X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=6e55d8dfcf87c62b279bcf4a07dd6f83bbfd0fe5;hp=6bc8bf3e7991a3c649f15f766442f4434273ae8c;hb=8351ceaea9480d9c2979aa2ff0f4982cfdfef58d;hpb=9e37286844f67ca7c59e923dd27ad193dfdda7eb
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 6bc8bf3e7..6e55d8dfc 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -9,16 +9,16 @@
Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see .
-->
@@ -44,7 +44,7 @@
systemd.exec
- systemd execution environment configuration
+ Execution environment configuration
@@ -89,8 +89,12 @@
Takes an absolute
directory path. Sets the working
- directory for executed
- processes.
+ directory for executed processes. If
+ not set defaults to the root directory
+ when systemd is running as a system
+ instance and the respective user's
+ home directory if run as
+ user.
@@ -279,6 +283,11 @@
assignments. Empty lines and lines
starting with ; or # will be ignored,
which may be used for commenting. The
+ parser strips leading and
+ trailing whitespace from the values
+ of assignments, unless you use
+ double quotes (").
+ The
argument passed should be an absolute
file name, optionally prefixed with
"-", which indicates that if the file
@@ -361,8 +370,10 @@
,
,
,
+ ,
+ ,
,
- or
+ or
. If set to
the file
descriptor of standard input is
@@ -383,11 +394,21 @@
terminal.
connects standard output to the
syslog3
- system logger.
+ system syslog
+ service.
connects it with the kernel log buffer
which is accessible via
- dmesg1.
- and work
+ dmesg1.
+ connects it with the journal which is
+ accessible via
+ journalctl1
+ (Note that everything that is written
+ to syslog or kmsg is implicitly stored
+ in the journal as well, those options
+ are hence supersets of this
+ one). ,
+ and
+ work
similarly but copy the output to the
system console as
well. connects
@@ -395,8 +416,13 @@
socket activation, semantics are
similar to the respective option of
StandardInput=.
- This setting defaults to
- .
+ This setting defaults to the value set
+ with
+
+ in
+ systemd.conf5,
+ which defaults to
+ .
StandardError=
@@ -410,7 +436,11 @@
the file
descriptor used for standard output is
duplicated for standard error. This
- setting defaults to
+ setting defaults to the value set with
+
+ in
+ systemd.conf5,
+ which defaults to
.
@@ -525,7 +555,7 @@
prefixes may be disabled with
SyslogLevelPrefix=,
see below. For details see
- sd-daemon7.
+ sd-daemon3.
Defaults to
.
@@ -547,7 +577,7 @@
these prefixes is disabled and the
logged lines are passed on as-is. For
details about this prefixing see
- sd-daemon7.
+ sd-daemon3.
Defaults to true.
@@ -555,16 +585,17 @@
TimerSlackNSec=Sets the timer slack
in nanoseconds for the executed
- processes. The timer slack controls the
- accuracy of wake-ups triggered by
+ processes. The timer slack controls
+ the accuracy of wake-ups triggered by
timers. See
prctl2
for more information. Note that in
contrast to most other time span
definitions this parameter takes an
- integer value in nano-seconds and does
- not understand any other
- units.
+ integer value in nano-seconds if no
+ unit is specified. The usual time
+ units are understood
+ too.
@@ -619,14 +650,19 @@
conjunction with socket-activated
services, and stream sockets (TCP) in
particular. It has no effect on other
- socket types (e.g. datagram/UDP) and on processes
- unrelated to socket-based
+ socket types (e.g. datagram/UDP) and
+ on processes unrelated to socket-based
activation. If the tcpwrap
verification fails daemon start-up
will fail and the connection is
terminated. See
tcpd8
- for details.
+ for details. Note that this option may
+ be used to do access control checks
+ only. Shell commands and commands
+ described in
+ hosts_options5
+ are not supported.
@@ -647,17 +683,17 @@
is prefixed with ~ all but the listed
capabilities will be included, the
effect of the assignment
- inverted. Note that this option does
- not actually set or unset any
- capabilities in the effective,
- permitted or inherited capability
- sets. That's what
- Capabilities= is
- for. If this option is not used the
+ inverted. Note that this option also
+ effects the respective capabilities in
+ the effective, permitted and
+ inheritable capability sets, on top of
+ what Capabilities=
+ does. If this option is not used the
capability bounding set is not
modified on process execution, hence
no limits on the capabilities of the
- process are enforced.
+ process are
+ enforced.
@@ -670,8 +706,8 @@
,
,
,
- and/or
- .
+ and/or
+ .
@@ -750,6 +786,21 @@
the group.
+
+ ControlGroupPersistent=
+ Takes a boolean
+ argument. If true, the control groups
+ created for this unit will be marked
+ to be persistent, i.e. systemd will
+ not remove them when stopping the
+ unit. The default is false, meaning
+ that the control groups will be
+ removed when the unit is stopped. For
+ details about the semantics of this
+ logic see PaxControlGroups.
+
+
ControlGroupAttribute=
@@ -859,10 +910,15 @@
processes. Takes either a single
weight value (between 10 and 1000) to
set the default block IO weight, or a
- space separated pair of a device node
- path and a weight value to specify the
+ space separated pair of a file path
+ and a weight value to specify the
device specific weight value (Example:
- "/dev/sda 500"). This controls the
+ "/dev/sda 500"). The file path may be
+ specified as path to a block device
+ node or as any other file in which
+ case the backing block device of the
+ file system of the file is
+ determined. This controls the
blkio.weight and
blkio.weight_device
control group attributes, which
@@ -879,22 +935,27 @@
BlockIOWriteBandwidth=Set the per-device
- overall block IO bandwith limit for the
- executed processes. Takes a space
- separated pair of a device node path
- and a bandwith value (in bytes per
- second) to specify the device specific
- bandwidth. If the bandwith is suffixed
- with K, M, G, or T the specified
- bandwith is parsed as Kilobytes,
- Megabytes, Gigabytes, resp. Terabytes
- (Example: "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This
- controls the
+ overall block IO bandwidth limit for
+ the executed processes. Takes a space
+ separated pair of a file path and a
+ bandwidth value (in bytes per second)
+ to specify the device specific
+ bandwidth. The file path may be
+ specified as path to a block device
+ node or as any other file in which
+ case the backing block device of the
+ file system of the file is determined.
+ If the bandwidth is suffixed with K, M,
+ G, or T the specified bandwidth is
+ parsed as Kilobytes, Megabytes,
+ Gigabytes, resp. Terabytes (Example:
+ "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
+ 5M"). This controls the
blkio.read_bps_device
and
blkio.write_bps_device
control group attributes. Use this
- option multiple times to set bandwith
+ option multiple times to set bandwidth
limits for multiple devices. For
details about these control group
attributes see
+
+ IgnoreSIGPIPE=
+
+ Takes a boolean
+ argument. If true causes SIGPIPE to be
+ ignored in the executed
+ process. Defaults to true, since
+ SIGPIPE generally is useful only in
+ shell pipelines.
+
+
+
+ NoNewPrivileges=
+
+ Takes a boolean
+ argument. If true ensures that the
+ service process and all its children
+ can never gain new privileges. This
+ option is more powerful than the respective
+ secure bits flags (see above), as it
+ also prohibits UID changes of any
+ kind. This is the simplest, most
+ effective way to ensure that a process
+ and its children can never elevate
+ privileges again.
+
+
+
+ SystemCallFilter=
+
+ Takes a space
+ separated list of system call
+ names. If this setting is used all
+ system calls executed by the unit
+ process except for the listed ones
+ will result in immediate process
+ termination with the SIGSYS signal
+ (whitelisting). If the first character
+ of the list is ~
+ the effect is inverted: only the
+ listed system calls will result in
+ immediate process termination
+ (blacklisting). If this option is used
+ NoNewPrivileges=yes
+ is implied. This feature makes use of
+ the Secure Computing Mode 2 interfaces
+ of the kernel ('seccomp filtering')
+ and is useful for enforcing a minimal
+ sandboxing environment. Note that the
+ execve,
+ rt_sigreturn,
+ sigreturn,
+ exit_group,
+ exit system calls
+ are implicitly whitelisted and don't
+ need to be listed
+ explicitly.
+
+
@@ -1027,6 +1147,7 @@
systemd1,
systemctl8,
+ journalctl8,
systemd.unit5,
systemd.service5,
systemd.socket5,