1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="systemd-system.conf">
27 <title>systemd-system.conf</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>systemd-system.conf</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>systemd-system.conf</refname>
47 <refname>systemd-user.conf</refname>
48 <refpurpose>System and session service manager configuration file</refpurpose>
52 <para><filename>/etc/systemd/system.conf</filename></para>
53 <para><filename>/etc/systemd/user.conf</filename></para>
57 <title>Description</title>
59 <para>When run as system instance systemd reads the
60 configuration file <filename>system.conf</filename>,
61 otherwise <filename>user.conf</filename>. These
62 configuration files contain a few settings controlling
63 basic manager operations.</para>
67 <title>Options</title>
69 <para>All options are configured in the
70 <literal>[Manager]</literal> section:</para>
72 <variablelist class='systemd-directives'>
75 <term><varname>LogLevel=</varname></term>
76 <term><varname>LogTarget=</varname></term>
77 <term><varname>LogColor=</varname></term>
78 <term><varname>LogLocation=</varname></term>
79 <term><varname>DumpCore=yes</varname></term>
80 <term><varname>CrashShell=no</varname></term>
81 <term><varname>ShowStatus=yes</varname></term>
82 <term><varname>CrashChVT=1</varname></term>
83 <term><varname>DefaultStandardOutput=journal</varname></term>
84 <term><varname>DefaultStandardError=inherit</varname></term>
86 <listitem><para>Configures various
87 parameters of basic manager
88 operation. These options may be
89 overridden by the respective command
91 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
92 for details about these command line
93 arguments.</para></listitem>
97 <term><varname>CPUAffinity=</varname></term>
99 <listitem><para>Configures the initial
100 CPU affinity for the init
101 process. Takes a space-separated list
102 of CPU indices.</para></listitem>
106 <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
108 <listitem><para>Configures controllers
109 that shall be mounted in a single
110 hierarchy. By default, systemd will
111 mount all controllers which are
112 enabled in the kernel in individual
113 hierarchies, with the exception of
114 those listed in this setting. Takes a
115 space-separated list of comma-separated
116 controller names, in order
117 to allow multiple joined
118 hierarchies. Defaults to
119 'cpu,cpuacct'. Pass an empty string to
120 ensure that systemd mounts all
121 controllers in separate
124 <para>Note that this option is only
125 applied once, at very early boot. If
126 you use an initial RAM disk (initrd)
127 that uses systemd, it might hence be
128 necessary to rebuild the initrd if
129 this option is changed, and make sure
130 the new configuration file is included
131 in it. Otherwise, the initrd might
132 mount the controller hierarchies in a
133 different configuration than intended,
134 and the main system cannot remount
135 them anymore.</para></listitem>
139 <term><varname>RuntimeWatchdogSec=</varname></term>
140 <term><varname>ShutdownWatchdogSec=</varname></term>
142 <listitem><para>Configure the hardware
143 watchdog at runtime and at
144 reboot. Takes a timeout value in
145 seconds (or in other time units if
146 suffixed with <literal>ms</literal>,
147 <literal>min</literal>,
148 <literal>h</literal>,
149 <literal>d</literal>,
150 <literal>w</literal>). If
151 <varname>RuntimeWatchdogSec=</varname>
152 is set to a non-zero value, the
154 (<filename>/dev/watchdog</filename>)
155 will be programmed to automatically
156 reboot the system if it is not
157 contacted within the specified timeout
158 interval. The system manager will
159 ensure to contact it at least once in
160 half the specified timeout
161 interval. This feature requires a
162 hardware watchdog device to be
163 present, as it is commonly the case in
164 embedded and server systems. Not all
165 hardware watchdogs allow configuration
166 of the reboot timeout, in which case
167 the closest available timeout is
168 picked. <varname>ShutdownWatchdogSec=</varname>
169 may be used to configure the hardware
170 watchdog when the system is asked to
171 reboot. It works as a safety net to
172 ensure that the reboot takes place
173 even if a clean reboot attempt times
175 <varname>RuntimeWatchdogSec=</varname>
176 defaults to 0 (off), and
177 <varname>ShutdownWatchdogSec=</varname>
178 to 10min. These settings have no
179 effect if a hardware watchdog is not
180 available.</para></listitem>
184 <term><varname>CapabilityBoundingSet=</varname></term>
186 <listitem><para>Controls which
187 capabilities to include in the
188 capability bounding set for PID 1 and
190 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
191 for details. Takes a whitespace-separated
192 list of capability names as read by
193 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
194 Capabilities listed will be included
195 in the bounding set, all others are
196 removed. If the list of capabilities
197 is prefixed with ~, all but the listed
198 capabilities will be included, the
199 effect of the assignment
200 inverted. Note that this option also
201 affects the respective capabilities in
202 the effective, permitted and
203 inheritable capability sets. The
204 capability bounding set may also be
205 individually configured for units
207 <varname>CapabilityBoundingSet=</varname>
208 directive for units, but note that
209 capabilities dropped for PID 1 cannot
210 be regained in individual units, they
211 are lost for good.</para></listitem>
215 <term><varname>SystemCallArchitectures=</varname></term>
217 <listitem><para>Takes a
218 space-separated list of architecture
219 identifiers. Selects from which
220 architectures system calls may be
221 invoked on this system. This may be
222 used as an effective way to disable
223 invocation of non-native binaries
224 system-wide, for example to prohibit
225 execution of 32-bit x86 binaries on
226 64-bit x86-64 systems. This option
227 operates system-wide, and acts
229 <varname>SystemCallArchitectures=</varname>
230 setting of unit files, see
231 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
232 for details. This setting defaults to
233 the empty list, in which case no
234 filtering of system calls based on
235 architecture is applied. Known
236 architecture identifiers are
237 <literal>x86</literal>,
238 <literal>x86-64</literal>,
239 <literal>x32</literal>,
240 <literal>arm</literal> and the special
242 <literal>native</literal>. The latter
243 implicitly maps to the native
244 architecture of the system (or more
245 specifically, the architecture the
246 system manager was compiled for). Set
248 <literal>native</literal> to prohibit
249 execution of any non-native
250 binaries. When a binary executes a
251 system call of an architecture that is
252 not listed in this setting, it will be
253 immediately terminated with the SIGSYS
254 signal.</para></listitem>
258 <term><varname>TimerSlackNSec=</varname></term>
260 <listitem><para>Sets the timer slack
261 in nanoseconds for PID 1, which is
262 inherited by all executed processes,
263 unless overridden individually, for
265 <varname>TimerSlackNSec=</varname>
266 setting in service units (for details
268 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
269 timer slack controls the accuracy of
270 wake-ups triggered by system
272 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
273 for more information. Note that in
274 contrast to most other time span
275 definitions this parameter takes an
276 integer value in nano-seconds if no
277 unit is specified. The usual time
279 too.</para></listitem>
283 <term><varname>DefaultTimerAccuracySec=</varname></term>
285 <listitem><para>Sets the default
286 accuracy of timer units. This controls
287 the global default for the
288 <varname>AccuracySec=</varname>
289 setting of timer units, see
290 <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
292 details. <varname>AccuracySec=</varname>
293 set in individual units override the
294 global default for the specific
295 unit. Defaults to 1min. Note that the
296 accuracy of timer units is also
297 affected by the configured timer slack
299 <varname>TimerSlackNSec=</varname>
300 above.</para></listitem>
304 <term><varname>DefaultTimeoutStartSec=</varname></term>
305 <term><varname>DefaultTimeoutStopSec=</varname></term>
306 <term><varname>DefaultRestartSec=</varname></term>
308 <listitem><para>Configures the default
309 timeouts for starting and stopping of
310 units, as well as the default time to
311 sleep between automatic restarts of
312 units, as configured per-unit in
313 <varname>TimeoutStartSec=</varname>,
314 <varname>TimeoutStopSec=</varname> and
315 <varname>RestartSec=</varname> (for
317 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
318 for details on the per-unit
319 settings). For non-service units,
320 <varname>DefaultTimeoutStartSec=</varname>
322 <varname>TimeoutSec=</varname> value.
327 <term><varname>DefaultStartLimitInterval=</varname></term>
328 <term><varname>DefaultStartLimitBurst=</varname></term>
330 <listitem><para>Configure the default
331 unit start rate limiting, as
332 configured per-service by
333 <varname>StartLimitInterval=</varname>
335 <varname>StartLimitBurst=</varname>. See
336 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
337 for details on the per-service
338 settings.</para></listitem>
342 <term><varname>DefaultEnvironment=</varname></term>
344 <listitem><para>Sets manager
345 environment variables passed to all
346 executed processes. Takes a
347 space-separated list of variable
349 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
350 for details about environment
355 <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
358 <literal>VAR1</literal>,
359 <literal>VAR2</literal>,
360 <literal>VAR3</literal>.</para></listitem>
364 <term><varname>DefaultCPUAccounting=</varname></term>
365 <term><varname>DefaultBlockIOAccounting=</varname></term>
366 <term><varname>DefaultMemoryAccounting=</varname></term>
368 <listitem><para>Configure the default
369 resource accounting settings, as
370 configured per-unit by
371 <varname>CPUAccounting=</varname>,
372 <varname>BlockIOAccounting=</varname>
374 <varname>MemoryAccounting=</varname>. See
375 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
376 for details on the per-unit
377 settings.</para></listitem>
381 <term><varname>DefaultLimitCPU=</varname></term>
382 <term><varname>DefaultLimitFSIZE=</varname></term>
383 <term><varname>DefaultLimitDATA=</varname></term>
384 <term><varname>DefaultLimitSTACK=</varname></term>
385 <term><varname>DefaultLimitCORE=</varname></term>
386 <term><varname>DefaultLimitRSS=</varname></term>
387 <term><varname>DefaultLimitNOFILE=</varname></term>
388 <term><varname>DefaultLimitAS=</varname></term>
389 <term><varname>DefaultLimitNPROC=</varname></term>
390 <term><varname>DefaultLimitMEMLOCK=</varname></term>
391 <term><varname>DefaultLimitLOCKS=</varname></term>
392 <term><varname>DefaultLimitSIGPENDING=</varname></term>
393 <term><varname>DefaultLimitMSGQUEUE=</varname></term>
394 <term><varname>DefaultLimitNICE=</varname></term>
395 <term><varname>DefaultLimitRTPRIO=</varname></term>
396 <term><varname>DefaultLimitRTTIME=</varname></term>
398 <listitem><para>These settings control
399 various default resource limits for
401 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
402 for details. Use the string
403 <varname>infinity</varname> to
404 configure no limit on a specific
405 resource. These settings may be
406 overridden in individual units
407 using the corresponding LimitXXX=
408 directives. Note that these resource
409 limits are only defaults for units,
410 they are not applied to PID 1
411 itself.</para></listitem>
417 <title>See Also</title>
419 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
420 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
421 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
422 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
423 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
424 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>