1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="systemd.socket">
27 <title>systemd.socket</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>systemd.socket</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>systemd.socket</refname>
47 <refpurpose>Socket unit configuration</refpurpose>
51 <para><filename><replaceable>socket</replaceable>.socket</filename></para>
55 <title>Description</title>
57 <para>A unit configuration file whose name ends in
58 <literal>.socket</literal> encodes information about
59 an IPC or network socket or a file system FIFO
60 controlled and supervised by systemd, for socket-based
63 <para>This man page lists the configuration options
64 specific to this unit type. See
65 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
66 for the common options of all unit configuration
67 files. The common configuration items are configured
68 in the generic [Unit] and [Install] sections. The
69 socket specific configuration options are configured
70 in the [Socket] section.</para>
72 <para>Additional options are listed in
73 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
74 which define the execution environment the
75 <option>ExecStartPre=</option>,
76 <option>ExecStartPost=</option>,
77 <option>ExecStopPre=</option> and
78 <option>ExecStopPost=</option> commands are executed
80 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
81 which define the way the processes are terminated, and
83 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
84 which configure resource control settings for the
85 processes of the socket.</para>
87 <para>For each socket file, a matching service file
88 must exist, describing the service to start on
89 incoming traffic on the socket (see
90 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
91 for more information about .service files). The name
92 of the .service unit is by default the same as the
93 name of the .socket unit, but can be altered with the
94 <option>Service=</option> option described below.
95 Depending on the setting of the <option>Accept=</option>
96 option described below, this .service unit must either
97 be named like the .socket unit, but with the suffix
98 replaced, unless overridden with
99 <option>Service=</option>; or it must be a template
100 unit named the same way. Example: a socket file
101 <filename>foo.socket</filename> needs a matching
102 service <filename>foo.service</filename> if
103 <option>Accept=false</option> is set. If
104 <option>Accept=true</option> is set, a service
105 template file <filename>foo@.service</filename> must
106 exist from which services are instantiated for each
107 incoming connection.</para>
109 <para>Unless <varname>DefaultDependencies=</varname>
110 is set to <option>false</option>, socket units will
111 implicitly have dependencies of type
112 <varname>Requires=</varname> and
113 <varname>After=</varname> on
114 <filename>sysinit.target</filename> as well as
115 dependencies of type <varname>Conflicts=</varname> and
116 <varname>Before=</varname> on
117 <filename>shutdown.target</filename>. These ensure
118 that socket units pull in basic system
119 initialization, and are terminated cleanly prior to
120 system shutdown. Only sockets involved with early
121 boot or late system shutdown should disable this
124 <para>Socket units will have a
125 <varname>Before=</varname> dependency on the service
126 which they trigger added implicitly. No implicit
127 <varname>WantedBy=</varname> or
128 <varname>RequiredBy=</varname> dependency from the
129 socket to the service is added. This means that the
130 service may be started without the socket, in which
131 case it must be able to open sockets by itself. To
132 prevent this, an explicit <varname>Requires=</varname>
133 dependency may be added.</para>
135 <para>Socket units may be used to implement on-demand
136 starting of services, as well as parallelized starting
137 of services. See the blog stories linked at the end
138 for an introduction.</para>
140 <para>Note that the daemon software configured for
141 socket activation with socket units needs to be able
142 to accept sockets from systemd, either via systemd's
143 native socket passing interface (see
144 <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
145 for details) or via the traditional
146 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>-style
147 socket passing (i.e. sockets passed in via standard input and
148 output, using <varname>StandardInput=socket</varname>
149 in the service file).</para>
153 <title>Options</title>
155 <para>Socket files must include a [Socket] section,
156 which carries information about the socket or FIFO it
157 supervises. A number of options that may be used in
158 this section are shared with other unit types. These
159 options are documented in
160 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
162 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
163 options specific to the [Socket] section of socket
164 units are the following:</para>
166 <variablelist class='unit-directives'>
168 <term><varname>ListenStream=</varname></term>
169 <term><varname>ListenDatagram=</varname></term>
170 <term><varname>ListenSequentialPacket=</varname></term>
171 <listitem><para>Specifies an address
172 to listen on for a stream
173 (<constant>SOCK_STREAM</constant>), datagram (<constant>SOCK_DGRAM</constant>),
175 (<constant>SOCK_SEQPACKET</constant>) socket, respectively. The address
176 can be written in various formats:</para>
178 <para>If the address starts with a
179 slash (<literal>/</literal>), it is read as file system
180 socket in the <constant>AF_UNIX</constant> socket
183 <para>If the address starts with an at
184 symbol (<literal>@</literal>), it is read as abstract
185 namespace socket in the
186 <constant>AF_UNIX</constant>
187 family. The <literal>@</literal> is
189 <constant>NUL</constant> character
190 before binding. For details, see
191 <citerefentry project='man-pages'><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
193 <para>If the address string is a
194 single number, it is read as port
195 number to listen on via
196 IPv6. Depending on the value of
197 <varname>BindIPv6Only=</varname> (see below) this
198 might result in the service being
199 available via both IPv6 and IPv4 (default) or
203 <para>If the address string is a
204 string in the format v.w.x.y:z, it is
205 read as IPv4 specifier for listening
206 on an address v.w.x.y on a port
209 <para>If the address string is a
210 string in the format [x]:y, it is read
211 as IPv6 address x on a port y. Note
212 that this might make the service
213 available via IPv4, too, depending on
214 the <varname>BindIPv6Only=</varname>
218 <para>Note that <constant>SOCK_SEQPACKET</constant>
219 (i.e. <varname>ListenSequentialPacket=</varname>)
220 is only available for <constant>AF_UNIX</constant>
221 sockets. <constant>SOCK_STREAM</constant>
222 (i.e. <varname>ListenStream=</varname>)
223 when used for IP sockets refers to TCP
224 sockets, <constant>SOCK_DGRAM</constant>
225 (i.e. <varname>ListenDatagram=</varname>)
228 <para>These options may be specified
229 more than once in which case incoming
230 traffic on any of the sockets will
231 trigger service activation, and all
232 listed sockets will be passed to the
233 service, regardless of whether there is
234 incoming traffic on them or not. If
235 the empty string is assigned to any of
236 these options, the list of addresses
237 to listen on is reset, all prior uses
238 of any of these options will have no
241 <para>It is also possible to have more
242 than one socket unit for the same
244 <varname>Service=</varname>, and the
245 service will receive all the sockets
246 configured in all the socket units.
247 Sockets configured in one unit are
248 passed in the order of configuration,
249 but no ordering between socket units
252 <para>If an IP address is used here,
253 it is often desirable to listen on it
254 before the interface it is configured
255 on is up and running, and even
256 regardless of whether it will be up and
257 running at any point. To deal with this,
258 it is recommended to set the
259 <varname>FreeBind=</varname> option
260 described below.</para></listitem>
264 <term><varname>ListenFIFO=</varname></term>
265 <listitem><para>Specifies a file
266 system FIFO to listen on. This expects
267 an absolute file system path as
268 argument. Behavior otherwise is very
270 <varname>ListenDatagram=</varname>
271 directive above.</para></listitem>
275 <term><varname>ListenSpecial=</varname></term>
276 <listitem><para>Specifies a special
277 file in the file system to listen
278 on. This expects an absolute file
279 system path as argument. Behavior
280 otherwise is very similar to the
281 <varname>ListenFIFO=</varname>
282 directive above. Use this to open
283 character device nodes as well as
285 <filename>/proc</filename> and
286 <filename>/sys</filename>.</para></listitem>
290 <term><varname>ListenNetlink=</varname></term>
291 <listitem><para>Specifies a Netlink
292 family to create a socket for to
293 listen on. This expects a short string
294 referring to the <constant>AF_NETLINK</constant> family
295 name (such as <varname>audit</varname>
296 or <varname>kobject-uevent</varname>)
297 as argument, optionally suffixed by a
298 whitespace followed by a multicast
299 group integer. Behavior otherwise is
301 <varname>ListenDatagram=</varname>
302 directive above.</para></listitem>
306 <term><varname>ListenMessageQueue=</varname></term>
307 <listitem><para>Specifies a POSIX
308 message queue name to listen on. This
309 expects a valid message queue name
310 (i.e. beginning with /). Behavior
311 otherwise is very similar to the
312 <varname>ListenFIFO=</varname>
313 directive above. On Linux message
314 queue descriptors are actually file
315 descriptors and can be inherited
316 between processes.</para></listitem>
320 <term><varname>BindIPv6Only=</varname></term>
321 <listitem><para>Takes a one of
322 <option>default</option>,
323 <option>both</option> or
324 <option>ipv6-only</option>. Controls
325 the IPV6_V6ONLY socket option (see
326 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
328 <option>both</option>, IPv6 sockets
329 bound will be accessible via both IPv4
331 <option>ipv6-only</option>, they will
332 be accessible via IPv6 only. If
333 <option>default</option> (which is the
334 default, surprise!), the system wide
335 default setting is used, as controlled
337 <filename>/proc/sys/net/ipv6/bindv6only</filename>,
338 which in turn defaults to the
340 <option>both</option>.</para>
345 <term><varname>Backlog=</varname></term>
346 <listitem><para>Takes an unsigned
347 integer argument. Specifies the number
348 of connections to queue that have not
349 been accepted yet. This setting
350 matters only for stream and sequential
352 <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
353 for details. Defaults to SOMAXCONN
354 (128).</para></listitem>
358 <term><varname>BindToDevice=</varname></term>
359 <listitem><para>Specifies a network
360 interface name to bind this socket
361 to. If set, traffic will only be
362 accepted from the specified network
363 interfaces. This controls the
364 SO_BINDTODEVICE socket option (see
365 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
366 for details). If this option is used,
367 an automatic dependency from this
368 socket unit on the network interface
370 (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
371 is created.</para></listitem>
375 <term><varname>SocketUser=</varname></term>
376 <term><varname>SocketGroup=</varname></term>
378 <listitem><para>Takes a UNIX
379 user/group name. When specified,
380 all AF_UNIX sockets and FIFO nodes in
381 the file system are owned by the
382 specified user and group. If unset
383 (the default), the nodes are owned by
384 the root user/group (if run in system
385 context) or the invoking user/group
386 (if run in user context). If only a
387 user is specified but no group, then
388 the group is derived from the user's
389 default group.</para></listitem>
393 <term><varname>SocketMode=</varname></term>
394 <listitem><para>If listening on a file
395 system socket or FIFO, this option
396 specifies the file system access mode
397 used when creating the file
398 node. Takes an access mode in octal
399 notation. Defaults to
400 0666.</para></listitem>
404 <term><varname>DirectoryMode=</varname></term>
405 <listitem><para>If listening on a file
406 system socket or FIFO, the parent
407 directories are automatically created
408 if needed. This option specifies the
409 file system access mode used when
410 creating these directories. Takes an
412 notation. Defaults to
413 0755.</para></listitem>
417 <term><varname>Accept=</varname></term>
418 <listitem><para>Takes a boolean
419 argument. If true, a service instance
420 is spawned for each incoming
421 connection and only the connection
422 socket is passed to it. If false, all
423 listening sockets themselves are
424 passed to the started service unit,
425 and only one service unit is spawned
426 for all connections (also see
427 above). This value is ignored for
428 datagram sockets and FIFOs where a
429 single service unit unconditionally
430 handles all incoming traffic. Defaults
431 to <option>false</option>. For
432 performance reasons, it is recommended
433 to write new daemons only in a way
435 <option>Accept=false</option>. A
436 daemon listening on an <constant>AF_UNIX</constant> socket
437 may, but does not need to, call
438 <citerefentry><refentrytitle>close</refentrytitle><manvolnum>2</manvolnum></citerefentry>
439 on the received socket before
440 exiting. However, it must not unlink
441 the socket from a file system. It
443 <citerefentry><refentrytitle>shutdown</refentrytitle><manvolnum>2</manvolnum></citerefentry>
444 on sockets it got with
445 <varname>Accept=false</varname>, but
446 it may do so for sockets it got with
447 <varname>Accept=true</varname> set.
448 Setting <varname>Accept=true</varname>
449 is mostly useful to allow daemons
450 designed for usage with
451 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
452 to work unmodified with systemd socket
453 activation.</para></listitem>
457 <term><varname>MaxConnections=</varname></term>
458 <listitem><para>The maximum number of
459 connections to simultaneously run
460 services instances for, when
461 <option>Accept=true</option> is
462 set. If more concurrent connections
463 are coming in, they will be refused
464 until at least one existing connection
465 is terminated. This setting has no
466 effect on sockets configured with
467 <option>Accept=false</option> or datagram
469 64.</para></listitem>
473 <term><varname>KeepAlive=</varname></term>
474 <listitem><para>Takes a boolean
475 argument. If true, the TCP/IP stack
476 will send a keep alive message after
477 2h (depending on the configuration of
478 <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
479 for all TCP streams accepted on this
480 socket. This controls the SO_KEEPALIVE
482 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
484 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
485 Keepalive HOWTO</ulink> for details.)
487 <option>false</option>.</para></listitem>
491 <term><varname>NoDelay=</varname></term>
492 <listitem><para>Takes a boolean
493 argument. TCP Nagle's algorithm works by combining a number of
494 small outgoing messages, and sending them all at once.
495 This controls the TCP_NODELAY socket option (see
496 <citerefentry><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>
498 <option>false</option>.</para></listitem>
502 <term><varname>FastOpen=</varname></term>
503 <listitem><para>Takes a boolean
504 argument. It works by using a TFO cookie (a TCP option) in the initial
505 SYN packet to authenticate a previously connected client. If successful,
506 it may start sending data to the client before the receipt of the final
507 ACK packet of the three way handshake is received, skipping a round trip
508 and lowering the latency in the start of transmission of data.
509 This controls the TCP_FASTOPEN socket option (see
510 the <ulink url="http://lwn.net/Articles/508865/">TCP
511 Fast Open: expediting web services</ulink> for details.)
513 <option>false</option>.</para></listitem>
517 <term><varname>Priority=</varname></term>
518 <listitem><para>Takes an integer
519 argument controlling the priority for
520 all traffic sent from this
521 socket. This controls the SO_PRIORITY
523 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
524 for details.).</para></listitem>
528 <term><varname>ReceiveBuffer=</varname></term>
529 <term><varname>SendBuffer=</varname></term>
530 <listitem><para>Takes an integer
531 argument controlling the receive or
532 send buffer sizes of this socket,
533 respectively. This controls the
534 SO_RCVBUF and SO_SNDBUF socket options
536 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
537 for details.). The usual suffixes K,
538 M, G are supported and are understood
539 to the base of 1024.</para></listitem>
543 <term><varname>IPTOS=</varname></term>
544 <listitem><para>Takes an integer
545 argument controlling the IP
546 Type-Of-Service field for packets
547 generated from this socket. This
548 controls the IP_TOS socket option (see
549 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
550 for details.). Either a numeric string
551 or one of <option>low-delay</option>,
552 <option>throughput</option>,
553 <option>reliability</option> or
554 <option>low-cost</option> may be
555 specified.</para></listitem>
559 <term><varname>IPTTL=</varname></term>
560 <listitem><para>Takes an integer
561 argument controlling the IPv4
562 Time-To-Live/IPv6 Hop-Count field for
563 packets generated from this
564 socket. This sets the
565 IP_TTL/IPV6_UNICAST_HOPS socket
567 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
569 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
570 for details.)</para></listitem>
574 <term><varname>Mark=</varname></term>
575 <listitem><para>Takes an integer
576 value. Controls the firewall mark of
577 packets generated by this socket. This
578 can be used in the firewall logic to
579 filter packets from this socket. This
580 sets the SO_MARK socket option. See
581 <citerefentry><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
582 for details.</para></listitem>
586 <term><varname>ReusePort=</varname></term>
587 <listitem><para>Takes a boolean
588 value. If true, allows multiple <citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s
589 to this TCP or UDP port. This
590 controls the SO_REUSEPORT socket
592 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
593 for details.</para></listitem>
597 <term><varname>SmackLabel=</varname></term>
598 <term><varname>SmackLabelIPIn=</varname></term>
599 <term><varname>SmackLabelIPOut=</varname></term>
600 <listitem><para>Takes a string
601 value. Controls the extended
603 <literal>security.SMACK64</literal>,
604 <literal>security.SMACK64IPIN</literal>
606 <literal>security.SMACK64IPOUT</literal>,
607 respectively, i.e. the security label
608 of the FIFO, or the security label for
609 the incoming or outgoing connections
610 of the socket, respectively. See
612 url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink>
613 for details.</para></listitem>
617 <term><varname>PipeSize=</varname></term>
618 <listitem><para>Takes a size in
619 bytes. Controls the pipe buffer size
620 of FIFOs configured in this socket
622 <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
623 for details. The usual suffixes K, M,
624 G are supported and are understood to
625 the base of 1024.</para></listitem>
629 <term><varname>MessageQueueMaxMessages=</varname>,
630 <varname>MessageQueueMessageSize=</varname></term>
631 <listitem><para>These two settings
632 take integer values and control the
633 mq_maxmsg field or the mq_msgsize field, respectively, when
634 creating the message queue. Note that
635 either none or both of these variables
637 <citerefentry><refentrytitle>mq_setattr</refentrytitle><manvolnum>3</manvolnum></citerefentry>
638 for details.</para></listitem>
642 <term><varname>FreeBind=</varname></term>
643 <listitem><para>Takes a boolean
644 value. Controls whether the socket can
645 be bound to non-local IP
646 addresses. This is useful to configure
647 sockets listening on specific IP
648 addresses before those IP addresses
649 are successfully configured on a
650 network interface. This sets the
651 IP_FREEBIND socket option. For
652 robustness reasons it is recommended
653 to use this option whenever you bind a
654 socket to a specific IP
655 address. Defaults to <option>false</option>.</para></listitem>
659 <term><varname>Transparent=</varname></term>
660 <listitem><para>Takes a boolean
661 value. Controls the IP_TRANSPARENT
662 socket option. Defaults to
663 <option>false</option>.</para></listitem>
667 <term><varname>Broadcast=</varname></term>
668 <listitem><para>Takes a boolean
669 value. This controls the SO_BROADCAST
670 socket option, which allows broadcast
671 datagrams to be sent from this
673 <option>false</option>.</para></listitem>
677 <term><varname>PassCredentials=</varname></term>
678 <listitem><para>Takes a boolean
679 value. This controls the SO_PASSCRED
680 socket option, which allows <constant>AF_UNIX</constant> sockets to
681 receive the credentials of the sending
682 process in an ancillary message.
684 <option>false</option>.</para></listitem>
688 <term><varname>PassSecurity=</varname></term>
689 <listitem><para>Takes a boolean
690 value. This controls the SO_PASSSEC
691 socket option, which allows <constant>AF_UNIX</constant>
692 sockets to receive the security
693 context of the sending process in an
694 ancillary message. Defaults to
695 <option>false</option>.</para></listitem>
699 <term><varname>TCPCongestion=</varname></term>
700 <listitem><para>Takes a string
701 value. Controls the TCP congestion
702 algorithm used by this socket. Should
703 be one of "westwood", "veno", "cubic",
704 "lp" or any other available algorithm
705 supported by the IP stack. This
706 setting applies only to stream
707 sockets.</para></listitem>
711 <term><varname>ExecStartPre=</varname></term>
712 <term><varname>ExecStartPost=</varname></term>
713 <listitem><para>Takes one or more
714 command lines, which are executed
715 before or after the listening
716 sockets/FIFOs are created and
717 bound, respectively. The first token of the command
718 line must be an absolute filename,
719 then followed by arguments for the
720 process. Multiple command lines may be
721 specified following the same scheme as
723 <varname>ExecStartPre=</varname> of
724 service unit files.</para></listitem>
728 <term><varname>ExecStopPre=</varname></term>
729 <term><varname>ExecStopPost=</varname></term>
730 <listitem><para>Additional commands
731 that are executed before or after
732 the listening sockets/FIFOs are closed
733 and removed, respectively. Multiple command lines
734 may be specified following the same
736 <varname>ExecStartPre=</varname> of
737 service unit files.</para></listitem>
741 <term><varname>TimeoutSec=</varname></term>
742 <listitem><para>Configures the time to
743 wait for the commands specified in
744 <varname>ExecStartPre=</varname>,
745 <varname>ExecStartPost=</varname>,
746 <varname>ExecStopPre=</varname> and
747 <varname>ExecStopPost=</varname> to
748 finish. If a command does not exit
749 within the configured time, the socket
750 will be considered failed and be shut
751 down again. All commands still running
752 will be terminated forcibly via
753 <constant>SIGTERM</constant>, and after another delay of
754 this time with <constant>SIGKILL</constant>. (See
755 <option>KillMode=</option> in <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.)
756 Takes a unit-less value in seconds, or
757 a time span value such as "5min
758 20s". Pass <literal>0</literal> to disable the timeout
759 logic. Defaults to <varname>DefaultTimeoutStartSec=</varname> from the
760 manager configuration file
761 (see <citerefentry><refentrytitle>systemd-systemd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
766 <term><varname>Service=</varname></term>
767 <listitem><para>Specifies the service
768 unit name to activate on incoming
769 traffic. This setting is only allowed
771 <varname>Accept=no</varname>. It
772 defaults to the service that bears the
773 same name as the socket (with the
774 suffix replaced). In most cases, it
775 should not be necessary to use this
776 option.</para></listitem>
780 <term><varname>RemoveOnStop=</varname></term>
781 <listitem><para>Takes a boolean
782 argument. If enabled, any file nodes
783 created by this socket unit are
784 removed when it is stopped. This
785 applies to AF_UNIX sockets in the file
786 system, POSIX message queues, FIFOs,
787 as well as any symlinks to
789 <varname>Symlinks=</varname>. Normally,
790 it should not be necessary to use this
791 option, and is not recommended as
792 services might continue to run after
793 the socket unit has been terminated
794 and it should still be possible to
795 communicate with them via their file
796 system node. Defaults to
797 off.</para></listitem>
801 <term><varname>Symlinks=</varname></term>
802 <listitem><para>Takes a list of file
803 system paths. The specified paths will
804 be created as symlinks to the AF_UNIX
805 socket path or FIFO path of this
806 socket unit. If this setting is used,
807 only one AF_UNIX socket in the file
808 system or one FIFO may be configured
809 for the socket unit. Use this option
810 to manage one or more symlinked alias
811 names for a socket, binding their
812 lifecycle together. Defaults to the
813 empty list.</para></listitem>
819 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
821 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
822 for more settings.</para>
827 <title>See Also</title>
829 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
830 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
831 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
832 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
833 <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
834 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
835 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
836 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
840 For more extensive descriptions see the "systemd for Developers" series:
841 <ulink url="http://0pointer.de/blog/projects/socket-activation.html">Socket Activation</ulink>,
842 <ulink url="http://0pointer.de/blog/projects/socket-activation2.html">Socket Activation, part II</ulink>,
843 <ulink url="http://0pointer.de/blog/projects/inetd.html">Converting inetd Services</ulink>,
844 <ulink url="http://0pointer.de/blog/projects/socket-activated-containers.html">Socket Activated Internet Services and OS Containers</ulink>.