<term><varname>ListenSequentialPacket=</varname></term>
<listitem><para>Specifies an address
to listen on for a stream
- (SOCK_STREAM), datagram (SOCK_DGRAM)
- resp. sequential packet
- (SOCK_SEQPACKET) socket. The address
+ (SOCK_STREAM), datagram (SOCK_DGRAM),
+ or sequential packet
+ (SOCK_SEQPACKET) socket, respectively. The address
can be written in various formats:</para>
<para>If the address starts with a
<para>If the address string is a
single number it is read as port
- number to listen on for both IPv4 and
- IPv6.</para>
+ number to listen on via
+ IPv6. Depending on the value of
+ <varname>BindIPv6Only=</varname> (see below) this
+ might result in the service being
+ available via both IPv6 and IPv4 (default) or
+ just via IPv6.
+ </para>
<para>If the address string is a
string in the format v.w.x.y:z it is
<para>If the address string is a
string in the format [x]:y it is read
- as IPv6 address x on a port y.</para>
+ as IPv6 address x on a port y. Note
+ that this might make the service
+ available via IPv4, too, depending on
+ the <varname>BindIPv6Only=</varname>
+ setting (see below).
+ </para>
<para>Note that SOCK_SEQPACKET
(i.e. <varname>ListenSequentialPacket=</varname>)
<listitem><para>Specifies a file
system FIFO to listen on. This expects
an absolute file system path as
- argument. Behaviour otherwise is very
+ argument. Behavior otherwise is very
similar to the
<varname>ListenDatagram=</varname>
directive above.</para></listitem>
<listitem><para>Specifies a special
file in the file system to listen
on. This expects an absolute file
- system path as argument. Behaviour
+ system path as argument. Behavior
otherwise is very similar to the
<varname>ListenFIFO=</varname>
directive above. Use this to open
or <varname>kobject-uevent</varname>)
as argument, optionally suffixed by a
whitespace followed by a multicast
- group integer. Behaviour otherwise is
+ group integer. Behavior otherwise is
very similar to the
<varname>ListenDatagram=</varname>
directive above.</para></listitem>
<listitem><para>Specifies a POSIX
message queue name to listen on. This
expects a valid message queue name
- (i.e. beginning with /). Behaviour
+ (i.e. beginning with /). Behavior
otherwise is very similar to the
<varname>ListenFIFO=</varname>
directive above. On Linux message
default, surprise!) the system wide
default setting is used, as controlled
by
- <filename>/proc/sys/net/ipv6/bindv6only</filename>.</para>
+ <filename>/proc/sys/net/ipv6/bindv6only</filename>,
+ which in turn defaults to the
+ equivalent of
+ <option>both</option>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>DirectoryMode=</varname></term>
<listitem><para>If listening on a file
- system socket of FIFO, the parent
+ system socket or FIFO, the parent
directories are automatically created
if needed. This option specifies the
file system access mode used when
<varlistentry>
<term><varname>SocketMode=</varname></term>
<listitem><para>If listening on a file
- system socket of FIFO, this option
+ system socket or FIFO, this option
specifies the file system access mode
used when creating the file
node. Takes an access mode in octal
until at least one existing connection
is terminated. This setting has no
effect for sockets configured with
- <option>Accept=no</option> or datagram
+ <option>Accept=false</option> or datagram
sockets. Defaults to
64.</para></listitem>
</varlistentry>
<term><varname>SendBuffer=</varname></term>
<listitem><para>Takes an integer
argument controlling the receive
- resp. send buffer sizes of this
- socket. This controls the SO_RCVBUF
- resp. SO_SNDBUF socket options (see
+ or send buffer sizes of this
+ socket, respectively. This controls the SO_RCVBUF
+ and SO_SNDBUF socket options (see
<citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details.).</para></listitem>
</varlistentry>
for details.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>SmackLabel=</varname></term>
+ <term><varname>SmackLabelIPIn=</varname></term>
+ <term><varname>SmackLabelIPOut=</varname></term>
+ <listitem><para>Takes a string
+ value. Controls the extended
+ attributes
+ <literal>security.SMACK64</literal>,
+ <literal>security.SMACK64IPIN</literal>
+ and
+ <literal>security.SMACK64IPOUT</literal>,
+ respectively, i.e. the security label
+ of the FIFO, or the security label for
+ the incoming or outgoing connections
+ of the socket, respectively. See
+ <ulink
+ url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink>
+ for details.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>PipeSize=</varname></term>
<listitem><para>Takes an integer
<varname>MessageQueueMessageSize=</varname></term>
<listitem><para>These two settings
take integer values and control the
- mq_maxmsg resp. mq_msgsize field when
+ mq_maxmsg field or the mq_msgsize field, respectively, when
creating the message queue. Note that
either none or both of these variables
need to be set. See
<term><varname>ExecStartPost=</varname></term>
<listitem><para>Takes one or more
command lines, which are executed
- before (resp. after) the listening
+ before or after the listening
sockets/FIFOs are created and
- bound. The first token of the command
+ bound, respectively. The first token of the command
line must be an absolute file name,
then followed by arguments for the
process. Multiple command lines may be
<term><varname>ExecStopPre=</varname></term>
<term><varname>ExecStopPost=</varname></term>
<listitem><para>Additional commands
- that are executed before (resp. after)
+ that are executed before or after
the listening sockets/FIFOs are closed
- and removed. Multiple command lines
+ and removed, respectively. Multiple command lines
may be specified following the same
scheme as used for
<varname>ExecStartPre=</varname> of
~ianmdlvl / elogind.git / blobdiff