1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="systemd-system.conf"
26 xmlns:xi="http://www.w3.org/2001/XInclude">
28 <title>systemd-system.conf</title>
29 <productname>systemd</productname>
33 <contrib>Developer</contrib>
34 <firstname>Lennart</firstname>
35 <surname>Poettering</surname>
36 <email>lennart@poettering.net</email>
42 <refentrytitle>systemd-system.conf</refentrytitle>
43 <manvolnum>5</manvolnum>
47 <refname>systemd-system.conf</refname>
48 <refname>system.conf.d</refname>
49 <refname>systemd-user.conf</refname>
50 <refname>user.conf.d</refname>
51 <refpurpose>System and session service manager configuration files</refpurpose>
55 <para><filename>/etc/systemd/system.conf</filename></para>
56 <para><filename>/etc/systemd/system.conf.d/*.conf</filename></para>
57 <para><filename>/run/systemd/system.conf.d/*.conf</filename></para>
58 <para><filename>/usr/lib/systemd/system.conf.d/*.conf</filename></para>
59 <para><filename>/etc/systemd/user.conf</filename></para>
60 <para><filename>/etc/systemd/user.conf.d/*.conf</filename></para>
61 <para><filename>/run/systemd/user.conf.d/*.conf</filename></para>
62 <para><filename>/usr/lib/systemd/user.conf.d/*.conf</filename></para>
66 <title>Description</title>
68 <para>When run as a system instance, systemd interprets the
69 configuration file <filename>system.conf</filename> and the
70 files in <filename>system.conf.d</filename> directories; when
71 run as a user instance, systemd interprets the configuration
72 file <filename>user.conf</filename> and the files in
73 <filename>user.conf.d</filename> directories. These
74 configuration files contain a few settings controlling
75 basic manager operations.</para>
78 <xi:include href="standard-conf.xml" xpointer="confd" />
79 <xi:include href="standard-conf.xml" xpointer="conf" />
82 <title>Options</title>
84 <para>All options are configured in the
85 <literal>[Manager]</literal> section:</para>
87 <variablelist class='systemd-directives'>
90 <term><varname>LogLevel=</varname></term>
91 <term><varname>LogTarget=</varname></term>
92 <term><varname>LogColor=</varname></term>
93 <term><varname>LogLocation=</varname></term>
94 <term><varname>DumpCore=yes</varname></term>
95 <term><varname>CrashShell=no</varname></term>
96 <term><varname>ShowStatus=yes</varname></term>
97 <term><varname>CrashChVT=1</varname></term>
98 <term><varname>DefaultStandardOutput=journal</varname></term>
99 <term><varname>DefaultStandardError=inherit</varname></term>
101 <listitem><para>Configures various
102 parameters of basic manager
103 operation. These options may be
104 overridden by the respective command
106 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
107 for details about these command line
108 arguments.</para></listitem>
112 <term><varname>CPUAffinity=</varname></term>
114 <listitem><para>Configures the initial
115 CPU affinity for the init
116 process. Takes a space-separated list
117 of CPU indices.</para></listitem>
121 <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
123 <listitem><para>Configures controllers
124 that shall be mounted in a single
125 hierarchy. By default, systemd will
126 mount all controllers which are
127 enabled in the kernel in individual
128 hierarchies, with the exception of
129 those listed in this setting. Takes a
130 space-separated list of comma-separated
131 controller names, in order
132 to allow multiple joined
133 hierarchies. Defaults to
134 'cpu,cpuacct'. Pass an empty string to
135 ensure that systemd mounts all
136 controllers in separate
139 <para>Note that this option is only
140 applied once, at very early boot. If
141 you use an initial RAM disk (initrd)
142 that uses systemd, it might hence be
143 necessary to rebuild the initrd if
144 this option is changed, and make sure
145 the new configuration file is included
146 in it. Otherwise, the initrd might
147 mount the controller hierarchies in a
148 different configuration than intended,
149 and the main system cannot remount
150 them anymore.</para></listitem>
154 <term><varname>RuntimeWatchdogSec=</varname></term>
155 <term><varname>ShutdownWatchdogSec=</varname></term>
157 <listitem><para>Configure the hardware
158 watchdog at runtime and at
159 reboot. Takes a timeout value in
160 seconds (or in other time units if
161 suffixed with <literal>ms</literal>,
162 <literal>min</literal>,
163 <literal>h</literal>,
164 <literal>d</literal>,
165 <literal>w</literal>). If
166 <varname>RuntimeWatchdogSec=</varname>
167 is set to a non-zero value, the
169 (<filename>/dev/watchdog</filename>)
170 will be programmed to automatically
171 reboot the system if it is not
172 contacted within the specified timeout
173 interval. The system manager will
174 ensure to contact it at least once in
175 half the specified timeout
176 interval. This feature requires a
177 hardware watchdog device to be
178 present, as it is commonly the case in
179 embedded and server systems. Not all
180 hardware watchdogs allow configuration
181 of the reboot timeout, in which case
182 the closest available timeout is
183 picked. <varname>ShutdownWatchdogSec=</varname>
184 may be used to configure the hardware
185 watchdog when the system is asked to
186 reboot. It works as a safety net to
187 ensure that the reboot takes place
188 even if a clean reboot attempt times
190 <varname>RuntimeWatchdogSec=</varname>
191 defaults to 0 (off), and
192 <varname>ShutdownWatchdogSec=</varname>
193 to 10min. These settings have no
194 effect if a hardware watchdog is not
195 available.</para></listitem>
199 <term><varname>CapabilityBoundingSet=</varname></term>
201 <listitem><para>Controls which
202 capabilities to include in the
203 capability bounding set for PID 1 and
205 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
206 for details. Takes a whitespace-separated
207 list of capability names as read by
208 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
209 Capabilities listed will be included
210 in the bounding set, all others are
211 removed. If the list of capabilities
212 is prefixed with ~, all but the listed
213 capabilities will be included, the
214 effect of the assignment
215 inverted. Note that this option also
216 affects the respective capabilities in
217 the effective, permitted and
218 inheritable capability sets. The
219 capability bounding set may also be
220 individually configured for units
222 <varname>CapabilityBoundingSet=</varname>
223 directive for units, but note that
224 capabilities dropped for PID 1 cannot
225 be regained in individual units, they
226 are lost for good.</para></listitem>
230 <term><varname>SystemCallArchitectures=</varname></term>
232 <listitem><para>Takes a
233 space-separated list of architecture
234 identifiers. Selects from which
235 architectures system calls may be
236 invoked on this system. This may be
237 used as an effective way to disable
238 invocation of non-native binaries
239 system-wide, for example to prohibit
240 execution of 32-bit x86 binaries on
241 64-bit x86-64 systems. This option
242 operates system-wide, and acts
244 <varname>SystemCallArchitectures=</varname>
245 setting of unit files, see
246 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
247 for details. This setting defaults to
248 the empty list, in which case no
249 filtering of system calls based on
250 architecture is applied. Known
251 architecture identifiers are
252 <literal>x86</literal>,
253 <literal>x86-64</literal>,
254 <literal>x32</literal>,
255 <literal>arm</literal> and the special
257 <literal>native</literal>. The latter
258 implicitly maps to the native
259 architecture of the system (or more
260 specifically, the architecture the
261 system manager was compiled for). Set
263 <literal>native</literal> to prohibit
264 execution of any non-native
265 binaries. When a binary executes a
266 system call of an architecture that is
267 not listed in this setting, it will be
268 immediately terminated with the SIGSYS
269 signal.</para></listitem>
273 <term><varname>TimerSlackNSec=</varname></term>
275 <listitem><para>Sets the timer slack
276 in nanoseconds for PID 1, which is
277 inherited by all executed processes,
278 unless overridden individually, for
280 <varname>TimerSlackNSec=</varname>
281 setting in service units (for details
283 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
284 timer slack controls the accuracy of
285 wake-ups triggered by system
287 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
288 for more information. Note that in
289 contrast to most other time span
290 definitions this parameter takes an
291 integer value in nano-seconds if no
292 unit is specified. The usual time
294 too.</para></listitem>
298 <term><varname>DefaultTimerAccuracySec=</varname></term>
300 <listitem><para>Sets the default
301 accuracy of timer units. This controls
302 the global default for the
303 <varname>AccuracySec=</varname>
304 setting of timer units, see
305 <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
307 details. <varname>AccuracySec=</varname>
308 set in individual units override the
309 global default for the specific
310 unit. Defaults to 1min. Note that the
311 accuracy of timer units is also
312 affected by the configured timer slack
314 <varname>TimerSlackNSec=</varname>
315 above.</para></listitem>
319 <term><varname>DefaultTimeoutStartSec=</varname></term>
320 <term><varname>DefaultTimeoutStopSec=</varname></term>
321 <term><varname>DefaultRestartSec=</varname></term>
323 <listitem><para>Configures the default
324 timeouts for starting and stopping of
325 units, as well as the default time to
326 sleep between automatic restarts of
327 units, as configured per-unit in
328 <varname>TimeoutStartSec=</varname>,
329 <varname>TimeoutStopSec=</varname> and
330 <varname>RestartSec=</varname> (for
332 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
333 for details on the per-unit
334 settings). For non-service units,
335 <varname>DefaultTimeoutStartSec=</varname>
337 <varname>TimeoutSec=</varname> value.
342 <term><varname>DefaultStartLimitInterval=</varname></term>
343 <term><varname>DefaultStartLimitBurst=</varname></term>
345 <listitem><para>Configure the default
346 unit start rate limiting, as
347 configured per-service by
348 <varname>StartLimitInterval=</varname>
350 <varname>StartLimitBurst=</varname>. See
351 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
352 for details on the per-service
353 settings.</para></listitem>
357 <term><varname>DefaultEnvironment=</varname></term>
359 <listitem><para>Sets manager
360 environment variables passed to all
361 executed processes. Takes a
362 space-separated list of variable
364 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
365 for details about environment
370 <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
373 <literal>VAR1</literal>,
374 <literal>VAR2</literal>,
375 <literal>VAR3</literal>.</para></listitem>
379 <term><varname>DefaultCPUAccounting=</varname></term>
380 <term><varname>DefaultBlockIOAccounting=</varname></term>
381 <term><varname>DefaultMemoryAccounting=</varname></term>
383 <listitem><para>Configure the default
384 resource accounting settings, as
385 configured per-unit by
386 <varname>CPUAccounting=</varname>,
387 <varname>BlockIOAccounting=</varname>
389 <varname>MemoryAccounting=</varname>. See
390 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
391 for details on the per-unit
392 settings.</para></listitem>
396 <term><varname>DefaultLimitCPU=</varname></term>
397 <term><varname>DefaultLimitFSIZE=</varname></term>
398 <term><varname>DefaultLimitDATA=</varname></term>
399 <term><varname>DefaultLimitSTACK=</varname></term>
400 <term><varname>DefaultLimitCORE=</varname></term>
401 <term><varname>DefaultLimitRSS=</varname></term>
402 <term><varname>DefaultLimitNOFILE=</varname></term>
403 <term><varname>DefaultLimitAS=</varname></term>
404 <term><varname>DefaultLimitNPROC=</varname></term>
405 <term><varname>DefaultLimitMEMLOCK=</varname></term>
406 <term><varname>DefaultLimitLOCKS=</varname></term>
407 <term><varname>DefaultLimitSIGPENDING=</varname></term>
408 <term><varname>DefaultLimitMSGQUEUE=</varname></term>
409 <term><varname>DefaultLimitNICE=</varname></term>
410 <term><varname>DefaultLimitRTPRIO=</varname></term>
411 <term><varname>DefaultLimitRTTIME=</varname></term>
413 <listitem><para>These settings control
414 various default resource limits for
416 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
417 for details. Use the string
418 <varname>infinity</varname> to
419 configure no limit on a specific
420 resource. These settings may be
421 overridden in individual units
422 using the corresponding LimitXXX=
423 directives. Note that these resource
424 limits are only defaults for units,
425 they are not applied to PID 1
426 itself.</para></listitem>
432 <title>See Also</title>
434 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
435 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
436 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
437 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
438 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
439 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>