X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=116909597861f8545d4c2a3ed9da844a9c885752;hb=248fc619b5e3e24d78f171f95b85916eee7987bd;hp=c25d96e9fdde0c9aa4fb0dbfb6a1d809d937b85e;hpb=fbc15b7663730fd8c8c5cfcd54878a2e764c46ea;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c25d96e9f..116909597 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -69,7 +69,7 @@
files, and
systemd.service5,
systemd.socket5,
- systemd.swap5
+ systemd.swap5,
and
systemd.mount5
for more information on the specific unit
@@ -129,7 +129,7 @@
Sets the supplementary
Unix groups the processes are executed
- as. This takes a space separated list
+ as. This takes a space-separated list
of group names or IDs. This option may
be specified more than once in which
case all listed groups are set as
@@ -167,7 +167,7 @@
for this process) and 1000 (to make
killing of this process under memory
pressure very likely). See proc.txt
+ url="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt
for details.
@@ -288,8 +288,9 @@
variables is reset, all prior
assignments have no effect.
Variable expansion is not performed
- inside the strings, and $ has no special
- meaning.
+ inside the strings, however, specifier
+ expansion is possible. $ character has
+ no special meaning.
If you need to assign a value containing spaces
to a variable, use double quotes (")
for the assignment.
@@ -311,7 +312,7 @@
Environment= but
reads the environment variables from a
text file. The text file should
- contain new-line separated variable
+ contain new-line-separated variable
assignments. Empty lines and lines
starting with ; or # will be ignored,
which may be used for commenting. A line
@@ -323,17 +324,18 @@
double quotes (").
The argument passed should be an
- absolute file name or wildcard
+ absolute filename or wildcard
expression, optionally prefixed with
- "-", which indicates that if the file
- does not exist it won't be read and no
- error or warning message is logged.
- This option may be specified more than
- once in which case all specified files
- are read. If the empty string is
- assigned to this option the list of
- file to read is reset, all prior
- assignments have no effect.
+ -, which indicates
+ that if the file does not exist it
+ won't be read and no error or warning
+ message is logged. This option may be
+ specified more than once in which case
+ all specified files are read. If the
+ empty string is assigned to this
+ option the list of file to read is
+ reset, all prior assignments have no
+ effect.
The files listed with this
directive will be read shortly before
@@ -716,13 +718,12 @@
capability bounding set for the
executed process. See
capabilities7
- for details. Takes a whitespace
- separated list of capability names as
- read by
+ for details. Takes a whitespace-separated
+ list of capability names as read by
cap_from_name3,
- e.g. CAP_SYS_ADMIN
- CAP_DAC_OVERRIDE
- CAP_SYS_PTRACE.
+ e.g. CAP_SYS_ADMIN,
+ CAP_DAC_OVERRIDE,
+ CAP_SYS_PTRACE.
Capabilities listed will be included
in the bounding set, all others are
removed. If the list of capabilities
@@ -799,10 +800,10 @@
space-separated list of cgroup
identifiers. A cgroup identifier is
formatted like
- cpu:/foo/bar,
+ cpu:/foo/bar,
where "cpu" indicates the kernel
control group controller used, and
- /foo/bar is the
+ /foo/bar is the
control group path. The controller
name and ":" may be omitted in which
case the named systemd control group
@@ -831,7 +832,7 @@
and doing this might result in
undefined behaviour. For details about
control groups see cgroups.txt.
+ url="https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt.
This option may appear more than
once, in which case the list of
@@ -922,7 +923,7 @@
service is not desirable. For details
about control group attributes see
cgroups.txt. This
+ url="https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt. This
option may appear more than once, in
order to set multiple control group
attributes. If this option is used
@@ -944,134 +945,16 @@
-
- CPUShares=
-
- Assign the specified
- overall CPU time shares to the
- processes executed. Takes an integer
- value. This controls the
- cpu.shares control
- group attribute, which defaults to
- 1024. For details about this control
- group attribute see sched-design-CFS.txt.
-
-
-
- MemoryLimit=
- MemorySoftLimit=
-
- Limit the overall memory usage
- of the executed processes to a certain
- size. Takes a memory size in bytes. If
- the value is suffixed with K, M, G or
- T the specified memory size is parsed
- as Kilobytes, Megabytes, Gigabytes,
- or Terabytes (to the base
- 1024), respectively. This controls the
- memory.limit_in_bytes
- and
- memory.soft_limit_in_bytes
- control group attributes. For details
- about these control group attributes
- see memory.txt.
-
-
-
- DeviceAllow=
- DeviceDeny=
-
- Control access to
- specific device nodes by the executed processes. Takes two
- space separated strings: a device node
- path (such as
- /dev/null)
- followed by a combination of r, w, m
- to control reading, writing, or
- creating of the specific device node
- by the unit, respectively. This controls the
- devices.allow
- and
- devices.deny
- control group attributes. For details
- about these control group attributes
- see devices.txt.
-
-
-
- BlockIOWeight=
-
- Set the default or
- per-device overall block IO weight
- value for the executed
- processes. Takes either a single
- weight value (between 10 and 1000) to
- set the default block IO weight, or a
- space separated pair of a file path
- and a weight value to specify the
- device specific weight value (Example:
- "/dev/sda 500"). The file path may be
- specified as path to a block device
- node or as any other file in which
- case the backing block device of the
- file system of the file is
- determined. This controls the
- blkio.weight and
- blkio.weight_device
- control group attributes, which
- default to 1000. Use this option
- multiple times to set weights for
- multiple devices. For details about
- these control group attributes see
- blkio-controller.txt.
-
-
-
- BlockIOReadBandwidth=
- BlockIOWriteBandwidth=
-
- Set the per-device
- overall block IO bandwidth limit for
- the executed processes. Takes a space
- separated pair of a file path and a
- bandwidth value (in bytes per second)
- to specify the device specific
- bandwidth. The file path may be
- specified as path to a block device
- node or as any other file in which
- case the backing block device of the
- file system of the file is determined.
- If the bandwidth is suffixed with K, M,
- G, or T the specified bandwidth is
- parsed as Kilobytes, Megabytes,
- Gigabytes, or Terabytes, respectively (Example:
- "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
- 5M"). This controls the
- blkio.read_bps_device
- and
- blkio.write_bps_device
- control group attributes. Use this
- option multiple times to set bandwidth
- limits for multiple devices. For
- details about these control group
- attributes see blkio-controller.txt.
-
-
ReadWriteDirectories=
ReadOnlyDirectories=
InaccessibleDirectories=
Sets up a new
- file-system name space for executed
+ file system namespace for executed
processes. These options may be used
to limit access a process might have
- to the main file-system
+ to the main file system
hierarchy. Each setting takes a
space-separated list of absolute
directory paths. Directories listed in
@@ -1184,10 +1067,10 @@
IgnoreSIGPIPE=
Takes a boolean
- argument. If true causes SIGPIPE to be
+ argument. If true, causes SIGPIPE to be
ignored in the executed
- process. Defaults to true, since
- SIGPIPE generally is useful only in
+ process. Defaults to true because
+ SIGPIPE generally is useful only in
shell pipelines.
@@ -1195,7 +1078,7 @@
NoNewPrivileges=
Takes a boolean
- argument. If true ensures that the
+ argument. If true, ensures that the
service process and all its children
can never gain new privileges. This
option is more powerful than the respective
@@ -1210,13 +1093,14 @@
SystemCallFilter=
- Takes a space
- separated list of system call
- names. If this setting is used all
+ Takes a space-separated
+ list of system call
+ names. If this setting is used, all
system calls executed by the unit
process except for the listed ones
will result in immediate process
- termination with the SIGSYS signal
+ termination with the
+ SIGSYS signal
(whitelisting). If the first character
of the list is ~
the effect is inverted: only the