X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.socket.xml;h=f1e7d408ab04b809a94ea3689ddde7340c06603f;hb=77f40f165cc60a1d6b8a3503e4b7e46814d5935e;hp=f883543c80c35f3e1b3fb86945dc307189ada691;hpb=dc1ecd78e9f046880d10ddb45cf9b06df1084b10;p=elogind.git
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index f883543c8..f1e7d408a 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -9,16 +9,16 @@
Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see .
-->
@@ -44,11 +44,11 @@
systemd.socket
- systemd socket configuration files
+ Socket unit configuration
- systemd.socket
+ socket.socket
@@ -75,8 +75,11 @@
,
,
and
- commands are executed
- in.
+ commands are executed
+ in, and in
+ systemd.kill5
+ which define the way the processes are
+ terminated.
For each socket file a matching service file
(see
@@ -134,20 +137,22 @@
supervises. A number of options that may be used in
this section are shared with other unit types. These
options are documented in
- systemd.exec5. The
+ systemd.exec5
+ and
+ systemd.kill5. The
options specific to the [Socket] section of socket
units are the following:
-
+ ListenStream=ListenDatagram=ListenSequentialPacket=Specifies an address
to listen on for a stream
- (SOCK_STREAM), datagram (SOCK_DGRAM)
- resp. sequential packet
- (SOCK_SEQPACKET) socket. The address
+ (SOCK_STREAM), datagram (SOCK_DGRAM),
+ or sequential packet
+ (SOCK_SEQPACKET) socket, respectively. The address
can be written in various formats:If the address starts with a
@@ -165,8 +170,13 @@
If the address string is a
single number it is read as port
- number to listen on for both IPv4 and
- IPv6.
+ number to listen on via
+ IPv6. Depending on the value of
+ BindIPv6Only= (see below) this
+ might result in the service being
+ available via both IPv6 and IPv4 (default) or
+ just via IPv6.
+ If the address string is a
string in the format v.w.x.y:z it is
@@ -176,7 +186,12 @@
If the address string is a
string in the format [x]:y it is read
- as IPv6 address x on a port y.
+ as IPv6 address x on a port y. Note
+ that this might make the service
+ available via IPv4, too, depending on
+ the BindIPv6Only=
+ setting (see below).
+ Note that SOCK_SEQPACKET
(i.e. ListenSequentialPacket=)
@@ -190,19 +205,24 @@
These options may be specified
more than once in which case incoming
- traffic on any of the sockets will trigger
- service activation, and all listed
- sockets will be passed to the service,
- regardless whether there is incoming
- traffic on them or not.
-
- If an IP address is used here, it
- is often desirable to listen on it
+ traffic on any of the sockets will
+ trigger service activation, and all
+ listed sockets will be passed to the
+ service, regardless whether there is
+ incoming traffic on them or not. If
+ the empty string is assigned to any of
+ these options, the list of addresses
+ to listen on is reset, all prior uses
+ of any of these options will have no
+ effect.
+
+ If an IP address is used here,
+ it is often desirable to listen on it
before the interface it is configured
on is up and running, and even
regardless whether it will be up and
- running ever at all. To deal with this it is
- recommended to set the
+ running ever at all. To deal with this
+ it is recommended to set the
FreeBind= option
described below.
@@ -212,7 +232,7 @@
Specifies a file
system FIFO to listen on. This expects
an absolute file system path as
- argument. Behaviour otherwise is very
+ argument. Behavior otherwise is very
similar to the
ListenDatagram=
directive above.
@@ -223,7 +243,7 @@
Specifies a special
file in the file system to listen
on. This expects an absolute file
- system path as argument. Behaviour
+ system path as argument. Behavior
otherwise is very similar to the
ListenFIFO=
directive above. Use this to open
@@ -243,7 +263,7 @@
or kobject-uevent)
as argument, optionally suffixed by a
whitespace followed by a multicast
- group integer. Behaviour otherwise is
+ group integer. Behavior otherwise is
very similar to the
ListenDatagram=
directive above.
@@ -254,7 +274,7 @@
Specifies a POSIX
message queue name to listen on. This
expects a valid message queue name
- (i.e. beginning with /). Behaviour
+ (i.e. beginning with /). Behavior
otherwise is very similar to the
ListenFIFO=
directive above. On Linux message
@@ -281,7 +301,10 @@
default, surprise!) the system wide
default setting is used, as controlled
by
- /proc/sys/net/ipv6/bindv6only.
+ /proc/sys/net/ipv6/bindv6only,
+ which in turn defaults to the
+ equivalent of
+ .
@@ -318,7 +341,7 @@
DirectoryMode=If listening on a file
- system socket of FIFO, the parent
+ system socket or FIFO, the parent
directories are automatically created
if needed. This option specifies the
file system access mode used when
@@ -331,7 +354,7 @@
SocketMode=If listening on a file
- system socket of FIFO, this option
+ system socket or FIFO, this option
specifies the file system access mode
used when creating the file
node. Takes an access mode in octal
@@ -358,9 +381,15 @@
performance reasons, it is recommended
to write new daemons only in a way
that is suitable for
- . This
- option is mostly useful to allow
- daemons designed for usage with
+ . A daemon
+ listening on an AF_UNIX socket may, but does not need to, call
+ close2
+ or
+ shutdown2
+ on the received socket before exiting. However,
+ it must not unlink the socket from a
+ filesystem. This option is mostly useful
+ to allow daemons designed for usage with
inetd8,
to work unmodified with systemd socket
activation.
@@ -377,7 +406,7 @@
until at least one existing connection
is terminated. This setting has no
effect for sockets configured with
- or datagram
+ or datagram
sockets. Defaults to
64.
@@ -416,9 +445,9 @@
SendBuffer=Takes an integer
argument controlling the receive
- resp. send buffer sizes of this
- socket. This controls the SO_RCVBUF
- resp. SO_SNDBUF socket options (see
+ or send buffer sizes of this
+ socket, respectively. This controls the SO_RCVBUF
+ and SO_SNDBUF socket options (see
socket7
for details.).
@@ -466,6 +495,26 @@
for details.
+
+ SmackLabel=
+ SmackLabelIPIn=
+ SmackLabelIPOut=
+ Takes a string
+ value. Controls the extended
+ attributes
+ security.SMACK64,
+ security.SMACK64IPIN
+ and
+ security.SMACK64IPOUT,
+ respectively, i.e. the security label
+ of the FIFO, or the security label for
+ the incoming or outgoing connections
+ of the socket, respectively. See
+ Smack.txt
+ for details.
+
+
PipeSize=Takes an integer
@@ -481,7 +530,7 @@
MessageQueueMessageSize=These two settings
take integer values and control the
- mq_maxmsg resp. mq_msgsize field when
+ mq_maxmsg field or the mq_msgsize field, respectively, when
creating the message queue. Note that
either none or both of these variables
need to be set. See
@@ -510,7 +559,7 @@
Transparent=Takes a boolean
value. Controls the IP_TRANSPARENT
- option. Defaults to
+ socket option. Defaults to
.
@@ -518,23 +567,34 @@
Broadcast=Takes a boolean
value. This controls the SO_BROADCAST
- option, which allows broadcast
+ socket option, which allows broadcast
datagrams to be sent from this
socket. Defaults to
.
- PassCred=
+ PassCredentials=Takes a boolean
value. This controls the SO_PASSCRED
- option, which allows UNIX sockets to
+ socket option, which allows AF_UNIX sockets to
receive the credentials of the sending
process in an ancillary message.
Defaults to
.
+
+ PassSecurity=
+ Takes a boolean
+ value. This controls the SO_PASSSEC
+ socket option, which allows AF_UNIX
+ sockets to receive the security
+ context of the sending process in an
+ ancillary message. Defaults to
+ .
+
+
TCPCongestion=Takes a string
@@ -552,9 +612,9 @@
ExecStartPost=Takes one or more
command lines, which are executed
- before (resp. after) the listening
+ before or after the listening
sockets/FIFOs are created and
- bound. The first token of the command
+ bound, respectively. The first token of the command
line must be an absolute file name,
then followed by arguments for the
process. Multiple command lines may be
@@ -568,9 +628,9 @@
ExecStopPre=ExecStopPost=Additional commands
- that are executed before (resp. after)
+ that are executed before or after
the listening sockets/FIFOs are closed
- and removed. Multiple command lines
+ and removed, respectively. Multiple command lines
may be specified following the same
scheme as used for
ExecStartPre= of
@@ -592,7 +652,7 @@
will be terminated forcibly via
SIGTERM, and after another delay of
this time with SIGKILL. (See
- below.)
+ in systemd.kill5.)
Takes a unit-less value in seconds, or
a time span value such as "5min
20s". Pass 0 to disable the timeout
@@ -600,41 +660,6 @@
90s.
-
- KillMode=
- Specifies how
- processes of this socket unit shall be
- killed. One of
- ,
- ,
- .
-
- This option is mostly equivalent
- to the
- option of service files. See
- systemd.service5
- for details.
-
-
-
- KillSignal=
- Specifies which signal
- to use when killing a process of this
- socket. Defaults to SIGTERM.
-
-
-
-
- SendSIGKILL=
- Specifies whether to
- send SIGKILL to remaining processes
- after a timeout, if the normal
- shutdown procedure left processes of
- the socket around. Takes a boolean
- value. Defaults to "yes".
-
-
-
Service=Specifies the service
@@ -647,6 +672,13 @@
+
+ Check
+ systemd.exec5
+ and
+ systemd.kill5
+ for more settings.
+
@@ -656,7 +688,17 @@
systemctl8,
systemd.unit5,
systemd.exec5,
- systemd.service5
+ systemd.kill5,
+ systemd.service5,
+ systemd.directives7
+
+
+
+ For more extensive descriptions see the "Systemd for Developers" series:
+ Socket Activation,
+ Socket Activation, part II,
+ Converting inetd Services,
+ Socket Activated Internet Services and OS Containers.