</refnamediv>
<refsynopsisdiv>
- <para><filename>systemd.service</filename>,
- <filename>systemd.socket</filename>,
- <filename>systemd.mount</filename>,
- <filename>systemd.swap</filename></para>
+ <para><filename><replaceable>service</replaceable>.service</filename>,
+ <filename><replaceable>socket</replaceable>.socket</filename>,
+ <filename><replaceable>mount</replaceable>.mount</filename>,
+ <filename><replaceable>swap</replaceable>.swap</filename></para>
</refsynopsisdiv>
<refsect1>
<refsect1>
<title>Options</title>
- <variablelist>
+ <variablelist class='unit-directives'>
<varlistentry>
<term><varname>WorkingDirectory=</varname></term>
empty string is assigned to this
option the list of environment
variables is reset, all prior
- assignments have no effect. See
+ assignments have no effect.
+ Variable expansion is not performed
+ inside the strings, and $ has no special
+ meaning.
+ If you need to assign a value containing spaces
+ to a variable, use double quotes (")
+ for the assignment.</para>
+
+ <para>Example:
+ <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
+ gives three variables <literal>VAR1</literal>,
+ <literal>VAR2</literal>, <literal>VAR3</literal>.
+ </para>
+
+ <para>
+ See
<citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
- for details.</para></listitem>
+ for details about environment variables.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>EnvironmentFile=</varname></term>
contain new-line separated variable
assignments. Empty lines and lines
starting with ; or # will be ignored,
- which may be used for commenting. The
- parser strips leading and
- trailing whitespace from the values
+ which may be used for commenting. A line
+ ending with a backslash will be concatenated
+ with the following one, allowing multiline variable
+ definitions. The parser strips leading
+ and trailing whitespace from the values
of assignments, unless you use
double quotes (").</para>
with
<option>DefaultStandardOutput=</option>
in
- <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
which defaults to
<option>journal</option>.</para></listitem>
</varlistentry>
setting defaults to the value set with
<option>DefaultStandardError=</option>
in
- <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
which defaults to
<option>inherit</option>.</para></listitem>
</varlistentry>
for details. Takes a whitespace
separated list of capability names as
read by
- <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+ e.g. <literal>CAP_SYS_ADMIN
+ CAP_DAC_OVERRIDE
+ CAP_SYS_PTRACE</literal>.
Capabilities listed will be included
in the bounding set, all others are
removed. If the list of capabilities
- is prefixed with ~ all but the listed
- capabilities will be included, the
- effect of the assignment
- inverted. Note that this option also
- effects the respective capabilities in
- the effective, permitted and
- inheritable capability sets, on top of
- what <varname>Capabilities=</varname>
+ is prefixed with <literal>~</literal>
+ all but the listed capabilities will
+ be included, the effect of the
+ assignment inverted. Note that this
+ option also affects the respective
+ capabilities in the effective,
+ permitted and inheritable capability
+ sets, on top of what
+ <varname>Capabilities=</varname>
does. If this option is not used the
capability bounding set is not
modified on process execution, hence
no limits on the capabilities of the
process are enforced. This option may
appear more than once in which case
- the bounding sets are merged. If the empty
- string is assigned to this option the
- bounding set is reset, and all prior
- settings have no
- effect.</para></listitem>
+ the bounding sets are merged. If the
+ empty string is assigned to this
+ option the bounding set is reset to
+ the empty capability set, and all
+ prior settings have no effect. If set
+ to <literal>~</literal> (without any
+ further argument) the bounding set is
+ reset to the full set of available
+ capabilities, also undoing any
+ previous settings.</para></listitem>
</varlistentry>
<varlistentry>
in specific paths in specific kernel
controller hierarchies. It is not
recommended to manipulate the service
- control group path in the systemd
- named hierarchy. For details about
+ control group path in the private
+ systemd named hierarchy
+ (i.e. <literal>name=systemd</literal>),
+ and doing this might result in
+ undefined behaviour. For details about
control groups see <ulink
url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>.</para>
settings of
<varname>DefaultControllers=</varname>
of
- <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
but a unit's
<varname>ControlGroup=</varname>
setting for a specific controller
<listitem><para>Takes a boolean
argument. If true sets up a new file
system namespace for the executed
- processes and mounts a private
- <filename>/tmp</filename> directory
- inside it, that is not shared by
+ processes and mounts private
+ <filename>/tmp</filename> and
+ <filename>/var/tmp</filename> directories
+ inside it, that are not shared by
processes outside of the
namespace. This is useful to secure
access to temporary files of the
process, but makes sharing between
processes via
- <filename>/tmp</filename>
- impossible. Defaults to
+ <filename>/tmp</filename> or
+ <filename>/var/tmp</filename>
+ impossible. All temporary data created
+ by service will be removed after service
+ is stopped. Defaults to
false.</para></listitem>
</varlistentry>