X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=c08feba27e2fa13be636ce9718e46f1e134aa118;hb=73e231abde39f22097df50542c745e01de879836;hp=5721dc15537e9e1901264ccbeccae930d86fe87e;hpb=79640424059328268b9fb6c5fa8eb777b27a177e;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 5721dc155..c08feba27 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -57,7 +57,7 @@
Description
Unit configuration files for services, sockets,
- mount points and swap devices share a subset of
+ mount points, and swap devices share a subset of
configuration options which define the execution
environment of spawned processes.
@@ -76,27 +76,6 @@
configuration options are configured in the [Service],
[Socket], [Mount], or [Swap] sections, depending on the unit
type.
-
- Processes started by the system systemd instance
- are executed in a clean environment in which only the
- $PATH and $LANG
- variables are set by default. In order to add
- additional variables, see the
- Environment= and
- EnvironmentFile= options below. To
- specify variables globally, see
- DefaultEnvironment= in
- systemd-system.conf5
- or the kernel option
- systemd.setenv= in
- systemd1. Processes
- started by the user systemd instances inherit all
- environment variables from the user systemd instance,
- and have $HOME,
- $USER,
- $XDG_RUNTIME_DIR defined, among
- others. In addition, $MANAGERPID
- contains the PID of the user systemd instance.
@@ -316,9 +295,11 @@
for the assignment.
Example:
- Environment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"
+ Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"
gives three variables VAR1,
- VAR2, VAR3.
+ VAR2, VAR3
+ with the values word1 word2,
+ word3, $word 5 6.
@@ -491,9 +472,9 @@
StandardError=
Controls where file
- descriptor 2 (STDERR) of the executed
- processes is connected to. The
- available options are identical to
+ descriptor 2 (standard error) of the
+ executed processes is connected to.
+ The available options are identical to
those of
StandardOutput=,
with one exception: if set to
@@ -510,8 +491,8 @@
TTYPath=
Sets the terminal
- device node to use if standard input,
- output or stderr are connected to a
+ device node to use if standard input, output,
+ or error are connected to a
TTY (see above). Defaults to
/dev/console.
@@ -867,9 +848,9 @@
system namespace for the executed
processes and mounts private
/tmp and
- /var/tmp directories
- inside it, that are not shared by
- processes outside of the
+ /var/tmp
+ directories inside it that is not
+ shared by processes outside of the
namespace. This is useful to secure
access to temporary files of the
process, but makes sharing between
@@ -877,9 +858,17 @@
/tmp or
/var/tmp
impossible. All temporary data created
- by service will be removed after service
- is stopped. Defaults to
- false.
+ by service will be removed after
+ the service is stopped. Defaults to
+ false. Note that it is possible to run
+ two or more units within the same
+ private /tmp and
+ /var/tmp
+ namespace by using the
+ JoinsNamespaceOf=
+ directive, see
+ systemd.unit5
+ for details.
@@ -895,6 +884,30 @@
available to the executed process.
This is useful to securely turn off
network access by the executed
+ process. Defaults to false. Note that
+ it is possible to run two or more
+ units within the same private network
+ namespace by using the
+ JoinsNamespaceOf=
+ directive, see
+ systemd.unit5
+ for details.
+
+
+
+ PrivateDevices=
+
+ Takes a boolean
+ argument. If true, sets up a new /dev
+ namespace for the executed processes
+ and only adds API pseudo devices such
+ as /dev/null,
+ /dev/zero or
+ /dev/random to
+ it, but no physical devices such as
+ /dev/sda. This is
+ useful to securely turn off physical
+ device access by the executed
process. Defaults to
false.
@@ -937,6 +950,23 @@
this service.
+
+ SELinuxContext=
+
+ Set the SELinux
+ security context of the executed
+ process. If set, this will override
+ the automated domain
+ transition. However, the policy still
+ needs to autorize the transition. This
+ directive is ignored if SELinux is
+ disabled. If prefixed by
+ -, all errors will
+ be ignored. See
+ setexeccon3
+ for details.
+
+
IgnoreSIGPIPE=
@@ -971,7 +1001,7 @@
list of system call
names. If this setting is used, all
system calls executed by the unit
- process except for the listed ones
+ processes except for the listed ones
will result in immediate process
termination with the
SIGSYS signal
@@ -999,10 +1029,229 @@
merged. If the empty string is
assigned, the filter is reset, all
prior assignments will have no
- effect.
+ effect.
+
+ If you specify both types of
+ this option (i.e. whitelisting and
+ blacklisting), the first encountered
+ will take precedence and will dictate
+ the default action (termination or
+ approval of a system call). Then the
+ next occurrences of this option will
+ add or delete the listed system calls
+ from the set of the filtered system
+ calls, depending of its type and the
+ default action (e.g. You have started
+ with a whitelisting of
+ read and
+ write, and right
+ after it add a blacklisting of
+ write, then
+ write will be
+ removed from the set).
+
+
+ Note that setting
+ SystemCallFilter=
+ implies a
+ SystemCallArchitectures=
+ setting of native
+ (see below), unless that option is
+ configured otherwise.
+
+
+
+ SystemCallErrorNumber=
+
+ Takes an
+ errno error number
+ name to return when the system call
+ filter configured with
+ SystemCallFilter=
+ is triggered, instead of terminating
+ the process immediately. Takes an
+ error name such as
+ EPERM,
+ EACCES or
+ EUCLEAN. When this
+ setting is not used, or when the empty
+ string is assigned, the process will be
+ terminated immediately when the filter
+ is triggered.
+
+
+
+ SystemCallArchitectures=
+
+ Takes a space
+ separated list of architecture
+ identifiers to include in the system
+ call filter. The known architecture
+ identifiers are
+ x86,
+ x86-64,
+ x32,
+ arm as well as the
+ special identifier
+ native. Only system
+ calls of the specified architectures
+ will be permitted to processes of this
+ unit. This is an effective way to
+ disable compatibility with non-native
+ architectures for processes, for
+ example to prohibit execution of 32-bit
+ x86 binaries on 64-bit x86-64
+ systems. The special
+ native identifier
+ implicitly maps to the native
+ architecture of the system (or more
+ strictly: to the architecture the
+ system manager is compiled for). Note
+ that setting this option to a
+ non-empty list implies that
+ native is included
+ too. By default, this option is set to
+ the empty list, i.e. no architecture
+ system call filtering is applied. Note
+ that configuring a system call filter
+ with
+ SystemCallFilter=
+ (above) implies a
+ native architecture
+ list, unless configured
+ otherwise.
+
+
+
+
+
+
+ Environment variables in spawned processes
+
+ Processes started by the system are executed in
+ a clean environment in which select variables
+ listed below are set. System processes started by systemd
+ do not inherit variables from PID 1, but processes
+ started by user systemd instances inherit all
+ environment variables from the user systemd instance.
+
+
+
+
+ $PATH
+
+ Colon-separated list
+ of directiories to use when launching
+ executables. Systemd uses a fixed
+ value of
+ /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.
+
+
+
+
+ $LANG
+
+ Locale. Can be set in
+ locale.conf5
+ or on the kernel command line (see
+ systemd1
+ and
+ kernel-command-line7).
+
+
+ $USER
+ $LOGNAME
+ $HOME
+ $SHELL
+
+ User name (twice), home
+ directory, and the login shell.
+ The variables are set for the units that
+ have User= set,
+ which includes user
+ systemd instances.
+ See
+ passwd5.
+
+
+
+
+ $XDG_RUNTIME_DIR
+
+ The directory for volatile
+ state. Set for the user systemd
+ instance, and also in user sessions.
+ See
+ pam_systemd8.
+
+
+
+
+ $XDG_SESSION_ID
+ $XDG_SEAT
+ $XDG_VTNR
+
+ The identifier of the
+ session, the seat name, and
+ virtual terminal of the session. Set
+ by
+ pam_systemd8
+ for login sessions.
+ $XDG_SEAT and
+ $XDG_VTNR will
+ only be set when attached to a seat and a
+ tty.
+
+
+
+ $MANAGERPID
+
+ The PID of the user
+ systemd instance,
+ set for processes spawned by it.
+
+
+
+
+ $LISTEN_FDS
+ $LISTEN_PID
+
+ Information about file
+ descriptors passed to a service for
+ socket activation. See
+ sd_listen_fds3.
+
+
+
+
+ $TERM
+
+ Terminal type, set
+ only for units connected to a terminal
+ (StandardInput=tty,
+ StandardOutput=tty,
+ or
+ StandardError=tty).
+ See
+ termcap5.
+
+
+
+ Additional variables may be configured by the
+ following means: for processes spawned in specific
+ units, use the Environment= and
+ EnvironmentFile= options above; to
+ specify variables globally, use
+ DefaultEnvironment= (see
+ systemd-system.conf5)
+ or the kernel option
+ systemd.setenv= (see
+ systemd1). Additional
+ variables may also be set through PAM,
+ c.f. pam_env8.
@@ -1017,8 +1266,9 @@
systemd.swap5,
systemd.mount5,
systemd.kill5,
- systemd.cgroup5,
- systemd.directives7
+ systemd.resource-control5,
+ systemd.directives7,
+ exec3