otherwise <filename>user.conf</filename>. These
configuration files contain a few settings controlling
basic manager operations.</para>
-
</refsect1>
<refsect1>
<listitem><para>Configures the initial
CPU affinity for the init
process. Takes a space-separated list
- of CPU indexes.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>DefaultControllers=cpu</varname></term>
-
- <listitem><para>Configures in which
- control group hierarchies to create
- per-service cgroups automatically, in
- addition to the
- <literal>name=systemd</literal> named
- hierarchy. Defaults to
- <literal>cpu</literal>. Takes a
- space-separated list of controller
- names. Pass the empty string to ensure
- that systemd does not touch any
- hierarchies but its own.</para>
-
- <para>Note that the default value of
- 'cpu' will make realtime scheduling
- unavailable to system services. See
- <ulink
- url="http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime">My
- Service Can't Get Realtime!</ulink>
- for more
- information.</para></listitem>
+ of CPU indices.</para></listitem>
</varlistentry>
<varlistentry>
- <term><varname>JoinControllers=cpu,cpuacct,cpuset net_cls,netprio</varname></term>
+ <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
<listitem><para>Configures controllers
that shall be mounted in a single
- hierarchy. By default systemd will
+ hierarchy. By default, systemd will
mount all controllers which are
enabled in the kernel in individual
hierarchies, with the exception of
necessary to rebuild the initrd if
this option is changed, and make sure
the new configuration file is included
- in it. Otherwise the initrd might
+ in it. Otherwise, the initrd might
mount the controller hierarchies in a
different configuration than intended,
and the main system cannot remount
<literal>d</literal>,
<literal>w</literal>). If
<varname>RuntimeWatchdogSec=</varname>
- is set to a non-zero value the
+ is set to a non-zero value, the
watchdog hardware
(<filename>/dev/watchdog</filename>)
will be programmed to automatically
Capabilities listed will be included
in the bounding set, all others are
removed. If the list of capabilities
- is prefixed with ~ all but the listed
+ is prefixed with ~, all but the listed
capabilities will be included, the
effect of the assignment
inverted. Note that this option also
are lost for good.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>SystemCallArchitectures=</varname></term>
+
+ <listitem><para>Takes a
+ space-separated list of architecture
+ identifiers. Selects from which
+ architectures system calls may be
+ invoked on this system. This may be
+ used as an effective way to disable
+ invocation of non-native binaries
+ system-wide, for example to prohibit
+ execution of 32-bit x86 binaries on
+ 64-bit x86-64 systems. This option
+ operates system-wide, and acts
+ similar to the
+ <varname>SystemCallArchitectures=</varname>
+ setting of unit files, see
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details. This setting defaults to
+ the empty list, in which case no
+ filtering of system calls based on
+ architecture is applied. Known
+ architecture identifiers are
+ <literal>x86</literal>,
+ <literal>x86-64</literal>,
+ <literal>x32</literal>,
+ <literal>arm</literal> and the special
+ identifier
+ <literal>native</literal>. The latter
+ implicitly maps to the native
+ architecture of the system (or more
+ specifically, the architecture the
+ system manager was compiled for). Set
+ this setting to
+ <literal>native</literal> to prohibit
+ execution of any non-native
+ binaries. When a binary executes a
+ system call of an architecture that is
+ not listed in this setting, it will be
+ immediately terminated with the SIGSYS
+ signal.</para></listitem>
+ </varlistentry>
+
+
<varlistentry>
<term><varname>TimerSlackNSec=</varname></term>
too.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>DefaultTimeoutStartSec=</varname></term>
+ <term><varname>DefaultTimeoutStopSec=</varname></term>
+ <term><varname>DefaultRestartSec=</varname></term>
+
+ <listitem><para>Configures the default
+ timeouts for starting and stopping of
+ units, as well as the default time to
+ sleep between automatic restarts of
+ units, as configured per-unit in
+ <varname>TimeoutStartSec=</varname>,
+ <varname>TimeoutStopSec=</varname> and
+ <varname>RestartSec=</varname> (for
+ service units, see
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details on the per-unit
+ settings). For non-service units,
+ <varname>DefaultTimeoutStartSec=</varname>
+ sets the default
+ <varname>TimeoutSec=</varname> value.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>DefaultStartLimitInterval=</varname></term>
+ <term><varname>DefaultStartLimitBurst=</varname></term>
+
+ <listitem><para>Configure the default start rate
+ limiting, as configured per-service by
+ <varname>StartLimitInterval=</varname> and
+ <varname>StartLimitBurst=</varname>. See
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details on the per-service
+ settings).
+ </para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>DefaultEnvironment=</varname></term>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
</refsect1>
~ianmdlvl / elogind.git / blobdiff