X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=1bc6bafa473dd79b88b8e79fe90ab0c326c2200a;hb=b8825fff7bf153ea9f17c46a40278df2e780829d;hp=af103ff14c12f18943106903372b33fba170aa58;hpb=8257df2767fe2eb535fb83966d92f3074c522150;p=elogind.git diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index af103ff14..1bc6bafa4 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -572,15 +572,19 @@ SyslogIdentifier= Sets the process name - to prefix log lines sent to syslog or - the kernel log buffer with. If not set, - defaults to the process name of the - executed process. This option is only - useful when + to prefix log lines sent to the + logging system or the kernel log + buffer with. If not set, defaults to + the process name of the executed + process. This option is only useful + when StandardOutput= or StandardError= are - set to or - . + set to , + or + (or to the same + settings in combination with + ). SyslogFacility= @@ -712,6 +716,87 @@ infinity to configure no limit on a specific resource. + + + Limit directives and their equivalent with ulimit + + + + + + + Directive + ulimit equivalent + + + + + LimitCPU + ulimit -t + + + LimitFSIZE + ulimit -f + + + LimitDATA + ulimit -d + + + LimitSTACK + ulimit -s + + + LimitCORE + ulimit -c + + + LimitRSS + ulimit -m + + + LimitNOFILE + ulimit -n + + + LimitAS + ulimit -v + + + LimitNPROC + ulimit -u + + + LimitMEMLOCK + ulimit -l + + + LimitLOCKS + ulimit -x + + + LimitSIGPENDING + ulimit -i + + + LimitMSGQUEUE + ulimit -q + + + LimitNICE + ulimit -e + + + LimitRTPRIO + ulimit -r + + + LimitRTTIME + No equivalent + + + +
@@ -776,20 +861,22 @@ SecureBits= Controls the secure - bits set for the executed process. See - capabilities7 - for details. Takes a list of strings: + bits set for the executed process. + Takes a space-separated combination of + options from the following list: , , , , - and/or + , and . This option may appear more than once in - which case the secure bits are - ORed. If the empty string is assigned - to this option, the bits are reset to - 0. + which case the secure bits are ORed. + If the empty string is assigned to + this option, the bits are reset to 0. + See capabilities7 + for details. @@ -806,7 +893,7 @@ attached to the executed file. Due to that CapabilityBoundingSet= - is probably the much more useful + is probably a much more useful setting. @@ -1059,7 +1146,7 @@ namespace. Note that means that file systems mounted on the host might stay - mounted continously in the unit's + mounted continuously in the unit's namespace, and thus keep the device busy. Note that the file system namespace related options @@ -1131,6 +1218,35 @@ + + SmackProcessLabel= + + Takes a + security + label as argument. The process + executed by the unit will be started + under this label and SMACK will decide + whether the processes is allowed to + run or not based on it. The process + will continue to run under the label + specified here unless the executable + has its own + label, in + which case the process will transition + to run under that label. When not + specified, the label that systemd is + running under is used. This directive + is ignored if SMACK is + disabled. + + The value may be prefixed by + -, in which case + all errors will be ignored. An empty + value may be specified to unset + previous assignments. + + + IgnoreSIGPIPE= @@ -1533,7 +1649,7 @@ See Also systemd1, - systemctl8, + systemctl1, journalctl8, systemd.unit5, systemd.service5,