otherwise <filename>user.conf</filename>. These
configuration files contain a few settings controlling
basic manager operations.</para>
-
</refsect1>
<refsect1>
<listitem><para>Configures the initial
CPU affinity for the init
process. Takes a space-separated list
- of CPU indexes.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>DefaultControllers=cpu</varname></term>
-
- <listitem><para>Configures in which
- control group hierarchies to create
- per-service cgroups automatically, in
- addition to the
- <literal>name=systemd</literal> named
- hierarchy. Defaults to
- <literal>cpu</literal>. Takes a space
- separated list of controller
- names. Pass the empty string to ensure
- that systemd does not touch any
- hierarchies but its own.</para>
-
- <para>Note that the default value of
- 'cpu' will make realtime scheduling
- unavailable to system services. See
- <ulink
- url="http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime">My
- Service Can't Get Realtime!</ulink>
- for more
- information.</para></listitem>
+ of CPU indices.</para></listitem>
</varlistentry>
<varlistentry>
- <term><varname>JoinControllers=cpu,cpuacct,cpuset net_cls,netprio</varname></term>
+ <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
<listitem><para>Configures controllers
that shall be mounted in a single
- hierarchy. By default systemd will
+ hierarchy. By default, systemd will
mount all controllers which are
enabled in the kernel in individual
hierarchies, with the exception of
those listed in this setting. Takes a
- space separated list of comma
- separated controller names, in order
+ space-separated list of comma-separated
+ controller names, in order
to allow multiple joined
hierarchies. Defaults to
'cpu,cpuacct'. Pass an empty string to
<para>Note that this option is only
applied once, at very early boot. If
you use an initial RAM disk (initrd)
- that uses systemd it might hence be
+ that uses systemd, it might hence be
necessary to rebuild the initrd if
this option is changed, and make sure
the new configuration file is included
- in it. Otherwise the initrd might
+ in it. Otherwise, the initrd might
mount the controller hierarchies in a
different configuration than intended,
and the main system cannot remount
<literal>d</literal>,
<literal>w</literal>). If
<varname>RuntimeWatchdogSec=</varname>
- is set to a non-zero value the
+ is set to a non-zero value, the
watchdog hardware
(<filename>/dev/watchdog</filename>)
will be programmed to automatically
capabilities to include in the
capability bounding set for PID 1 and
its children. See
- <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
- for details. Takes a whitespace
- separated list of capability names as
- read by
+ <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for details. Takes a whitespace-separated
+ list of capability names as read by
<citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
Capabilities listed will be included
in the bounding set, all others are
removed. If the list of capabilities
- is prefixed with ~ all but the listed
+ is prefixed with ~, all but the listed
capabilities will be included, the
effect of the assignment
inverted. Note that this option also
are lost for good.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>SystemCallArchitectures=</varname></term>
+
+ <listitem><para>Takes a
+ space-separated list of architecture
+ identifiers. Selects from which
+ architectures system calls may be
+ invoked on this system. This may be
+ used as an effective way to disable
+ invocation of non-native binaries
+ system-wide, for example to prohibit
+ execution of 32-bit x86 binaries on
+ 64-bit x86-64 systems. This option
+ operates system-wide, and acts
+ similar to the
+ <varname>SystemCallArchitectures=</varname>
+ setting of unit files, see
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details. This setting defaults to
+ the empty list, in which case no
+ filtering of system calls based on
+ architecture is applied. Known
+ architecture identifiers are
+ <literal>x86</literal>,
+ <literal>x86-64</literal>,
+ <literal>x32</literal>,
+ <literal>arm</literal> and the special
+ identifier
+ <literal>native</literal>. The latter
+ implicitly maps to the native
+ architecture of the system (or more
+ specifically, the architecture the
+ system manager was compiled for). Set
+ this setting to
+ <literal>native</literal> to prohibit
+ execution of any non-native
+ binaries. When a binary executes a
+ system call of an architecture that is
+ not listed in this setting, it will be
+ immediately terminated with the SIGSYS
+ signal.</para></listitem>
+ </varlistentry>
+
+
<varlistentry>
<term><varname>TimerSlackNSec=</varname></term>
<listitem><para>Sets the timer slack
- in nanoseconds for PID 1 which is then
- inherited to all executed processes,
+ in nanoseconds for PID 1, which is
+ inherited by all executed processes,
unless overridden individually, for
example with the
<varname>TimerSlackNSec=</varname>
see
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
timer slack controls the accuracy of
- wake-ups triggered by timers. See
+ wake-ups triggered by system
+ timers. See
<citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for more information. Note that in
contrast to most other time span
too.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>DefaultTimerAccuracySec=</varname></term>
+
+ <listitem><para>Sets the default
+ accuracy of timer units. This controls
+ the global default for the
+ <varname>AccuracySec=</varname>
+ setting of timer units, see
+ <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for
+ details. <varname>AccuracySec=</varname>
+ set in individual units override the
+ global default for the specific
+ unit. Defaults to 1min. Note that the
+ accuracy of timer units is also
+ affected by the configured timer slack
+ for PID 1, see
+ <varname>TimerSlackNSec=</varname>
+ above.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>DefaultTimeoutStartSec=</varname></term>
+ <term><varname>DefaultTimeoutStopSec=</varname></term>
+ <term><varname>DefaultRestartSec=</varname></term>
+
+ <listitem><para>Configures the default
+ timeouts for starting and stopping of
+ units, as well as the default time to
+ sleep between automatic restarts of
+ units, as configured per-unit in
+ <varname>TimeoutStartSec=</varname>,
+ <varname>TimeoutStopSec=</varname> and
+ <varname>RestartSec=</varname> (for
+ services, see
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details on the per-unit
+ settings). For non-service units,
+ <varname>DefaultTimeoutStartSec=</varname>
+ sets the default
+ <varname>TimeoutSec=</varname> value.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>DefaultStartLimitInterval=</varname></term>
+ <term><varname>DefaultStartLimitBurst=</varname></term>
+
+ <listitem><para>Configure the default
+ unit start rate limiting, as
+ configured per-service by
+ <varname>StartLimitInterval=</varname>
+ and
+ <varname>StartLimitBurst=</varname>. See
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details on the per-service
+ settings.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>DefaultEnvironment=</varname></term>
- <listitem><para>Sets systemd manager
- environment variables for executed
- processes. Takes a space-separated
- list of variable assignments.
- </para>
+ <listitem><para>Sets manager
+ environment variables passed to all
+ executed processes. Takes a
+ space-separated list of variable
+ assignments. See
+ <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for details about environment
+ variables.</para>
<para>Example:
- <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
- gives three variables <literal>VAR1</literal>,
- <literal>VAR2</literal>, <literal>VAR3</literal>.
- </para>
-
- <para>
- See
- <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
- for details about environment variables.</para></listitem>
+
+ <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
+
+ Sets three variables
+ <literal>VAR1</literal>,
+ <literal>VAR2</literal>,
+ <literal>VAR3</literal>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>DefaultCPUAccounting=</varname></term>
+ <term><varname>DefaultBlockIOAccounting=</varname></term>
+ <term><varname>DefaultMemoryAccounting=</varname></term>
+
+ <listitem><para>Configure the default
+ resource accounting settings, as
+ configured per-unit by
+ <varname>CPUAccounting=</varname>,
+ <varname>BlockIOAccounting=</varname>
+ and
+ <varname>MemoryAccounting=</varname>. See
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details on the per-unit
+ settings.</para></listitem>
</varlistentry>
<varlistentry>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
</refsect1>
~ianmdlvl / elogind.git / blobdiff