chiark / gitweb /
core: add a setting to globally control the default for timer unit accuracy
[elogind.git] / man / systemd-system.conf.xml
index a67b158..e2b2bd8 100644 (file)
@@ -61,7 +61,6 @@
                 otherwise <filename>user.conf</filename>. These
                 configuration files contain a few settings controlling
                 basic manager operations.</para>
-
         </refsect1>
 
         <refsect1>
                                 <listitem><para>Configures the initial
                                 CPU affinity for the init
                                 process. Takes a space-separated list
-                                of CPU indexes.</para></listitem>
-                        </varlistentry>
-
-                        <varlistentry>
-                                <term><varname>DefaultControllers=cpu</varname></term>
-
-                                <listitem><para>Configures in which
-                                control group hierarchies to create
-                                per-service cgroups automatically, in
-                                addition to the
-                                <literal>name=systemd</literal> named
-                                hierarchy. Defaults to
-                                <literal>cpu</literal>. Takes a
-                                space-separated list of controller
-                                names. Pass the empty string to ensure
-                                that systemd does not touch any
-                                hierarchies but its own.</para>
-
-                                <para>Note that the default value of
-                                'cpu' will make realtime scheduling
-                                unavailable to system services. See
-                                <ulink
-                                url="http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime">My
-                                Service Can't Get Realtime!</ulink>
-                                for more
-                                information.</para></listitem>
+                                of CPU indices.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
-                                <term><varname>JoinControllers=cpu,cpuacct,cpuset net_cls,netprio</varname></term>
+                                <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
 
                                 <listitem><para>Configures controllers
                                 that shall be mounted in a single
-                                hierarchy. By default systemd will
+                                hierarchy. By default, systemd will
                                 mount all controllers which are
                                 enabled in the kernel in individual
                                 hierarchies, with the exception of
                                 necessary to rebuild the initrd if
                                 this option is changed, and make sure
                                 the new configuration file is included
-                                in it. Otherwise the initrd might
+                                in it. Otherwise, the initrd might
                                 mount the controller hierarchies in a
                                 different configuration than intended,
                                 and the main system cannot remount
                                 <literal>d</literal>,
                                 <literal>w</literal>). If
                                 <varname>RuntimeWatchdogSec=</varname>
-                                is set to a non-zero value the
+                                is set to a non-zero value, the
                                 watchdog hardware
                                 (<filename>/dev/watchdog</filename>)
                                 will be programmed to automatically
                                 Capabilities listed will be included
                                 in the bounding set, all others are
                                 removed. If the list of capabilities
-                                is prefixed with ~ all but the listed
+                                is prefixed with ~, all but the listed
                                 capabilities will be included, the
                                 effect of the assignment
                                 inverted. Note that this option also
                         </varlistentry>
 
                         <varlistentry>
+                                <term><varname>SystemCallArchitectures=</varname></term>
+
+                                <listitem><para>Takes a
+                                space-separated list of architecture
+                                identifiers. Selects from which
+                                architectures system calls may be
+                                invoked on this system. This may be
+                                used as an effective way to disable
+                                invocation of non-native binaries
+                                system-wide, for example to prohibit
+                                execution of 32-bit x86 binaries on
+                                64-bit x86-64 systems. This option
+                                operates system-wide, and acts
+                                similar to the
+                                <varname>SystemCallArchitectures=</varname>
+                                setting of unit files, see
+                                <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details. This setting defaults to
+                                the empty list, in which case no
+                                filtering of system calls based on
+                                architecture is applied. Known
+                                architecture identifiers are
+                                <literal>x86</literal>,
+                                <literal>x86-64</literal>,
+                                <literal>x32</literal>,
+                                <literal>arm</literal> and the special
+                                identifier
+                                <literal>native</literal>. The latter
+                                implicitly maps to the native
+                                architecture of the system (or more
+                                specifically, the architecture the
+                                system manager was compiled for). Set
+                                this setting to
+                                <literal>native</literal> to prohibit
+                                execution of any non-native
+                                binaries. When a binary executes a
+                                system call of an architecture that is
+                                not listed in this setting, it will be
+                                immediately terminated with the SIGSYS
+                                signal.</para></listitem>
+                        </varlistentry>
+
+
+                        <varlistentry>
                                 <term><varname>TimerSlackNSec=</varname></term>
 
                                 <listitem><para>Sets the timer slack
-                                in nanoseconds for PID 1 which is then
-                                inherited to all executed processes,
+                                in nanoseconds for PID 1, which is
+                                inherited by all executed processes,
                                 unless overridden individually, for
                                 example with the
                                 <varname>TimerSlackNSec=</varname>
                                 see
                                 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
                                 timer slack controls the accuracy of
-                                wake-ups triggered by timers. See
+                                wake-ups triggered by system
+                                timers. See
                                 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
                                 for more information. Note that in
                                 contrast to most other time span
                         </varlistentry>
 
                         <varlistentry>
+                                <term><varname>DefaultTimerAccuracySec=</varname></term>
+
+                                <listitem><para>Sets the default
+                                accuracy of timer units. This controls
+                                the global default for the
+                                <varname>AccuracySec=</varname>
+                                setting of timer units, see
+                                <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for
+                                details. <varname>AccuracySec=</varname>
+                                set in individual units override the
+                                global default for the specific
+                                unit. Defaults to 1min. Note that the
+                                accuracy of timer units is also
+                                affected by the configured timer slack
+                                for PID 1, see
+                                <varname>TimerSlackNSec=</varname>
+                                above.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>DefaultTimeoutStartSec=</varname></term>
+                                <term><varname>DefaultTimeoutStopSec=</varname></term>
+                                <term><varname>DefaultRestartSec=</varname></term>
+
+                                <listitem><para>Configures the default
+                                timeouts for starting and stopping of
+                                units, as well as the default time to
+                                sleep between automatic restarts of
+                                units, as configured per-unit in
+                                <varname>TimeoutStartSec=</varname>,
+                                <varname>TimeoutStopSec=</varname> and
+                                <varname>RestartSec=</varname> (for
+                                services, see
+                                <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details on the per-unit
+                                settings). For non-service units,
+                                <varname>DefaultTimeoutStartSec=</varname>
+                                sets the default
+                                <varname>TimeoutSec=</varname> value.
+                                </para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>DefaultStartLimitInterval=</varname></term>
+                                <term><varname>DefaultStartLimitBurst=</varname></term>
+
+                                <listitem><para>Configure the default
+                                unit start rate limiting, as
+                                configured per-service by
+                                <varname>StartLimitInterval=</varname>
+                                and
+                                <varname>StartLimitBurst=</varname>. See
+                                <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details on the per-service
+                                settings.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
                                 <term><varname>DefaultEnvironment=</varname></term>
 
                                 <listitem><para>Sets manager
                         </varlistentry>
 
                         <varlistentry>
+                                <term><varname>DefaultCPUAccounting=</varname></term>
+                                <term><varname>DefaultBlockIOAccounting=</varname></term>
+                                <term><varname>DefaultMemoryAccounting=</varname></term>
+
+                                <listitem><para>Configure the default
+                                resource accounting settings, as
+                                configured per-unit by
+                                <varname>CPUAccounting=</varname>,
+                                <varname>BlockIOAccounting=</varname>
+                                and
+                                <varname>MemoryAccounting=</varname>. See
+                                <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details on the per-unit
+                                settings.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
                                 <term><varname>DefaultLimitCPU=</varname></term>
                                 <term><varname>DefaultLimitFSIZE=</varname></term>
                                 <term><varname>DefaultLimitDATA=</varname></term>
                   <para>
                           <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                           <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
-                          <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+                          <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
                   </para>
         </refsect1>