+
+ <varlistentry>
+ <term><varname>JoinControllers=cpu,cpuacct,cpuset net_cls,netprio</varname></term>
+
+ <listitem><para>Configures controllers
+ that shall be mounted in a single
+ hierarchy. By default systemd will
+ mount all controllers which are
+ enabled in the kernel in individual
+ hierarchies, with the exception of
+ those listed in this setting. Takes a
+ space separated list of comma
+ separated controller names, in order
+ to allow multiple joined
+ hierarchies. Defaults to
+ 'cpu,cpuacct'. Pass an empty string to
+ ensure that systemd mounts all
+ controllers in separate
+ hierarchies.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>RuntimeWatchdogSec=</varname></term>
+ <term><varname>ShutdownWatchdogSec=</varname></term>
+
+ <listitem><para>Configure the hardware
+ watchdog at runtime and at
+ reboot. Takes a timeout value in
+ seconds (or in other time units if
+ suffixed with <literal>ms</literal>,
+ <literal>min</literal>,
+ <literal>h</literal>,
+ <literal>d</literal>,
+ <literal>w</literal>). If
+ <varname>RuntimeWatchdogSec=</varname>
+ is set to a non-zero value the
+ watchdog hardware
+ (<filename>/dev/watchdog</filename>)
+ will be programmed to automatically
+ reboot the system if it is not
+ contacted within the specified timeout
+ interval. The system manager will
+ ensure to contact it at least once in
+ half the specified timeout
+ interval. This feature requires a
+ hardware watchdog device to be
+ present, as it is commonly the case in
+ embedded and server systems. Not all
+ hardware watchdogs allow configuration
+ of the reboot timeout, in which case
+ the closest available timeout is
+ picked. <varname>ShutdownWatchdogSec=</varname>
+ may be used to configure the hardware
+ watchdog when the system is asked to
+ reboot. It works as a safety net to
+ ensure that the reboot takes place
+ even if a clean reboot attempt times
+ out. By default
+ <varname>RuntimeWatchdogSec=</varname>
+ defaults to 0 (off), and
+ <varname>ShutdownWatchdogSec=</varname>
+ to 10min. These settings have no
+ effect if a hardware watchdog is not
+ available.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>CapabilityBoundingSet=</varname></term>
+
+ <listitem><para>Controls which
+ capabilities to include in the
+ capability bounding set for PID 1 and
+ its children. See
+ <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for details. Takes a whitespace
+ separated list of capability names as
+ read by
+ <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ Capabilities listed will be included
+ in the bounding set, all others are
+ removed. If the list of capabilities
+ is prefixed with ~ all but the listed
+ capabilities will be included, the
+ effect of the assignment
+ inverted. Note that this option also
+ affects the respective capabilities in
+ the effective, permitted and
+ inheritable capability sets. The
+ capability bounding set may also be
+ individually configured for units
+ using the
+ <varname>CapabilityBoundingSet=</varname>
+ directive for units, but note that
+ capabilities dropped for PID 1 cannot
+ be regained in individual units, they
+ are lost for good.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>TimerSlackNSec=</varname></term>
+
+ <listitem><para>Sets the timer slack
+ in nanoseconds for PID 1 which is then
+ inherited to all executed processes,
+ unless overridden individually, for
+ example with the
+ <varname>TimerSlackNSec=</varname>
+ setting in service units (for details
+ see
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
+ timer slack controls the accuracy of
+ wake-ups triggered by timers. See
+ <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+ for more information. Note that in
+ contrast to most other time span
+ definitions this parameter takes an
+ integer value in nano-seconds if no
+ unit is specified. The usual time
+ units are understood
+ too.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>DefaultLimitCPU=</varname></term>
+ <term><varname>DefaultLimitFSIZE=</varname></term>
+ <term><varname>DefaultLimitDATA=</varname></term>
+ <term><varname>DefaultLimitSTACK=</varname></term>
+ <term><varname>DefaultLimitCORE=</varname></term>
+ <term><varname>DefaultLimitRSS=</varname></term>
+ <term><varname>DefaultLimitNOFILE=</varname></term>
+ <term><varname>DefaultLimitAS=</varname></term>
+ <term><varname>DefaultLimitNPROC=</varname></term>
+ <term><varname>DefaultLimitMEMLOCK=</varname></term>
+ <term><varname>DefaultLimitLOCKS=</varname></term>
+ <term><varname>DefaultLimitSIGPENDING=</varname></term>
+ <term><varname>DefaultLimitMSGQUEUE=</varname></term>
+ <term><varname>DefaultLimitNICE=</varname></term>
+ <term><varname>DefaultLimitRTPRIO=</varname></term>
+ <term><varname>DefaultLimitRTTIME=</varname></term>
+
+ <listitem><para>These settings control
+ various default resource limits for
+ units. See
+ <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+ for details. Use the string
+ <varname>infinity</varname> to
+ configure no limit on a specific
+ resource. These settings may be
+ overridden in individual units
+ using the corresponding LimitXXX=
+ directives. Note that these resource
+ limits are only defaults for units,
+ they are not applied to PID 1
+ itself.</para></listitem>
+ </varlistentry>