unit: split off KillContext from ExecContext containing only kill definitions

[elogind.git] / man / systemd.exec.xml
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml

index 6bc8bf3e7991a3c649f15f766442f4434273ae8c..e1193d2d55c64288cf106209bb430218035e984b 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -9,16 +9,16 @@
    Copyright 2010 Lennart Poettering
  
    systemd is free software; you can redistribute it and/or modify it
    Copyright 2010 Lennart Poettering
  
    systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU General Public License as published by
-  the Free Software Foundation; either version 2 of the License, or
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
    (at your option) any later version.
  
    systemd is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
    (at your option) any later version.
  
    systemd is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  General Public License for more details.
+  Lesser General Public License for more details.
  
  
-  You should have received a copy of the GNU General Public License
+  You should have received a copy of the GNU Lesser General Public License
    along with systemd; If not, see <http://www.gnu.org/licenses/>.
  -->
  
    along with systemd; If not, see <http://www.gnu.org/licenses/>.
  -->
  
@@ -44,7 +44,7 @@
  
          <refnamediv>
                  <refname>systemd.exec</refname>
  
          <refnamediv>
                  <refname>systemd.exec</refname>
-                <refpurpose>systemd execution environment configuration</refpurpose>
+                <refpurpose>Execution environment configuration</refpurpose>
          </refnamediv>
  
          <refsynopsisdiv>
          </refnamediv>
  
          <refsynopsisdiv>
@@ -89,8 +89,12 @@
  
                                  <listitem><para>Takes an absolute
                                  directory path. Sets the working
  
                                  <listitem><para>Takes an absolute
                                  directory path. Sets the working
-                                directory for executed
-                                processes.</para></listitem>
+                                directory for executed processes. If
+                                not set defaults to the root directory
+                                when systemd is running as a system
+                                instance and the respective user's
+                                home directory if run as
+                                user.</para></listitem>
                          </varlistentry>
  
                          <varlistentry>
                          </varlistentry>
  
                          <varlistentry>
@@ -279,6 +283,11 @@
                                  assignments. Empty lines and lines
                                  starting with ; or # will be ignored,
                                  which may be used for commenting. The
                                  assignments. Empty lines and lines
                                  starting with ; or # will be ignored,
                                  which may be used for commenting. The
+                                parser strips leading and
+                                trailing whitespace from the values
+                                of assignments, unless you use
+                                double quotes (").
+                                The
                                  argument passed should be an absolute
                                  file name, optionally prefixed with
                                  "-", which indicates that if the file
                                  argument passed should be an absolute
                                  file name, optionally prefixed with
                                  "-", which indicates that if the file
@@ -361,8 +370,10 @@
                                  <option>tty</option>,
                                  <option>syslog</option>,
                                  <option>kmsg</option>,
                                  <option>tty</option>,
                                  <option>syslog</option>,
                                  <option>kmsg</option>,
+                                <option>journal</option>,
+                                <option>syslog+console</option>,
                                  <option>kmsg+console</option>,
                                  <option>kmsg+console</option>,
-                                <option>syslog+console</option> or
+                                <option>journal+console</option> or
                                  <option>socket</option>. If set to
                                  <option>inherit</option> the file
                                  descriptor of standard input is
                                  <option>socket</option>. If set to
                                  <option>inherit</option> the file
                                  descriptor of standard input is
@@ -383,11 +394,21 @@
                                  terminal. <option>syslog</option>
                                  connects standard output to the
                                  <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
                                  terminal. <option>syslog</option>
                                  connects standard output to the
                                  <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
-                                system logger. <option>kmsg</option>
+                                system syslog
+                                service. <option>kmsg</option>
                                  connects it with the kernel log buffer
                                  which is accessible via
                                  connects it with the kernel log buffer
                                  which is accessible via
-                                <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>syslog+console</option>
-                                and <option>kmsg+console</option> work
+                                <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>journal</option>
+                                connects it with the journal which is
+                                accessible via
+                                <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+                                (Note that everything that is written
+                                to syslog or kmsg is implicitly stored
+                                in the journal as well, those options
+                                are hence supersets of this
+                                one). <option>syslog+console</option>,
+                                <option>journal+console</option> and
+                                <option>kmsg+console</option> work
                                  similarly but copy the output to the
                                  system console as
                                  well. <option>socket</option> connects
                                  similarly but copy the output to the
                                  system console as
                                  well. <option>socket</option> connects
@@ -395,8 +416,13 @@
                                  socket activation, semantics are
                                  similar to the respective option of
                                  <varname>StandardInput=</varname>.
                                  socket activation, semantics are
                                  similar to the respective option of
                                  <varname>StandardInput=</varname>.
-                                This setting defaults to
-                                <option>inherit</option>.</para></listitem>
+                                This setting defaults to the value set
+                                with
+                                <option>DefaultStandardOutput=</option>
+                                in
+                                <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                                which defaults to
+                                <option>journal</option>.</para></listitem>
                          </varlistentry>
                          <varlistentry>
                                  <term><varname>StandardError=</varname></term>
                          </varlistentry>
                          <varlistentry>
                                  <term><varname>StandardError=</varname></term>
@@ -410,7 +436,11 @@
                                  <option>inherit</option> the file
                                  descriptor used for standard output is
                                  duplicated for standard error. This
                                  <option>inherit</option> the file
                                  descriptor used for standard output is
                                  duplicated for standard error. This
-                                setting defaults to
+                                setting defaults to the value set with
+                                <option>DefaultStandardError=</option>
+                                in
+                                <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                                which defaults to
                                  <option>inherit</option>.</para></listitem>
                          </varlistentry>
                          <varlistentry>
                                  <option>inherit</option>.</para></listitem>
                          </varlistentry>
                          <varlistentry>
@@ -525,7 +555,7 @@
                                  prefixes may be disabled with
                                  <varname>SyslogLevelPrefix=</varname>,
                                  see below. For details see
                                  prefixes may be disabled with
                                  <varname>SyslogLevelPrefix=</varname>,
                                  see below. For details see
-                                <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+                                <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
  
                                  Defaults to
                                  <option>info</option>.</para></listitem>
  
                                  Defaults to
                                  <option>info</option>.</para></listitem>
@@ -547,7 +577,7 @@
                                  these prefixes is disabled and the
                                  logged lines are passed on as-is. For
                                  details about this prefixing see
                                  these prefixes is disabled and the
                                  logged lines are passed on as-is. For
                                  details about this prefixing see
-                                <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+                                <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
                                  Defaults to true.</para></listitem>
                          </varlistentry>
  
                                  Defaults to true.</para></listitem>
                          </varlistentry>
  
@@ -555,16 +585,17 @@
                                  <term><varname>TimerSlackNSec=</varname></term>
                                  <listitem><para>Sets the timer slack
                                  in nanoseconds for the executed
                                  <term><varname>TimerSlackNSec=</varname></term>
                                  <listitem><para>Sets the timer slack
                                  in nanoseconds for the executed
-                                processes. The timer slack controls the
-                                accuracy of wake-ups triggered by
+                                processes. The timer slack controls
+                                the accuracy of wake-ups triggered by
                                  timers. See
                                  <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
                                  for more information. Note that in
                                  contrast to most other time span
                                  definitions this parameter takes an
                                  timers. See
                                  <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
                                  for more information. Note that in
                                  contrast to most other time span
                                  definitions this parameter takes an
-                                integer value in nano-seconds and does
-                                not understand any other
-                                units.</para></listitem>
+                                integer value in nano-seconds if no
+                                unit is specified. The usual time
+                                units are understood
+                                too.</para></listitem>
                          </varlistentry>
  
                          <varlistentry>
                          </varlistentry>
  
                          <varlistentry>
@@ -619,14 +650,19 @@
                                  conjunction with socket-activated
                                  services, and stream sockets (TCP) in
                                  particular. It has no effect on other
                                  conjunction with socket-activated
                                  services, and stream sockets (TCP) in
                                  particular. It has no effect on other
-                                socket types (e.g. datagram/UDP) and on processes
-                                unrelated to socket-based
+                                socket types (e.g. datagram/UDP) and
+                                on processes unrelated to socket-based
                                  activation. If the tcpwrap
                                  verification fails daemon start-up
                                  will fail and the connection is
                                  terminated. See
                                  <citerefentry><refentrytitle>tcpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
                                  activation. If the tcpwrap
                                  verification fails daemon start-up
                                  will fail and the connection is
                                  terminated. See
                                  <citerefentry><refentrytitle>tcpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-                                for details.</para></listitem>
+                                for details. Note that this option may
+                                be used to do access control checks
+                                only. Shell commands and commands
+                                described in
+                                <citerefentry><refentrytitle>hosts_options</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                are not supported.</para></listitem>
                          </varlistentry>
  
                          <varlistentry>
                          </varlistentry>
  
                          <varlistentry>
@@ -647,17 +683,17 @@
                                  is prefixed with ~ all but the listed
                                  capabilities will be included, the
                                  effect of the assignment
                                  is prefixed with ~ all but the listed
                                  capabilities will be included, the
                                  effect of the assignment
-                                inverted. Note that this option does
-                                not actually set or unset any
-                                capabilities in the effective,
-                                permitted or inherited capability
-                                sets. That's what
-                                <varname>Capabilities=</varname> is
-                                for. If this option is not used the
+                                inverted. Note that this option also
+                                effects the respective capabilities in
+                                the effective, permitted and
+                                inheritable capability sets, on top of
+                                what <varname>Capabilities=</varname>
+                                does. If this option is not used the
                                  capability bounding set is not
                                  modified on process execution, hence
                                  no limits on the capabilities of the
                                  capability bounding set is not
                                  modified on process execution, hence
                                  no limits on the capabilities of the
-                                process are enforced.</para></listitem>
+                                process are
+                                enforced.</para></listitem>
                          </varlistentry>
  
                          <varlistentry>
                          </varlistentry>
  
                          <varlistentry>
@@ -670,8 +706,8 @@
                                  <option>keep-caps-locked</option>,
                                  <option>no-setuid-fixup</option>,
                                  <option>no-setuid-fixup-locked</option>,
                                  <option>keep-caps-locked</option>,
                                  <option>no-setuid-fixup</option>,
                                  <option>no-setuid-fixup-locked</option>,
-                                <option>no-setuid-noroot</option> and/or
-                                <option>no-setuid-noroot-locked</option>.
+                                <option>noroot</option> and/or
+                                <option>noroot-locked</option>.
                                  </para></listitem>
                          </varlistentry>
  
                                  </para></listitem>
                          </varlistentry>
  
@@ -750,6 +786,21 @@
                                  the group.</para></listitem>
                          </varlistentry>
  
                                  the group.</para></listitem>
                          </varlistentry>
  
+                        <varlistentry>
+                                <term><varname>ControlGroupPersistent=</varname></term>
+                                <listitem><para>Takes a boolean
+                                argument. If true, the control groups
+                                created for this unit will be marked
+                                to be persistent, i.e. systemd will
+                                not remove them when stopping the
+                                unit. The default is false, meaning
+                                that the control groups will be
+                                removed when the unit is stopped. For
+                                details about the semantics of this
+                                logic see <ulink
+                                url="http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups">PaxControlGroups</ulink>.</para></listitem>
+                        </varlistentry>
+
                          <varlistentry>
                                  <term><varname>ControlGroupAttribute=</varname></term>
  
                          <varlistentry>
                                  <term><varname>ControlGroupAttribute=</varname></term>
  
@@ -859,10 +910,15 @@
                                  processes. Takes either a single
                                  weight value (between 10 and 1000) to
                                  set the default block IO weight, or a
                                  processes. Takes either a single
                                  weight value (between 10 and 1000) to
                                  set the default block IO weight, or a
-                                space separated pair of a device node
-                                path and a weight value to specify the
+                                space separated pair of a file path
+                                and a weight value to specify the
                                  device specific weight value (Example:
                                  device specific weight value (Example:
-                                "/dev/sda 500"). This controls the
+                                "/dev/sda 500"). The file path may be
+                                specified as path to a block device
+                                node or as any other file in which
+                                case the backing block device of the
+                                file system of the file is
+                                determined. This controls the
                                  <literal>blkio.weight</literal> and
                                  <literal>blkio.weight_device</literal>
                                  control group attributes, which
                                  <literal>blkio.weight</literal> and
                                  <literal>blkio.weight_device</literal>
                                  control group attributes, which
@@ -879,22 +935,27 @@
                                  <term><varname>BlockIOWriteBandwidth=</varname></term>
  
                                  <listitem><para>Set the per-device
                                  <term><varname>BlockIOWriteBandwidth=</varname></term>
  
                                  <listitem><para>Set the per-device
-                                overall block IO bandwith limit for the
-                                executed processes. Takes a space
-                                separated pair of a device node path
-                                and a bandwith value (in bytes per
-                                second) to specify the device specific
-                                bandwidth. If the bandwith is suffixed
-                                with K, M, G, or T the specified
-                                bandwith is parsed as Kilobytes,
-                                Megabytes, Gigabytes, resp. Terabytes
-                                (Example: "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This
-                                controls the
+                                overall block IO bandwidth limit for
+                                the executed processes. Takes a space
+                                separated pair of a file path and a
+                                bandwidth value (in bytes per second)
+                                to specify the device specific
+                                bandwidth. The file path may be
+                                specified as path to a block device
+                                node or as any other file in which
+                                case the backing block device of the
+                                file system of the file is determined.
+                                If the bandwidth is suffixed with K, M,
+                                G, or T the specified bandwidth is
+                                parsed as Kilobytes, Megabytes,
+                                Gigabytes, resp. Terabytes (Example:
+                                "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
+                                5M"). This controls the
                                  <literal>blkio.read_bps_device</literal>
                                  and
                                  <literal>blkio.write_bps_device</literal>
                                  control group attributes. Use this
                                  <literal>blkio.read_bps_device</literal>
                                  and
                                  <literal>blkio.write_bps_device</literal>
                                  control group attributes. Use this
-                                option multiple times to set bandwith
+                                option multiple times to set bandwidth
                                  limits for multiple devices. For
                                  details about these control group
                                  attributes see <ulink
                                  limits for multiple devices. For
                                  details about these control group
                                  attributes see <ulink
@@ -1019,6 +1080,65 @@
                                  this service.</para></listitem>
                          </varlistentry>
  
                                  this service.</para></listitem>
                          </varlistentry>
  
+                        <varlistentry>
+                                <term><varname>IgnoreSIGPIPE=</varname></term>
+
+                                <listitem><para>Takes a boolean
+                                argument. If true causes SIGPIPE to be
+                                ignored in the executed
+                                process. Defaults to true, since
+                                SIGPIPE generally is useful only in
+                                shell pipelines.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>NoNewPrivileges=</varname></term>
+
+                                <listitem><para>Takes a boolean
+                                argument. If true ensures that the
+                                service process and all its children
+                                can never gain new privileges. This
+                                option is more powerful than the respective
+                                secure bits flags (see above), as it
+                                also prohibits UID changes of any
+                                kind. This is the simplest, most
+                                effective way to ensure that a process
+                                and its children can never elevate
+                                privileges again.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>SystemCallFilter=</varname></term>
+
+                                <listitem><para>Takes a space
+                                separated list of system call
+                                names. If this setting is used all
+                                system calls executed by the unit
+                                process except for the listed ones
+                                will result in immediate process
+                                termination with the SIGSYS signal
+                                (whitelisting). If the first character
+                                of the list is <literal>~</literal>
+                                the effect is inverted: only the
+                                listed system calls will result in
+                                immediate process termination
+                                (blacklisting). If this option is used
+                                <varname>NoNewPrivileges=yes</varname>
+                                is implied. This feature makes use of
+                                the Secure Computing Mode 2 interfaces
+                                of the kernel ('seccomp filtering')
+                                and is useful for enforcing a minimal
+                                sandboxing environment. Note that the
+                                <function>execve</function>,
+                                <function>rt_sigreturn</function>,
+                                <function>sigreturn</function>,
+                                <function>exit_group</function>,
+                                <function>exit</function> system calls
+                                are implicitly whitelisted and don't
+                                need to be listed
+                                explicitly.</para></listitem>
+                        </varlistentry>
+
                  </variablelist>
          </refsect1>
  
                  </variablelist>
          </refsect1>
  
@@ -1027,11 +1147,13 @@
                    <para>
                            <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                            <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
                    <para>
                            <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                            <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
                            <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                            <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                            <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                            <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                            <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                            <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                            <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                            <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
-                          <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                          <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                    </para>
          </refsect1>
  
                    </para>
          </refsect1>