1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="systemd-system.conf">
27 <title>systemd-system.conf</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>systemd-system.conf</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>systemd-system.conf</refname>
47 <refname>systemd-user.conf</refname>
48 <refpurpose>System and session service manager configuration file</refpurpose>
52 <para><filename>/etc/systemd/system.conf</filename></para>
53 <para><filename>/etc/systemd/user.conf</filename></para>
57 <title>Description</title>
59 <para>When run as system instance systemd reads the
60 configuration file <filename>system.conf</filename>,
61 otherwise <filename>user.conf</filename>. These
62 configuration files contain a few settings controlling
63 basic manager operations.</para>
67 <title>Options</title>
69 <para>All options are configured in the
70 <literal>[Manager]</literal> section:</para>
72 <variablelist class='systemd-directives'>
75 <term><varname>LogLevel=</varname></term>
76 <term><varname>LogTarget=</varname></term>
77 <term><varname>LogColor=</varname></term>
78 <term><varname>LogLocation=</varname></term>
79 <term><varname>DumpCore=yes</varname></term>
80 <term><varname>CrashShell=no</varname></term>
81 <term><varname>ShowStatus=yes</varname></term>
82 <term><varname>CrashChVT=1</varname></term>
83 <term><varname>DefaultStandardOutput=journal</varname></term>
84 <term><varname>DefaultStandardError=inherit</varname></term>
86 <listitem><para>Configures various
87 parameters of basic manager
88 operation. These options may be
89 overridden by the respective command
91 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
92 for details about these command line
93 arguments.</para></listitem>
97 <term><varname>CPUAffinity=</varname></term>
99 <listitem><para>Configures the initial
100 CPU affinity for the init
101 process. Takes a space-separated list
102 of CPU indexes.</para></listitem>
106 <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
108 <listitem><para>Configures controllers
109 that shall be mounted in a single
110 hierarchy. By default, systemd will
111 mount all controllers which are
112 enabled in the kernel in individual
113 hierarchies, with the exception of
114 those listed in this setting. Takes a
115 space-separated list of comma-separated
116 controller names, in order
117 to allow multiple joined
118 hierarchies. Defaults to
119 'cpu,cpuacct'. Pass an empty string to
120 ensure that systemd mounts all
121 controllers in separate
124 <para>Note that this option is only
125 applied once, at very early boot. If
126 you use an initial RAM disk (initrd)
127 that uses systemd, it might hence be
128 necessary to rebuild the initrd if
129 this option is changed, and make sure
130 the new configuration file is included
131 in it. Otherwise, the initrd might
132 mount the controller hierarchies in a
133 different configuration than intended,
134 and the main system cannot remount
135 them anymore.</para></listitem>
139 <term><varname>RuntimeWatchdogSec=</varname></term>
140 <term><varname>ShutdownWatchdogSec=</varname></term>
142 <listitem><para>Configure the hardware
143 watchdog at runtime and at
144 reboot. Takes a timeout value in
145 seconds (or in other time units if
146 suffixed with <literal>ms</literal>,
147 <literal>min</literal>,
148 <literal>h</literal>,
149 <literal>d</literal>,
150 <literal>w</literal>). If
151 <varname>RuntimeWatchdogSec=</varname>
152 is set to a non-zero value, the
154 (<filename>/dev/watchdog</filename>)
155 will be programmed to automatically
156 reboot the system if it is not
157 contacted within the specified timeout
158 interval. The system manager will
159 ensure to contact it at least once in
160 half the specified timeout
161 interval. This feature requires a
162 hardware watchdog device to be
163 present, as it is commonly the case in
164 embedded and server systems. Not all
165 hardware watchdogs allow configuration
166 of the reboot timeout, in which case
167 the closest available timeout is
168 picked. <varname>ShutdownWatchdogSec=</varname>
169 may be used to configure the hardware
170 watchdog when the system is asked to
171 reboot. It works as a safety net to
172 ensure that the reboot takes place
173 even if a clean reboot attempt times
175 <varname>RuntimeWatchdogSec=</varname>
176 defaults to 0 (off), and
177 <varname>ShutdownWatchdogSec=</varname>
178 to 10min. These settings have no
179 effect if a hardware watchdog is not
180 available.</para></listitem>
184 <term><varname>CapabilityBoundingSet=</varname></term>
186 <listitem><para>Controls which
187 capabilities to include in the
188 capability bounding set for PID 1 and
190 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
191 for details. Takes a whitespace-separated
192 list of capability names as read by
193 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
194 Capabilities listed will be included
195 in the bounding set, all others are
196 removed. If the list of capabilities
197 is prefixed with ~, all but the listed
198 capabilities will be included, the
199 effect of the assignment
200 inverted. Note that this option also
201 affects the respective capabilities in
202 the effective, permitted and
203 inheritable capability sets. The
204 capability bounding set may also be
205 individually configured for units
207 <varname>CapabilityBoundingSet=</varname>
208 directive for units, but note that
209 capabilities dropped for PID 1 cannot
210 be regained in individual units, they
211 are lost for good.</para></listitem>
215 <term><varname>SystemCallArchitectures=</varname></term>
217 <listitem><para>Takes a
218 space-separated list of architecture
219 identifiers. Selects of which
220 architectures system calls may be
221 invoked on this system. This may be
222 used as an effective way to disable
223 invocation of non-native binaries
224 system-wide, for example to prohibit
225 execution of 32bit x86 binaries on
226 64bit x86-64 systems. This option
227 operates system wide, and acts
229 <varname>SystemCallArchitectures=</varname>
230 setting of unit files, see
231 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
232 for details. This setting defaults to
233 the empty list in which case no
234 filtering of system calls based on
235 architecture is applied. Known
236 architecture identifiers are
237 <literal>x86</literal>,
238 <literal>x86-64</literal>,
239 <literal>x32</literal>,
240 <literal>arm</literal> and the special
242 <literal>native</literal>. The latter
243 implicitly maps to the native
244 architecture of the system (or more
245 specifically, the architecture the
246 system manager was compiled for). Set
248 <literal>native</literal> to prohibit
249 execution of any non-native
250 binaries. When a binary executes a
251 system call of an architecture that is
252 not listed in this setting it will be
253 immediately terminated with the SIGSYS
254 signal.</para></listitem>
259 <term><varname>TimerSlackNSec=</varname></term>
261 <listitem><para>Sets the timer slack
262 in nanoseconds for PID 1 which is then
263 inherited to all executed processes,
264 unless overridden individually, for
266 <varname>TimerSlackNSec=</varname>
267 setting in service units (for details
269 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
270 timer slack controls the accuracy of
271 wake-ups triggered by timers. See
272 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
273 for more information. Note that in
274 contrast to most other time span
275 definitions this parameter takes an
276 integer value in nano-seconds if no
277 unit is specified. The usual time
279 too.</para></listitem>
283 <term><varname>DefaultTimeoutStartSec=</varname></term>
284 <term><varname>DefaultTimeoutStopSec=</varname></term>
285 <term><varname>DefaultRestartSec=</varname></term>
287 <listitem><para>Configures the default
288 time-outs for starting and stopping of
289 units, as well as the default time to
290 sleep between automatic restarts of
291 units, as configured per-unit in
292 <varname>TimeoutStartSec=</varname>,
293 <varname>TimeoutStopSec=</varname> and
294 <varname>RestartSec=</varname> (for
296 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
297 for details on the per-unit
298 settings). For non-service units,
299 <varname>DefaultTimeoutStartSec=</varname>
301 <varname>TimeoutSec=</varname> value.
305 <term><varname>DefaultStartLimitInterval=</varname></term>
306 <term><varname>DefaultStartLimitBurst=</varname></term>
308 <listitem><para>Configure the default start rate
309 limiting, as configured per-service by
310 <varname>StartLimitInterval=</varname> and
311 <varname>StartLimitBurst=</varname>. See
312 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
313 for details on the per-service
319 <term><varname>DefaultEnvironment=</varname></term>
321 <listitem><para>Sets manager
322 environment variables passed to all
323 executed processes. Takes a
324 space-separated list of variable
326 <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
327 for details about environment
332 <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
335 <literal>VAR1</literal>,
336 <literal>VAR2</literal>,
337 <literal>VAR3</literal>.</para></listitem>
341 <term><varname>DefaultLimitCPU=</varname></term>
342 <term><varname>DefaultLimitFSIZE=</varname></term>
343 <term><varname>DefaultLimitDATA=</varname></term>
344 <term><varname>DefaultLimitSTACK=</varname></term>
345 <term><varname>DefaultLimitCORE=</varname></term>
346 <term><varname>DefaultLimitRSS=</varname></term>
347 <term><varname>DefaultLimitNOFILE=</varname></term>
348 <term><varname>DefaultLimitAS=</varname></term>
349 <term><varname>DefaultLimitNPROC=</varname></term>
350 <term><varname>DefaultLimitMEMLOCK=</varname></term>
351 <term><varname>DefaultLimitLOCKS=</varname></term>
352 <term><varname>DefaultLimitSIGPENDING=</varname></term>
353 <term><varname>DefaultLimitMSGQUEUE=</varname></term>
354 <term><varname>DefaultLimitNICE=</varname></term>
355 <term><varname>DefaultLimitRTPRIO=</varname></term>
356 <term><varname>DefaultLimitRTTIME=</varname></term>
358 <listitem><para>These settings control
359 various default resource limits for
361 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
362 for details. Use the string
363 <varname>infinity</varname> to
364 configure no limit on a specific
365 resource. These settings may be
366 overridden in individual units
367 using the corresponding LimitXXX=
368 directives. Note that these resource
369 limits are only defaults for units,
370 they are not applied to PID 1
371 itself.</para></listitem>
377 <title>See Also</title>
379 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
380 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
381 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
382 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
383 <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
384 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
~ianmdlvl / elogind.git / blob