chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
core: add a setting to globally control the default for timer unit accuracy
[elogind.git] / man / systemd-system.conf.xml
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index 12979d81b67dc48f436654554a7b765d9524a053..e2b2bd8b6f75846c01e405d5bb5aff330efbe3d0 100644 (file)
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -61,7 +61,6 @@
                 otherwise <filename>user.conf</filename>. These
                 configuration files contain a few settings controlling
                 basic manager operations.</para>
                 otherwise <filename>user.conf</filename>. These
                 configuration files contain a few settings controlling
                 basic manager operations.</para>
-
         </refsect1>
 
         <refsect1>
         </refsect1>
 
         <refsect1>
@@ -100,45 +99,21 @@
                                 <listitem><para>Configures the initial
                                 CPU affinity for the init
                                 process. Takes a space-separated list
                                 <listitem><para>Configures the initial
                                 CPU affinity for the init
                                 process. Takes a space-separated list
-                                of CPU indexes.</para></listitem>
-                        </varlistentry>
-
-                        <varlistentry>
-                                <term><varname>DefaultControllers=cpu</varname></term>
-
-                                <listitem><para>Configures in which
-                                cgroup controller hierarchies to
-                                create per-service cgroups
-                                automatically, in addition to the
-                                name=systemd named hierarchy. Defaults
-                                to 'cpu'. Takes a space separated list
-                                of controller names. Pass an empty
-                                string to ensure that systemd does not
-                                touch any hierarchies but its
-                                own.</para>
-
-                                <para>Note that the default value of
-                                'cpu' will make realtime scheduling
-                                unavailable to system services. See
-                                <ulink
-                                url="http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime">My
-                                Service Can't Get Realtime!</ulink>
-                                for more
-                                information.</para></listitem>
+                                of CPU indices.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
-                                <term><varname>JoinControllers=cpu,cpuacct,cpuset net_cls,netprio</varname></term>
+                                <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
 
                                 <listitem><para>Configures controllers
                                 that shall be mounted in a single
 
                                 <listitem><para>Configures controllers
                                 that shall be mounted in a single
-                                hierarchy. By default systemd will
+                                hierarchy. By default, systemd will
                                 mount all controllers which are
                                 enabled in the kernel in individual
                                 hierarchies, with the exception of
                                 those listed in this setting. Takes a
                                 mount all controllers which are
                                 enabled in the kernel in individual
                                 hierarchies, with the exception of
                                 those listed in this setting. Takes a
-                                space separated list of comma
-                                separated controller names, in order
+                                space-separated list of comma-separated
+                                controller names, in order
                                 to allow multiple joined
                                 hierarchies. Defaults to
                                 'cpu,cpuacct'. Pass an empty string to
                                 to allow multiple joined
                                 hierarchies. Defaults to
                                 'cpu,cpuacct'. Pass an empty string to
@@ -149,12 +124,12 @@
                                 <para>Note that this option is only
                                 applied once, at very early boot. If
                                 you use an initial RAM disk (initrd)
                                 <para>Note that this option is only
                                 applied once, at very early boot. If
                                 you use an initial RAM disk (initrd)
-                                that uses systemd it might hence be
+                                that uses systemd, it might hence be
                                 necessary to rebuild the initrd if
                                 this option is changed, and make sure
                                 the new configuration file is included
                                 necessary to rebuild the initrd if
                                 this option is changed, and make sure
                                 the new configuration file is included
-                                in it. Otherwise the initrd might
-                                mount the controller hierachies in a
+                                in it. Otherwise, the initrd might
+                                mount the controller hierarchies in a
                                 different configuration than intended,
                                 and the main system cannot remount
                                 them anymore.</para></listitem>
                                 different configuration than intended,
                                 and the main system cannot remount
                                 them anymore.</para></listitem>
@@ -174,7 +149,7 @@
                                 <literal>d</literal>,
                                 <literal>w</literal>). If
                                 <varname>RuntimeWatchdogSec=</varname>
                                 <literal>d</literal>,
                                 <literal>w</literal>). If
                                 <varname>RuntimeWatchdogSec=</varname>
-                                is set to a non-zero value the
+                                is set to a non-zero value, the
                                 watchdog hardware
                                 (<filename>/dev/watchdog</filename>)
                                 will be programmed to automatically
                                 watchdog hardware
                                 (<filename>/dev/watchdog</filename>)
                                 will be programmed to automatically
@@ -213,14 +188,13 @@
                                 capability bounding set for PID 1 and
                                 its children. See
                                 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
                                 capability bounding set for PID 1 and
                                 its children. See
                                 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
-                                for details. Takes a whitespace
-                                separated list of capability names as
-                                read by
+                                for details. Takes a whitespace-separated
+                                list of capability names as read by
                                 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
                                 Capabilities listed will be included
                                 in the bounding set, all others are
                                 removed. If the list of capabilities
                                 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
                                 Capabilities listed will be included
                                 in the bounding set, all others are
                                 removed. If the list of capabilities
-                                is prefixed with ~ all but the listed
+                                is prefixed with ~, all but the listed
                                 capabilities will be included, the
                                 effect of the assignment
                                 inverted. Note that this option also
                                 capabilities will be included, the
                                 effect of the assignment
                                 inverted. Note that this option also
@@ -237,12 +211,56 @@
                                 are lost for good.</para></listitem>
                         </varlistentry>
 
                                 are lost for good.</para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><varname>SystemCallArchitectures=</varname></term>
+
+                                <listitem><para>Takes a
+                                space-separated list of architecture
+                                identifiers. Selects from which
+                                architectures system calls may be
+                                invoked on this system. This may be
+                                used as an effective way to disable
+                                invocation of non-native binaries
+                                system-wide, for example to prohibit
+                                execution of 32-bit x86 binaries on
+                                64-bit x86-64 systems. This option
+                                operates system-wide, and acts
+                                similar to the
+                                <varname>SystemCallArchitectures=</varname>
+                                setting of unit files, see
+                                <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details. This setting defaults to
+                                the empty list, in which case no
+                                filtering of system calls based on
+                                architecture is applied. Known
+                                architecture identifiers are
+                                <literal>x86</literal>,
+                                <literal>x86-64</literal>,
+                                <literal>x32</literal>,
+                                <literal>arm</literal> and the special
+                                identifier
+                                <literal>native</literal>. The latter
+                                implicitly maps to the native
+                                architecture of the system (or more
+                                specifically, the architecture the
+                                system manager was compiled for). Set
+                                this setting to
+                                <literal>native</literal> to prohibit
+                                execution of any non-native
+                                binaries. When a binary executes a
+                                system call of an architecture that is
+                                not listed in this setting, it will be
+                                immediately terminated with the SIGSYS
+                                signal.</para></listitem>
+                        </varlistentry>
+
+
                         <varlistentry>
                                 <term><varname>TimerSlackNSec=</varname></term>
 
                                 <listitem><para>Sets the timer slack
                         <varlistentry>
                                 <term><varname>TimerSlackNSec=</varname></term>
 
                                 <listitem><para>Sets the timer slack
-                                in nanoseconds for PID 1 which is then
-                                inherited to all executed processes,
+                                in nanoseconds for PID 1, which is
+                                inherited by all executed processes,
                                 unless overridden individually, for
                                 example with the
                                 <varname>TimerSlackNSec=</varname>
                                 unless overridden individually, for
                                 example with the
                                 <varname>TimerSlackNSec=</varname>
@@ -250,7 +268,8 @@
                                 see
                                 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
                                 timer slack controls the accuracy of
                                 see
                                 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
                                 timer slack controls the accuracy of
-                                wake-ups triggered by timers. See
+                                wake-ups triggered by system
+                                timers. See
                                 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
                                 for more information. Note that in
                                 contrast to most other time span
                                 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
                                 for more information. Note that in
                                 contrast to most other time span
@@ -261,6 +280,104 @@
                                 too.</para></listitem>
                         </varlistentry>
 
                                 too.</para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><varname>DefaultTimerAccuracySec=</varname></term>
+
+                                <listitem><para>Sets the default
+                                accuracy of timer units. This controls
+                                the global default for the
+                                <varname>AccuracySec=</varname>
+                                setting of timer units, see
+                                <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for
+                                details. <varname>AccuracySec=</varname>
+                                set in individual units override the
+                                global default for the specific
+                                unit. Defaults to 1min. Note that the
+                                accuracy of timer units is also
+                                affected by the configured timer slack
+                                for PID 1, see
+                                <varname>TimerSlackNSec=</varname>
+                                above.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>DefaultTimeoutStartSec=</varname></term>
+                                <term><varname>DefaultTimeoutStopSec=</varname></term>
+                                <term><varname>DefaultRestartSec=</varname></term>
+
+                                <listitem><para>Configures the default
+                                timeouts for starting and stopping of
+                                units, as well as the default time to
+                                sleep between automatic restarts of
+                                units, as configured per-unit in
+                                <varname>TimeoutStartSec=</varname>,
+                                <varname>TimeoutStopSec=</varname> and
+                                <varname>RestartSec=</varname> (for
+                                services, see
+                                <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details on the per-unit
+                                settings). For non-service units,
+                                <varname>DefaultTimeoutStartSec=</varname>
+                                sets the default
+                                <varname>TimeoutSec=</varname> value.
+                                </para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>DefaultStartLimitInterval=</varname></term>
+                                <term><varname>DefaultStartLimitBurst=</varname></term>
+
+                                <listitem><para>Configure the default
+                                unit start rate limiting, as
+                                configured per-service by
+                                <varname>StartLimitInterval=</varname>
+                                and
+                                <varname>StartLimitBurst=</varname>. See
+                                <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details on the per-service
+                                settings.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>DefaultEnvironment=</varname></term>
+
+                                <listitem><para>Sets manager
+                                environment variables passed to all
+                                executed processes. Takes a
+                                space-separated list of variable
+                                assignments. See
+                                <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+                                for details about environment
+                                variables.</para>
+
+                                <para>Example:
+
+                                <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
+
+                                Sets three variables
+                                <literal>VAR1</literal>,
+                                <literal>VAR2</literal>,
+                                <literal>VAR3</literal>.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>DefaultCPUAccounting=</varname></term>
+                                <term><varname>DefaultBlockIOAccounting=</varname></term>
+                                <term><varname>DefaultMemoryAccounting=</varname></term>
+
+                                <listitem><para>Configure the default
+                                resource accounting settings, as
+                                configured per-unit by
+                                <varname>CPUAccounting=</varname>,
+                                <varname>BlockIOAccounting=</varname>
+                                and
+                                <varname>MemoryAccounting=</varname>. See
+                                <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details on the per-unit
+                                settings.</para></listitem>
+                        </varlistentry>
+
                         <varlistentry>
                                 <term><varname>DefaultLimitCPU=</varname></term>
                                 <term><varname>DefaultLimitFSIZE=</varname></term>
                         <varlistentry>
                                 <term><varname>DefaultLimitCPU=</varname></term>
                                 <term><varname>DefaultLimitFSIZE=</varname></term>
@@ -301,7 +418,11 @@
                   <title>See Also</title>
                   <para>
                           <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                   <title>See Also</title>
                   <para>
                           <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
-                          <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+                          <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
                   </para>
         </refsect1>
 
                   </para>
         </refsect1>
 
Unnamed repository; edit this file 'description' to name the repository.