X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=d28417da1c5e4c0afc7a65bfaf0978375a87389c;hp=835ee8153108410ccf8c3fef6d32671746122ee9;hb=ff01d048b4c1455241c894cf7982662c9d28fd34;hpb=2292707df5dda00662d0b4905c14aa4fa8d1f1fa diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 835ee8153..d28417da1 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -57,13 +57,13 @@ Description - Unit configuration files for services, sockets + Unit configuration files for services, sockets, mount points and swap devices share a subset of configuration options which define the execution environment of spawned processes. This man page lists the configuration options - shared by these three unit types. See + shared by these four unit types. See systemd.unit5 for the common options of all unit configuration files, and @@ -251,7 +251,7 @@ octal notation. See umask2 for details. Defaults to - 0002. + 0022. @@ -284,7 +284,17 @@ "-", which indicates that if the file does not exist it won't be read and no error or warning message is - logged. + logged. The files listed with this + directive will be read shortly before + the process is executed. Settings from + these files override settings made + with + Environment=. If + the same variable is set twice from + these files the files will be read in + the order they are specified and the + later setting will override the + earlier setting. @@ -350,7 +360,9 @@ , , , - or + , + , + or . If set to the file descriptor of standard input is @@ -374,9 +386,13 @@ system logger. connects it with the kernel log buffer which is accessible via - dmesg1. - connects standard output to a socket - from socket activation, semantics are + dmesg1. + and work + similarly but copy the output to the + system console as + well. connects + standard output to a socket from + socket activation, semantics are similar to the respective option of StandardInput=. This setting defaults to @@ -406,7 +422,37 @@ /dev/console. - SyslogIdentifer= + TTYReset= + Reset the terminal + device specified with + TTYPath= before and + after execution. Defaults to + no. + + + TTYVHangup= + Disconnect all clients + which have opened the terminal device + specified with + TTYPath= + before and after execution. Defaults + to + no. + + + TTYVTDisallocate= + If the the terminal + device specified with + TTYPath= is a + virtual console terminal try to + deallocate the TTY before and after + execution. This ensures that the + screen and scrollback buffer is + cleared. Defaults to + no. + + + SyslogIdentifier= Sets the process name to prefix log lines sent to syslog or the kernel log buffer with. If not set @@ -542,7 +588,10 @@ various resource limits for executed processes. See setrlimit2 - for details. + for details. Use the string + infinity to + configure no limit on a specific + resource. @@ -581,16 +630,46 @@ - Capabilities= - Controls the + ControlGroupModify= + Takes a boolean + argument. If true, the control groups + created for this unit will be owned by + ther user specified with + User= (and the + configured group), and he can create + subgroups as well as add processes to + the group. + + + + CapabilityBoundingSet= + + Controls which + capabilities to include in the + capability bounding set for the + executed process. See capabilities7 - set for the executed process. Take a - capability string as described in - cap_from_text3. - Note that this capability set is - usually influenced by the capabilities - attached to the executed - file. + for details. Takes a whitespace + separated list of capability names as + read by + cap_from_name3. + Capabilities listed will be included + in the bounding set, all others are + removed. If the list of capabilities + is prefixed with ~ all but the listed + capabilities will be included, the + effect of the assignment + inverted. Note that this option does + not actually set or unset any + capabilities in the effective, + permitted or inherited capability + sets. That's what + Capabilities= is + for. If this option is not used the + capability bounding set is not + modified on process execution, hence + no limits on the capabilities of the + process are enforced. @@ -609,16 +688,21 @@ - CapabilityBoundingSetDrop= - + Capabilities= Controls the - capability bounding set drop set for - the executed process. See capabilities7 - for details. Takes a list of - capability names as read by - cap_from_name3. - + set for the executed process. Take a + capability string describing the + effective, permitted and inherited + capability sets as documented in + cap_from_text3. + Note that these capability sets are + usually influenced by the capabilities + attached to the executed file. Due to + that + CapabilityBoundingSet= + is probably the much more useful + setting. @@ -643,7 +727,7 @@ path for this unit is implied. This option may be used to place executed processes in arbitrary groups in - arbitrary hierachies -- which can be + arbitrary hierarchies -- which can be configured externally with additional execution limits. By default systemd will place all executed processes in separate per-unit control @@ -681,7 +765,7 @@ usual file access controls would permit this. Directories listed in InaccessibleDirectories= - will be made inaccesible for processes + will be made inaccessible for processes inside the namespace. Note that restricting access with these options does not extend to submounts of a @@ -699,9 +783,9 @@ PrivateTmp= Takes a boolean - argument. If true sets up a new - namespace for the executed processes - and mounts a private + argument. If true sets up a new file + system namespace for the executed + processes and mounts a private /tmp directory inside it, that is not shared by processes outside of the @@ -710,7 +794,25 @@ process, but makes sharing between processes via /tmp - impossible. Defaults to false. + impossible. Defaults to + false. + + + + PrivateNetwork= + + Takes a boolean + argument. If true sets up a new + network namespace for the executed + processes and configures only the + loopback network device + lo inside it. No + other network devices will be + available to the executed process. + This is useful to securely turn off + network access by the executed + process. Defaults to + false.