Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
assignments. Empty lines and lines
starting with ; or # will be ignored,
which may be used for commenting. The
+ parser strips leading and
+ trailing whitespace from the values
+ of assignments, unless you use
+ double quotes (").
+ The
argument passed should be an absolute
file name, optionally prefixed with
"-", which indicates that if the file
<option>tty</option>,
<option>syslog</option>,
<option>kmsg</option>,
+ <option>journal</option>,
+ <option>syslog+console</option>,
<option>kmsg+console</option>,
- <option>syslog+console</option> or
+ <option>journal+console</option> or
<option>socket</option>. If set to
<option>inherit</option> the file
descriptor of standard input is
terminal. <option>syslog</option>
connects standard output to the
<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- system logger. <option>kmsg</option>
+ system syslog
+ service. <option>kmsg</option>
connects it with the kernel log buffer
which is accessible via
- <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>syslog+console</option>
- and <option>kmsg+console</option> work
+ <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>journal</option>
+ connects it with the journal which is
+ accessible via
+ <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ (Note that everything that is written
+ to syslog or kmsg is implicitly stored
+ in the journal as well, those options
+ are hence supersets of this
+ one). <option>syslog+console</option>,
+ <option>journal+console</option> and
+ <option>kmsg+console</option> work
similarly but copy the output to the
system console as
well. <option>socket</option> connects
socket activation, semantics are
similar to the respective option of
<varname>StandardInput=</varname>.
- This setting defaults to
- <option>inherit</option>.</para></listitem>
+ This setting defaults to the value set
+ with
+ <option>DefaultStandardOutput=</option>
+ in
+ <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ which defaults to
+ <option>journal</option>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>StandardError=</varname></term>
<option>inherit</option> the file
descriptor used for standard output is
duplicated for standard error. This
- setting defaults to
+ setting defaults to the value set with
+ <option>DefaultStandardError=</option>
+ in
+ <citerefentry><refentrytitle>systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ which defaults to
<option>inherit</option>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>TimerSlackNSec=</varname></term>
<listitem><para>Sets the timer slack
in nanoseconds for the executed
- processes. The timer slack controls the
- accuracy of wake-ups triggered by
+ processes. The timer slack controls
+ the accuracy of wake-ups triggered by
timers. See
<citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for more information. Note that in
contrast to most other time span
definitions this parameter takes an
- integer value in nano-seconds and does
- not understand any other
- units.</para></listitem>
+ integer value in nano-seconds if no
+ unit is specified. The usual time
+ units are understood
+ too.</para></listitem>
</varlistentry>
<varlistentry>
conjunction with socket-activated
services, and stream sockets (TCP) in
particular. It has no effect on other
- socket types (e.g. datagram/UDP) and on processes
- unrelated to socket-based
+ socket types (e.g. datagram/UDP) and
+ on processes unrelated to socket-based
activation. If the tcpwrap
verification fails daemon start-up
will fail and the connection is
terminated. See
<citerefentry><refentrytitle>tcpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- for details.</para></listitem>
+ for details. Note that this option may
+ be used to do access control checks
+ only. Shell commands and commands
+ described in
+ <citerefentry><refentrytitle>hosts_options</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ are not supported.</para></listitem>
</varlistentry>
<varlistentry>
is prefixed with ~ all but the listed
capabilities will be included, the
effect of the assignment
- inverted. Note that this option does
- not actually set or unset any
- capabilities in the effective,
- permitted or inherited capability
- sets. That's what
- <varname>Capabilities=</varname> is
- for. If this option is not used the
+ inverted. Note that this option also
+ effects the respective capabilities in
+ the effective, permitted and
+ inheritable capability sets, on top of
+ what <varname>Capabilities=</varname>
+ does. If this option is not used the
capability bounding set is not
modified on process execution, hence
no limits on the capabilities of the
- process are enforced.</para></listitem>
+ process are
+ enforced.</para></listitem>
</varlistentry>
<varlistentry>
<option>keep-caps-locked</option>,
<option>no-setuid-fixup</option>,
<option>no-setuid-fixup-locked</option>,
- <option>no-setuid-noroot</option> and/or
- <option>no-setuid-noroot-locked</option>.
+ <option>noroot</option> and/or
+ <option>noroot-locked</option>.
</para></listitem>
</varlistentry>
the group.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>ControlGroupPersistent=</varname></term>
+ <listitem><para>Takes a boolean
+ argument. If true, the control groups
+ created for this unit will be marked
+ to be persistent, i.e. systemd will
+ not remove them when stopping the
+ unit. The default is false, meaning
+ that the control groups will be
+ removed when the unit is stopped. For
+ details about the semantics of this
+ logic see <ulink
+ url="http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups">PaxControlGroups</ulink>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>ControlGroupAttribute=</varname></term>
<term><varname>CPUShares=</varname></term>
<listitem><para>Assign the specified
- overall CPU time shares to the processes executed. Takes
- an integer value. This controls the
+ overall CPU time shares to the
+ processes executed. Takes an integer
+ value. This controls the
<literal>cpu.shares</literal> control
- group attribute. For details about
- this control group attribute see <ulink
+ group attribute, which defaults to
+ 1024. For details about this control
+ group attribute see <ulink
url="http://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.</para></listitem>
</varlistentry>
size. Takes a memory size in bytes. If
the value is suffixed with K, M, G or
T the specified memory size is parsed
- as Kilobytes, Megabytes, Gigabytes
+ as Kilobytes, Megabytes, Gigabytes,
resp. Terabytes (to the base
1024). This controls the
<literal>memory.limit_in_bytes</literal>
url="http://www.kernel.org/doc/Documentation/cgroups/devices.txt">devices.txt</ulink>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>BlockIOWeight=</varname></term>
+
+ <listitem><para>Set the default or
+ per-device overall block IO weight
+ value for the executed
+ processes. Takes either a single
+ weight value (between 10 and 1000) to
+ set the default block IO weight, or a
+ space separated pair of a file path
+ and a weight value to specify the
+ device specific weight value (Example:
+ "/dev/sda 500"). The file path may be
+ specified as path to a block device
+ node or as any other file in which
+ case the backing block device of the
+ file system of the file is
+ determined. This controls the
+ <literal>blkio.weight</literal> and
+ <literal>blkio.weight_device</literal>
+ control group attributes, which
+ default to 1000. Use this option
+ multiple times to set weights for
+ multiple devices. For details about
+ these control group attributes see
+ <ulink
+ url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>BlockIOReadBandwidth=</varname></term>
+ <term><varname>BlockIOWriteBandwidth=</varname></term>
+
+ <listitem><para>Set the per-device
+ overall block IO bandwith limit for
+ the executed processes. Takes a space
+ separated pair of a file path and a
+ bandwith value (in bytes per second)
+ to specify the device specific
+ bandwidth. The file path may be
+ specified as path to a block device
+ node or as any other file in which
+ case the backing block device of the
+ file system of the file is determined.
+ If the bandwith is suffixed with K, M,
+ G, or T the specified bandwith is
+ parsed as Kilobytes, Megabytes,
+ Gigabytes, resp. Terabytes (Example:
+ "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
+ 5M"). This controls the
+ <literal>blkio.read_bps_device</literal>
+ and
+ <literal>blkio.write_bps_device</literal>
+ control group attributes. Use this
+ option multiple times to set bandwith
+ limits for multiple devices. For
+ details about these control group
+ attributes see <ulink
+ url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>ReadWriteDirectories=</varname></term>
<term><varname>ReadOnlyDirectories=</varname></term>
this service.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>IgnoreSIGPIPE=</varname></term>
+
+ <listitem><para>Takes a boolean
+ argument. If true causes SIGPIPE to be
+ ignored in the executed
+ process. Defaults to true, since
+ SIGPIPE generally is useful only in
+ shell pipelines.</para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,