1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="systemd.exec">
27 <title>systemd.exec</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>systemd.exec</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>systemd.exec</refname>
47 <refpurpose>systemd execution environment configuration</refpurpose>
51 <para><filename>systemd.service</filename>,
52 <filename>systemd.socket</filename>,
53 <filename>systemd.mount</filename>,
54 <filename>systemd.swap</filename></para>
58 <title>Description</title>
60 <para>Unit configuration files for services, sockets,
61 mount points and swap devices share a subset of
62 configuration options which define the execution
63 environment of spawned processes.</para>
65 <para>This man page lists the configuration options
66 shared by these four unit types. See
67 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
68 for the common options of all unit configuration
70 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
71 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
72 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>
74 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
75 for more information on the specific unit
76 configuration files. The execution specific
77 configuration options are configured in the [Service],
78 [Socket], [Mount] resp. [Swap] section, depending on the unit
83 <title>Options</title>
88 <term><varname>WorkingDirectory=</varname></term>
90 <listitem><para>Takes an absolute
91 directory path. Sets the working
92 directory for executed
93 processes.</para></listitem>
97 <term><varname>RootDirectory=</varname></term>
99 <listitem><para>Takes an absolute
100 directory path. Sets the root
101 directory for executed processes, with
103 <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
104 system call. If this is used it must
105 be ensured that the process and all
106 its auxiliary files are available in
107 the <function>chroot()</function>
108 jail.</para></listitem>
112 <term><varname>User=</varname></term>
113 <term><varname>Group=</varname></term>
115 <listitem><para>Sets the Unix user
116 resp. group the processes are executed
117 as. Takes a single user resp. group
118 name or ID as argument. If no group is
119 set the default group of the user is
120 chosen.</para></listitem>
124 <term><varname>SupplementaryGroups=</varname></term>
126 <listitem><para>Sets the supplementary
127 Unix groups the processes are executed
128 as. This takes a space separated list
129 of group names or IDs. This option may
130 be specified more than once in which
131 case all listed groups are set as
132 supplementary groups. This option does
133 not override but extends the list of
134 supplementary groups configured in the
135 system group database for the
136 user.</para></listitem>
140 <term><varname>Nice=</varname></term>
142 <listitem><para>Sets the default nice
143 level (scheduling priority) for
144 executed processes. Takes an integer
145 between -20 (highest priority) and 19
146 (lowest priority). See
147 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
148 for details.</para></listitem>
152 <term><varname>OOMScoreAdjust=</varname></term>
154 <listitem><para>Sets the adjustment
155 level for the Out-Of-Memory killer for
156 executed processes. Takes an integer
157 between -1000 (to disable OOM killing
158 for this process) and 1000 (to make
159 killing of this process under memory
160 pressure very likely). See <ulink
161 url="http://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
162 for details.</para></listitem>
166 <term><varname>IOSchedulingClass=</varname></term>
168 <listitem><para>Sets the IO scheduling
169 class for executed processes. Takes an
170 integer between 0 and 3 or one of the
171 strings <option>none</option>,
172 <option>realtime</option>,
173 <option>best-effort</option> or
174 <option>idle</option>. See
175 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
176 for details.</para></listitem>
180 <term><varname>IOSchedulingPriority=</varname></term>
182 <listitem><para>Sets the IO scheduling
183 priority for executed processes. Takes
184 an integer between 0 (highest
185 priority) and 7 (lowest priority). The
186 available priorities depend on the
187 selected IO scheduling class (see
189 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
190 for details.</para></listitem>
194 <term><varname>CPUSchedulingPolicy=</varname></term>
196 <listitem><para>Sets the CPU
197 scheduling policy for executed
198 processes. Takes one of
199 <option>other</option>,
200 <option>batch</option>,
201 <option>idle</option>,
202 <option>fifo</option> or
203 <option>rr</option>. See
204 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
205 for details.</para></listitem>
209 <term><varname>CPUSchedulingPriority=</varname></term>
211 <listitem><para>Sets the CPU
212 scheduling priority for executed
213 processes. Takes an integer between 1
214 (lowest priority) and 99 (highest
215 priority). The available priority
216 range depends on the selected CPU
217 scheduling policy (see above). See
218 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
219 for details.</para></listitem>
223 <term><varname>CPUSchedulingResetOnFork=</varname></term>
225 <listitem><para>Takes a boolean
226 argument. If true elevated CPU
227 scheduling priorities and policies
228 will be reset when the executed
229 processes fork, and can hence not leak
230 into child processes. See
231 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
232 for details. Defaults to false.</para></listitem>
236 <term><varname>CPUAffinity=</varname></term>
238 <listitem><para>Controls the CPU
239 affinity of the executed
240 processes. Takes a space-separated
241 list of CPU indexes. See
242 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
243 for details.</para></listitem>
247 <term><varname>UMask=</varname></term>
249 <listitem><para>Controls the file mode
250 creation mask. Takes an access mode in
252 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
253 for details. Defaults to
254 0022.</para></listitem>
258 <term><varname>Environment=</varname></term>
260 <listitem><para>Sets environment
261 variables for executed
262 processes. Takes a space-separated
263 list of variable assignments. This
264 option may be specified more than once
265 in which case all listed variables
266 will be set. If the same variable is
267 set twice the later setting will
268 override the earlier setting. See
269 <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
270 for details.</para></listitem>
273 <term><varname>EnvironmentFile=</varname></term>
274 <listitem><para>Similar to
275 <varname>Environment=</varname> but
276 reads the environment variables from a
277 text file. The text file should
278 contain new-line separated variable
279 assignments. Empty lines and lines
280 starting with ; or # will be ignored,
281 which may be used for commenting. The
282 argument passed should be an absolute
283 file name, optionally prefixed with
284 "-", which indicates that if the file
285 does not exist it won't be read and no
286 error or warning message is
287 logged. The files listed with this
288 directive will be read shortly before
289 the process is executed. Settings from
290 these files override settings made
292 <varname>Environment=</varname>. If
293 the same variable is set twice from
294 these files the files will be read in
295 the order they are specified and the
296 later setting will override the
297 earlier setting. </para></listitem>
301 <term><varname>StandardInput=</varname></term>
302 <listitem><para>Controls where file
303 descriptor 0 (STDIN) of the executed
304 processes is connected to. Takes one
305 of <option>null</option>,
306 <option>tty</option>,
307 <option>tty-force</option>,
308 <option>tty-fail</option> or
309 <option>socket</option>. If
310 <option>null</option> is selected
311 standard input will be connected to
312 <filename>/dev/null</filename>,
313 i.e. all read attempts by the process
314 will result in immediate EOF. If
315 <option>tty</option> is selected
316 standard input is connected to a TTY
318 <varname>TTYPath=</varname>, see
319 below) and the executed process
320 becomes the controlling process of the
321 terminal. If the terminal is already
322 being controlled by another process the
323 executed process waits until the current
324 controlling process releases the
326 <option>tty-force</option>
327 is similar to <option>tty</option>,
328 but the executed process is forcefully
329 and immediately made the controlling
330 process of the terminal, potentially
331 removing previous controlling
333 terminal. <option>tty-fail</option> is
334 similar to <option>tty</option> but if
335 the terminal already has a controlling
336 process start-up of the executed
338 <option>socket</option> option is only
339 valid in socket-activated services,
340 and only when the socket configuration
342 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
343 for details) specifies a single socket
344 only. If this option is set standard
345 input will be connected to the socket
346 the service was activated from, which
347 is primarily useful for compatibility
348 with daemons designed for use with the
350 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
351 daemon. This setting defaults to
352 <option>null</option>.</para></listitem>
355 <term><varname>StandardOutput=</varname></term>
356 <listitem><para>Controls where file
357 descriptor 1 (STDOUT) of the executed
358 processes is connected to. Takes one
359 of <option>inherit</option>,
360 <option>null</option>,
361 <option>tty</option>,
362 <option>syslog</option>,
363 <option>kmsg</option>,
364 <option>kmsg+console</option>,
365 <option>syslog+console</option> or
366 <option>socket</option>. If set to
367 <option>inherit</option> the file
368 descriptor of standard input is
369 duplicated for standard output. If set
370 to <option>null</option> standard
371 output will be connected to
372 <filename>/dev/null</filename>,
373 i.e. everything written to it will be
374 lost. If set to <option>tty</option>
375 standard output will be connected to a
376 tty (as configured via
377 <varname>TTYPath=</varname>, see
378 below). If the TTY is used for output
379 only the executed process will not
380 become the controlling process of the
381 terminal, and will not fail or wait
382 for other processes to release the
383 terminal. <option>syslog</option>
384 connects standard output to the
385 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
387 service. <option>kmsg</option>
388 connects it with the kernel log buffer
389 which is accessible via
390 <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>syslog+console</option>
391 and <option>kmsg+console</option> work
392 similarly but copy the output to the
394 well. <option>socket</option> connects
395 standard output to a socket from
396 socket activation, semantics are
397 similar to the respective option of
398 <varname>StandardInput=</varname>.
399 This setting defaults to the value set
401 <option>DefaultStandardOutput=</option>
403 <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
405 <option>syslog</option>.</para></listitem>
408 <term><varname>StandardError=</varname></term>
409 <listitem><para>Controls where file
410 descriptor 2 (STDERR) of the executed
411 processes is connected to. The
412 available options are identical to
414 <varname>StandardOutput=</varname>,
415 with one exception: if set to
416 <option>inherit</option> the file
417 descriptor used for standard output is
418 duplicated for standard error. This
419 setting defaults to the value set with
420 <option>DefaultStandardError=</option>
422 <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
424 <option>inherit</option>.</para></listitem>
427 <term><varname>TTYPath=</varname></term>
428 <listitem><para>Sets the terminal
429 device node to use if standard input,
430 output or stderr are connected to a
431 TTY (see above). Defaults to
432 <filename>/dev/console</filename>.</para></listitem>
435 <term><varname>TTYReset=</varname></term>
436 <listitem><para>Reset the terminal
437 device specified with
438 <varname>TTYPath=</varname> before and
439 after execution. Defaults to
440 <literal>no</literal>.</para></listitem>
443 <term><varname>TTYVHangup=</varname></term>
444 <listitem><para>Disconnect all clients
445 which have opened the terminal device
447 <varname>TTYPath=</varname>
448 before and after execution. Defaults
450 <literal>no</literal>.</para></listitem>
453 <term><varname>TTYVTDisallocate=</varname></term>
454 <listitem><para>If the the terminal
455 device specified with
456 <varname>TTYPath=</varname> is a
457 virtual console terminal try to
458 deallocate the TTY before and after
459 execution. This ensures that the
460 screen and scrollback buffer is
462 <literal>no</literal>.</para></listitem>
465 <term><varname>SyslogIdentifier=</varname></term>
466 <listitem><para>Sets the process name
467 to prefix log lines sent to syslog or
468 the kernel log buffer with. If not set
469 defaults to the process name of the
470 executed process. This option is only
472 <varname>StandardOutput=</varname> or
473 <varname>StandardError=</varname> are
474 set to <option>syslog</option> or
475 <option>kmsg</option>.</para></listitem>
478 <term><varname>SyslogFacility=</varname></term>
479 <listitem><para>Sets the syslog
480 facility to use when logging to
481 syslog. One of <option>kern</option>,
482 <option>user</option>,
483 <option>mail</option>,
484 <option>daemon</option>,
485 <option>auth</option>,
486 <option>syslog</option>,
487 <option>lpr</option>,
488 <option>news</option>,
489 <option>uucp</option>,
490 <option>cron</option>,
491 <option>authpriv</option>,
492 <option>ftp</option>,
493 <option>local0</option>,
494 <option>local1</option>,
495 <option>local2</option>,
496 <option>local3</option>,
497 <option>local4</option>,
498 <option>local5</option>,
499 <option>local6</option> or
500 <option>local7</option>. See
501 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
502 for details. This option is only
504 <varname>StandardOutput=</varname> or
505 <varname>StandardError=</varname> are
506 set to <option>syslog</option>.
508 <option>daemon</option>.</para></listitem>
511 <term><varname>SyslogLevel=</varname></term>
512 <listitem><para>Default syslog level
513 to use when logging to syslog or the
514 kernel log buffer. One of
515 <option>emerg</option>,
516 <option>alert</option>,
517 <option>crit</option>,
518 <option>err</option>,
519 <option>warning</option>,
520 <option>notice</option>,
521 <option>info</option>,
522 <option>debug</option>. See
523 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
524 for details. This option is only
526 <varname>StandardOutput=</varname> or
527 <varname>StandardError=</varname> are
528 set to <option>syslog</option> or
529 <option>kmsg</option>. Note that
530 individual lines output by the daemon
531 might be prefixed with a different log
532 level which can be used to override
533 the default log level specified
534 here. The interpretation of these
535 prefixes may be disabled with
536 <varname>SyslogLevelPrefix=</varname>,
537 see below. For details see
538 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
541 <option>info</option>.</para></listitem>
545 <term><varname>SyslogLevelPrefix=</varname></term>
546 <listitem><para>Takes a boolean
547 argument. If true and
548 <varname>StandardOutput=</varname> or
549 <varname>StandardError=</varname> are
550 set to <option>syslog</option> or
551 <option>kmsg</option> log lines
552 written by the executed process that
553 are prefixed with a log level will be
554 passed on to syslog with this log
555 level set but the prefix removed. If
556 set to false, the interpretation of
557 these prefixes is disabled and the
558 logged lines are passed on as-is. For
559 details about this prefixing see
560 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
561 Defaults to true.</para></listitem>
565 <term><varname>TimerSlackNSec=</varname></term>
566 <listitem><para>Sets the timer slack
567 in nanoseconds for the executed
568 processes. The timer slack controls the
569 accuracy of wake-ups triggered by
571 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
572 for more information. Note that in
573 contrast to most other time span
574 definitions this parameter takes an
575 integer value in nano-seconds and does
576 not understand any other
577 units.</para></listitem>
581 <term><varname>LimitCPU=</varname></term>
582 <term><varname>LimitFSIZE=</varname></term>
583 <term><varname>LimitDATA=</varname></term>
584 <term><varname>LimitSTACK=</varname></term>
585 <term><varname>LimitCORE=</varname></term>
586 <term><varname>LimitRSS=</varname></term>
587 <term><varname>LimitNOFILE=</varname></term>
588 <term><varname>LimitAS=</varname></term>
589 <term><varname>LimitNPROC=</varname></term>
590 <term><varname>LimitMEMLOCK=</varname></term>
591 <term><varname>LimitLOCKS=</varname></term>
592 <term><varname>LimitSIGPENDING=</varname></term>
593 <term><varname>LimitMSGQUEUE=</varname></term>
594 <term><varname>LimitNICE=</varname></term>
595 <term><varname>LimitRTPRIO=</varname></term>
596 <term><varname>LimitRTTIME=</varname></term>
597 <listitem><para>These settings control
598 various resource limits for executed
600 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
601 for details. Use the string
602 <varname>infinity</varname> to
603 configure no limit on a specific
604 resource.</para></listitem>
608 <term><varname>PAMName=</varname></term>
609 <listitem><para>Sets the PAM service
610 name to set up a session as. If set
611 the executed process will be
612 registered as a PAM session under the
613 specified service name. This is only
614 useful in conjunction with the
615 <varname>User=</varname> setting. If
616 not set no PAM session will be opened
617 for the executed processes. See
618 <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
619 for details.</para></listitem>
623 <term><varname>TCPWrapName=</varname></term>
624 <listitem><para>If this is a
625 socket-activated service this sets the
626 tcpwrap service name to check the
627 permission for the current connection
628 with. This is only useful in
629 conjunction with socket-activated
630 services, and stream sockets (TCP) in
631 particular. It has no effect on other
632 socket types (e.g. datagram/UDP) and on processes
633 unrelated to socket-based
634 activation. If the tcpwrap
635 verification fails daemon start-up
636 will fail and the connection is
638 <citerefentry><refentrytitle>tcpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
639 for details.</para></listitem>
643 <term><varname>CapabilityBoundingSet=</varname></term>
645 <listitem><para>Controls which
646 capabilities to include in the
647 capability bounding set for the
648 executed process. See
649 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
650 for details. Takes a whitespace
651 separated list of capability names as
653 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
654 Capabilities listed will be included
655 in the bounding set, all others are
656 removed. If the list of capabilities
657 is prefixed with ~ all but the listed
658 capabilities will be included, the
659 effect of the assignment
660 inverted. Note that this option does
661 not actually set or unset any
662 capabilities in the effective,
663 permitted or inherited capability
665 <varname>Capabilities=</varname> is
666 for. If this option is not used the
667 capability bounding set is not
668 modified on process execution, hence
669 no limits on the capabilities of the
670 process are enforced.</para></listitem>
674 <term><varname>SecureBits=</varname></term>
675 <listitem><para>Controls the secure
676 bits set for the executed process. See
677 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
678 for details. Takes a list of strings:
679 <option>keep-caps</option>,
680 <option>keep-caps-locked</option>,
681 <option>no-setuid-fixup</option>,
682 <option>no-setuid-fixup-locked</option>,
683 <option>noroot</option> and/or
684 <option>noroot-locked</option>.
689 <term><varname>Capabilities=</varname></term>
690 <listitem><para>Controls the
691 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
692 set for the executed process. Take a
693 capability string describing the
694 effective, permitted and inherited
695 capability sets as documented in
696 <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
697 Note that these capability sets are
698 usually influenced by the capabilities
699 attached to the executed file. Due to
701 <varname>CapabilityBoundingSet=</varname>
702 is probably the much more useful
703 setting.</para></listitem>
707 <term><varname>ControlGroup=</varname></term>
709 <listitem><para>Controls the control
710 groups the executed processes shall be
711 made members of. Takes a
712 space-separated list of cgroup
713 identifiers. A cgroup identifier has a
715 <filename>cpu:/foo/bar</filename>,
716 where "cpu" identifies the kernel
717 control group controller used, and
718 <filename>/foo/bar</filename> is the
719 control group path. The controller
720 name and ":" may be omitted in which
721 case the named systemd control group
722 hierarchy is implied. Alternatively,
723 the path and ":" may be omitted, in
724 which case the default control group
725 path for this unit is implied. This
726 option may be used to place executed
727 processes in arbitrary groups in
728 arbitrary hierarchies -- which can be
729 configured externally with additional
730 execution limits. By default systemd
731 will place all executed processes in
732 separate per-unit control groups
733 (named after the unit) in the systemd
734 named hierarchy. Since every process
735 can be in one group per hierarchy only
736 overriding the control group path in
737 the named systemd hierarchy will
738 disable automatic placement in the
739 default group. This option is
740 primarily intended to place executed
741 processes in specific paths in
742 specific kernel controller
743 hierarchies. It is however not
744 recommended to manipulate the service
745 control group path in the systemd
746 named hierarchy. For details about
747 control groups see <ulink
748 url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>.</para></listitem>
752 <term><varname>ControlGroupModify=</varname></term>
753 <listitem><para>Takes a boolean
754 argument. If true, the control groups
755 created for this unit will be owned by
756 the user specified with
757 <varname>User=</varname> (and the
758 appropriate group), and he/she can create
759 subgroups as well as add processes to
760 the group.</para></listitem>
764 <term><varname>ControlGroupAttribute=</varname></term>
766 <listitem><para>Set a specific control
767 group attribute for executed
768 processes, and (if needed) add the the
769 executed processes to a cgroup in the
770 hierarchy of the controller the
771 attribute belongs to. Takes two
772 space-separated arguments: the
773 attribute name (syntax is
774 <literal>cpu.shares</literal> where
775 <literal>cpu</literal> refers to a
776 specific controller and
777 <literal>shares</literal> to the
778 attribute name), and the attribute
780 <literal>ControlGroupAttribute=cpu.shares
781 512</literal>. If this option is used
782 for an attribute that belongs to a
783 kernel controller hierarchy the unit
784 is not already configured to be added
785 to (for example via the
786 <literal>ControlGroup=</literal>
787 option) then the unit will be added to
788 the controller and the default unit
789 cgroup path is implied. Thus, using
790 <varname>ControlGroupAttribute=</varname>
791 is in most case sufficient to make use
792 of control group enforcements,
794 <varname>ControlGroup=</varname> are
795 only necessary in case the implied
796 default control group path for a
797 service is not desirable. For details
798 about control group attributes see
800 url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>. This
801 option may appear more than once, in
802 order to set multiple control group
803 attributes.</para></listitem>
807 <term><varname>CPUShares=</varname></term>
809 <listitem><para>Assign the specified
810 overall CPU time shares to the
811 processes executed. Takes an integer
812 value. This controls the
813 <literal>cpu.shares</literal> control
814 group attribute, which defaults to
815 1024. For details about this control
816 group attribute see <ulink
817 url="http://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.</para></listitem>
821 <term><varname>MemoryLimit=</varname></term>
822 <term><varname>MemorySoftLimit=</varname></term>
824 <listitem><para>Limit the overall memory usage
825 of the executed processes to a certain
826 size. Takes a memory size in bytes. If
827 the value is suffixed with K, M, G or
828 T the specified memory size is parsed
829 as Kilobytes, Megabytes, Gigabytes,
830 resp. Terabytes (to the base
831 1024). This controls the
832 <literal>memory.limit_in_bytes</literal>
834 <literal>memory.soft_limit_in_bytes</literal>
835 control group attributes. For details
836 about these control group attributes
838 url="http://www.kernel.org/doc/Documentation/cgroups/memory.txt">memory.txt</ulink>.</para></listitem>
842 <term><varname>DeviceAllow=</varname></term>
843 <term><varname>DeviceDeny=</varname></term>
845 <listitem><para>Control access to
846 specific device nodes by the executed processes. Takes two
847 space separated strings: a device node
849 <filename>/dev/null</filename>)
850 followed by a combination of r, w, m
851 to control reading, writing resp.
852 creating of the specific device node
853 by the unit. This controls the
854 <literal>devices.allow</literal>
856 <literal>devices.deny</literal>
857 control group attributes. For details
858 about these control group attributes
860 url="http://www.kernel.org/doc/Documentation/cgroups/devices.txt">devices.txt</ulink>.</para></listitem>
864 <term><varname>BlockIOWeight=</varname></term>
866 <listitem><para>Set the default or
867 per-device overall block IO weight
868 value for the executed
869 processes. Takes either a single
870 weight value (between 10 and 1000) to
871 set the default block IO weight, or a
872 space separated pair of a file path
873 and a weight value to specify the
874 device specific weight value (Example:
875 "/dev/sda 500"). The file path may be
876 specified as path to a block device
877 node or as any other file in which
878 case the backing block device of the
879 file system of the file is
880 determined. This controls the
881 <literal>blkio.weight</literal> and
882 <literal>blkio.weight_device</literal>
883 control group attributes, which
884 default to 1000. Use this option
885 multiple times to set weights for
886 multiple devices. For details about
887 these control group attributes see
889 url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
893 <term><varname>BlockIOReadBandwidth=</varname></term>
894 <term><varname>BlockIOWriteBandwidth=</varname></term>
896 <listitem><para>Set the per-device
897 overall block IO bandwith limit for
898 the executed processes. Takes a space
899 separated pair of a file path and a
900 bandwith value (in bytes per second)
901 to specify the device specific
902 bandwidth. The file path may be
903 specified as path to a block device
904 node or as any other file in which
905 case the backing block device of the
906 file system of the file is determined.
907 If the bandwith is suffixed with K, M,
908 G, or T the specified bandwith is
909 parsed as Kilobytes, Megabytes,
910 Gigabytes, resp. Terabytes (Example:
911 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
912 5M"). This controls the
913 <literal>blkio.read_bps_device</literal>
915 <literal>blkio.write_bps_device</literal>
916 control group attributes. Use this
917 option multiple times to set bandwith
918 limits for multiple devices. For
919 details about these control group
920 attributes see <ulink
921 url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
925 <term><varname>ReadWriteDirectories=</varname></term>
926 <term><varname>ReadOnlyDirectories=</varname></term>
927 <term><varname>InaccessibleDirectories=</varname></term>
929 <listitem><para>Sets up a new
930 file-system name space for executed
931 processes. These options may be used
932 to limit access a process might have
933 to the main file-system
934 hierarchy. Each setting takes a
935 space-separated list of absolute
936 directory paths. Directories listed in
937 <varname>ReadWriteDirectories=</varname>
938 are accessible from within the
939 namespace with the same access rights
940 as from outside. Directories listed in
941 <varname>ReadOnlyDirectories=</varname>
942 are accessible for reading only,
943 writing will be refused even if the
944 usual file access controls would
945 permit this. Directories listed in
946 <varname>InaccessibleDirectories=</varname>
947 will be made inaccessible for processes
948 inside the namespace. Note that
949 restricting access with these options
950 does not extend to submounts of a
951 directory. You must list submounts
952 separately in these settings to
953 ensure the same limited access. These
954 options may be specified more than
955 once in which case all directories
956 listed will have limited access from
958 namespace.</para></listitem>
962 <term><varname>PrivateTmp=</varname></term>
964 <listitem><para>Takes a boolean
965 argument. If true sets up a new file
966 system namespace for the executed
967 processes and mounts a private
968 <filename>/tmp</filename> directory
969 inside it, that is not shared by
970 processes outside of the
971 namespace. This is useful to secure
972 access to temporary files of the
973 process, but makes sharing between
975 <filename>/tmp</filename>
976 impossible. Defaults to
977 false.</para></listitem>
981 <term><varname>PrivateNetwork=</varname></term>
983 <listitem><para>Takes a boolean
984 argument. If true sets up a new
985 network namespace for the executed
986 processes and configures only the
987 loopback network device
988 <literal>lo</literal> inside it. No
989 other network devices will be
990 available to the executed process.
991 This is useful to securely turn off
992 network access by the executed
994 false.</para></listitem>
998 <term><varname>MountFlags=</varname></term>
1000 <listitem><para>Takes a mount
1002 <option>shared</option>,
1003 <option>slave</option> or
1004 <option>private</option>, which
1005 control whether namespaces set up with
1006 <varname>ReadWriteDirectories=</varname>,
1007 <varname>ReadOnlyDirectories=</varname>
1009 <varname>InaccessibleDirectories=</varname>
1010 receive or propagate new mounts
1011 from/to the main namespace. See
1012 <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1013 for details. Defaults to
1014 <option>shared</option>, i.e. the new
1015 namespace will both receive new mount
1016 points from the main namespace as well
1017 as propagate new mounts to
1018 it.</para></listitem>
1022 <term><varname>UtmpIdentifier=</varname></term>
1024 <listitem><para>Takes a a four
1025 character identifier string for an
1026 utmp/wtmp entry for this service. This
1027 should only be set for services such
1028 as <command>getty</command>
1029 implementations where utmp/wtmp
1030 entries must be created and cleared
1031 before and after execution. If the
1032 configured string is longer than four
1033 characters it is truncated and the
1034 terminal four characters are
1035 used. This setting interprets %I style
1036 string replacements. This setting is
1037 unset by default, i.e. no utmp/wtmp
1038 entries are created or cleaned up for
1039 this service.</para></listitem>
1046 <title>See Also</title>
1048 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1049 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1050 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1051 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1052 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1053 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1054 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>