X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=cbaec9f13b6d022d176872fd3ba970f8d0a8c455;hp=e9af4abd6d565797c3ebef271d91f9cf3d3b04f5;hb=79ca888f5ad026b5b3844c05a80401905e64e2f0;hpb=2134b5ef6b5c944036d051381f4bd7b7e61ef373 diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index e9af4abd6..cbaec9f13 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -250,7 +250,7 @@ processes. Takes a space-separated list of CPU indices. This option may be specified more than once in which - case the specificed CPU affinity masks + case the specified CPU affinity masks are merged. If the empty string is assigned, the mask is reset, all assignments prior to this will have no @@ -708,14 +708,95 @@ LimitNICE= LimitRTPRIO= LimitRTTIME= - These settings control - various resource limits for executed - processes. See + These settings set both + soft and hard limits of various resources for + executed processes. See setrlimit2 for details. Use the string infinity to configure no limit on a specific resource. + + + Limit directives and their equivalent with ulimit + + + + + + + Directive + ulimit equivalent + + + + + LimitCPU + ulimit -t + + + LimitFSIZE + ulimit -f + + + LimitDATA + ulimit -d + + + LimitSTACK + ulimit -s + + + LimitCORE + ulimit -c + + + LimitRSS + ulimit -m + + + LimitNOFILE + ulimit -n + + + LimitAS + ulimit -v + + + LimitNPROC + ulimit -u + + + LimitMEMLOCK + ulimit -l + + + LimitLOCKS + ulimit -x + + + LimitSIGPENDING + ulimit -i + + + LimitMSGQUEUE + ulimit -q + + + LimitNICE + ulimit -e + + + LimitRTPRIO + ulimit -r + + + LimitRTTIME + No equivalent + + + +
@@ -983,13 +1064,14 @@ argument or full. If true, mounts the /usr - directory read-only for processes + and /boot + directories read-only for processes invoked by this unit. If set to full, the - /etc directory is mounted - read-only, too. This setting ensures - that any modification of the vendor - supplied operating system (and + /etc directory is + mounted read-only, too. This setting + ensures that any modification of the + vendor supplied operating system (and optionally its configuration) is prohibited for the service. It is recommended to enable this setting for @@ -1115,7 +1197,7 @@ process. If set, this will override the automated domain transition. However, the policy still - needs to autorize the transition. This + needs to authorize the transition. This directive is ignored if SELinux is disabled. If prefixed by -, all errors will @@ -1137,6 +1219,35 @@ + + SmackProcessLabel= + + Takes a + security + label as argument. The process + executed by the unit will be started + under this label and SMACK will decide + whether the processes is allowed to + run or not based on it. The process + will continue to run under the label + specified here unless the executable + has its own + label, in + which case the process will transition + to run under that label. When not + specified, the label that systemd is + running under is used. This directive + is ignored if SMACK is + disabled. + + The value may be prefixed by + -, in which case + all errors will be ignored. An empty + value may be specified to unset + previous assignments. + + + IgnoreSIGPIPE= @@ -1411,7 +1522,7 @@ $PATH Colon-separated list - of directiories to use when launching + of directories to use when launching executables. Systemd uses a fixed value of /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.