along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
-<refentry id="systemd-system.conf">
+<refentry id="systemd-system.conf"
+ xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-system.conf</title>
<productname>systemd</productname>
<refnamediv>
<refname>systemd-system.conf</refname>
+ <refname>system.conf.d</refname>
<refname>systemd-user.conf</refname>
- <refpurpose>System and session service manager configuration file</refpurpose>
+ <refname>user.conf.d</refname>
+ <refpurpose>System and session service manager configuration files</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>/etc/systemd/system.conf</filename></para>
+ <para><filename>/etc/systemd/system.conf.d/*.conf</filename></para>
+ <para><filename>/run/systemd/system.conf.d/*.conf</filename></para>
+ <para><filename>/usr/lib/systemd/system.conf.d/*.conf</filename></para>
<para><filename>/etc/systemd/user.conf</filename></para>
+ <para><filename>/etc/systemd/user.conf.d/*.conf</filename></para>
+ <para><filename>/run/systemd/user.conf.d/*.conf</filename></para>
+ <para><filename>/usr/lib/systemd/user.conf.d/*.conf</filename></para>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
- <para>When run as system instance systemd reads the
- configuration file <filename>system.conf</filename>,
- otherwise <filename>user.conf</filename>. These
+ <para>When run as a system instance, systemd interprets the
+ configuration file <filename>system.conf</filename> and the
+ files in <filename>system.conf.d</filename> directories; when
+ run as a user instance, systemd interprets the configuration
+ file <filename>user.conf</filename> and the files in
+ <filename>user.conf.d</filename> directories. These
configuration files contain a few settings controlling
basic manager operations.</para>
-
</refsect1>
+ <xi:include href="standard-conf.xml" xpointer="confd" />
+ <xi:include href="standard-conf.xml" xpointer="conf" />
+
<refsect1>
<title>Options</title>
<listitem><para>Configures the initial
CPU affinity for the init
process. Takes a space-separated list
- of CPU indexes.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>DefaultControllers=cpu</varname></term>
-
- <listitem><para>Configures in which
- control group hierarchies to create
- per-service cgroups automatically, in
- addition to the
- <literal>name=systemd</literal> named
- hierarchy. Defaults to
- <literal>cpu</literal>. Takes a
- space-separated list of controller
- names. Pass the empty string to ensure
- that systemd does not touch any
- hierarchies but its own.</para>
-
- <para>Note that the default value of
- 'cpu' will make realtime scheduling
- unavailable to system services. See
- <ulink
- url="http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime">My
- Service Can't Get Realtime!</ulink>
- for more
- information.</para></listitem>
+ of CPU indices.</para></listitem>
</varlistentry>
<varlistentry>
- <term><varname>JoinControllers=cpu,cpuacct,cpuset net_cls,netprio</varname></term>
+ <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
<listitem><para>Configures controllers
that shall be mounted in a single
- hierarchy. By default systemd will
+ hierarchy. By default, systemd will
mount all controllers which are
enabled in the kernel in individual
hierarchies, with the exception of
necessary to rebuild the initrd if
this option is changed, and make sure
the new configuration file is included
- in it. Otherwise the initrd might
+ in it. Otherwise, the initrd might
mount the controller hierarchies in a
different configuration than intended,
and the main system cannot remount
<literal>d</literal>,
<literal>w</literal>). If
<varname>RuntimeWatchdogSec=</varname>
- is set to a non-zero value the
+ is set to a non-zero value, the
watchdog hardware
(<filename>/dev/watchdog</filename>)
will be programmed to automatically
capabilities to include in the
capability bounding set for PID 1 and
its children. See
- <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details. Takes a whitespace-separated
list of capability names as read by
<citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
Capabilities listed will be included
in the bounding set, all others are
removed. If the list of capabilities
- is prefixed with ~ all but the listed
+ is prefixed with ~, all but the listed
capabilities will be included, the
effect of the assignment
inverted. Note that this option also
are lost for good.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>SystemCallArchitectures=</varname></term>
+
+ <listitem><para>Takes a
+ space-separated list of architecture
+ identifiers. Selects from which
+ architectures system calls may be
+ invoked on this system. This may be
+ used as an effective way to disable
+ invocation of non-native binaries
+ system-wide, for example to prohibit
+ execution of 32-bit x86 binaries on
+ 64-bit x86-64 systems. This option
+ operates system-wide, and acts
+ similar to the
+ <varname>SystemCallArchitectures=</varname>
+ setting of unit files, see
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details. This setting defaults to
+ the empty list, in which case no
+ filtering of system calls based on
+ architecture is applied. Known
+ architecture identifiers are
+ <literal>x86</literal>,
+ <literal>x86-64</literal>,
+ <literal>x32</literal>,
+ <literal>arm</literal> and the special
+ identifier
+ <literal>native</literal>. The latter
+ implicitly maps to the native
+ architecture of the system (or more
+ specifically, the architecture the
+ system manager was compiled for). Set
+ this setting to
+ <literal>native</literal> to prohibit
+ execution of any non-native
+ binaries. When a binary executes a
+ system call of an architecture that is
+ not listed in this setting, it will be
+ immediately terminated with the SIGSYS
+ signal.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>TimerSlackNSec=</varname></term>
<listitem><para>Sets the timer slack
- in nanoseconds for PID 1 which is then
- inherited to all executed processes,
+ in nanoseconds for PID 1, which is
+ inherited by all executed processes,
unless overridden individually, for
example with the
<varname>TimerSlackNSec=</varname>
see
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
timer slack controls the accuracy of
- wake-ups triggered by timers. See
+ wake-ups triggered by system
+ timers. See
<citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for more information. Note that in
contrast to most other time span
too.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>DefaultTimerAccuracySec=</varname></term>
+
+ <listitem><para>Sets the default
+ accuracy of timer units. This controls
+ the global default for the
+ <varname>AccuracySec=</varname>
+ setting of timer units, see
+ <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for
+ details. <varname>AccuracySec=</varname>
+ set in individual units override the
+ global default for the specific
+ unit. Defaults to 1min. Note that the
+ accuracy of timer units is also
+ affected by the configured timer slack
+ for PID 1, see
+ <varname>TimerSlackNSec=</varname>
+ above.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>DefaultTimeoutStartSec=</varname></term>
+ <term><varname>DefaultTimeoutStopSec=</varname></term>
+ <term><varname>DefaultRestartSec=</varname></term>
+
+ <listitem><para>Configures the default
+ timeouts for starting and stopping of
+ units, as well as the default time to
+ sleep between automatic restarts of
+ units, as configured per-unit in
+ <varname>TimeoutStartSec=</varname>,
+ <varname>TimeoutStopSec=</varname> and
+ <varname>RestartSec=</varname> (for
+ services, see
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details on the per-unit
+ settings). For non-service units,
+ <varname>DefaultTimeoutStartSec=</varname>
+ sets the default
+ <varname>TimeoutSec=</varname> value.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>DefaultStartLimitInterval=</varname></term>
+ <term><varname>DefaultStartLimitBurst=</varname></term>
+
+ <listitem><para>Configure the default
+ unit start rate limiting, as
+ configured per-service by
+ <varname>StartLimitInterval=</varname>
+ and
+ <varname>StartLimitBurst=</varname>. See
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details on the per-service
+ settings.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>DefaultEnvironment=</varname></term>
executed processes. Takes a
space-separated list of variable
assignments. See
- <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details about environment
variables.</para>
<literal>VAR3</literal>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>DefaultCPUAccounting=</varname></term>
+ <term><varname>DefaultBlockIOAccounting=</varname></term>
+ <term><varname>DefaultMemoryAccounting=</varname></term>
+
+ <listitem><para>Configure the default
+ resource accounting settings, as
+ configured per-unit by
+ <varname>CPUAccounting=</varname>,
+ <varname>BlockIOAccounting=</varname>
+ and
+ <varname>MemoryAccounting=</varname>. See
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details on the per-unit
+ settings.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>DefaultLimitCPU=</varname></term>
<term><varname>DefaultLimitFSIZE=</varname></term>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
</refsect1>