X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=219733be3783218bad29d5190775ab3b2537f508;hp=99a91b3dfacc4a01253e6b763071baafd7f8f357;hb=21dbe43aece5b6fc87860de175f067b56649e7d1;hpb=260d370833ba5449f77d4184a8eb80e5501be900
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 99a91b3df..219733be3 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -9,16 +9,16 @@
Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see .
-->
@@ -279,6 +279,11 @@
assignments. Empty lines and lines
starting with ; or # will be ignored,
which may be used for commenting. The
+ parser strips leading and
+ trailing whitespace from the values
+ of assignments, unless you use
+ double quotes (").
+ The
argument passed should be an absolute
file name, optionally prefixed with
"-", which indicates that if the file
@@ -361,8 +366,10 @@
,
,
,
+ ,
+ ,
,
- or
+ or
. If set to
the file
descriptor of standard input is
@@ -383,11 +390,21 @@
terminal.
connects standard output to the
syslog3
- system logger.
+ system syslog
+ service.
connects it with the kernel log buffer
which is accessible via
- dmesg1.
- and work
+ dmesg1.
+ connects it with the journal which is
+ accessible via
+ journalctl1
+ (Note that everything that is written
+ to syslog or kmsg is implicitly stored
+ in the journal as well, those options
+ are hence supersets of this
+ one). ,
+ and
+ work
similarly but copy the output to the
system console as
well. connects
@@ -395,8 +412,13 @@
socket activation, semantics are
similar to the respective option of
StandardInput=.
- This setting defaults to
- .
+ This setting defaults to the value set
+ with
+
+ in
+ systemd.conf5,
+ which defaults to
+ .
StandardError=
@@ -410,7 +432,11 @@
the file
descriptor used for standard output is
duplicated for standard error. This
- setting defaults to
+ setting defaults to the value set with
+
+ in
+ systemd.conf5,
+ which defaults to
.
@@ -619,26 +645,19 @@
conjunction with socket-activated
services, and stream sockets (TCP) in
particular. It has no effect on other
- socket types (e.g. datagram/UDP) and on processes
- unrelated to socket-based
+ socket types (e.g. datagram/UDP) and
+ on processes unrelated to socket-based
activation. If the tcpwrap
verification fails daemon start-up
will fail and the connection is
terminated. See
tcpd8
- for details.
-
-
-
- ControlGroupModify=
- Takes a boolean
- argument. If true, the control groups
- created for this unit will be owned by
- ther user specified with
- User= (and the
- configured group), and he can create
- subgroups as well as add processes to
- the group.
+ for details. Note that this option may
+ be used to do access control checks
+ only. Shell commands and commands
+ described in
+ hosts_options5
+ are not supported.
@@ -682,8 +701,8 @@
,
,
,
- and/or
- .
+ and/or
+ .
@@ -718,9 +737,9 @@
where "cpu" identifies the kernel
control group controller used, and
/foo/bar is the
- control group path. The controller name
- and ":" may be omitted in which case
- the named systemd control group
+ control group path. The controller
+ name and ":" may be omitted in which
+ case the named systemd control group
hierarchy is implied. Alternatively,
the path and ":" may be omitted, in
which case the default control group
@@ -728,20 +747,216 @@
option may be used to place executed
processes in arbitrary groups in
arbitrary hierarchies -- which can be
- configured externally with additional execution limits. By default
- systemd will place all executed
- processes in separate per-unit control
- groups (named after the unit) in the
- systemd named hierarchy. Since every
- process can be in one group per
- hierarchy only overriding the control group
- path in the named systemd hierarchy
- will disable automatic placement in
- the default group. For details about control
- groups see cgroups.txt.
+
+ ControlGroupModify=
+ Takes a boolean
+ argument. If true, the control groups
+ created for this unit will be owned by
+ the user specified with
+ User= (and the
+ appropriate group), and he/she can create
+ subgroups as well as add processes to
+ the group.
+
+
+
+ ControlGroupPersistent=
+ Takes a boolean
+ argument. If true, the control groups
+ created for this unit will be marked
+ to be persistent, i.e. systemd will
+ not remove them when stopping the
+ unit. The default is false, meaning
+ that the control groups will be
+ removed when the unit is stopped. For
+ details about the semantics of this
+ logic see PaxControlGroups.
+
+
+
+ ControlGroupAttribute=
+
+ Set a specific control
+ group attribute for executed
+ processes, and (if needed) add the the
+ executed processes to a cgroup in the
+ hierarchy of the controller the
+ attribute belongs to. Takes two
+ space-separated arguments: the
+ attribute name (syntax is
+ cpu.shares where
+ cpu refers to a
+ specific controller and
+ shares to the
+ attribute name), and the attribute
+ value. Example:
+ ControlGroupAttribute=cpu.shares
+ 512. If this option is used
+ for an attribute that belongs to a
+ kernel controller hierarchy the unit
+ is not already configured to be added
+ to (for example via the
+ ControlGroup=
+ option) then the unit will be added to
+ the controller and the default unit
+ cgroup path is implied. Thus, using
+ ControlGroupAttribute=
+ is in most case sufficient to make use
+ of control group enforcements,
+ explicit
+ ControlGroup= are
+ only necessary in case the implied
+ default control group path for a
+ service is not desirable. For details
+ about control group attributes see
+ cgroups.txt. This
+ option may appear more than once, in
+ order to set multiple control group
+ attributes.
+
+
+
+ CPUShares=
+
+ Assign the specified
+ overall CPU time shares to the
+ processes executed. Takes an integer
+ value. This controls the
+ cpu.shares control
+ group attribute, which defaults to
+ 1024. For details about this control
+ group attribute see sched-design-CFS.txt.
+
+
+
+ MemoryLimit=
+ MemorySoftLimit=
+
+ Limit the overall memory usage
+ of the executed processes to a certain
+ size. Takes a memory size in bytes. If
+ the value is suffixed with K, M, G or
+ T the specified memory size is parsed
+ as Kilobytes, Megabytes, Gigabytes,
+ resp. Terabytes (to the base
+ 1024). This controls the
+ memory.limit_in_bytes
+ and
+ memory.soft_limit_in_bytes
+ control group attributes. For details
+ about these control group attributes
+ see memory.txt.
+
+
+
+ DeviceAllow=
+ DeviceDeny=
+
+ Control access to
+ specific device nodes by the executed processes. Takes two
+ space separated strings: a device node
+ path (such as
+ /dev/null)
+ followed by a combination of r, w, m
+ to control reading, writing resp.
+ creating of the specific device node
+ by the unit. This controls the
+ devices.allow
+ and
+ devices.deny
+ control group attributes. For details
+ about these control group attributes
+ see devices.txt.
+
+
+
+ BlockIOWeight=
+
+ Set the default or
+ per-device overall block IO weight
+ value for the executed
+ processes. Takes either a single
+ weight value (between 10 and 1000) to
+ set the default block IO weight, or a
+ space separated pair of a file path
+ and a weight value to specify the
+ device specific weight value (Example:
+ "/dev/sda 500"). The file path may be
+ specified as path to a block device
+ node or as any other file in which
+ case the backing block device of the
+ file system of the file is
+ determined. This controls the
+ blkio.weight and
+ blkio.weight_device
+ control group attributes, which
+ default to 1000. Use this option
+ multiple times to set weights for
+ multiple devices. For details about
+ these control group attributes see
+ blkio-controller.txt.
+
+
+
+ BlockIOReadBandwidth=
+ BlockIOWriteBandwidth=
+
+ Set the per-device
+ overall block IO bandwith limit for
+ the executed processes. Takes a space
+ separated pair of a file path and a
+ bandwith value (in bytes per second)
+ to specify the device specific
+ bandwidth. The file path may be
+ specified as path to a block device
+ node or as any other file in which
+ case the backing block device of the
+ file system of the file is determined.
+ If the bandwith is suffixed with K, M,
+ G, or T the specified bandwith is
+ parsed as Kilobytes, Megabytes,
+ Gigabytes, resp. Terabytes (Example:
+ "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
+ 5M"). This controls the
+ blkio.read_bps_device
+ and
+ blkio.write_bps_device
+ control group attributes. Use this
+ option multiple times to set bandwith
+ limits for multiple devices. For
+ details about these control group
+ attributes see blkio-controller.txt.
+
+
ReadWriteDirectories=ReadOnlyDirectories=
@@ -783,9 +998,9 @@
PrivateTmp=Takes a boolean
- argument. If true sets up a new
- namespace for the executed processes
- and mounts a private
+ argument. If true sets up a new file
+ system namespace for the executed
+ processes and mounts a private
/tmp directory
inside it, that is not shared by
processes outside of the
@@ -794,7 +1009,25 @@
process, but makes sharing between
processes via
/tmp
- impossible. Defaults to false.
+ impossible. Defaults to
+ false.
+
+
+
+ PrivateNetwork=
+
+ Takes a boolean
+ argument. If true sets up a new
+ network namespace for the executed
+ processes and configures only the
+ loopback network device
+ lo inside it. No
+ other network devices will be
+ available to the executed process.
+ This is useful to securely turn off
+ network access by the executed
+ process. Defaults to
+ false.
@@ -842,6 +1075,17 @@
this service.
+
+ IgnoreSIGPIPE=
+
+ Takes a boolean
+ argument. If true causes SIGPIPE to be
+ ignored in the executed
+ process. Defaults to true, since
+ SIGPIPE generally is useful only in
+ shell pipelines.
+
+
@@ -850,6 +1094,7 @@
systemd1,
systemctl8,
+ journalctl8,
systemd.unit5,
systemd.service5,
systemd.socket5,