X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=b338899d81f7bc0665dba7350e747ebab7638bb4;hp=cfcf996dab8e9d7b1661a60f61b3fdb762248d1b;hb=9b15b7846d4de01bb5d9700a24077787e984e8ab;hpb=79c1afc67f973eaece8f1b7016e016bb33c256a7 diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index cfcf996da..b338899d8 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -250,7 +250,7 @@ processes. Takes a space-separated list of CPU indices. This option may be specified more than once in which - case the specificed CPU affinity masks + case the specified CPU affinity masks are merged. If the empty string is assigned, the mask is reset, all assignments prior to this will have no @@ -572,15 +572,19 @@ SyslogIdentifier= Sets the process name - to prefix log lines sent to syslog or - the kernel log buffer with. If not set, - defaults to the process name of the - executed process. This option is only - useful when + to prefix log lines sent to the + logging system or the kernel log + buffer with. If not set, defaults to + the process name of the executed + process. This option is only useful + when StandardOutput= or StandardError= are - set to or - . + set to , + or + (or to the same + settings in combination with + ). SyslogFacility= @@ -704,14 +708,95 @@ LimitNICE= LimitRTPRIO= LimitRTTIME= - These settings control - various resource limits for executed - processes. See + These settings set both + soft and hard limits of various resources for + executed processes. See setrlimit2 for details. Use the string infinity to configure no limit on a specific resource. + + + Limit directives and their equivalent with ulimit + + + + + + + Directive + ulimit equivalent + + + + + LimitCPU + ulimit -t + + + LimitFSIZE + ulimit -f + + + LimitDATA + ulimit -d + + + LimitSTACK + ulimit -s + + + LimitCORE + ulimit -c + + + LimitRSS + ulimit -m + + + LimitNOFILE + ulimit -n + + + LimitAS + ulimit -v + + + LimitNPROC + ulimit -u + + + LimitMEMLOCK + ulimit -l + + + LimitLOCKS + ulimit -x + + + LimitSIGPENDING + ulimit -i + + + LimitMSGQUEUE + ulimit -q + + + LimitNICE + ulimit -e + + + LimitRTPRIO + ulimit -r + + + LimitRTTIME + No equivalent + + + +
@@ -776,20 +861,22 @@ SecureBits= Controls the secure - bits set for the executed process. See - capabilities7 - for details. Takes a list of strings: + bits set for the executed process. + Takes a space-separated combination of + options from the following list: , , , , - and/or + , and . This option may appear more than once in - which case the secure bits are - ORed. If the empty string is assigned - to this option, the bits are reset to - 0. + which case the secure bits are ORed. + If the empty string is assigned to + this option, the bits are reset to 0. + See capabilities7 + for details. @@ -806,7 +893,7 @@ attached to the executed file. Due to that CapabilityBoundingSet= - is probably the much more useful + is probably a much more useful setting. @@ -1013,7 +1100,7 @@ made inaccessible and empty for processes invoked by this unit. If set to read-only, the - two directores are made read-only + two directories are made read-only instead. It is recommended to enable this setting for all long-running services (in particular network-facing @@ -1059,7 +1146,7 @@ namespace. Note that means that file systems mounted on the host might stay - mounted continously in the unit's + mounted continuously in the unit's namespace, and thus keep the device busy. Note that the file system namespace related options @@ -1109,7 +1196,7 @@ process. If set, this will override the automated domain transition. However, the policy still - needs to autorize the transition. This + needs to authorize the transition. This directive is ignored if SELinux is disabled. If prefixed by -, all errors will @@ -1131,6 +1218,35 @@ + + SmackProcessLabel= + + Takes a + security + label as argument. The process + executed by the unit will be started + under this label and SMACK will decide + whether the processes is allowed to + run or not based on it. The process + will continue to run under the label + specified here unless the executable + has its own + label, in + which case the process will transition + to run under that label. When not + specified, the label that systemd is + running under is used. This directive + is ignored if SMACK is + disabled. + + The value may be prefixed by + -, in which case + all errors will be ignored. An empty + value may be specified to unset + previous assignments. + + + IgnoreSIGPIPE= @@ -1405,7 +1521,7 @@ $PATH Colon-separated list - of directiories to use when launching + of directories to use when launching executables. Systemd uses a fixed value of /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin. @@ -1533,7 +1649,7 @@ See Also systemd1, - systemctl8, + systemctl1, journalctl8, systemd.unit5, systemd.service5,