X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=99a91b3dfacc4a01253e6b763071baafd7f8f357;hp=6502d87b4ad48d29d2750c1e8cfe4a0e3bbff660;hb=260d370833ba5449f77d4184a8eb80e5501be900;hpb=74922904348e53a992af63c581d4ccd3317ccce0
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 6502d87b4..99a91b3df 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -50,29 +50,32 @@
systemd.service,
systemd.socket,
- systemd.mount
+ systemd.mount,
+ systemd.swapDescription
- Unit configuration files for services, sockets
- and mount points share a subset of configuration
- options which define the execution environment of
- spawned processes.
+ Unit configuration files for services, sockets,
+ mount points and swap devices share a subset of
+ configuration options which define the execution
+ environment of spawned processes.This man page lists the configuration options
- shared by these three unit types. See
+ shared by these four unit types. See
systemd.unit5
for the common options of all unit configuration
files, and
- systemd.service5, systemd.socket5
+ systemd.service5,
+ systemd.socket5,
+ systemd.swap5
and
systemd.mount5
for more information on the specific unit
configuration files. The execution specific
configuration options are configured in the [Service],
- [Socket] resp. [Mount] section, depending on the unit
+ [Socket], [Mount] resp. [Swap] section, depending on the unit
type.
@@ -122,12 +125,12 @@
Sets the supplementary
Unix groups the processes are executed
- as. This takes a space seperated list
+ as. This takes a space separated list
of group names or IDs. This option may
be specified more than once in which
case all listed groups are set as
supplementary groups. This option does
- not override but extend the list of
+ not override but extends the list of
supplementary groups configured in the
system group database for the
user.
@@ -146,13 +149,13 @@
- OOMAdjust=
+ OOMScoreAdjust=Sets the adjustment
level for the Out-Of-Memory killer for
executed processes. Takes an integer
- between -17 (to disable OOM killing
- for this process) and 15 (to make
+ between -1000 (to disable OOM killing
+ for this process) and 1000 (to make
killing of this process under memory
pressure very likely). See proc.txt
@@ -234,7 +237,7 @@
Controls the CPU
affinity of the executed
- processes. Takes a space-seperated
+ processes. Takes a space-separated
list of CPU indexes. See
sched_setaffinity2
for details.
@@ -248,7 +251,7 @@
octal notation. See
umask2
for details. Defaults to
- 0002.
+ 0022.
@@ -256,7 +259,7 @@
Sets environment
variables for executed
- processes. Takes a space-seperated
+ processes. Takes a space-separated
list of variable assignments. This
option may be specified more than once
in which case all listed variables
@@ -272,11 +275,26 @@
Environment= but
reads the environment variables from a
text file. The text file should
- contain new-line seperated variable
+ contain new-line separated variable
assignments. Empty lines and lines
starting with ; or # will be ignored,
- which may be used for
- commenting.
+ which may be used for commenting. The
+ argument passed should be an absolute
+ file name, optionally prefixed with
+ "-", which indicates that if the file
+ does not exist it won't be read and no
+ error or warning message is
+ logged. The files listed with this
+ directive will be read shortly before
+ the process is executed. Settings from
+ these files override settings made
+ with
+ Environment=. If
+ the same variable is set twice from
+ these files the files will be read in
+ the order they are specified and the
+ later setting will override the
+ earlier setting.
@@ -301,10 +319,11 @@
below) and the executed process
becomes the controlling process of the
terminal. If the terminal is already
- being controlled by another process it
- is waited until that process releases
- the
- terminal.
+ being controlled by another process the
+ executed process waits until the current
+ controlling process releases the
+ terminal.
+
is similar to ,
but the executed process is forcefully
and immediately made the controlling
@@ -341,7 +360,9 @@
,
,
,
- or
+ ,
+ ,
+ or
. If set to
the file
descriptor of standard input is
@@ -365,23 +386,27 @@
system logger.
connects it with the kernel log buffer
which is accessible via
- dmesg1.
- connects standard output to a socket
- from socket activation, semantics are
+ dmesg1.
+ and work
+ similarly but copy the output to the
+ system console as
+ well. connects
+ standard output to a socket from
+ socket activation, semantics are
similar to the respective option of
StandardInput=.
This setting defaults to
.
- StandardOutput=
+ StandardError=Controls where file
descriptor 2 (STDERR) of the executed
processes is connected to. The
available options are identical to
those of
- StandardError=,
- whith one exception: if set to
+ StandardOutput=,
+ with one exception: if set to
the file
descriptor used for standard output is
duplicated for standard error. This
@@ -397,7 +422,37 @@
/dev/console.
- SyslogIdentifer=
+ TTYReset=
+ Reset the terminal
+ device specified with
+ TTYPath= before and
+ after execution. Defaults to
+ no.
+
+
+ TTYVHangup=
+ Disconnect all clients
+ which have opened the terminal device
+ specified with
+ TTYPath=
+ before and after execution. Defaults
+ to
+ no.
+
+
+ TTYVTDisallocate=
+ If the the terminal
+ device specified with
+ TTYPath= is a
+ virtual console terminal try to
+ deallocate the TTY before and after
+ execution. This ensures that the
+ screen and scrollback buffer is
+ cleared. Defaults to
+ no.
+
+
+ SyslogIdentifier=Sets the process name
to prefix log lines sent to syslog or
the kernel log buffer with. If not set
@@ -500,15 +555,15 @@
TimerSlackNSec=Sets the timer slack
in nanoseconds for the executed
- processes The timer slack controls the
+ processes. The timer slack controls the
accuracy of wake-ups triggered by
timers. See
prctl2
for more information. Note that in
contrast to most other time span
- definitions this value is takes a
- nano-seconds integer and does not
- understand any other
+ definitions this parameter takes an
+ integer value in nano-seconds and does
+ not understand any other
units.
@@ -533,7 +588,10 @@
various resource limits for executed
processes. See
setrlimit2
- for details.
+ for details. Use the string
+ infinity to
+ configure no limit on a specific
+ resource.
@@ -572,16 +630,46 @@
- Capabilities=
- Controls the
+ ControlGroupModify=
+ Takes a boolean
+ argument. If true, the control groups
+ created for this unit will be owned by
+ ther user specified with
+ User= (and the
+ configured group), and he can create
+ subgroups as well as add processes to
+ the group.
+
+
+
+ CapabilityBoundingSet=
+
+ Controls which
+ capabilities to include in the
+ capability bounding set for the
+ executed process. See
capabilities7
- set for the executed process. Take a
- capability string as described in
- cap_from_text3.
- Note that this capability set is
- usually influenced by the capabilities
- attached to the executed
- file.
+ for details. Takes a whitespace
+ separated list of capability names as
+ read by
+ cap_from_name3.
+ Capabilities listed will be included
+ in the bounding set, all others are
+ removed. If the list of capabilities
+ is prefixed with ~ all but the listed
+ capabilities will be included, the
+ effect of the assignment
+ inverted. Note that this option does
+ not actually set or unset any
+ capabilities in the effective,
+ permitted or inherited capability
+ sets. That's what
+ Capabilities= is
+ for. If this option is not used the
+ capability bounding set is not
+ modified on process execution, hence
+ no limits on the capabilities of the
+ process are enforced.
@@ -600,16 +688,21 @@
- CapabilityBoundingSetDrop=
-
+ Capabilities=Controls the
- capability bounding set drop set for
- the executed process. See
capabilities7
- for details. Takes a list of
- capability names as read by
- cap_from_name3.
-
+ set for the executed process. Take a
+ capability string describing the
+ effective, permitted and inherited
+ capability sets as documented in
+ cap_from_text3.
+ Note that these capability sets are
+ usually influenced by the capabilities
+ attached to the executed file. Due to
+ that
+ CapabilityBoundingSet=
+ is probably the much more useful
+ setting.
@@ -617,8 +710,8 @@
Controls the control
groups the executed processes shall be
- made member of. Takes a
- space-seperated list of cgroup
+ made members of. Takes a
+ space-separated list of cgroup
identifiers. A cgroup identifier has a
format like
cpu:/foo/bar,
@@ -634,10 +727,10 @@
path for this unit is implied. This
option may be used to place executed
processes in arbitrary groups in
- arbitrary hierachies -- which can be
+ arbitrary hierarchies -- which can be
configured externally with additional execution limits. By default
systemd will place all executed
- processes in seperate per-unit control
+ processes in separate per-unit control
groups (named after the unit) in the
systemd named hierarchy. Since every
process can be in one group per
@@ -660,7 +753,7 @@
to limit access a process might have
to the main file-system
hierarchy. Each setting takes a
- space-seperated list of absolute
+ space-separated list of absolute
directory paths. Directories listed in
ReadWriteDirectories=
are accessible from within the
@@ -672,12 +765,12 @@
usual file access controls would
permit this. Directories listed in
InaccessibleDirectories=
- will be made inaccesible for processes
+ will be made inaccessible for processes
inside the namespace. Note that
restricting access with these options
does not extend to submounts of a
directory. You must list submounts
- seperately in these setttings to
+ separately in these settings to
ensure the same limited access. These
options may be specified more than
once in which case all directories
@@ -728,17 +821,39 @@
it.
+
+ UtmpIdentifier=
+
+ Takes a a four
+ character identifier string for an
+ utmp/wtmp entry for this service. This
+ should only be set for services such
+ as getty
+ implementations where utmp/wtmp
+ entries must be created and cleared
+ before and after execution. If the
+ configured string is longer than four
+ characters it is truncated and the
+ terminal four characters are
+ used. This setting interprets %I style
+ string replacements. This setting is
+ unset by default, i.e. no utmp/wtmp
+ entries are created or cleaned up for
+ this service.
+
+
See Also
- systemd8,
+ systemd1,
systemctl8,
systemd.unit5,
systemd.service5,
systemd.socket5,
+ systemd.swap5,
systemd.mount5