man: add AmbientCapabilities entry.

core: support <soft:hard> ranges for RLIMIT options The new parser supports: <value> - specify both limits to the same value <soft:hard> - specify both limits the size or time specific suffixes are supported, for example LimitRTTIME=1sec LimitAS=4G:16G The patch introduces parse_rlimit_range() and rlim type (size, sec, usec, etc.) specific parsers. No code is duplicated now. The patch also sync docs for DefaultLimitXXX= and LimitXXX=. References: https://github.com/systemd/systemd/issues/1769

man: systemd.exec: add missing variables

man: document automatic dependencies For all units ensure there's an "Automatic Dependencies" section in the man page, and explain which dependencies are automatically added in all cases, and which ones are added on top if DefaultDependencies=yes is set. This is also done for systemd.exec(5), systemd.resource-control(5) and systemd.unit(5) as these pages describe common behaviour of various unit types.

execute: Add new PassEnvironment= directive This directive allows passing environment variables from the system manager to spawned services. Variables in the system manager can be set inside a container by passing `--set-env=...` options to systemd-spawn. Tested with an on-disk test.service unit. Tested using multiple variable names on a single line, with an empty setting to clear the current list of variables, with non-existing variables. Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it works with transient units. Confirmed that `systemctl show` will display the PassEnvironment settings. Checked that man pages are generated correctly. No regressions in `make check`.

core: accept time units for time-based resource limits Let's make sure "LimitCPU=30min" can be parsed properly, following the usual logic how we parse time values. Similar for LimitRTTIME=. While we are at it, extend a bit on the man page section about resource limits. Fixes: #1772

doc: correct orthography, word forms and missing/extraneous words

doc: correct punctuation and improve typography in documentation

core: support IEC suffixes for RLIMIT stuff Let's make things more user-friendly and support for example LimitAS=16G rather than force users to always use LimitAS=16106127360. The change is relevant for options: [Default]Limit{FSIZE,DATA,STACK,CORE,RSS,AS,MEMLOCK,MSGQUEUE} The patch introduces config_parse_bytes_limit(), it's the same as config_parse_limit() but uses parse_size() tu support the suffixes. Addresses: https://github.com/systemd/systemd/issues/1772

man: various typos

man: Update man page documentation for CPUAffinity Document support for commas as a separator and possibility of specifying ranges of CPU indices. Tested by regenerating the manpages locally and reading them on man.

core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.

man: add hyphen to improve man text

core: optionally create LOGIN_PROCESS or USER_PROCESS utmp entries When generating utmp/wtmp entries, optionally add both LOGIN_PROCESS and INIT_PROCESS entries or even all three of LOGIN_PROCESS, INIT_PROCESS and USER_PROCESS entries, instead of just a single INIT_PROCESS entry. With this change systemd may be used to not only invoke a getty directly in a SysV-compliant way but alternatively also a login(1) implementation or even forego getty and login entirely, and invoke arbitrary shells in a way that they appear in who(1) or w(1). This is preparation for a later commit that adds a "machinectl shell" operation to invoke a shell in a container, in a way that is compatible with who(1) and w(1).

man: Document invalid lines in EnvironmentFile If a line doesn't contain an = separator, it is skipped, rather than raising an error. This is potentially useful, so let's document this behaviour.

man: ProtectHome= protects /root as well

man: revert dynamic paths for split-usr setups This did not really work out as we had hoped. Trying to do this upstream introduced several problems that probably makes it better suited as a downstream patch after all. At any rate, it is not releaseable in the current state, so we at least need to revert this before the release. * by adjusting the path to binaries, but not do the same thing to the search path we end up with inconsistent man-pages. Adjusting the search path too would be quite messy, and it is not at all obvious that this is worth the effort, but at any rate it would have to be done before we could ship this. * this means that distributed man-pages does not make sense as they depend on config options, and for better or worse we are still distributing man pages, so that is something that definitely needs sorting out before we could ship with this patch. * we have long held that split-usr is only minimally supported in order to boot, and something we hope will eventually go away. So before we start adding even more magic/effort in order to make this work nicely, we should probably question if it makes sense at all.

man: generate configured paths in manpages In particular, use /lib/systemd instead of /usr/lib/systemd in distributions like Debian which still have not adopted a /usr merge setup. Use XML entities from man/custom-entities.ent to replace configured paths while doing XSLT processing of the original XML files. There was precedent of some files (such as systemd.generator.xml) which were already using this approach. This addresses most of the (manual) fixes from this patch: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/patches/Fix-paths-in-man-pages.patch?h=experimental-220 The idea of using generic XML entities was presented here: http://lists.freedesktop.org/archives/systemd-devel/2015-May/032240.html This patch solves almost all the issues, with the exception of: - Path to /bin/mount and /bin/umount. - Generic statements about preference of /lib over /etc. These will be handled separately by follow up patches. Tested: - With default configure settings, ran "make install" to two separate directories and compared the output to confirm they matched exactly. - Used a set of configure flags including $CONFFLAGS from Debian: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/rules Installed the tree and confirmed the paths use /lib/systemd instead of /usr/lib/systemd and that no other unexpected differences exist. - Confirmed that `make distcheck` still passes.

man: link to freebsd.org for inetd(8)

man: fix a bunch of links All hail linkchecker!

man: split paragraph Explicitly put the "multiple EnvironmentFile=" description into its own paragraph to make it much easier to find.

man: boilerplate unification

Reindent man pages to 2ch

man: document that ProtectSystem= also covers /boot

man: document that we set both soft and hard limits for Limit directives See http://cgit.freedesktop.org/systemd/systemd/tree/src/core/load-fragment.c#n1100

man: fix typos

man: document equivalence between Limit directives and ulimit See https://bugs.freedesktop.org/show_bug.cgi?id=80341

smack: introduce new SmackProcessLabel option In service file, if the file has some of special SMACK label in ExecStart= and systemd has no permission for the special SMACK label then permission error will occurred. To resolve this, systemd should be able to set its SMACK label to something accessible of ExecStart=. So introduce new SmackProcessLabel. If label is specified with SmackProcessLabel= then the child systemd will set its label to that. To successfully execute the ExecStart=, accessible label should be specified with SmackProcessLabel=. Additionally, by SMACK policy, if the file in ExecStart= has no SMACK64EXEC then the executed process will have given label by SmackProcessLabel=. But if the file has SMACK64EXEC then the SMACK64EXEC label will be overridden. [zj: reword man page]

man: SyslogIdentifier= has an effect on journal logging too

man: say that SecureBits= are space separated

man: fix references to systemctl man page which is now in section 1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760613

Fix a few more typos

man: fix typo

man: improve documentation for StandardOutput= and StandardInput=

Correct references to ProtectSystem and ProtectHome in documentation

man: proper link for dmesg

man: add a mapping for external manpages It is annoying when we have dead links on fd.o. Add project='man-pages|die-net|archlinux' to <citerefentry>-ies. In generated html, add external links to http://man7.org/linux/man-pages/man, http://linux.die.net/man/, https://www.archlinux.org/. By default, pages in sections 2 and 4 go to man7, since Michael Kerrisk is the autorative source on kernel related stuff. The rest of links goes to linux.die.net, because they have the manpages. Except for the pacman stuff, since it seems to be only available from archlinux.org. Poor gummiboot gets no link, because gummitboot(8) ain't to be found on the net. According to common wisdom, that would mean that it does not exist. But I have seen Kay using it, so I know it does, and deserves to be found. Can somebody be nice and put it up somewhere?

doc: grammatical corrections

namespace: beef up read-only bind mount logic Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.

core: don't include /boot in effect of ProtectSystem= This would otherwise unconditionally trigger any /boot autofs mount, which we probably should avoid. ProtectSystem= will now only cover /usr and (optionally) /etc, both of which cannot be autofs anyway. ProtectHome will continue to cover /run/user and /home. The former cannot be autofs either. /home could be, however is frequently enough used (unlikey /boot) so that it isn't too problematic to simply trigger it unconditionally via ProtectHome=.

core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.

core: add new ReadOnlySystem= and ProtectedHome= settings for service units ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.

fix spelling of privilege

doc: comma placement corrections and word order Set commas where there should be some. Some improvements to word order.

doc: corrections to words and forms This patch exchange words which are inappropriate for a situation, deletes duplicated words, and adds particles where needed.

doc: typographical fine tuning

man: be more specific when EnvironmentFile= is read http://lists.freedesktop.org/archives/systemd-devel/2014-March/018004.html

core: remove tcpwrap support tcpwrap is legacy code, that is barely maintained upstream. It's APIs are awful, and the feature set it exposes (such as DNS and IDENT access control) questionnable. We should not support this natively in systemd. Hence, let's remove the code. If people want to continue making use of this, they can do so by plugging in "tcpd" for the processes they start. With that scheme things are as well or badly supported as they were from traditional inetd, hence no functionality is really lost.

unit: turn off mount propagation for udevd Keep mounts done by udev rules private to udevd. Also, document how MountFlags= may be used for this.

man: improve documentation of fs namespace related settings

core: drop CAP_MKNOD when PrivateDevices= is set

core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings As discussed on the ML these are useful to manage runtime directories below /run for services.

exec: imply NoNewPriviliges= only when seccomp filters are used in user mode

core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.

core: Add AppArmor profile switching This permit to switch to a specific apparmor profile when starting a daemon. This will result in a non operation if apparmor is disabled. It also add a new build requirement on libapparmor for using this feature.

man: document $MAINPID

core: add Personality= option for units to set the personality for spawned processes

seccomp: add helper call to add all secondary archs to a seccomp filter And make use of it where appropriate for executing services and for nspawn.

doc: resolve missing/extraneous words or inappropriate forms Issues fixed: * missing words required by grammar * duplicated or extraneous words * inappropriate forms (e.g. singular/plural), and declinations * orthographic misspellings

doc: update punctuation Resolve spotted issues related to missing or extraneous commas, dashes.

man: replace STDOUT with standard output, etc. Actually 'STDOUT' is something that doesn't appear anywhere: in the stdlib we have 'stdin', and there's only the constant STDOUT_FILENO, so there's no reason to use capitals. When refering to code, STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in other places they are replaced with normal phrases like standard output, etc.

man: fix grammatical errors and other formatting issues * standardize capitalization of STDIN, STDOUT, and STDERR * reword some sentences for clarity * reflow some very long lines to be shorter than ~80 characters * add some missing <literal>, <constant>, <varname>, <option>, and <filename> tags

core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.

core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.

syscallfilter: port to libseccomp

nspawn,man: use a common vocabulary when referring to selinux security contexts Let's always call the security labels the same way: SMACK: "Smack Label" SELINUX: "SELinux Security Context" And the low-level encapsulation is called "seclabel". Now let's hope we stick to this vocabulary in future, too, and don't mix "label"s and "security contexts" and so on wildly.

exec: Add support for ignoring errors on SELinuxContext by prefixing it with -, like for others settings. Also remove call to security_check_context, as this doesn't serve anything, since setexeccon will fail anyway.

exec: Add SELinuxContext configuration item This permit to let system administrators decide of the domain of a service. This can be used with templated units to have each service in a différent domain ( for example, a per customer database, using MLS or anything ), or can be used to force a non selinux enabled system (jvm, erlang, etc) to start in a different domain for each service.

exec: introduce PrivateDevices= switch to provide services with a private /dev Similar to PrivateNetwork=, PrivateTmp= introduce PrivateDevices= that sets up a private /dev with only the API pseudo-devices like /dev/null, /dev/zero, /dev/random, but not any physical devices in them.

man: mention which variables will be expanded in ExecStart

man: grammar and wording improvements This is a recurring submission and includes corrections to: - missing words, preposition choice. - change of /lib to /usr/lib, because that is what most distros are using as the system-wide location for systemd/udev files.

man: improvements to comma placement This is a recurring submission and includes corrections to: comma placement.

service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces

man: wording and grammar updates This is a recurring submission and includes corrections to various issue spotted. I guess I can just skip over reporting ubiquitous comma placement fixes…

execute.c: always set $SHELL In e6dca81 $SHELL was added to user@.service. Let's instead provide it to all units which have a user.

man: drop references to "cgroup" wher appropriate Since cgroups are mostly now an implementation detail of systemd lets deemphasize it a bit in the man pages. This renames systemd.cgroup(5) to systemd.resource-control(5) and uses the term "resource control" rather than "cgroup" where appropriate. This leaves the word "cgroup" in at a couple of places though, like for example systemd-cgtop and systemd-cgls where cgroup stuff is at the core of what is happening.

man: add a list of environment variables

man: wording and grammar updates This is a recurring submission and includes corrections to various issue spotted. I guess I can just skip over reporting ubiquitous comma placement fixes… Highligts in this particular commit: - the "unsigned" type qualifier is completed to form a full type "unsigned int" - alphabetic -> lexicographic (that way we automatically define how numbers get sorted)

man: Add a note about what environment variables are available by default

man: wording and grammar updates This includes regularly-submitted corrections to comma setting and orthographical mishaps that appeared in man/ in recent commits. In this particular commit: - the usual comma fixes - expand contractions (this is prose)

"-" prefix for InaccessibleDirectories and ReadOnlyDirectories

man: drop the old cgroup settings from the man pages

man: use HTTPS links for links that support it

man: wording and grammar update

man: document the slice and scope units, add systemd.cgroup(5)

man: add more formatting markup

man: improve grammar and word formatting in numerous man pages Use proper grammar, word usage, adjective hyphenation, commas, capitalization, spelling, etc. To improve readability, some run-on sentences or sentence fragments were revised. [zj: remove the space from 'file name', 'host name', and 'time zone'.]

man: use <constant> for various constants which look ugly with quotes

manager: add DefaultEnvironment option This complements existing functionality of setting variables through 'systemctl set-environment', the kernel command line, and through normal environment variables for systemd in session mode.

Standardize on 'file system' and 'namespace' in man pages. This change is based on existing usage in systemd and online. 'File-system' may make sense in adjectival form, but man pages seem to prefer 'file system' even in those situations.

man: add various filenames to the index Everything which is an absolute filename marked with <filename></filename> lands in the index, unless noindex= attribute is present. Should make it easier for people to find stuff when they are looking at a file on disk. Various formatting errors in manpages are fixed, kernel-install(1) is restored to formatting sanity.

man: be clearer that it's not OK to manipulate systemd's own cgroup hirearchy

exec: Assigning the empty string to CapabilityBoundSet= should drop all caps Previously, it would set all caps, but it should drop them all, anything else makes little sense. Also, document that this works as it does, and what to do in order to assign all caps to the bounding set. https://bugzilla.redhat.com/show_bug.cgi?id=914705

core: reuse the same /tmp, /var/tmp and inaccessible dir All Execs within the service, will get mounted the same /tmp and /var/tmp directories, if service is configured with PrivateTmp=yes. Temporary directories are cleaned up by service itself in addition to systemd-tmpfiles. Directory which is mounted as inaccessible is created at runtime in /run/systemd.

man: use <replaceable> in various places

man: rename systemd.conf to systemd-system.conf Alias as systemd-user.conf is also provided. This should help users running systemd in session mode. https://bugzilla.redhat.com/show_bug.cgi?id=690868

man: extend systemd.directives(7) to all manual pages New sections are added: PAM options, crypttab options, commandline options, miscellaneous. The last category will be used for all untagged <varname> elements. Commandline options sections is meant to be a developer tool: when adding an option it is sometimes useful to be able to check if similarly named options exist elsewhere.

man: mention that PrivateTmp means /var/tmp too

man: systemd.exec - explicit Environment assignment Hi all, while working on another bug, I discovered the "strange" way systemd is parsing Environment= in .service and thought it was worth documenting (because I don't expect people to find this syntax by themselves unless they read the parsing code ;) Be more verbose about using space in Environment field and not using value of other variables Fixes https://bugzilla.redhat.com/show_bug.cgi?id=840260 [zj: expand and reformat the example a bit]

util: continuation support for load_env_file Variable definitions can be written on more than one line - if each ends with a backslash, then is concatenated with a previous one. Only backslash and unix end of line (\n) are treated as a continuation. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=58083 [zj: squashed two patches together; cleaned up grammar; removed comment about ignoring trailing backslash -- it is not ignored.] Document continuation support in systemd.exec

units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787

man: add links to directive index to see-alsos systemd.directives(5) is renamed to systemd.directives(7). Section 7 is "Miscellaneous".

Added globbing support to EnvironmentFile This patch allows globbing to be used with EnvironmentFile option. Example: EnvironmentFile=/etc/foo.d/*.conf t. Pekka

man: systemd.exec - mention mount(2) https://bugzilla.redhat.com/show_bug.cgi?id=880552

sched: Only setting CPUSchedulingPriority=rr doesn't work A service that only sets the scheduling policy to round-robin fails to be started. This is because the cpu_sched_priority is initialized to 0 and is not adjusted when the policy is changed. Clamp the cpu_sched_priority when the scheduler policy is set. Use the current policy to validate the new priority. Change the manual page to state that the given range only applies to the real-time scheduling policies. Add a testcase that verifies this change: $ make test-sched-prio; ./test-sched-prio [test/sched_idle_bad.service:6] CPU scheduling priority is out of range, ignoring: 1 [test/sched_rr_bad.service:7] CPU scheduling priority is out of range, ignoring: 0 [test/sched_rr_bad.service:8] CPU scheduling priority is out of range, ignoring: 100

man: minor updates

Reword sentences that contain psuedo-English "resp." As you likely know, Arch Linux is in the process of moving to systemd. So I was reading through the various systemd docs and quickly became baffled by this new abbreviation "resp.", which I've never seen before in my English-mother-tongue life. Some quick Googling turned up a reference: <http://www.transblawg.eu/index.php?/archives/870-Resp.-and-other-non-existent-English-wordsNicht-existente-englische-Woerter.html> I guess it's a literal translation of the German "Beziehungsweise", but English doesn't work the same way. The word "respectively" is used exclusively to provide an ordering connection between two lists. E.g. "the prefixes k, M, and G refer to kilo-, mega-, and giga-, respectively." It is also never abbreviated to "resp." So the sentence "Sets the default output resp. error output for all services and sockets" makes no sense to a natural English speaker. This patch removes all instances of "resp." in the man pages and replaces them with sentences which are much more clear and, hopefully, grammatically valid. In almost all instances, it was simply replacing "resp." with "or," which the original author (Lennart?) could probably just do in the future. The only other instances of "resp." are in the src/ subtree, which I don't feel privileged to correct. Signed-off-by: Andrew Eikum <aeikum@codeweavers.com>

man: fix a bunch of typos in docs https://bugs.freedesktop.org/show_bug.cgi?id=54501

namespace: rework namespace support - don't use pivot_root() anymore, just reuse root hierarchy - first create all mounts, then mark them read-only so that we get the right behaviour when people want writable mounts inside of read-only mounts - don't pass invalid combinations of MS_ constants to the kernel

unit: split off KillContext from ExecContext containing only kill definitions

execute: support syscall filtering using seccomp filters

man: reword man page titles Make sure the man page titles are similar in style and capitalization so that our man page index looks pretty.

unit: set default working directory to the user's home directory when running in user mode

Spelling fixes.

man: move header file man pages from section 7 to 3 This way we can include documentation about minor macros/inline function within the introducionary man page in a sane way.

util: introduce a proper nsec_t and make use of it where appropriate

main: add configuration option to alter capability bounding set for PID 1 This also ensures that caps dropped from the bounding set are also dropped from the inheritable set, to be extra-secure. Usually that should change very little though as the inheritable set is empty for all our uses anyway.

relicense to LGPLv2.1 (with exceptions) We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.

journalctl,loginctl: drop systemd- prefix in binary names Let's make things a bit easier to type, drop the systemd- prefix for journalctl and loginctl, but provide the old names for compat. All systemd binaries are hence now prefixed with "systemd-" with the exception of the three primary user interface binaries: systemctl loginctl journalctl For those three we do provide systemd-xyz names as well, via symlinks: systemd-systemctl → systemctl systemd-loginctl → loginctl systemd-journalctl → journalctl We do this only for the *primary* user tools, in order to avoid unnecessary namespace problems. That means tools like systemd-notify stay the way they are.

service: ignore SIGPIPE by default

man: document that we support tcpwrappers only for access control We do not support, and explicitly never want to support environment variable settings and suchlike in tcpwrappers. https://bugs.freedesktop.org/show_bug.cgi?id=45143

persistant -> persistent

exec: introduce ControlGroupPersistant= to make cgroups persistant

journal: introduce log target 'journal' for executed processes

man: for ExecStart= provide more details on env var substitution and how that turns into arguments. For EnvironmentFile= explain that double quotes can be used to protect whitespace.

service: change default stdout/stderr to syslog

stdout-bridge: rename logger to stdout-syslog-bridge to make it more descriptive

man: fix securebits docs

exec: allow passing arbitrary path names to blkio cgroup attributes If a device node is specified, then adjust the bandwidth/weight of it, otherwise find the backing block device of the file system the path refers to and adjust its bandwidth/weight.

exec: add high-level controls for blkio cgroup attributes

exec: optionally apply cgroup attributes to the cgroups we create

exec: introduce PrivateNetwork= process option to turn off network access to specific services

man: document that we default to 022 as umask

exec: add ControlGroupModify= switch to allow changing access mode to cgroups fs

service: check whether sysv scripts where changed

man: Documentation spelling fixes

exec: Fix number of unit types There are four unit types mentioned in here, not three

exec: hangup/reset/deallocate VTs in gettys Explicitly disconnect all clients from a VT when a getty starts/finishes (requires TIOCVHANGUP, available in 2.6.29). Explicitly deallocate getty VTs in order to flush scrollback buffer. Explicitly reset terminals to a defined state before spawning getty.

exec: support unlimited resources

exec: properly apply capability bounding set, add inverted bounding sets

man: document changed EnvironmentFile= behaviour

man: fixed typo in SyslogIdentifier=

execute: optionally forward program output to /dev/console in addition to syslog/kmsg

man: document missing KillSignal= and swap options

fragment: allow prefixing of the EnvironmentFile= path with - to ignore errors

man: remaining spelling fixes

man: Fix various typos

service: optionally, create INIT_PROCESS/DEAD_PROCESS entries for a service This should fix accounting for pam_limits and suchlike. https://bugzilla.redhat.com/show_bug.cgi?id=636036

man: Fix small typo: s/seperate/separate/

exec: replace OOMAdjust= by OOMScoreAdjust= to follow new kernel interface This replaces OOMAdjust= by OOMScoreAdjust= in the config files, breaking compatibility with older unit files. However, this keeps compat with older kernels which lack the new OOM rework.

man: minor edits to daemon, sd_listen_fds, sd_notify, systemctl, systemd.exec, systemd, and systemd.timer pages Just some minor grammar fixes.

update man pages for recent changes

turn negative options into positive options

uniformly suffix time span properties with their unit

man: document execution context related settings