1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="systemd.exec">
27 <title>systemd.exec</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>systemd.exec</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>systemd.exec</refname>
47 <refpurpose>systemd execution environment configuration</refpurpose>
51 <para><filename>systemd.service</filename>,
52 <filename>systemd.socket</filename>,
53 <filename>systemd.mount</filename>,
54 <filename>systemd.swap</filename></para>
58 <title>Description</title>
60 <para>Unit configuration files for services, sockets,
61 mount points and swap devices share a subset of
62 configuration options which define the execution
63 environment of spawned processes.</para>
65 <para>This man page lists the configuration options
66 shared by these four unit types. See
67 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
68 for the common options of all unit configuration
70 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
71 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
72 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>
74 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
75 for more information on the specific unit
76 configuration files. The execution specific
77 configuration options are configured in the [Service],
78 [Socket], [Mount] resp. [Swap] section, depending on the unit
83 <title>Options</title>
88 <term><varname>WorkingDirectory=</varname></term>
90 <listitem><para>Takes an absolute
91 directory path. Sets the working
92 directory for executed
93 processes.</para></listitem>
97 <term><varname>RootDirectory=</varname></term>
99 <listitem><para>Takes an absolute
100 directory path. Sets the root
101 directory for executed processes, with
103 <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
104 system call. If this is used it must
105 be ensured that the process and all
106 its auxiliary files are available in
107 the <function>chroot()</function>
108 jail.</para></listitem>
112 <term><varname>User=</varname></term>
113 <term><varname>Group=</varname></term>
115 <listitem><para>Sets the Unix user
116 resp. group the processes are executed
117 as. Takes a single user resp. group
118 name or ID as argument. If no group is
119 set the default group of the user is
120 chosen.</para></listitem>
124 <term><varname>SupplementaryGroups=</varname></term>
126 <listitem><para>Sets the supplementary
127 Unix groups the processes are executed
128 as. This takes a space separated list
129 of group names or IDs. This option may
130 be specified more than once in which
131 case all listed groups are set as
132 supplementary groups. This option does
133 not override but extends the list of
134 supplementary groups configured in the
135 system group database for the
136 user.</para></listitem>
140 <term><varname>Nice=</varname></term>
142 <listitem><para>Sets the default nice
143 level (scheduling priority) for
144 executed processes. Takes an integer
145 between -20 (highest priority) and 19
146 (lowest priority). See
147 <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
148 for details.</para></listitem>
152 <term><varname>OOMScoreAdjust=</varname></term>
154 <listitem><para>Sets the adjustment
155 level for the Out-Of-Memory killer for
156 executed processes. Takes an integer
157 between -1000 (to disable OOM killing
158 for this process) and 1000 (to make
159 killing of this process under memory
160 pressure very likely). See <ulink
161 url="http://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
162 for details.</para></listitem>
166 <term><varname>IOSchedulingClass=</varname></term>
168 <listitem><para>Sets the IO scheduling
169 class for executed processes. Takes an
170 integer between 0 and 3 or one of the
171 strings <option>none</option>,
172 <option>realtime</option>,
173 <option>best-effort</option> or
174 <option>idle</option>. See
175 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
176 for details.</para></listitem>
180 <term><varname>IOSchedulingPriority=</varname></term>
182 <listitem><para>Sets the IO scheduling
183 priority for executed processes. Takes
184 an integer between 0 (highest
185 priority) and 7 (lowest priority). The
186 available priorities depend on the
187 selected IO scheduling class (see
189 <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
190 for details.</para></listitem>
194 <term><varname>CPUSchedulingPolicy=</varname></term>
196 <listitem><para>Sets the CPU
197 scheduling policy for executed
198 processes. Takes one of
199 <option>other</option>,
200 <option>batch</option>,
201 <option>idle</option>,
202 <option>fifo</option> or
203 <option>rr</option>. See
204 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
205 for details.</para></listitem>
209 <term><varname>CPUSchedulingPriority=</varname></term>
211 <listitem><para>Sets the CPU
212 scheduling priority for executed
213 processes. Takes an integer between 1
214 (lowest priority) and 99 (highest
215 priority). The available priority
216 range depends on the selected CPU
217 scheduling policy (see above). See
218 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
219 for details.</para></listitem>
223 <term><varname>CPUSchedulingResetOnFork=</varname></term>
225 <listitem><para>Takes a boolean
226 argument. If true elevated CPU
227 scheduling priorities and policies
228 will be reset when the executed
229 processes fork, and can hence not leak
230 into child processes. See
231 <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
232 for details. Defaults to false.</para></listitem>
236 <term><varname>CPUAffinity=</varname></term>
238 <listitem><para>Controls the CPU
239 affinity of the executed
240 processes. Takes a space-separated
241 list of CPU indexes. See
242 <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
243 for details.</para></listitem>
247 <term><varname>UMask=</varname></term>
249 <listitem><para>Controls the file mode
250 creation mask. Takes an access mode in
252 <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
253 for details. Defaults to
254 0022.</para></listitem>
258 <term><varname>Environment=</varname></term>
260 <listitem><para>Sets environment
261 variables for executed
262 processes. Takes a space-separated
263 list of variable assignments. This
264 option may be specified more than once
265 in which case all listed variables
266 will be set. If the same variable is
267 set twice the later setting will
268 override the earlier setting. See
269 <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
270 for details.</para></listitem>
273 <term><varname>EnvironmentFile=</varname></term>
274 <listitem><para>Similar to
275 <varname>Environment=</varname> but
276 reads the environment variables from a
277 text file. The text file should
278 contain new-line separated variable
279 assignments. Empty lines and lines
280 starting with ; or # will be ignored,
281 which may be used for commenting. The
282 argument passed should be an absolute
283 file name, optionally prefixed with
284 "-", which indicates that if the file
285 does not exist it won't be read and no
286 error or warning message is
287 logged. The files listed with this
288 directive will be read shortly before
289 the process is executed. Settings from
290 these files override settings made
292 <varname>Environment=</varname>. If
293 the same variable is set twice from
294 these files the files will be read in
295 the order they are specified and the
296 later setting will override the
297 earlier setting. </para></listitem>
301 <term><varname>StandardInput=</varname></term>
302 <listitem><para>Controls where file
303 descriptor 0 (STDIN) of the executed
304 processes is connected to. Takes one
305 of <option>null</option>,
306 <option>tty</option>,
307 <option>tty-force</option>,
308 <option>tty-fail</option> or
309 <option>socket</option>. If
310 <option>null</option> is selected
311 standard input will be connected to
312 <filename>/dev/null</filename>,
313 i.e. all read attempts by the process
314 will result in immediate EOF. If
315 <option>tty</option> is selected
316 standard input is connected to a TTY
318 <varname>TTYPath=</varname>, see
319 below) and the executed process
320 becomes the controlling process of the
321 terminal. If the terminal is already
322 being controlled by another process the
323 executed process waits until the current
324 controlling process releases the
326 <option>tty-force</option>
327 is similar to <option>tty</option>,
328 but the executed process is forcefully
329 and immediately made the controlling
330 process of the terminal, potentially
331 removing previous controlling
333 terminal. <option>tty-fail</option> is
334 similar to <option>tty</option> but if
335 the terminal already has a controlling
336 process start-up of the executed
338 <option>socket</option> option is only
339 valid in socket-activated services,
340 and only when the socket configuration
342 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
343 for details) specifies a single socket
344 only. If this option is set standard
345 input will be connected to the socket
346 the service was activated from, which
347 is primarily useful for compatibility
348 with daemons designed for use with the
350 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
351 daemon. This setting defaults to
352 <option>null</option>.</para></listitem>
355 <term><varname>StandardOutput=</varname></term>
356 <listitem><para>Controls where file
357 descriptor 1 (STDOUT) of the executed
358 processes is connected to. Takes one
359 of <option>inherit</option>,
360 <option>null</option>,
361 <option>tty</option>,
362 <option>syslog</option>,
363 <option>kmsg</option>,
364 <option>kmsg+console</option>,
365 <option>syslog+console</option> or
366 <option>socket</option>. If set to
367 <option>inherit</option> the file
368 descriptor of standard input is
369 duplicated for standard output. If set
370 to <option>null</option> standard
371 output will be connected to
372 <filename>/dev/null</filename>,
373 i.e. everything written to it will be
374 lost. If set to <option>tty</option>
375 standard output will be connected to a
376 tty (as configured via
377 <varname>TTYPath=</varname>, see
378 below). If the TTY is used for output
379 only the executed process will not
380 become the controlling process of the
381 terminal, and will not fail or wait
382 for other processes to release the
383 terminal. <option>syslog</option>
384 connects standard output to the
385 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
387 service. <option>kmsg</option>
388 connects it with the kernel log buffer
389 which is accessible via
390 <citerefentry><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>. <option>syslog+console</option>
391 and <option>kmsg+console</option> work
392 similarly but copy the output to the
394 well. <option>socket</option> connects
395 standard output to a socket from
396 socket activation, semantics are
397 similar to the respective option of
398 <varname>StandardInput=</varname>.
399 This setting defaults to
400 <option>inherit</option>.</para></listitem>
403 <term><varname>StandardError=</varname></term>
404 <listitem><para>Controls where file
405 descriptor 2 (STDERR) of the executed
406 processes is connected to. The
407 available options are identical to
409 <varname>StandardOutput=</varname>,
410 with one exception: if set to
411 <option>inherit</option> the file
412 descriptor used for standard output is
413 duplicated for standard error. This
415 <option>inherit</option>.</para></listitem>
418 <term><varname>TTYPath=</varname></term>
419 <listitem><para>Sets the terminal
420 device node to use if standard input,
421 output or stderr are connected to a
422 TTY (see above). Defaults to
423 <filename>/dev/console</filename>.</para></listitem>
426 <term><varname>TTYReset=</varname></term>
427 <listitem><para>Reset the terminal
428 device specified with
429 <varname>TTYPath=</varname> before and
430 after execution. Defaults to
431 <literal>no</literal>.</para></listitem>
434 <term><varname>TTYVHangup=</varname></term>
435 <listitem><para>Disconnect all clients
436 which have opened the terminal device
438 <varname>TTYPath=</varname>
439 before and after execution. Defaults
441 <literal>no</literal>.</para></listitem>
444 <term><varname>TTYVTDisallocate=</varname></term>
445 <listitem><para>If the the terminal
446 device specified with
447 <varname>TTYPath=</varname> is a
448 virtual console terminal try to
449 deallocate the TTY before and after
450 execution. This ensures that the
451 screen and scrollback buffer is
453 <literal>no</literal>.</para></listitem>
456 <term><varname>SyslogIdentifier=</varname></term>
457 <listitem><para>Sets the process name
458 to prefix log lines sent to syslog or
459 the kernel log buffer with. If not set
460 defaults to the process name of the
461 executed process. This option is only
463 <varname>StandardOutput=</varname> or
464 <varname>StandardError=</varname> are
465 set to <option>syslog</option> or
466 <option>kmsg</option>.</para></listitem>
469 <term><varname>SyslogFacility=</varname></term>
470 <listitem><para>Sets the syslog
471 facility to use when logging to
472 syslog. One of <option>kern</option>,
473 <option>user</option>,
474 <option>mail</option>,
475 <option>daemon</option>,
476 <option>auth</option>,
477 <option>syslog</option>,
478 <option>lpr</option>,
479 <option>news</option>,
480 <option>uucp</option>,
481 <option>cron</option>,
482 <option>authpriv</option>,
483 <option>ftp</option>,
484 <option>local0</option>,
485 <option>local1</option>,
486 <option>local2</option>,
487 <option>local3</option>,
488 <option>local4</option>,
489 <option>local5</option>,
490 <option>local6</option> or
491 <option>local7</option>. See
492 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
493 for details. This option is only
495 <varname>StandardOutput=</varname> or
496 <varname>StandardError=</varname> are
497 set to <option>syslog</option>.
499 <option>daemon</option>.</para></listitem>
502 <term><varname>SyslogLevel=</varname></term>
503 <listitem><para>Default syslog level
504 to use when logging to syslog or the
505 kernel log buffer. One of
506 <option>emerg</option>,
507 <option>alert</option>,
508 <option>crit</option>,
509 <option>err</option>,
510 <option>warning</option>,
511 <option>notice</option>,
512 <option>info</option>,
513 <option>debug</option>. See
514 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
515 for details. This option is only
517 <varname>StandardOutput=</varname> or
518 <varname>StandardError=</varname> are
519 set to <option>syslog</option> or
520 <option>kmsg</option>. Note that
521 individual lines output by the daemon
522 might be prefixed with a different log
523 level which can be used to override
524 the default log level specified
525 here. The interpretation of these
526 prefixes may be disabled with
527 <varname>SyslogLevelPrefix=</varname>,
528 see below. For details see
529 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
532 <option>info</option>.</para></listitem>
536 <term><varname>SyslogLevelPrefix=</varname></term>
537 <listitem><para>Takes a boolean
538 argument. If true and
539 <varname>StandardOutput=</varname> or
540 <varname>StandardError=</varname> are
541 set to <option>syslog</option> or
542 <option>kmsg</option> log lines
543 written by the executed process that
544 are prefixed with a log level will be
545 passed on to syslog with this log
546 level set but the prefix removed. If
547 set to false, the interpretation of
548 these prefixes is disabled and the
549 logged lines are passed on as-is. For
550 details about this prefixing see
551 <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
552 Defaults to true.</para></listitem>
556 <term><varname>TimerSlackNSec=</varname></term>
557 <listitem><para>Sets the timer slack
558 in nanoseconds for the executed
559 processes. The timer slack controls the
560 accuracy of wake-ups triggered by
562 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
563 for more information. Note that in
564 contrast to most other time span
565 definitions this parameter takes an
566 integer value in nano-seconds and does
567 not understand any other
568 units.</para></listitem>
572 <term><varname>LimitCPU=</varname></term>
573 <term><varname>LimitFSIZE=</varname></term>
574 <term><varname>LimitDATA=</varname></term>
575 <term><varname>LimitSTACK=</varname></term>
576 <term><varname>LimitCORE=</varname></term>
577 <term><varname>LimitRSS=</varname></term>
578 <term><varname>LimitNOFILE=</varname></term>
579 <term><varname>LimitAS=</varname></term>
580 <term><varname>LimitNPROC=</varname></term>
581 <term><varname>LimitMEMLOCK=</varname></term>
582 <term><varname>LimitLOCKS=</varname></term>
583 <term><varname>LimitSIGPENDING=</varname></term>
584 <term><varname>LimitMSGQUEUE=</varname></term>
585 <term><varname>LimitNICE=</varname></term>
586 <term><varname>LimitRTPRIO=</varname></term>
587 <term><varname>LimitRTTIME=</varname></term>
588 <listitem><para>These settings control
589 various resource limits for executed
591 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
592 for details. Use the string
593 <varname>infinity</varname> to
594 configure no limit on a specific
595 resource.</para></listitem>
599 <term><varname>PAMName=</varname></term>
600 <listitem><para>Sets the PAM service
601 name to set up a session as. If set
602 the executed process will be
603 registered as a PAM session under the
604 specified service name. This is only
605 useful in conjunction with the
606 <varname>User=</varname> setting. If
607 not set no PAM session will be opened
608 for the executed processes. See
609 <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
610 for details.</para></listitem>
614 <term><varname>TCPWrapName=</varname></term>
615 <listitem><para>If this is a
616 socket-activated service this sets the
617 tcpwrap service name to check the
618 permission for the current connection
619 with. This is only useful in
620 conjunction with socket-activated
621 services, and stream sockets (TCP) in
622 particular. It has no effect on other
623 socket types (e.g. datagram/UDP) and on processes
624 unrelated to socket-based
625 activation. If the tcpwrap
626 verification fails daemon start-up
627 will fail and the connection is
629 <citerefentry><refentrytitle>tcpd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
630 for details.</para></listitem>
634 <term><varname>CapabilityBoundingSet=</varname></term>
636 <listitem><para>Controls which
637 capabilities to include in the
638 capability bounding set for the
639 executed process. See
640 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
641 for details. Takes a whitespace
642 separated list of capability names as
644 <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
645 Capabilities listed will be included
646 in the bounding set, all others are
647 removed. If the list of capabilities
648 is prefixed with ~ all but the listed
649 capabilities will be included, the
650 effect of the assignment
651 inverted. Note that this option does
652 not actually set or unset any
653 capabilities in the effective,
654 permitted or inherited capability
656 <varname>Capabilities=</varname> is
657 for. If this option is not used the
658 capability bounding set is not
659 modified on process execution, hence
660 no limits on the capabilities of the
661 process are enforced.</para></listitem>
665 <term><varname>SecureBits=</varname></term>
666 <listitem><para>Controls the secure
667 bits set for the executed process. See
668 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
669 for details. Takes a list of strings:
670 <option>keep-caps</option>,
671 <option>keep-caps-locked</option>,
672 <option>no-setuid-fixup</option>,
673 <option>no-setuid-fixup-locked</option>,
674 <option>noroot</option> and/or
675 <option>noroot-locked</option>.
680 <term><varname>Capabilities=</varname></term>
681 <listitem><para>Controls the
682 <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
683 set for the executed process. Take a
684 capability string describing the
685 effective, permitted and inherited
686 capability sets as documented in
687 <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
688 Note that these capability sets are
689 usually influenced by the capabilities
690 attached to the executed file. Due to
692 <varname>CapabilityBoundingSet=</varname>
693 is probably the much more useful
694 setting.</para></listitem>
698 <term><varname>ControlGroup=</varname></term>
700 <listitem><para>Controls the control
701 groups the executed processes shall be
702 made members of. Takes a
703 space-separated list of cgroup
704 identifiers. A cgroup identifier has a
706 <filename>cpu:/foo/bar</filename>,
707 where "cpu" identifies the kernel
708 control group controller used, and
709 <filename>/foo/bar</filename> is the
710 control group path. The controller
711 name and ":" may be omitted in which
712 case the named systemd control group
713 hierarchy is implied. Alternatively,
714 the path and ":" may be omitted, in
715 which case the default control group
716 path for this unit is implied. This
717 option may be used to place executed
718 processes in arbitrary groups in
719 arbitrary hierarchies -- which can be
720 configured externally with additional
721 execution limits. By default systemd
722 will place all executed processes in
723 separate per-unit control groups
724 (named after the unit) in the systemd
725 named hierarchy. Since every process
726 can be in one group per hierarchy only
727 overriding the control group path in
728 the named systemd hierarchy will
729 disable automatic placement in the
730 default group. This option is
731 primarily intended to place executed
732 processes in specific paths in
733 specific kernel controller
734 hierarchies. It is however not
735 recommended to manipulate the service
736 control group path in the systemd
737 named hierarchy. For details about
738 control groups see <ulink
739 url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>.</para></listitem>
743 <term><varname>ControlGroupModify=</varname></term>
744 <listitem><para>Takes a boolean
745 argument. If true, the control groups
746 created for this unit will be owned by
747 the user specified with
748 <varname>User=</varname> (and the
749 appropriate group), and he/she can create
750 subgroups as well as add processes to
751 the group.</para></listitem>
755 <term><varname>ControlGroupAttribute=</varname></term>
757 <listitem><para>Set a specific control
758 group attribute for executed
759 processes, and (if needed) add the the
760 executed processes to a cgroup in the
761 hierarchy of the controller the
762 attribute belongs to. Takes two
763 space-separated arguments: the
764 attribute name (syntax is
765 <literal>cpu.shares</literal> where
766 <literal>cpu</literal> refers to a
767 specific controller and
768 <literal>shares</literal> to the
769 attribute name), and the attribute
771 <literal>ControlGroupAttribute=cpu.shares
772 512</literal>. If this option is used
773 for an attribute that belongs to a
774 kernel controller hierarchy the unit
775 is not already configured to be added
776 to (for example via the
777 <literal>ControlGroup=</literal>
778 option) then the unit will be added to
779 the controller and the default unit
780 cgroup path is implied. Thus, using
781 <varname>ControlGroupAttribute=</varname>
782 is in most case sufficient to make use
783 of control group enforcements,
785 <varname>ControlGroup=</varname> are
786 only necessary in case the implied
787 default control group path for a
788 service is not desirable. For details
789 about control group attributes see
791 url="http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>. This
792 option may appear more than once, in
793 order to set multiple control group
794 attributes.</para></listitem>
798 <term><varname>CPUShares=</varname></term>
800 <listitem><para>Assign the specified
801 overall CPU time shares to the
802 processes executed. Takes an integer
803 value. This controls the
804 <literal>cpu.shares</literal> control
805 group attribute, which defaults to
806 1024. For details about this control
807 group attribute see <ulink
808 url="http://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.</para></listitem>
812 <term><varname>MemoryLimit=</varname></term>
813 <term><varname>MemorySoftLimit=</varname></term>
815 <listitem><para>Limit the overall memory usage
816 of the executed processes to a certain
817 size. Takes a memory size in bytes. If
818 the value is suffixed with K, M, G or
819 T the specified memory size is parsed
820 as Kilobytes, Megabytes, Gigabytes,
821 resp. Terabytes (to the base
822 1024). This controls the
823 <literal>memory.limit_in_bytes</literal>
825 <literal>memory.soft_limit_in_bytes</literal>
826 control group attributes. For details
827 about these control group attributes
829 url="http://www.kernel.org/doc/Documentation/cgroups/memory.txt">memory.txt</ulink>.</para></listitem>
833 <term><varname>DeviceAllow=</varname></term>
834 <term><varname>DeviceDeny=</varname></term>
836 <listitem><para>Control access to
837 specific device nodes by the executed processes. Takes two
838 space separated strings: a device node
840 <filename>/dev/null</filename>)
841 followed by a combination of r, w, m
842 to control reading, writing resp.
843 creating of the specific device node
844 by the unit. This controls the
845 <literal>devices.allow</literal>
847 <literal>devices.deny</literal>
848 control group attributes. For details
849 about these control group attributes
851 url="http://www.kernel.org/doc/Documentation/cgroups/devices.txt">devices.txt</ulink>.</para></listitem>
855 <term><varname>BlockIOWeight=</varname></term>
857 <listitem><para>Set the default or
858 per-device overall block IO weight
859 value for the executed
860 processes. Takes either a single
861 weight value (between 10 and 1000) to
862 set the default block IO weight, or a
863 space separated pair of a file path
864 and a weight value to specify the
865 device specific weight value (Example:
866 "/dev/sda 500"). The file path may be
867 specified as path to a block device
868 node or as any other file in which
869 case the backing block device of the
870 file system of the file is
871 determined. This controls the
872 <literal>blkio.weight</literal> and
873 <literal>blkio.weight_device</literal>
874 control group attributes, which
875 default to 1000. Use this option
876 multiple times to set weights for
877 multiple devices. For details about
878 these control group attributes see
880 url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
884 <term><varname>BlockIOReadBandwidth=</varname></term>
885 <term><varname>BlockIOWriteBandwidth=</varname></term>
887 <listitem><para>Set the per-device
888 overall block IO bandwith limit for
889 the executed processes. Takes a space
890 separated pair of a file path and a
891 bandwith value (in bytes per second)
892 to specify the device specific
893 bandwidth. The file path may be
894 specified as path to a block device
895 node or as any other file in which
896 case the backing block device of the
897 file system of the file is determined.
898 If the bandwith is suffixed with K, M,
899 G, or T the specified bandwith is
900 parsed as Kilobytes, Megabytes,
901 Gigabytes, resp. Terabytes (Example:
902 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
903 5M"). This controls the
904 <literal>blkio.read_bps_device</literal>
906 <literal>blkio.write_bps_device</literal>
907 control group attributes. Use this
908 option multiple times to set bandwith
909 limits for multiple devices. For
910 details about these control group
911 attributes see <ulink
912 url="http://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt">blkio-controller.txt</ulink>.</para></listitem>
916 <term><varname>ReadWriteDirectories=</varname></term>
917 <term><varname>ReadOnlyDirectories=</varname></term>
918 <term><varname>InaccessibleDirectories=</varname></term>
920 <listitem><para>Sets up a new
921 file-system name space for executed
922 processes. These options may be used
923 to limit access a process might have
924 to the main file-system
925 hierarchy. Each setting takes a
926 space-separated list of absolute
927 directory paths. Directories listed in
928 <varname>ReadWriteDirectories=</varname>
929 are accessible from within the
930 namespace with the same access rights
931 as from outside. Directories listed in
932 <varname>ReadOnlyDirectories=</varname>
933 are accessible for reading only,
934 writing will be refused even if the
935 usual file access controls would
936 permit this. Directories listed in
937 <varname>InaccessibleDirectories=</varname>
938 will be made inaccessible for processes
939 inside the namespace. Note that
940 restricting access with these options
941 does not extend to submounts of a
942 directory. You must list submounts
943 separately in these settings to
944 ensure the same limited access. These
945 options may be specified more than
946 once in which case all directories
947 listed will have limited access from
949 namespace.</para></listitem>
953 <term><varname>PrivateTmp=</varname></term>
955 <listitem><para>Takes a boolean
956 argument. If true sets up a new file
957 system namespace for the executed
958 processes and mounts a private
959 <filename>/tmp</filename> directory
960 inside it, that is not shared by
961 processes outside of the
962 namespace. This is useful to secure
963 access to temporary files of the
964 process, but makes sharing between
966 <filename>/tmp</filename>
967 impossible. Defaults to
968 false.</para></listitem>
972 <term><varname>PrivateNetwork=</varname></term>
974 <listitem><para>Takes a boolean
975 argument. If true sets up a new
976 network namespace for the executed
977 processes and configures only the
978 loopback network device
979 <literal>lo</literal> inside it. No
980 other network devices will be
981 available to the executed process.
982 This is useful to securely turn off
983 network access by the executed
985 false.</para></listitem>
989 <term><varname>MountFlags=</varname></term>
991 <listitem><para>Takes a mount
993 <option>shared</option>,
994 <option>slave</option> or
995 <option>private</option>, which
996 control whether namespaces set up with
997 <varname>ReadWriteDirectories=</varname>,
998 <varname>ReadOnlyDirectories=</varname>
1000 <varname>InaccessibleDirectories=</varname>
1001 receive or propagate new mounts
1002 from/to the main namespace. See
1003 <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>1</manvolnum></citerefentry>
1004 for details. Defaults to
1005 <option>shared</option>, i.e. the new
1006 namespace will both receive new mount
1007 points from the main namespace as well
1008 as propagate new mounts to
1009 it.</para></listitem>
1013 <term><varname>UtmpIdentifier=</varname></term>
1015 <listitem><para>Takes a a four
1016 character identifier string for an
1017 utmp/wtmp entry for this service. This
1018 should only be set for services such
1019 as <command>getty</command>
1020 implementations where utmp/wtmp
1021 entries must be created and cleared
1022 before and after execution. If the
1023 configured string is longer than four
1024 characters it is truncated and the
1025 terminal four characters are
1026 used. This setting interprets %I style
1027 string replacements. This setting is
1028 unset by default, i.e. no utmp/wtmp
1029 entries are created or cleaned up for
1030 this service.</para></listitem>
1037 <title>See Also</title>
1039 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1040 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1041 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1042 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1043 <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1044 <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1045 <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>