Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refnamediv>
<refname>systemd.socket</refname>
- <refpurpose>systemd socket configuration files</refpurpose>
+ <refpurpose>Socket unit configuration</refpurpose>
</refnamediv>
<refsynopsisdiv>
- <para><filename>systemd.socket</filename></para>
+ <para><filename><replaceable>socket</replaceable>.socket</filename></para>
</refsynopsisdiv>
<refsect1>
<option>ExecStartPre=</option>,
<option>ExecStartPost=</option>,
<option>ExecStopPre=</option> and
- <option>ExecStoptPost=</option> commands are executed
- in.</para>
+ <option>ExecStopPost=</option> commands are executed
+ in, and in
+ <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ which define the way the processes are
+ terminated.</para>
<para>For each socket file a matching service file
(see
supervises. A number of options that may be used in
this section are shared with other unit types. These
options are documented in
- <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ and
+ <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
options specific to the [Socket] section of socket
units are the following:</para>
- <variablelist>
+ <variablelist class='unit-directives'>
<varlistentry>
<term><varname>ListenStream=</varname></term>
<term><varname>ListenDatagram=</varname></term>
<term><varname>ListenSequentialPacket=</varname></term>
<listitem><para>Specifies an address
to listen on for a stream
- (SOCK_STREAM), datagram (SOCK_DGRAM)
- resp. sequential packet
- (SOCK_SEQPACKET) socket. The address
+ (SOCK_STREAM), datagram (SOCK_DGRAM),
+ or sequential packet
+ (SOCK_SEQPACKET) socket, respectively. The address
can be written in various formats:</para>
<para>If the address starts with a
<para>If the address string is a
single number it is read as port
- number to listen on for both IPv4 and
- IPv6.</para>
+ number to listen on via
+ IPv6. Depending on the value of
+ <varname>BindIPv6Only=</varname> (see below) this
+ might result in the service being
+ available via both IPv6 and IPv4 (default) or
+ just via IPv6.
+ </para>
<para>If the address string is a
string in the format v.w.x.y:z it is
<para>If the address string is a
string in the format [x]:y it is read
- as IPv6 address x on a port y.</para>
+ as IPv6 address x on a port y. Note
+ that this might make the service
+ available via IPv4, too, depending on
+ the <varname>BindIPv6Only=</varname>
+ setting (see below).
+ </para>
<para>Note that SOCK_SEQPACKET
(i.e. <varname>ListenSequentialPacket=</varname>)
<para>These options may be specified
more than once in which case incoming
- traffic on any of the sockets will trigger
- service activation, and all listed
- sockets will be passed to the service,
- regardless whether there is incoming
- traffic on them or not.</para>
-
- <para>If an IP address is used here, it
- is often desirable to listen on it
+ traffic on any of the sockets will
+ trigger service activation, and all
+ listed sockets will be passed to the
+ service, regardless whether there is
+ incoming traffic on them or not. If
+ the empty string is assigned to any of
+ these options, the list of addresses
+ to listen on is reset, all prior uses
+ of any of these options will have no
+ effect.</para>
+
+ <para>If an IP address is used here,
+ it is often desirable to listen on it
before the interface it is configured
on is up and running, and even
regardless whether it will be up and
- running ever at all. To deal with this it is
- recommended to set the
+ running ever at all. To deal with this
+ it is recommended to set the
<varname>FreeBind=</varname> option
described below.</para></listitem>
</varlistentry>
<listitem><para>Specifies a file
system FIFO to listen on. This expects
an absolute file system path as
- argument. Behaviour otherwise is very
+ argument. Behavior otherwise is very
similar to the
<varname>ListenDatagram=</varname>
directive above.</para></listitem>
<listitem><para>Specifies a special
file in the file system to listen
on. This expects an absolute file
- system path as argument. Behaviour
+ system path as argument. Behavior
otherwise is very similar to the
<varname>ListenFIFO=</varname>
directive above. Use this to open
or <varname>kobject-uevent</varname>)
as argument, optionally suffixed by a
whitespace followed by a multicast
- group integer. Behaviour otherwise is
+ group integer. Behavior otherwise is
very similar to the
<varname>ListenDatagram=</varname>
directive above.</para></listitem>
<listitem><para>Specifies a POSIX
message queue name to listen on. This
expects a valid message queue name
- (i.e. beginning with /). Behaviour
+ (i.e. beginning with /). Behavior
otherwise is very similar to the
<varname>ListenFIFO=</varname>
directive above. On Linux message
default, surprise!) the system wide
default setting is used, as controlled
by
- <filename>/proc/sys/net/ipv6/bindv6only</filename>.</para>
+ <filename>/proc/sys/net/ipv6/bindv6only</filename>,
+ which in turn defaults to the
+ equivalent of
+ <option>both</option>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>DirectoryMode=</varname></term>
<listitem><para>If listening on a file
- system socket of FIFO, the parent
+ system socket or FIFO, the parent
directories are automatically created
if needed. This option specifies the
file system access mode used when
<varlistentry>
<term><varname>SocketMode=</varname></term>
<listitem><para>If listening on a file
- system socket of FIFO, this option
+ system socket or FIFO, this option
specifies the file system access mode
used when creating the file
node. Takes an access mode in octal
until at least one existing connection
is terminated. This setting has no
effect for sockets configured with
- <option>Accept=no</option> or datagram
+ <option>Accept=false</option> or datagram
sockets. Defaults to
64.</para></listitem>
</varlistentry>
<term><varname>SendBuffer=</varname></term>
<listitem><para>Takes an integer
argument controlling the receive
- resp. send buffer sizes of this
- socket. This controls the SO_RCVBUF
- resp. SO_SNDBUF socket options (see
+ or send buffer sizes of this
+ socket, respectively. This controls the SO_RCVBUF
+ and SO_SNDBUF socket options (see
<citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details.).</para></listitem>
</varlistentry>
for details.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>SmackLabel=</varname></term>
+ <term><varname>SmackLabelIPIn=</varname></term>
+ <term><varname>SmackLabelIPOut=</varname></term>
+ <listitem><para>Takes a string
+ value. Controls the extended
+ attributes
+ <literal>security.SMACK64</literal>,
+ <literal>security.SMACK64IPIN</literal>
+ and
+ <literal>security.SMACK64IPOUT</literal>,
+ respectively, i.e. the security label
+ of the FIFO, or the security label for
+ the incoming or outgoing connections
+ of the socket, respectively. See
+ <ulink
+ url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink>
+ for details.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>PipeSize=</varname></term>
<listitem><para>Takes an integer
<varname>MessageQueueMessageSize=</varname></term>
<listitem><para>These two settings
take integer values and control the
- mq_maxmsg resp. mq_msgsize field when
+ mq_maxmsg field or the mq_msgsize field, respectively, when
creating the message queue. Note that
either none or both of these variables
need to be set. See
<term><varname>ExecStartPost=</varname></term>
<listitem><para>Takes one or more
command lines, which are executed
- before (resp. after) the listening
+ before or after the listening
sockets/FIFOs are created and
- bound. The first token of the command
+ bound, respectively. The first token of the command
line must be an absolute file name,
then followed by arguments for the
process. Multiple command lines may be
<term><varname>ExecStopPre=</varname></term>
<term><varname>ExecStopPost=</varname></term>
<listitem><para>Additional commands
- that are executed before (resp. after)
+ that are executed before or after
the listening sockets/FIFOs are closed
- and removed. Multiple command lines
+ and removed, respectively. Multiple command lines
may be specified following the same
scheme as used for
<varname>ExecStartPre=</varname> of
will be terminated forcibly via
SIGTERM, and after another delay of
this time with SIGKILL. (See
- <option>KillMode=</option> below.)
+ <option>KillMode=</option> in <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.)
Takes a unit-less value in seconds, or
a time span value such as "5min
20s". Pass 0 to disable the timeout
90s.</para></listitem>
</varlistentry>
- <varlistentry>
- <term><varname>KillMode=</varname></term>
- <listitem><para>Specifies how
- processes of this socket unit shall be
- killed. One of
- <option>control-group</option>,
- <option>process</option>,
- <option>none</option>.</para>
-
- <para>This option is mostly equivalent
- to the <option>KillMode=</option>
- option of service files. See
- <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>KillSignal=</varname></term>
- <listitem><para>Specifies which signal
- to use when killing a process of this
- socket. Defaults to SIGTERM.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>SendSIGKILL=</varname></term>
- <listitem><para>Specifies whether to
- send SIGKILL to remaining processes
- after a timeout, if the normal
- shutdown procedure left processes of
- the socket around. Takes a boolean
- value. Defaults to "yes".
- </para></listitem>
- </varlistentry>
-
<varlistentry>
<term><varname>Service=</varname></term>
<listitem><para>Specifies the service
</varlistentry>
</variablelist>
+
+ <para>Check
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ and
+ <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for more settings.</para>
+
</refsect1>
<refsect1>
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
</refsect1>