1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2013 Zbigniew Jędrzejewski-Szmek
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="systemd.cgroup">
27 <title>systemd.cgroup</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>systemd.cgroup</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>systemd.cgroup</refname>
47 <refpurpose>Cgroup configuration unit settings</refpurpose>
52 <filename><replaceable>slice</replaceable>.slice</filename>,
53 <filename><replaceable>scope</replaceable>.scope</filename>,
54 <filename><replaceable>service</replaceable>.service</filename>,
55 <filename><replaceable>socket</replaceable>.socket</filename>,
56 <filename><replaceable>mount</replaceable>.mount</filename>,
57 <filename><replaceable>swap</replaceable>.swap</filename>
62 <title>Description</title>
64 <para>Unit configuration files for services, slices, scopes,
65 sockets, mount points, and swap devices share a subset of
66 configuration options which configure the control group settings
67 for spawned processes.</para>
69 <para>This man page lists the configuration options shared by
70 those six unit types. See
71 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
72 for the common options of all unit configuration files, and
73 <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
74 <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
75 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
76 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
77 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
79 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>
80 for more information on the specific unit configuration files. The
81 execution-specific configuration options are configured in the
82 [Slice], [Scope], [Service], [Socket], [Mount], or [Swap]
83 sections, depending on the unit type.</para>
87 <title>Options</title>
89 <para>Units of the types listed above can have settings
90 for cgroup configuration:</para>
92 <variablelist class='unit-directives'>
95 <term><varname>CPUAccounting=</varname></term>
98 <para>Turn on CPU usage accounting for this unit. Takes a
99 boolean argument. Note that turning on CPU accounting for
100 one unit might also implicitly turn it on for all units
101 contained in the same slice and for all its parent slices and
102 the units contained therein.</para>
107 <term><varname>CPUShares=<replaceable>weight</replaceable></varname></term>
110 <para>Assign the specified overall CPU time share weight to
111 the processes executed. Takes an integer value. This
112 controls the <literal>cpu.shares</literal> control group
113 attribute, which defaults to 1024. For details about this
114 control group attribute, see <ulink
115 url="https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.</para>
117 <para>Implies <literal>CPUAccounting=true</literal>.</para>
122 <term><varname>MemoryAccounting=</varname></term>
125 <para>Turn on process and kernel memory accounting for this
126 unit. Takes a boolean argument. Note that turning on memory
127 accounting for one unit might also implicitly turn it on for
128 all units contained in the same slice and for all its parent
129 slices and the units contained therein.</para>
134 <term><varname>MemoryLimit=<replaceable>bytes</replaceable></varname></term>
135 <term><varname>MemorySoftLimit=<replaceable>bytes</replaceable></varname></term>
138 <para>Specify the hard and soft limits on maximum memory
139 usage of the executed processes. The "hard" limit specifies
140 how much process and kernel memory can be used by tasks in
141 this unit, when there is no memory contention. If the kernel
142 detects memory contention, memory reclaim will be performed
143 until the memory usage is within the "soft" limit. Takes a
144 memory size in bytes. If the value is suffixed with K, M, G
145 or T, the specified memory size is parsed as Kilobytes,
146 Megabytes, Gigabytes, or Terabytes (with the base 1024),
147 respectively. This controls the
148 <literal>memory.limit_in_bytes</literal> and
149 <literal>memory.soft_limit_in_bytes</literal> control group
150 attributes. For details about these control group attributes,
152 url="https://www.kernel.org/doc/Documentation/cgroups/memory.txt">memory.txt</ulink>.</para>
154 <para>Implies <literal>MemoryAccounting=true</literal>.</para>
159 <term><varname>BlockIOAccounting=</varname></term>
162 <para>Turn on Block IO accounting for this unit. Takes a
163 boolean argument. Note that turning on block IO accounting
164 for one unit might also implicitly turn it on for all units
165 contained in the same slice and all for its parent slices and
166 the units contained therein.</para>
171 <term><varname>BlockIOWeight=<replaceable>weight</replaceable></varname></term>
173 <listitem><para>Set the default
174 overall block IO weight for the
175 executed processes. Takes a single
176 weight value (between 10 and 1000) to
177 set the default block IO weight. This
179 <literal>blkio.weight</literal>
180 control group attribute, which
181 defaults to 1000. For details about
182 this control group attribute, see
184 url="https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para>
187 <literal>BlockIOAccounting=true</literal>.</para>
192 <term><varname>BlockIODeviceWeight=<replaceable>device</replaceable> <replaceable>weight</replaceable></varname></term>
195 <para>Set the per-device overall block IO weight for the
196 executed processes. Takes a space-separated pair of a file
197 path and a weight value to specify the device specific
198 weight value, between 10 and 1000. (Example: "/dev/sda
199 500"). The file path may be specified as path to a block
200 device node or as any other file in which case the backing
201 block device of the file system of the file is
202 determined. This controls the
203 <literal>blkio.weight_device</literal> control group
204 attribute, which defaults to 1000. Use this option multiple
205 times to set weights for multiple devices. For details about
206 this control group attribute, see <ulink
207 url="https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para>
210 <literal>BlockIOAccounting=true</literal>.</para>
215 <term><varname>BlockIOReadBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
216 <term><varname>BlockIOWriteBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term>
219 <para>Set the per-device overall block IO bandwidth limit
220 for the executed processes. Takes a space-separated pair of
221 a file path and a bandwidth value (in bytes per second) to
222 specify the device specific bandwidth. The file path may be
223 a path to a block device node, or as any other file in which
224 case the backing block device of the file system of the file
225 is used. If the bandwidth is suffixed with K, M, G, or T,
226 the specified bandwidth is parsed as Kilobytes, Megabytes,
227 Gigabytes, or Terabytes, respectively (Example:
228 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This
229 controls the <literal>blkio.read_bps_device</literal> and
230 <literal>blkio.write_bps_device</literal> control group
231 attributes. Use this option multiple times to set bandwidth
232 limits for multiple devices. For details about these control
233 group attributes, see
234 <ulink url="https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.
238 <literal>BlockIOAccounting=true</literal>.</para>
243 <term><varname>DeviceAllow=</varname></term>
246 <para>Control access to specific device nodes by the
247 executed processes. Takes two space-separated strings: a
248 device node path (such as <filename>/dev/null</filename>)
249 followed by a combination of <constant>r</constant>,
250 <constant>w</constant>, <constant>m</constant> to control
251 <emphasis>r</emphasis>eading, <emphasis>w</emphasis>riting,
252 or creation of the specific device node by the unit
253 (<emphasis>m</emphasis>knod), respectively. This controls
254 the <literal>devices.allow</literal> and
255 <literal>devices.deny</literal> control group
256 attributes. For details about these control group attributes,
258 url="https://www.kernel.org/doc/Documentation/cgroups/devices.txt">devices.txt</ulink>.</para>
263 <term><varname>DevicePolicy=auto|closed|strict</varname></term>
267 Control the policy for allowing device access:
271 <term><option>strict</option></term>
273 <para>means to only allow types of access that are
274 explicitly specified.</para>
279 <term><option>closed</option></term>
281 <para>in addition, allows access to standard pseudo
283 <filename>/dev/null</filename>,
284 <filename>/dev/zero</filename>,
285 <filename>/dev/full</filename>,
286 <filename>/dev/random</filename>, and
287 <filename>/dev/urandom</filename>.
293 <term><option>auto</option></term>
296 in addition, allows access to all devices if no
297 explicit <varname>DeviceAllow=</varname> is present.
307 <term><varname>Slice=</varname></term>
310 <para>The name of the slice unit to place the unit
311 in. Defaults to <filename>system.slice</filename> for all
312 non-instantiated units of all unit types (except for slice
313 units themselves see below). Instance units are by default
314 placed in a subslice of <filename>system.slice</filename>
315 that is named after the template name.</para>
317 <para>This option may be used to arrange systemd units in a
318 hierarchy of slices each of which might have resource
319 settings applied.</para>
321 <para>For units of type slice the only accepted value for
322 this setting is the parent slice. Since the name of a slice
323 unit implies the parent slice it is hence redundant to ever
324 set this parameter directly for slice units.</para>
332 <title>See Also</title>
334 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
335 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
336 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
337 <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
338 <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
339 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
340 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
341 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
342 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
343 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
344 The documentation for control groups and specific controllers in the Linux kernel:
345 <ulink url="https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>,
346 <ulink url="https://www.kernel.org/doc/Documentation/cgroups/cpuacct.txt">cpuacct.txt</ulink>,
347 <ulink url="https://www.kernel.org/doc/Documentation/cgroups/memory.txt">memory.txt</ulink>,
348 <ulink url="https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.