+ <varlistentry>
+ <term><varname>ControlGroupModify=</varname></term>
+ <listitem><para>Takes a boolean
+ argument. If true, the control groups
+ created for this unit will be owned by
+ the user specified with
+ <varname>User=</varname> (and the
+ appropriate group), and he/she can create
+ subgroups as well as add processes to
+ the group.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>ControlGroupPersistent=</varname></term>
+ <listitem><para>Takes a boolean
+ argument. If true, the control groups
+ created for this unit will be marked
+ to be persistent, i.e. systemd will
+ not remove them when stopping the
+ unit. The default is false, meaning
+ that the control groups will be
+ removed when the unit is stopped. For
+ details about the semantics of this
+ logic see <ulink
+ url="http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups">PaxControlGroups</ulink>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>ControlGroupAttribute=</varname></term>
+
+ <listitem><para>Set a specific control
+ group attribute for executed
+ processes, and (if needed) add the the
+ executed processes to a cgroup in the
+ hierarchy of the controller the
+ attribute belongs to. Takes two
+ space-separated arguments: the
+ attribute name (syntax is
+ <literal>cpu.shares</literal> where
+ <literal>cpu</literal> refers to a
+ specific controller and
+ <literal>shares</literal> to the
+ attribute name), and the attribute
+ value. Example:
+ <literal>ControlGroupAttribute=cpu.shares
+ 512</literal>. If this option is used
+ for an attribute that belongs to a
+ kernel controller hierarchy the unit
+ is not already configured to be added
+ to (for example via the
+ <literal>ControlGroup=</literal>
+ option) then the unit will be added to
+ the controller and the default unit
+ cgroup path is implied. Thus, using
+ <varname>ControlGroupAttribute=</varname>
+ is in most case sufficient to make use
+ of control group enforcements,
+ explicit
+ <varname>ControlGroup=</varname> are
+ only necessary in case the implied
+ default control group path for a
+ service is not desirable. For details
+ about control group attributes see
+ <ulink
+ url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>. This
+ option may appear more than once, in
+ order to set multiple control group
+ attributes.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>CPUShares=</varname></term>
+
+ <listitem><para>Assign the specified
+ overall CPU time shares to the
+ processes executed. Takes an integer
+ value. This controls the
+ <literal>cpu.shares</literal> control
+ group attribute, which defaults to
+ 1024. For details about this control
+ group attribute see <ulink
+ url="http://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>MemoryLimit=</varname></term>
+ <term><varname>MemorySoftLimit=</varname></term>
+
+ <listitem><para>Limit the overall memory usage
+ of the executed processes to a certain
+ size. Takes a memory size in bytes. If
+ the value is suffixed with K, M, G or
+ T the specified memory size is parsed
+ as Kilobytes, Megabytes, Gigabytes,
+ resp. Terabytes (to the base
+ 1024). This controls the
+ <literal>memory.limit_in_bytes</literal>
+ and
+ <literal>memory.soft_limit_in_bytes</literal>
+ control group attributes. For details
+ about these control group attributes
+ see <ulink
+ url="http://www.kernel.org/doc/Documentation/cgroups/memory.txt">memory.txt</ulink>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>DeviceAllow=</varname></term>
+ <term><varname>DeviceDeny=</varname></term>
+
+ <listitem><para>Control access to
+ specific device nodes by the executed processes. Takes two
+ space separated strings: a device node
+ path (such as
+ <filename>/dev/null</filename>)
+ followed by a combination of r, w, m
+ to control reading, writing resp.
+ creating of the specific device node
+ by the unit. This controls the
+ <literal>devices.allow</literal>
+ and
+ <literal>devices.deny</literal>
+ control group attributes. For details
+ about these control group attributes
+ see <ulink
+ url="http://www.kernel.org/doc/Documentation/cgroups/devices.txt">devices.txt</ulink>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>BlockIOWeight=</varname></term>
+
+ <listitem><para>Set the default or
+ per-device overall block IO weight
+ value for the executed
+ processes. Takes either a single
+ weight value (between 10 and 1000) to
+ set the default block IO weight, or a
+ space separated pair of a file path
+ and a weight value to specify the
+ device specific weight value (Example:
+ "/dev/sda 500"). The file path may be
+ specified as path to a block device
+ node or as any other file in which
+ case the backing block device of the
+ file system of the file is
+ determined. This controls the
+ <literal>blkio.weight</literal> and
+ <literal>blkio.weight_device</literal>
+ control group attributes, which
+ default to 1000. Use this option
+ multiple times to set weights for
+ multiple devices. For details about
+ these control group attributes see
+ <ulink
+ url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>BlockIOReadBandwidth=</varname></term>
+ <term><varname>BlockIOWriteBandwidth=</varname></term>
+
+ <listitem><para>Set the per-device
+ overall block IO bandwith limit for
+ the executed processes. Takes a space
+ separated pair of a file path and a
+ bandwith value (in bytes per second)
+ to specify the device specific
+ bandwidth. The file path may be
+ specified as path to a block device
+ node or as any other file in which
+ case the backing block device of the
+ file system of the file is determined.
+ If the bandwith is suffixed with K, M,
+ G, or T the specified bandwith is
+ parsed as Kilobytes, Megabytes,
+ Gigabytes, resp. Terabytes (Example:
+ "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
+ 5M"). This controls the
+ <literal>blkio.read_bps_device</literal>
+ and
+ <literal>blkio.write_bps_device</literal>
+ control group attributes. Use this
+ option multiple times to set bandwith
+ limits for multiple devices. For
+ details about these control group
+ attributes see <ulink
+ url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
+ </varlistentry>
+