processes. Takes a space-separated
list of CPU indices. This option may
be specified more than once in which
- case the specificed CPU affinity masks
+ case the specified CPU affinity masks
are merged. If the empty string is
assigned, the mask is reset, all
assignments prior to this will have no
<term><varname>LimitNICE=</varname></term>
<term><varname>LimitRTPRIO=</varname></term>
<term><varname>LimitRTTIME=</varname></term>
- <listitem><para>These settings control
- various resource limits for executed
- processes. See
+ <listitem><para>These settings set both
+ soft and hard limits of various resources for
+ executed processes. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details. Use the string
<varname>infinity</varname> to
argument or
<literal>full</literal>. If true,
mounts the <filename>/usr</filename>
- directory read-only for processes
+ and <filename>/boot</filename>
+ directories read-only for processes
invoked by this unit. If set to
<literal>full</literal>, the
- <filename>/etc</filename> directory is mounted
- read-only, too. This setting ensures
- that any modification of the vendor
- supplied operating system (and
+ <filename>/etc</filename> directory is
+ mounted read-only, too. This setting
+ ensures that any modification of the
+ vendor supplied operating system (and
optionally its configuration) is
prohibited for the service. It is
recommended to enable this setting for
process. If set, this will override
the automated domain
transition. However, the policy still
- needs to autorize the transition. This
+ needs to authorize the transition. This
directive is ignored if SELinux is
disabled. If prefixed by
<literal>-</literal>, all errors will
<term><varname>$PATH</varname></term>
<listitem><para>Colon-separated list
- of directiories to use when launching
+ of directories to use when launching
executables. Systemd uses a fixed
value of
<filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.