</refnamediv>
<refsynopsisdiv>
- <para><filename>systemd.socket</filename></para>
+ <para><filename><replaceable>socket</replaceable>.socket</filename></para>
</refsynopsisdiv>
<refsect1>
<option>ExecStartPre=</option>,
<option>ExecStartPost=</option>,
<option>ExecStopPre=</option> and
- <option>ExecStoptPost=</option> commands are executed
+ <option>ExecStopPost=</option> commands are executed
in, and in
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
which define the way the processes are
options specific to the [Socket] section of socket
units are the following:</para>
- <variablelist>
+ <variablelist class='unit-directives'>
<varlistentry>
<term><varname>ListenStream=</varname></term>
<term><varname>ListenDatagram=</varname></term>
<term><varname>ListenSequentialPacket=</varname></term>
<listitem><para>Specifies an address
to listen on for a stream
- (SOCK_STREAM), datagram (SOCK_DGRAM),
+ (<constant>SOCK_STREAM</constant>), datagram (<constant>SOCK_DGRAM</constant>),
or sequential packet
- (SOCK_SEQPACKET) socket, respectively. The address
+ (<constant>SOCK_SEQPACKET</constant>) socket, respectively. The address
can be written in various formats:</para>
<para>If the address starts with a
slash (/), it is read as file system
- socket in the AF_UNIX socket
+ socket in the <constant>AF_UNIX</constant> socket
family.</para>
<para>If the address starts with an
at symbol (@) it is read as abstract
- namespace socket in the AF_UNIX
+ namespace socket in the <constant>AF_UNIX</constant>
family. The @ is replaced with a NUL
character before binding. For details
see
setting (see below).
</para>
- <para>Note that SOCK_SEQPACKET
+ <para>Note that <constant>SOCK_SEQPACKET</constant>
(i.e. <varname>ListenSequentialPacket=</varname>)
- is only available for AF_UNIX
- sockets. SOCK_STREAM
+ is only available for <constant>AF_UNIX</constant>
+ sockets. <constant>SOCK_STREAM</constant>
(i.e. <varname>ListenStream=</varname>)
when used for IP sockets refers to TCP
- sockets, SOCK_DGRAM
+ sockets, <constant>SOCK_DGRAM</constant>
(i.e. <varname>ListenDatagram=</varname>)
to UDP.</para>
<para>These options may be specified
more than once in which case incoming
- traffic on any of the sockets will trigger
- service activation, and all listed
- sockets will be passed to the service,
- regardless whether there is incoming
- traffic on them or not.</para>
-
- <para>If an IP address is used here, it
- is often desirable to listen on it
+ traffic on any of the sockets will
+ trigger service activation, and all
+ listed sockets will be passed to the
+ service, regardless whether there is
+ incoming traffic on them or not. If
+ the empty string is assigned to any of
+ these options, the list of addresses
+ to listen on is reset, all prior uses
+ of any of these options will have no
+ effect.</para>
+
+ <para>If an IP address is used here,
+ it is often desirable to listen on it
before the interface it is configured
on is up and running, and even
regardless whether it will be up and
- running ever at all. To deal with this it is
- recommended to set the
+ running ever at all. To deal with this
+ it is recommended to set the
<varname>FreeBind=</varname> option
described below.</para></listitem>
</varlistentry>
<listitem><para>Specifies a Netlink
family to create a socket for to
listen on. This expects a short string
- referring to the AF_NETLINK family
+ referring to the <constant>AF_NETLINK</constant> family
name (such as <varname>audit</varname>
or <varname>kobject-uevent</varname>)
as argument, optionally suffixed by a
and only one service unit is spawned
for all connections (also see
above). This value is ignored for
- datagram sockets and FIFOs where
- a single service unit unconditionally
+ datagram sockets and FIFOs where a
+ single service unit unconditionally
handles all incoming traffic. Defaults
to <option>false</option>. For
performance reasons, it is recommended
to write new daemons only in a way
that is suitable for
- <option>Accept=false</option>. This
- option is mostly useful to allow
- daemons designed for usage with
- <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <option>Accept=false</option>. A
+ daemon listening on an <constant>AF_UNIX</constant> socket
+ may, but does not need to, call
+ <citerefentry><refentrytitle>close</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+ on the received socket before
+ exiting. However, it must not unlink
+ the socket from a filesystem. It
+ should note invoke
+ <citerefentry><refentrytitle>shutdown</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+ on sockets it got with
+ <varname>Accept=false</varname>, but
+ it may do so for sockets it got with
+ <varname>Accept=true</varname> set.
+ Setting <varname>Accept=true</varname>
+ is mostly useful to allow daemons
+ designed for usage with
+ <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
to work unmodified with systemd socket
activation.</para></listitem>
</varlistentry>
<term><varname>PassCredentials=</varname></term>
<listitem><para>Takes a boolean
value. This controls the SO_PASSCRED
- socket option, which allows AF_UNIX sockets to
+ socket option, which allows <constant>AF_UNIX</constant> sockets to
receive the credentials of the sending
process in an ancillary message.
Defaults to
<term><varname>PassSecurity=</varname></term>
<listitem><para>Takes a boolean
value. This controls the SO_PASSSEC
- socket option, which allows AF_UNIX
+ socket option, which allows <constant>AF_UNIX</constant>
sockets to receive the security
context of the sending process in an
ancillary message. Defaults to
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ </para>
+
+ <para>
+ For more extensive descriptions see the "Systemd for Developers" series:
+ <ulink url="http://0pointer.de/blog/projects/socket-activation.html">Socket Activation</ulink>,
+ <ulink url="http://0pointer.de/blog/projects/socket-activation2.html">Socket Activation, part II</ulink>,
+ <ulink url="http://0pointer.de/blog/projects/inetd.html">Converting inetd Services</ulink>,
+ <ulink url="http://0pointer.de/blog/projects/socket-activated-containers.html">Socket Activated Internet Services and OS Containers</ulink>.
</para>
</refsect1>