manager will use unit + names in status messages (e.g. systemd-journald.service), instead of the longer + and more informative descriptions set with Description= (e.g. Journal + Logging Service). If , the system manager will use both unit names + and descriptions in status messages (e.g. systemd-journald.service - Journal Logging + Service). + + See + systemd.unit5 for + details about unit names and Description=. + + + + + + DefaultTimerAccuracySec= + + Sets the default accuracy of timer units. This + controls the global default for the + AccuracySec= setting of timer units, see + systemd.timer5 + for details. AccuracySec= set in individual + units override the global default for the specific unit. + Defaults to 1min. Note that the accuracy of timer units is + also affected by the configured timer slack for PID 1, see + TimerSlackNSec= above. + + + + + + + + Resource Management + + + + TimerSlackNSec= + + Sets the timer slack in nanoseconds for PID 1, + which is inherited by all executed processes, unless + overridden individually, for example with the + TimerSlackNSec= setting in service units + (for details see + systemd.exec5). + The timer slack controls the accuracy of wake-ups triggered by + system timers. See + prctl2 + for more information. Note that in contrast to most other time + span definitions this parameter takes an integer value in + nano-seconds if no unit is specified. The usual time units are + understood too. + + + CPUAffinity= @@ -143,6 +200,142 @@ + + DefaultCPUAccounting= + DefaultMemoryAccounting= + DefaultTasksAccounting= + DefaultIOAccounting= + DefaultIPAccounting= + + + Configure the default resource accounting settings, as configured per-unit by + CPUAccounting=, MemoryAccounting=, + TasksAccounting=, IOAccounting= and + IPAccounting=. See + systemd.resource-control5 + for details on the per-unit settings. + + DefaultCPUAccounting= defaults to yes when running on kernel ≥4.15, and no on older versions. + DefaultMemoryAccounting= defaults to &MEMORY_ACCOUNTING_DEFAULT;. + DefaultTasksAccounting= defaults to yes. + The other settings default to no. + + + + + + + DefaultTasksMax= + + Configure the default value for the per-unit TasksMax= setting. See + systemd.resource-control5 + for details. This setting applies to all unit types that support resource control settings, with the exception + of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= + and root cgroup pids.max. + Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. + For example, with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, + but might be greater in other systems or smaller in OS containers. + + + + + + DefaultLimitCPU= + DefaultLimitFSIZE= + DefaultLimitDATA= + DefaultLimitSTACK= + DefaultLimitCORE= + DefaultLimitRSS= + DefaultLimitNOFILE= + DefaultLimitAS= + DefaultLimitNPROC= + DefaultLimitMEMLOCK= + DefaultLimitLOCKS= + DefaultLimitSIGPENDING= + DefaultLimitMSGQUEUE= + DefaultLimitNICE= + DefaultLimitRTPRIO= + DefaultLimitRTTIME= + + These settings control various default resource limits for processes executed by + units. See + setrlimit2 for + details. These settings may be overridden in individual units using the corresponding + LimitXXX= directives and they accept the same parameter syntax, + see systemd.exec5 + for details. Note that these resource limits are only defaults + for units, they are not applied to the service manager process (i.e. PID 1) itself. + + Most of these settings are unset, which means the resource limits are inherited from the kernel or, if + invoked in a container, from the container manager. However, the following have defaults: + + DefaultLimitNOFILE= defaults to 1024:&HIGH_RLIMIT_NOFILE;. + + + DefaultLimitMEMLOCK= defaults to 8M. + + DefaultLimitCORE= does not have a default but it is worth mentioning that + RLIMIT_CORE is set to infinity by PID 1 which is inherited by its + children. + + + Note that the service manager internally in PID 1 bumps RLIMIT_NOFILE and + RLIMIT_MEMLOCK to higher values, however the limit is reverted to the mentioned + defaults for all child processes forked off. + + + + + + + DefaultOOMPolicy= + + Configure the default policy for reacting to processes being killed by the Linux + Out-Of-Memory (OOM) killer or systemd-oomd. This may be used to pick a global default for the per-unit + OOMPolicy= setting. See + systemd.service5 + for details. Note that this default is not used for services that have Delegate= + turned on. + + + + + + DefaultOOMScoreAdjust= + + Configures the default OOM score adjustments of processes run by the service + manager. This defaults to unset (meaning the forked off processes inherit the service manager's OOM + score adjustment value), except if the service manager is run for an unprivileged user, in which case + this defaults to the service manager's OOM adjustment value plus 100 (this makes service processes + slightly more likely to be killed under memory pressure than the manager itself). This may be used to + pick a global default for the per-unit OOMScoreAdjust= setting. See + systemd.exec5 for + details. Note that this setting has no effect on the OOM score adjustment value of the service + manager process itself, it retains the original value set during its invocation. + + + + + + DefaultMemoryPressureWatch= + DefaultMemoryPressureThresholdSec= + + Configures the default settings for the per-unit + MemoryPressureWatch= and MemoryPressureThresholdSec= + settings. See + systemd.resource-control5 + for details. Defaults to auto and 200ms, respectively. This + also sets the memory pressure monitoring threshold for the service manager itself. + + + + + + + + Hardware Watchdog + + RuntimeWatchdogSec= RebootWatchdogSec= @@ -252,7 +445,13 @@ + + + + Security + + CapabilityBoundingSet= @@ -339,59 +538,25 @@ - TimerSlackNSec= - - Sets the timer slack in nanoseconds for PID 1, - which is inherited by all executed processes, unless - overridden individually, for example with the - TimerSlackNSec= setting in service units - (for details see - systemd.exec5). - The timer slack controls the accuracy of wake-ups triggered by - system timers. See - prctl2 - for more information. Note that in contrast to most other time - span definitions this parameter takes an integer value in - nano-seconds if no unit is specified. The usual time units are - understood too. - - - - - - StatusUnitFormat= + DefaultSmackProcessLabel= - Takes , or - as the value. If , the system manager will use unit - names in status messages (e.g. systemd-journald.service), instead of the longer - and more informative descriptions set with Description= (e.g. Journal - Logging Service). If , the system manager will use both unit names - and descriptions in status messages (e.g. systemd-journald.service - Journal Logging - Service). + Takes a security label as the argument. The process executed + by a unit will be started under this label if SmackProcessLabel= is not set in the + unit. See systemd.exec5 + for the details. - See - systemd.unit5 for - details about unit names and Description=. + If the value is /, only labels specified with SmackProcessLabel= + are assigned and the compile-time default is ignored. - + + + - - DefaultTimerAccuracySec= - - Sets the default accuracy of timer units. This - controls the global default for the - AccuracySec= setting of timer units, see - systemd.timer5 - for details. AccuracySec= set in individual - units override the global default for the specific unit. - Defaults to 1min. Note that the accuracy of timer units is - also affected by the configured timer slack for PID 1, see - TimerSlackNSec= above. - - - + + Timeouts and Rate Limits + DefaultTimeoutStartSec= DefaultTimeoutStopSec= @@ -448,28 +613,25 @@ - DefaultEnvironment= - - Configures environment variables passed to all executed processes. Takes a - space-separated list of variable assignments. See environ7 for - details about environment variables. - - Simple %-specifier expansion is supported, see below for a list of supported - specifiers. - - Example: - - DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6" + ReloadLimitIntervalSec= + ReloadLimitBurst= - Sets three variables - VAR1, - VAR2, - VAR3. + Rate limiting for daemon-reload and (since v256) daemon-reexec requests. The setting + applies to both operations, but the rate limits are tracked separately. Defaults to unset, and any + number of operations can be requested at any time. ReloadLimitIntervalSec= takes + a value in seconds to configure the rate limit window, and ReloadLimitBurst= + takes a positive integer to configure the maximum allowed number of operations within the configured + time window. - + + + + + Environment + + ManagerEnvironment= @@ -493,161 +655,26 @@ - DefaultCPUAccounting= - DefaultMemoryAccounting= - DefaultTasksAccounting= - DefaultIOAccounting= - DefaultIPAccounting= - - - Configure the default resource accounting settings, as configured per-unit by - CPUAccounting=, MemoryAccounting=, - TasksAccounting=, IOAccounting= and - IPAccounting=. See - systemd.resource-control5 - for details on the per-unit settings. - - DefaultCPUAccounting= defaults to yes when running on kernel ≥4.15, and no on older versions. - DefaultMemoryAccounting= defaults to &MEMORY_ACCOUNTING_DEFAULT;. - DefaultTasksAccounting= defaults to yes. - The other settings default to no. - - - - - - - DefaultTasksMax= - - Configure the default value for the per-unit TasksMax= setting. See - systemd.resource-control5 - for details. This setting applies to all unit types that support resource control settings, with the exception - of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= - and root cgroup pids.max. - Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. - For example, with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, - but might be greater in other systems or smaller in OS containers. - - - - - - DefaultLimitCPU= - DefaultLimitFSIZE= - DefaultLimitDATA= - DefaultLimitSTACK= - DefaultLimitCORE= - DefaultLimitRSS= - DefaultLimitNOFILE= - DefaultLimitAS= - DefaultLimitNPROC= - DefaultLimitMEMLOCK= - DefaultLimitLOCKS= - DefaultLimitSIGPENDING= - DefaultLimitMSGQUEUE= - DefaultLimitNICE= - DefaultLimitRTPRIO= - DefaultLimitRTTIME= - - These settings control various default resource limits for processes executed by - units. See - setrlimit2 for - details. These settings may be overridden in individual units using the corresponding - LimitXXX= directives and they accept the same parameter syntax, - see systemd.exec5 - for details. Note that these resource limits are only defaults - for units, they are not applied to the service manager process (i.e. PID 1) itself. - - Most of these settings are unset, which means the resource limits are inherited from the kernel or, if - invoked in a container, from the container manager. However, the following have defaults: - - DefaultLimitNOFILE= defaults to 1024:&HIGH_RLIMIT_NOFILE;. - - - DefaultLimitMEMLOCK= defaults to 8M. - - DefaultLimitCORE= does not have a default but it is worth mentioning that - RLIMIT_CORE is set to infinity by PID 1 which is inherited by its - children. - - - Note that the service manager internally in PID 1 bumps RLIMIT_NOFILE and - RLIMIT_MEMLOCK to higher values, however the limit is reverted to the mentioned - defaults for all child processes forked off. - - - - - - - DefaultOOMPolicy= - - Configure the default policy for reacting to processes being killed by the Linux - Out-Of-Memory (OOM) killer or systemd-oomd. This may be used to pick a global default for the per-unit - OOMPolicy= setting. See - systemd.service5 - for details. Note that this default is not used for services that have Delegate= - turned on. - - - - - - DefaultOOMScoreAdjust= - - Configures the default OOM score adjustments of processes run by the service - manager. This defaults to unset (meaning the forked off processes inherit the service manager's OOM - score adjustment value), except if the service manager is run for an unprivileged user, in which case - this defaults to the service manager's OOM adjustment value plus 100 (this makes service processes - slightly more likely to be killed under memory pressure than the manager itself). This may be used to - pick a global default for the per-unit OOMScoreAdjust= setting. See - systemd.exec5 for - details. Note that this setting has no effect on the OOM score adjustment value of the service - manager process itself, it retains the original value set during its invocation. - - - - - - DefaultSmackProcessLabel= - - Takes a security label as the argument. The process executed - by a unit will be started under this label if SmackProcessLabel= is not set in the - unit. See systemd.exec5 - for the details. - - If the value is /, only labels specified with SmackProcessLabel= - are assigned and the compile-time default is ignored. - - - + DefaultEnvironment= - - ReloadLimitIntervalSec= - ReloadLimitBurst= + Configures environment variables passed to all executed processes. Takes a + space-separated list of variable assignments. See environ7 for + details about environment variables. - Rate limiting for daemon-reload and (since v256) daemon-reexec requests. The setting - applies to both operations, but the rate limits are tracked separately. Defaults to unset, and any - number of operations can be requested at any time. ReloadLimitIntervalSec= takes - a value in seconds to configure the rate limit window, and ReloadLimitBurst= - takes a positive integer to configure the maximum allowed number of operations within the configured - time window. + Simple %-specifier expansion is supported, see below for a list of supported + specifiers. - - + Example: - - DefaultMemoryPressureWatch= - DefaultMemoryPressureThresholdSec= + DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6" - Configures the default settings for the per-unit - MemoryPressureWatch= and MemoryPressureThresholdSec= - settings. See - systemd.resource-control5 - for details. Defaults to auto and 200ms, respectively. This - also sets the memory pressure monitoring threshold for the service manager itself. + Sets three variables + VAR1, + VAR2, + VAR3. - + -- 2.47.3