chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
mount: Allow creating mount units for /var/lib/nfs/rpc_pipefs and /proc/fs/nfsd.
[elogind.git] / man / systemd.exec.xml
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 7c8005c9c000de3d6d4d80d8ba67bf2f79a8cc31..5b0d2ce37b74de68d5d355912b904c9913a32833 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -50,29 +50,32 @@
         <refsynopsisdiv>
                 <para><filename>systemd.service</filename>,
                 <filename>systemd.socket</filename>,
         <refsynopsisdiv>
                 <para><filename>systemd.service</filename>,
                 <filename>systemd.socket</filename>,
-                <filename>systemd.mount</filename></para>
+                <filename>systemd.mount</filename>,
+                <filename>systemd.swap</filename></para>
         </refsynopsisdiv>
 
         <refsect1>
                 <title>Description</title>
 
                 <para>Unit configuration files for services, sockets
         </refsynopsisdiv>
 
         <refsect1>
                 <title>Description</title>
 
                 <para>Unit configuration files for services, sockets
-                and mount points share a subset of configuration
-                options which define the execution environment of
-                spawned processes.</para>
+                mount points and swap devices share a subset of
+                configuration options which define the execution
+                environment of spawned processes.</para>
 
                 <para>This man page lists the configuration options
                 shared by these three unit types. See
                 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                 for the common options of all unit configuration
                 files, and
 
                 <para>This man page lists the configuration options
                 shared by these three unit types. See
                 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                 for the common options of all unit configuration
                 files, and
-                <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                 and
                 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                 for more information on the specific unit
                 configuration files. The execution specific
                 configuration options are configured in the [Service],
                 and
                 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                 for more information on the specific unit
                 configuration files. The execution specific
                 configuration options are configured in the [Service],
-                [Socket] resp. [Mount] section, depending on the unit
+                [Socket], [Mount] resp. [Swap] section, depending on the unit
                 type.</para>
         </refsect1>
 
                 type.</para>
         </refsect1>
 
@@ -275,8 +278,23 @@
                                 contain new-line separated variable
                                 assignments. Empty lines and lines
                                 starting with ; or # will be ignored,
                                 contain new-line separated variable
                                 assignments. Empty lines and lines
                                 starting with ; or # will be ignored,
-                                which may be used for
-                                commenting.</para></listitem>
+                                which may be used for commenting. The
+                                argument passed should be an absolute
+                                file name, optionally prefixed with
+                                "-", which indicates that if the file
+                                does not exist it won't be read and no
+                                error or warning message is
+                                logged. The files listed with this
+                                directive will be read shortly before
+                                the process is executed. Settings from
+                                these files override settings made
+                                with
+                                <varname>Environment=</varname>. If
+                                the same variable is set twice from
+                                these files the files will be read in
+                                the order they are specified and the
+                                later setting will override the
+                                earlier setting. </para></listitem>
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
@@ -342,7 +360,9 @@
                                 <option>null</option>,
                                 <option>tty</option>,
                                 <option>syslog</option>,
                                 <option>null</option>,
                                 <option>tty</option>,
                                 <option>syslog</option>,
-                                <option>kmsg</option> or
+                                <option>kmsg</option>,
+                                <option>kmsg+console</option>,
+                                <option>syslog+console</option> or
                                 <option>socket</option>. If set to
                                 <option>inherit</option> the file
                                 descriptor of standard input is
                                 <option>socket</option>. If set to
                                 <option>inherit</option> the file
                                 descriptor of standard input is
@@ -366,9 +386,13 @@
                                 system logger. <option>kmsg</option>
                                 connects it with the kernel log buffer
                                 which is accessible via
                                 system logger. <option>kmsg</option>
                                 connects it with the kernel log buffer
                                 which is accessible via
-                                <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>socket</option>
-                                connects standard output to a socket
-                                from socket activation, semantics are
+                                <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>syslog+console</option>
+                                and <option>kmsg+console</option> work
+                                similarly but copy the output to the
+                                system console as
+                                well. <option>socket</option> connects
+                                standard output to a socket from
+                                socket activation, semantics are
                                 similar to the respective option of
                                 <varname>StandardInput=</varname>.
                                 This setting defaults to
                                 similar to the respective option of
                                 <varname>StandardInput=</varname>.
                                 This setting defaults to
@@ -382,7 +406,7 @@
                                 available options are identical to
                                 those of
                                 <varname>StandardOutput=</varname>,
                                 available options are identical to
                                 those of
                                 <varname>StandardOutput=</varname>,
-                                whith one exception: if set to
+                                with one exception: if set to
                                 <option>inherit</option> the file
                                 descriptor used for standard output is
                                 duplicated for standard error. This
                                 <option>inherit</option> the file
                                 descriptor used for standard output is
                                 duplicated for standard error. This
@@ -398,7 +422,7 @@
                                 <filename>/dev/console</filename>.</para></listitem>
                         </varlistentry>
                         <varlistentry>
                                 <filename>/dev/console</filename>.</para></listitem>
                         </varlistentry>
                         <varlistentry>
-                                <term><varname>SyslogIdentifer=</varname></term>
+                                <term><varname>SyslogIdentifier=</varname></term>
                                 <listitem><para>Sets the process name
                                 to prefix log lines sent to syslog or
                                 the kernel log buffer with. If not set
                                 <listitem><para>Sets the process name
                                 to prefix log lines sent to syslog or
                                 the kernel log buffer with. If not set
@@ -534,7 +558,10 @@
                                 various resource limits for executed
                                 processes. See
                                 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
                                 various resource limits for executed
                                 processes. See
                                 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
-                                for details.</para></listitem>
+                                for details. Use the string
+                                <varname>infinity</varname> to
+                                configure no limit on a specific
+                                resource.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
@@ -573,16 +600,34 @@
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
-                                <term><varname>Capabilities=</varname></term>
-                                <listitem><para>Controls the
+                                <term><varname>CapabilityBoundingSet=</varname></term>
+
+                                <listitem><para>Controls which
+                                capabilities to include in the
+                                capability bounding set for the
+                                executed process. See
                                 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
                                 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
-                                set for the executed process. Take a
-                                capability string as described in
-                                <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
-                                Note that this capability set is
-                                usually influenced by the capabilities
-                                attached to the executed
-                                file.</para></listitem>
+                                for details. Takes a whitespace
+                                seperated list of capability names as
+                                read by
+                                <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+                                Capabilities listed will be included
+                                in the bounding set, all others are
+                                removed. If the list of capabilities
+                                is prefixed with ~ all but the listed
+                                capabilities will be included, the
+                                effect of this assignment
+                                inverted. Note that this option does
+                                not actually set or unset any
+                                capabilities in the effective,
+                                permitted or inherited capability
+                                sets. That's what
+                                <varname>Capabilities=</varname> is
+                                for. If this option is not used the
+                                capability bounding set is not
+                                modified on process execution, hence
+                                no limits on the capabilities of the
+                                process are enforced.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
@@ -601,16 +646,21 @@
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
-                                <term><varname>CapabilityBoundingSetDrop=</varname></term>
-
+                                <term><varname>Capabilities=</varname></term>
                                 <listitem><para>Controls the
                                 <listitem><para>Controls the
-                                capability bounding set drop set for
-                                the executed process. See
                                 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
                                 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
-                                for details. Takes a list of
-                                capability names as read by
-                                <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
-                                </para></listitem>
+                                set for the executed process. Take a
+                                capability string describing the
+                                effective, permitted and inherited
+                                capability sets as documented in
+                                <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+                                Note that these capability sets are
+                                usually influenced by the capabilities
+                                attached to the executed file. Due to
+                                that
+                                <varname>CapabilityBoundingSet=</varname>
+                                is probably the much more useful
+                                setting.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
@@ -678,7 +728,7 @@
                                 restricting access with these options
                                 does not extend to submounts of a
                                 directory. You must list submounts
                                 restricting access with these options
                                 does not extend to submounts of a
                                 directory. You must list submounts
-                                separately in these setttings to
+                                separately in these settings to
                                 ensure the same limited access. These
                                 options may be specified more than
                                 once in which case all directories
                                 ensure the same limited access. These
                                 options may be specified more than
                                 once in which case all directories
@@ -761,6 +811,7 @@
                           <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                           <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                           <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                           <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                           <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                           <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                           <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                   </para>
         </refsect1>
                           <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                   </para>
         </refsect1>
Unnamed repository; edit this file 'description' to name the repository.