1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
6 This file is part of systemd.
8 Copyright 2010 Lennart Poettering
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 <refentry id="systemd-system.conf"
25 xmlns:xi="http://www.w3.org/2001/XInclude">
27 <title>systemd-system.conf</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>systemd-system.conf</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>systemd-system.conf</refname>
47 <refname>system.conf.d</refname>
48 <refname>systemd-user.conf</refname>
49 <refname>user.conf.d</refname>
50 <refpurpose>System and session service manager configuration files</refpurpose>
54 <para><filename>/etc/systemd/system.conf</filename></para>
55 <para><filename>/etc/systemd/system.conf.d/*.conf</filename></para>
56 <para><filename>/run/systemd/system.conf.d/*.conf</filename></para>
57 <para><filename>/usr/lib/systemd/system.conf.d/*.conf</filename></para>
58 <para><filename>/etc/systemd/user.conf</filename></para>
59 <para><filename>/etc/systemd/user.conf.d/*.conf</filename></para>
60 <para><filename>/run/systemd/user.conf.d/*.conf</filename></para>
61 <para><filename>/usr/lib/systemd/user.conf.d/*.conf</filename></para>
65 <title>Description</title>
67 <para>When run as a system instance, systemd interprets the
68 configuration file <filename>system.conf</filename> and the files
69 in <filename>system.conf.d</filename> directories; when run as a
70 user instance, systemd interprets the configuration file
71 <filename>user.conf</filename> and the files in
72 <filename>user.conf.d</filename> directories. These configuration
73 files contain a few settings controlling basic manager
77 <xi:include href="standard-conf.xml" xpointer="main-conf" />
80 <title>Options</title>
82 <para>All options are configured in the
83 <literal>[Manager]</literal> section:</para>
85 <variablelist class='systemd-directives'>
88 <term><varname>LogLevel=</varname></term>
89 <term><varname>LogTarget=</varname></term>
90 <term><varname>LogColor=</varname></term>
91 <term><varname>LogLocation=</varname></term>
92 <term><varname>DumpCore=yes</varname></term>
93 <term><varname>CrashShell=no</varname></term>
94 <term><varname>ShowStatus=yes</varname></term>
95 <term><varname>CrashChVT=1</varname></term>
96 <term><varname>DefaultStandardOutput=journal</varname></term>
97 <term><varname>DefaultStandardError=inherit</varname></term>
99 <listitem><para>Configures various parameters of basic manager
100 operation. These options may be overridden by the respective
101 command line arguments. See
102 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
103 for details about these command line
104 arguments.</para></listitem>
108 <term><varname>CPUAffinity=</varname></term>
110 <listitem><para>Configures the initial CPU affinity for the
111 init process. Takes a space-separated list of CPU
112 indices.</para></listitem>
116 <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
118 <listitem><para>Configures controllers that shall be mounted
119 in a single hierarchy. By default, systemd will mount all
120 controllers which are enabled in the kernel in individual
121 hierarchies, with the exception of those listed in this
122 setting. Takes a space-separated list of comma-separated
123 controller names, in order to allow multiple joined
124 hierarchies. Defaults to 'cpu,cpuacct'. Pass an empty string
125 to ensure that systemd mounts all controllers in separate
128 <para>Note that this option is only applied once, at very
129 early boot. If you use an initial RAM disk (initrd) that uses
130 systemd, it might hence be necessary to rebuild the initrd if
131 this option is changed, and make sure the new configuration
132 file is included in it. Otherwise, the initrd might mount the
133 controller hierarchies in a different configuration than
134 intended, and the main system cannot remount them
135 anymore.</para></listitem>
139 <term><varname>RuntimeWatchdogSec=</varname></term>
140 <term><varname>ShutdownWatchdogSec=</varname></term>
142 <listitem><para>Configure the hardware watchdog at runtime and
143 at reboot. Takes a timeout value in seconds (or in other time
144 units if suffixed with <literal>ms</literal>,
145 <literal>min</literal>, <literal>h</literal>,
146 <literal>d</literal>, <literal>w</literal>). If
147 <varname>RuntimeWatchdogSec=</varname> is set to a non-zero
148 value, the watchdog hardware
149 (<filename>/dev/watchdog</filename>) will be programmed to
150 automatically reboot the system if it is not contacted within
151 the specified timeout interval. The system manager will ensure
152 to contact it at least once in half the specified timeout
153 interval. This feature requires a hardware watchdog device to
154 be present, as it is commonly the case in embedded and server
155 systems. Not all hardware watchdogs allow configuration of the
156 reboot timeout, in which case the closest available timeout is
157 picked. <varname>ShutdownWatchdogSec=</varname> may be used to
158 configure the hardware watchdog when the system is asked to
159 reboot. It works as a safety net to ensure that the reboot
160 takes place even if a clean reboot attempt times out. By
161 default <varname>RuntimeWatchdogSec=</varname> defaults to 0
162 (off), and <varname>ShutdownWatchdogSec=</varname> to 10min.
163 These settings have no effect if a hardware watchdog is not
164 available.</para></listitem>
168 <term><varname>CapabilityBoundingSet=</varname></term>
170 <listitem><para>Controls which capabilities to include in the
171 capability bounding set for PID 1 and its children. See
172 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
173 for details. Takes a whitespace-separated list of capability
175 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
176 Capabilities listed will be included in the bounding set, all
177 others are removed. If the list of capabilities is prefixed
178 with ~, all but the listed capabilities will be included, the
179 effect of the assignment inverted. Note that this option also
180 affects the respective capabilities in the effective,
181 permitted and inheritable capability sets. The capability
182 bounding set may also be individually configured for units
183 using the <varname>CapabilityBoundingSet=</varname> directive
184 for units, but note that capabilities dropped for PID 1 cannot
185 be regained in individual units, they are lost for
186 good.</para></listitem>
190 <term><varname>SystemCallArchitectures=</varname></term>
192 <listitem><para>Takes a space-separated list of architecture
193 identifiers. Selects from which architectures system calls may
194 be invoked on this system. This may be used as an effective
195 way to disable invocation of non-native binaries system-wide,
196 for example to prohibit execution of 32-bit x86 binaries on
197 64-bit x86-64 systems. This option operates system-wide, and
199 <varname>SystemCallArchitectures=</varname> setting of unit
201 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
202 for details. This setting defaults to the empty list, in which
203 case no filtering of system calls based on architecture is
204 applied. Known architecture identifiers are
205 <literal>x86</literal>, <literal>x86-64</literal>,
206 <literal>x32</literal>, <literal>arm</literal> and the special
207 identifier <literal>native</literal>. The latter implicitly
208 maps to the native architecture of the system (or more
209 specifically, the architecture the system manager was compiled
210 for). Set this setting to <literal>native</literal> to
211 prohibit execution of any non-native binaries. When a binary
212 executes a system call of an architecture that is not listed
213 in this setting, it will be immediately terminated with the
214 SIGSYS signal.</para></listitem>
218 <term><varname>TimerSlackNSec=</varname></term>
220 <listitem><para>Sets the timer slack in nanoseconds for PID 1,
221 which is inherited by all executed processes, unless
222 overridden individually, for example with the
223 <varname>TimerSlackNSec=</varname> setting in service units
225 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
226 The timer slack controls the accuracy of wake-ups triggered by
228 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
229 for more information. Note that in contrast to most other time
230 span definitions this parameter takes an integer value in
231 nano-seconds if no unit is specified. The usual time units are
232 understood too.</para></listitem>
236 <term><varname>DefaultTimerAccuracySec=</varname></term>
238 <listitem><para>Sets the default accuracy of timer units. This
239 controls the global default for the
240 <varname>AccuracySec=</varname> setting of timer units, see
241 <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
242 for details. <varname>AccuracySec=</varname> set in individual
243 units override the global default for the specific unit.
244 Defaults to 1min. Note that the accuracy of timer units is
245 also affected by the configured timer slack for PID 1, see
246 <varname>TimerSlackNSec=</varname> above.</para></listitem>
250 <term><varname>DefaultTimeoutStartSec=</varname></term>
251 <term><varname>DefaultTimeoutStopSec=</varname></term>
252 <term><varname>DefaultRestartSec=</varname></term>
254 <listitem><para>Configures the default timeouts for starting
255 and stopping of units, as well as the default time to sleep
256 between automatic restarts of units, as configured per-unit in
257 <varname>TimeoutStartSec=</varname>,
258 <varname>TimeoutStopSec=</varname> and
259 <varname>RestartSec=</varname> (for services, see
260 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
261 for details on the per-unit settings). For non-service units,
262 <varname>DefaultTimeoutStartSec=</varname> sets the default
263 <varname>TimeoutSec=</varname> value. </para></listitem>
267 <term><varname>DefaultStartLimitInterval=</varname></term>
268 <term><varname>DefaultStartLimitBurst=</varname></term>
270 <listitem><para>Configure the default unit start rate
271 limiting, as configured per-service by
272 <varname>StartLimitInterval=</varname> and
273 <varname>StartLimitBurst=</varname>. See
274 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
275 for details on the per-service settings.</para></listitem>
279 <term><varname>DefaultEnvironment=</varname></term>
281 <listitem><para>Sets manager environment variables passed to
282 all executed processes. Takes a space-separated list of
283 variable assignments. See
284 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
285 for details about environment variables.</para>
289 <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
292 <literal>VAR1</literal>,
293 <literal>VAR2</literal>,
294 <literal>VAR3</literal>.</para></listitem>
298 <term><varname>DefaultCPUAccounting=</varname></term>
299 <term><varname>DefaultBlockIOAccounting=</varname></term>
300 <term><varname>DefaultMemoryAccounting=</varname></term>
302 <listitem><para>Configure the default resource accounting
303 settings, as configured per-unit by
304 <varname>CPUAccounting=</varname>,
305 <varname>BlockIOAccounting=</varname> and
306 <varname>MemoryAccounting=</varname>. See
307 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
308 for details on the per-unit settings.</para></listitem>
312 <term><varname>DefaultLimitCPU=</varname></term>
313 <term><varname>DefaultLimitFSIZE=</varname></term>
314 <term><varname>DefaultLimitDATA=</varname></term>
315 <term><varname>DefaultLimitSTACK=</varname></term>
316 <term><varname>DefaultLimitCORE=</varname></term>
317 <term><varname>DefaultLimitRSS=</varname></term>
318 <term><varname>DefaultLimitNOFILE=</varname></term>
319 <term><varname>DefaultLimitAS=</varname></term>
320 <term><varname>DefaultLimitNPROC=</varname></term>
321 <term><varname>DefaultLimitMEMLOCK=</varname></term>
322 <term><varname>DefaultLimitLOCKS=</varname></term>
323 <term><varname>DefaultLimitSIGPENDING=</varname></term>
324 <term><varname>DefaultLimitMSGQUEUE=</varname></term>
325 <term><varname>DefaultLimitNICE=</varname></term>
326 <term><varname>DefaultLimitRTPRIO=</varname></term>
327 <term><varname>DefaultLimitRTTIME=</varname></term>
329 <listitem><para>These settings control various default
330 resource limits for units. See
331 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
332 for details. Use the string <varname>infinity</varname> to
333 configure no limit on a specific resource. These settings may
334 be overridden in individual units using the corresponding
335 LimitXXX= directives. Note that these resource limits are only
336 defaults for units, they are not applied to PID 1
337 itself.</para></listitem>
343 <title>See Also</title>
345 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
346 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
347 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
348 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
349 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
350 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>