023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
dd1eb43ba771d4d56b20b4c93ba3acc59475f642Lennart Poettering<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
dd1eb43ba771d4d56b20b4c93ba3acc59475f642Lennart Poettering This file is part of systemd.
dd1eb43ba771d4d56b20b4c93ba3acc59475f642Lennart Poettering Copyright 2010 Lennart Poettering
dd1eb43ba771d4d56b20b4c93ba3acc59475f642Lennart Poettering systemd is free software; you can redistribute it and/or modify it
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering under the terms of the GNU Lesser General Public License as published by
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering the Free Software Foundation; either version 2.1 of the License, or
dd1eb43ba771d4d56b20b4c93ba3acc59475f642Lennart Poettering (at your option) any later version.
dd1eb43ba771d4d56b20b4c93ba3acc59475f642Lennart Poettering systemd is distributed in the hope that it will be useful, but
dd1eb43ba771d4d56b20b4c93ba3acc59475f642Lennart Poettering WITHOUT ANY WARRANTY; without even the implied warranty of
dd1eb43ba771d4d56b20b4c93ba3acc59475f642Lennart Poettering MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering Lesser General Public License for more details.
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering You should have received a copy of the GNU Lesser General Public License
dd1eb43ba771d4d56b20b4c93ba3acc59475f642Lennart Poettering along with systemd; If not, see <http://www.gnu.org/licenses/>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <productname>systemd</productname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <email>lennart@poettering.net</email>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refentrytitle>systemd.exec</refentrytitle>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refpurpose>Execution environment configuration</refpurpose>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refsynopsisdiv>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><filename><replaceable>service</replaceable>.service</filename>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename><replaceable>socket</replaceable>.socket</filename>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename><replaceable>mount</replaceable>.mount</filename>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename><replaceable>swap</replaceable>.swap</filename></para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek </refsynopsisdiv>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>Unit configuration files for services, sockets, mount
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek points, and swap devices share a subset of configuration options
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek which define the execution environment of spawned
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek processes.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>This man page lists the configuration options shared by
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek these four unit types. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for the common options of all unit configuration files, and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for more information on the specific unit configuration files. The
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek execution specific configuration options are configured in the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek [Service], [Socket], [Mount], or [Swap] sections, depending on the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek unit type.</para>
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <para>A few execution parameters result in additional, automatic
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering dependencies to be added.</para>
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <para>Units with <varname>WorkingDirectory=</varname> or
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <varname>RootDirectory=</varname> set automatically gain
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering dependencies of type <varname>Requires=</varname> and
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <varname>After=</varname> on all mount units required to access
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering the specified paths. This is equivalent to having them listed
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering explicitly in <varname>RequiresMountsFor=</varname>.</para>
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <para>Similar, units with <varname>PrivateTmp=</varname> enabled
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering automatically get mount unit dependencies for all mounts
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering required to access <filename>/tmp</filename> and
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <para>Units whose output standard output or error output is
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering connected to any other sink but <option>null</option>,
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <option>tty</option> and <option>socket</option> automatically
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering acquire dependencies of type <varname>After=</varname> on
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <filename>journald.socket</filename>.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <variablelist class='unit-directives'>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>WorkingDirectory=</varname></term>
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering <listitem><para>Takes an absolute directory path, or the
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering special value <literal>~</literal>. Sets the working directory
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt for executed processes. If set to <literal>~</literal>, the
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering home directory of the user specified in
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering <varname>User=</varname> is used. If not set, defaults to the
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering root directory when systemd is running as a system instance
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering and the respective user's home directory if run as user. If
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering the setting is prefixed with the <literal>-</literal>
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering character, a missing working directory is not considered
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering fatal. Note that setting this parameter might result in
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering additional dependencies to be added to the unit (see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>RootDirectory=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes an absolute directory path. Sets the
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering root directory for executed processes, with the <citerefentry
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek system call. If this is used, it must be ensured that the
5f5d8eab1f2f5f5e088bc301533b3e4636de96c7Lennart Poettering process binary and all its auxiliary files are available in
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering the <function>chroot()</function> jail. Note that setting this
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering parameter might result in additional dependencies to be added
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering to the unit (see above).</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>User=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>Group=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the Unix user or group that the processes
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek are executed as, respectively. Takes a single user or group
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek name or ID as argument. If no group is set, the default group
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek of the user is chosen.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SupplementaryGroups=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the supplementary Unix groups the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek processes are executed as. This takes a space-separated list
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek of group names or IDs. This option may be specified more than
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt once, in which case all listed groups are set as supplementary
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt groups. When the empty string is assigned, the list of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek supplementary groups is reset, and all assignments prior to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek this one will have no effect. In any way, this option does not
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek override, but extends the list of supplementary groups
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek configured in the system group database for the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>Nice=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the default nice level (scheduling
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek priority) for executed processes. Takes an integer between -20
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (highest priority) and 19 (lowest priority). See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>OOMScoreAdjust=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the adjustment level for the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Out-Of-Memory killer for executed processes. Takes an integer
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek between -1000 (to disable OOM killing for this process) and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek 1000 (to make killing of this process under memory pressure
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek very likely). See <ulink
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek url="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>IOSchedulingClass=</varname></term>
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt <listitem><para>Sets the I/O scheduling class for executed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek processes. Takes an integer between 0 and 3 or one of the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek strings <option>none</option>, <option>realtime</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>best-effort</option> or <option>idle</option>. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>IOSchedulingPriority=</varname></term>
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt <listitem><para>Sets the I/O scheduling priority for executed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek processes. Takes an integer between 0 (highest priority) and 7
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (lowest priority). The available priorities depend on the
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt selected I/O scheduling class (see above). See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>CPUSchedulingPolicy=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the CPU scheduling policy for executed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek processes. Takes one of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>CPUSchedulingPriority=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the CPU scheduling priority for executed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek processes. The available priority range depends on the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek selected CPU scheduling policy (see above). For real-time
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek scheduling policies an integer between 1 (lowest priority) and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek 99 (highest priority) can be used. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>CPUSchedulingResetOnFork=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a boolean argument. If true, elevated
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek CPU scheduling priorities and policies will be reset when the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek executed processes fork, and can hence not leak into child
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details. Defaults to false.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>CPUAffinity=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Controls the CPU affinity of the executed
71b1c27a406271b71f64487ae70b58f44a4a37f0Filipe Brandenburger processes. Takes a list of CPU indices or ranges separated by
71b1c27a406271b71f64487ae70b58f44a4a37f0Filipe Brandenburger either whitespace or commas. CPU ranges are specified by the
71b1c27a406271b71f64487ae70b58f44a4a37f0Filipe Brandenburger lower and upper CPU indices separated by a dash.
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt This option may be specified more than once, in which case the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek specified CPU affinity masks are merged. If the empty string
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is assigned, the mask is reset, all assignments prior to this
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek will have no effect. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>UMask=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Controls the file mode creation mask. Takes an
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek access mode in octal notation. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details. Defaults to 0022.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>Environment=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets environment variables for executed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek processes. Takes a space-separated list of variable
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt assignments. This option may be specified more than once, in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek which case all listed variables will be set. If the same
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek variable is set twice, the later setting will override the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek earlier setting. If the empty string is assigned to this
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek option, the list of environment variables is reset, all prior
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek assignments have no effect. Variable expansion is not
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek performed inside the strings, however, specifier expansion is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek possible. The $ character has no special meaning. If you need
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek to assign a value containing spaces to a variable, use double
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek quotes (") for the assignment.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"</programlisting>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek gives three variables <literal>VAR1</literal>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>VAR2</literal>, <literal>VAR3</literal>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek with the values <literal>word1 word2</literal>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>word3</literal>, <literal>$word 5 6</literal>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details about environment variables.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>EnvironmentFile=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Similar to <varname>Environment=</varname> but
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek reads the environment variables from a text file. The text
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek file should contain new-line-separated variable assignments.
8f0d2981ca2f0335426381416bd583c08c290f04Richard Maw Empty lines, lines without an <literal>=</literal> separator,
8f0d2981ca2f0335426381416bd583c08c290f04Richard Maw or lines starting with ; or # will be ignored,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek which may be used for commenting. A line ending with a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek backslash will be concatenated with the following one,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek allowing multiline variable definitions. The parser strips
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek leading and trailing whitespace from the values of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek assignments, unless you use double quotes (").</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>The argument passed should be an absolute filename or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek wildcard expression, optionally prefixed with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>-</literal>, which indicates that if the file does
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek not exist, it will not be read and no error or warning message
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is logged. This option may be specified more than once in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek which case all specified files are read. If the empty string
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is assigned to this option, the list of file to read is reset,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek all prior assignments have no effect.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>The files listed with this directive will be read
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek shortly before the process is executed (more specifically,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek after all processes from a previous unit state terminated.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek This means you can generate these files in one unit state, and
f407824d751a9cb31abfdf0343fe179e0efef259David Herrmann read it with this option in the next).</para>
f407824d751a9cb31abfdf0343fe179e0efef259David Herrmann <para>Settings from these
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek files override settings made with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>Environment=</varname>. If the same variable is set
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek twice from these files, the files will be read in the order
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek they are specified and the later setting will override the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek earlier setting.</para></listitem>
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger <varlistentry>
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger <term><varname>PassEnvironment=</varname></term>
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger <listitem><para>Pass environment variables from the systemd system
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger manager to executed processes. Takes a space-separated list of variable
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger names. This option may be specified more than once, in which case all
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger listed variables will be set. If the empty string is assigned to this
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger option, the list of environment variables is reset, all prior
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger assignments have no effect. Variables that are not set in the system
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger manager will not be passed and will be silently ignored.</para>
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger <para>Variables passed from this setting are overridden by those passed
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger from <varname>Environment=</varname> or
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger <varname>EnvironmentFile=</varname>.</para>
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger <para>Example:
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger <programlisting>PassEnvironment=VAR1 VAR2 VAR3</programlisting>
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger passes three variables <literal>VAR1</literal>,
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger <literal>VAR2</literal>, <literal>VAR3</literal>
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger with the values set for those variables in PID1.</para>
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger for details about environment variables.</para></listitem>
b4c14404b3e8753c41bac0b1d49369230a15c544Filipe Brandenburger </varlistentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>StandardInput=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Controls where file descriptor 0 (STDIN) of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the executed processes is connected to. Takes one of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>If <option>null</option> is selected, standard input
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek will be connected to <filename>/dev/null</filename>, i.e. all
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek read attempts by the process will result in immediate
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>If <option>tty</option> is selected, standard input is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek connected to a TTY (as configured by
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>TTYPath=</varname>, see below) and the executed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek process becomes the controlling process of the terminal. If
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the terminal is already being controlled by another process,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the executed process waits until the current controlling
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek process releases the terminal.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><option>tty-force</option> is similar to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>tty</option>, but the executed process is forcefully
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek and immediately made the controlling process of the terminal,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek potentially removing previous controlling processes from the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek terminal.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><option>tty-fail</option> is similar to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>tty</option> but if the terminal already has a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek controlling process start-up of the executed process
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>The <option>socket</option> option is only valid in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek socket-activated services, and only when the socket
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek configuration file (see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details) specifies a single socket only. If this option is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek set, standard input will be connected to the socket the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek service was activated from, which is primarily useful for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek compatibility with daemons designed for use with the
b5c7d097ec7d16facaaeb0da5ba2abb2b1fc230bZbigniew Jędrzejewski-Szmek <citerefentry project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>This setting defaults to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>null</option>.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>StandardOutput=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Controls where file descriptor 1 (STDOUT) of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the executed processes is connected to. Takes one of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>journal+console</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>syslog+console</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>kmsg+console</option> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><option>inherit</option> duplicates the file descriptor
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek of standard input for standard output.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><option>null</option> connects standard output to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/dev/null</filename>, i.e. everything written to it
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek will be lost.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><option>tty</option> connects standard output to a tty
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (as configured via <varname>TTYPath=</varname>, see below). If
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the TTY is used for output only, the executed process will not
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek become the controlling process of the terminal, and will not
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek fail or wait for other processes to release the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek terminal.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><option>journal</option> connects standard output with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the journal which is accessible via
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Note that everything that is written to syslog or kmsg (see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek below) is implicitly stored in the journal as well, the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek specific two options listed below are hence supersets of this
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><option>syslog</option> connects standard output to the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek system syslog service, in addition to the journal. Note that
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the journal daemon is usually configured to forward everything
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek it receives to syslog anyway, in which case this option is no
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek different from <option>journal</option>.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><option>kmsg</option> connects standard output with the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kernel log buffer which is accessible via
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek in addition to the journal. The journal daemon might be
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek configured to send all logs to kmsg anyway, in which case this
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek option is no different from <option>journal</option>.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><option>journal+console</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>syslog+console</option> and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>kmsg+console</option> work in a similar way as the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek three options above but copy the output to the system console
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><option>socket</option> connects standard output to a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek socket acquired via socket activation. The semantics are
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek similar to the same option of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardInput=</varname>.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>This setting defaults to the value set with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>DefaultStandardOutput=</option> in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering which defaults to <option>journal</option>. Note that setting
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering this parameter might result in additional dependencies to be
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering added to the unit (see above).</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>StandardError=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Controls where file descriptor 2 (STDERR) of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the executed processes is connected to. The available options
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek are identical to those of <varname>StandardOutput=</varname>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek with one exception: if set to <option>inherit</option> the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek file descriptor used for standard output is duplicated for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek standard error. This setting defaults to the value set with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>DefaultStandardError=</option> in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering which defaults to <option>inherit</option>. Note that setting
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering this parameter might result in additional dependencies to be
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering added to the unit (see above).</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>TTYPath=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the terminal device node to use if
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek standard input, output, or error are connected to a TTY (see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek above). Defaults to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/dev/console</filename>.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>TTYReset=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Reset the terminal device specified with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>TTYPath=</varname> before and after execution.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Defaults to <literal>no</literal>.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>TTYVHangup=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Disconnect all clients which have opened the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek terminal device specified with <varname>TTYPath=</varname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek before and after execution. Defaults to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>no</literal>.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>TTYVTDisallocate=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>If the terminal device specified with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>TTYPath=</varname> is a virtual console terminal, try
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek to deallocate the TTY before and after execution. This ensures
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek that the screen and scrollback buffer is cleared. Defaults to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>no</literal>.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SyslogIdentifier=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the process name to prefix log lines sent
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek to the logging system or the kernel log buffer with. If not
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek set, defaults to the process name of the executed process.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek This option is only useful when
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardOutput=</varname> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardError=</varname> are set to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>syslog</option>, <option>journal</option> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>kmsg</option> (or to the same settings in combination
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek with <option>+console</option>).</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SyslogFacility=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the syslog facility to use when logging
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek to syslog. One of <option>kern</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>user</option>, <option>mail</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>daemon</option>, <option>auth</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>syslog</option>, <option>lpr</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>news</option>, <option>uucp</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>cron</option>, <option>authpriv</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>ftp</option>, <option>local0</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>local1</option>, <option>local2</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>local3</option>, <option>local4</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>local5</option>, <option>local6</option> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details. This option is only useful when
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardOutput=</varname> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardError=</varname> are set to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>syslog</option>. Defaults to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>daemon</option>.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SyslogLevel=</varname></term>
a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt <listitem><para>The default syslog level to use when logging to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek syslog or the kernel log buffer. One of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details. This option is only useful when
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardOutput=</varname> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardError=</varname> are set to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>syslog</option> or <option>kmsg</option>. Note that
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek individual lines output by the daemon might be prefixed with a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek different log level which can be used to override the default
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek log level specified here. The interpretation of these prefixes
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek may be disabled with <varname>SyslogLevelPrefix=</varname>,
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt see below. For details, see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>info</option>.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SyslogLevelPrefix=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a boolean argument. If true and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardOutput=</varname> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardError=</varname> are set to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>syslog</option>, <option>kmsg</option> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>journal</option>, log lines written by the executed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek process that are prefixed with a log level will be passed on
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek to syslog with this log level set but the prefix removed. If
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek set to false, the interpretation of these prefixes is disabled
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek and the logged lines are passed on as-is. For details about
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek this prefixing see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Defaults to true.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>TimerSlackNSec=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the timer slack in nanoseconds for the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek executed processes. The timer slack controls the accuracy of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek wake-ups triggered by timers. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for more information. Note that in contrast to most other time
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek span definitions this parameter takes an integer value in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek nano-seconds if no unit is specified. The usual time units are
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek understood too.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitCPU=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitFSIZE=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitDATA=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitSTACK=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitCORE=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitRSS=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitNOFILE=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitAS=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitNPROC=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitMEMLOCK=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitLOCKS=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitSIGPENDING=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitMSGQUEUE=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitNICE=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitRTPRIO=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>LimitRTTIME=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>These settings set both soft and hard limits
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek of various resources for executed processes. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
91518d20ddf0376808544576d0ef0883cedc67d4Karel Zak for details. The resource limit is possible to specify in two formats,
91518d20ddf0376808544576d0ef0883cedc67d4Karel Zak <option>value</option> to set soft and hard limits to the same value,
91518d20ddf0376808544576d0ef0883cedc67d4Karel Zak or <option>soft:hard</option> to set both limits individually (e.g. LimitAS=4G:16G).
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering configure no limit on a specific resource. The multiplicative
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering suffixes K (=1024), M (=1024*1024) and so on for G, T, P and E
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering may be used for resource limits measured in bytes
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering (e.g. LimitAS=16G). For the limits referring to time values,
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering the usual time units ms, s, min, h and so on may be used (see
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering for details). Note that if no time unit is specified for
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering <varname>LimitCPU=</varname> the default unit of seconds is
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering implied, while for <varname>LimitRTTIME=</varname> the default
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering unit of microseconds is implied. Also, note that the effective
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering granularity of the limits might influence their
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering enforcement. For example, time limits specified for
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering <varname>LimitCPU=</varname> will be rounded up implicitly to
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering multiples of 1s.</para>
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering <para>Note that most process resource limits configured with
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering these options are per-process, and processes may fork in order
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering to acquire a new set of resources that are accounted
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering independently of the original process, and may thus escape
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering limits set. Also note that <varname>LimitRSS=</varname> is not
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering implemented on Linux, and setting it has no effect. Often it
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering is advisable to prefer the resource controls listed in
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering over these per-process limits, as they apply to services as a
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering whole, may be altered dynamically at runtime, and are
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering generally more expressive. For example,
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering <varname>MemoryLimit=</varname> is a more powerful (and
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering working) replacement for <varname>LimitRSS=</varname>.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <title>Limit directives and their equivalent with ulimit</title>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <colspec colname='equivalent' />
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <entry>ulimit equivalent</entry>
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering <entry>Number of File Descriptors</entry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>PAMName=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets the PAM service name to set up a session
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek as. If set, the executed process will be registered as a PAM
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek session under the specified service name. This is only useful
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek in conjunction with the <varname>User=</varname> setting. If
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek not set, no PAM session will be opened for the executed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>CapabilityBoundingSet=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Controls which capabilities to include in the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek capability bounding set for the executed process. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details. Takes a whitespace-separated list of capability
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek names as read by
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek e.g. <constant>CAP_SYS_ADMIN</constant>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>CAP_DAC_OVERRIDE</constant>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>CAP_SYS_PTRACE</constant>. Capabilities listed will
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek be included in the bounding set, all others are removed. If
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the list of capabilities is prefixed with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>~</literal>, all but the listed capabilities will be
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek included, the effect of the assignment inverted. Note that
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek this option also affects the respective capabilities in the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek effective, permitted and inheritable capability sets, on top
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek of what <varname>Capabilities=</varname> does. If this option
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is not used, the capability bounding set is not modified on
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek process execution, hence no limits on the capabilities of the
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt process are enforced. This option may appear more than once, in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek which case the bounding sets are merged. If the empty string
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is assigned to this option, the bounding set is reset to the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek empty capability set, and all prior settings have no effect.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek If set to <literal>~</literal> (without any further argument),
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the bounding set is reset to the full set of available
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek capabilities, also undoing any previous
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen <varlistentry>
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen <term><varname>AmbientCapabilities=</varname></term>
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen <listitem><para>Controls which capabilities to include in the
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen ambient capability set for the executed process. Takes a
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen whitespace-separated list of capability names as read by
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen <constant>CAP_SYS_PTRACE</constant>. This option may appear more than
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen once in which case the ambient capability sets are merged.
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen If the list of capabilities is prefixed with <literal>~</literal>, all
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen but the listed capabilities will be included, the effect of the
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen assignment inverted. If the empty string is
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen assigned to this option, the ambient capability set is reset to
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen the empty capability set, and all prior settings have no effect.
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen If set to <literal>~</literal> (without any further argument), the
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen ambient capability set is reset to the full set of available
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen capabilities, also undoing any previous settings. Note that adding
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen capabilities to ambient capability set adds them to the process's
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen inherited capability set.
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen Ambient capability sets are useful if you want to execute a process
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen as a non-privileged user but still want to give it some capabilities.
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen Note that in this case option <constant>keep-caps</constant> is
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen automatically added to <varname>SecureBits=</varname> to retain the
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen capabilities over the user change.</para></listitem>
ece87975a97509b48a01b1e3da2e99c1c7dfd77aIsmo Puustinen </varlistentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SecureBits=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Controls the secure bits set for the executed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek process. Takes a space-separated combination of options from
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the following list:
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>keep-caps-locked</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>no-setuid-fixup</option>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>no-setuid-fixup-locked</option>,
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt This option may appear more than once, in which case the secure
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek bits are ORed. If the empty string is assigned to this option,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the bits are reset to 0. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>Capabilities=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek set for the executed process. Take a capability string
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek describing the effective, permitted and inherited capability
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek sets as documented in
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek <citerefentry project='mankier'><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Note that these capability sets are usually influenced (and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek filtered) by the capabilities attached to the executed file.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Due to that <varname>CapabilityBoundingSet=</varname> is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek probably a much more useful setting.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>ReadWriteDirectories=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>ReadOnlyDirectories=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>InaccessibleDirectories=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Sets up a new file system namespace for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek executed processes. These options may be used to limit access
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek a process might have to the main file system hierarchy. Each
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek setting takes a space-separated list of absolute directory
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek paths. Directories listed in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>ReadWriteDirectories=</varname> are accessible from
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek within the namespace with the same access rights as from
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek outside. Directories listed in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>ReadOnlyDirectories=</varname> are accessible for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek reading only, writing will be refused even if the usual file
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek access controls would permit this. Directories listed in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>InaccessibleDirectories=</varname> will be made
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek inaccessible for processes inside the namespace. Note that
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek restricting access with these options does not extend to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek submounts of a directory that are created later on. These
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt options may be specified more than once, in which case all
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek directories listed will have limited access from within the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek namespace. If the empty string is assigned to this option, the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek specific list is reset, and all prior assignments have no
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>ReadOnlyDirectories=</varname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>InaccessibleDirectories=</varname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek may be prefixed with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>-</literal>, in which case
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek they will be ignored when they do not
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek exist. Note that using this
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek setting will disconnect propagation of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek mounts from the service to the host
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (propagation in the opposite direction
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek continues to work). This means that
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek this setting may not be used for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek services which shall be able to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek install mount points in the main mount
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>PrivateTmp=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a boolean argument. If true, sets up a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek new file system namespace for the executed processes and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek mounts private <filename>/tmp</filename> and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/var/tmp</filename> directories inside it that is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek not shared by processes outside of the namespace. This is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek useful to secure access to temporary files of the process, but
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek makes sharing between processes via <filename>/tmp</filename>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek or <filename>/var/tmp</filename> impossible. If this is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek enabled, all temporary files created by a service in these
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek directories will be removed after the service is stopped.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Defaults to false. It is possible to run two or more units
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek within the same private <filename>/tmp</filename> and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/var/tmp</filename> namespace by using the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>JoinsNamespaceOf=</varname> directive, see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details. Note that using this setting will disconnect
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek propagation of mounts from the service to the host
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (propagation in the opposite direction continues to work).
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek This means that this setting may not be used for services
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek which shall be able to install mount points in the main mount
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>PrivateDevices=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a boolean argument. If true, sets up a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek new /dev namespace for the executed processes and only adds
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek API pseudo devices such as <filename>/dev/null</filename>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/dev/zero</filename> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/dev/random</filename> (as well as the pseudo TTY
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek subsystem) to it, but no physical devices such as
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/dev/sda</filename>. This is useful to securely turn
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek off physical device access by the executed process. Defaults
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek to false. Enabling this option will also remove
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>CAP_MKNOD</constant> from the capability bounding
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek set for the unit (see above), and set
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>DevicePolicy=closed</varname> (see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details). Note that using this setting will disconnect
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek propagation of mounts from the service to the host
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (propagation in the opposite direction continues to work).
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek This means that this setting may not be used for services
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek which shall be able to install mount points in the main mount
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>PrivateNetwork=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a boolean argument. If true, sets up a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek new network namespace for the executed processes and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek configures only the loopback network device
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>lo</literal> inside it. No other network devices will
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek be available to the executed process. This is useful to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek securely turn off network access by the executed process.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Defaults to false. It is possible to run two or more units
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek within the same private network namespace by using the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>JoinsNamespaceOf=</varname> directive, see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details. Note that this option will disconnect all socket
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek families from the host, this includes AF_NETLINK and AF_UNIX.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek The latter has the effect that AF_UNIX sockets in the abstract
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek socket namespace will become unavailable to the processes
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (however, those located in the file system will continue to be
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>ProtectSystem=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a boolean argument or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>full</literal>. If true, mounts the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/usr</filename> and <filename>/boot</filename>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek directories read-only for processes invoked by this unit. If
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek set to <literal>full</literal>, the <filename>/etc</filename>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek directory is mounted read-only, too. This setting ensures that
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt any modification of the vendor-supplied operating system (and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek optionally its configuration) is prohibited for the service.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek It is recommended to enable this setting for all long-running
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek services, unless they are involved with system updates or need
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek to modify the operating system in other ways. Note however
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek that processes retaining the CAP_SYS_ADMIN capability can undo
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the effect of this setting. This setting is hence particularly
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek useful for daemons which have this capability removed, for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek example with <varname>CapabilityBoundingSet=</varname>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Defaults to off.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>ProtectHome=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a boolean argument or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <literal>read-only</literal>. If true, the directories
5833143708733a3fc9e6935922bf11d7d27cb768Christian Hesse <filename>/home</filename>, <filename>/root</filename> and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek are made inaccessible and empty for processes invoked by this
5833143708733a3fc9e6935922bf11d7d27cb768Christian Hesse unit. If set to <literal>read-only</literal>, the three
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek directories are made read-only instead. It is recommended to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek enable this setting for all long-running services (in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek particular network-facing ones), to ensure they cannot get
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek access to private user data, unless the services actually
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek require access to the user's private data. Note however that
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek processes retaining the CAP_SYS_ADMIN capability can undo the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek effect of this setting. This setting is hence particularly
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek useful for daemons which have this capability removed, for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek example with <varname>CapabilityBoundingSet=</varname>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Defaults to off.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>MountFlags=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a mount propagation flag:
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>shared</option>, <option>slave</option> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>private</option>, which control whether mounts in the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek file system namespace set up for this unit's processes will
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek receive or propagate mounts or unmounts. See
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for details. Defaults to <option>shared</option>. Use
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>shared</option> to ensure that mounts and unmounts are
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek propagated from the host to the container and vice versa. Use
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>slave</option> to run processes so that none of their
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek mounts and unmounts will propagate to the host. Use
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>private</option> to also ensure that no mounts and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek unmounts from the host will propagate into the unit processes'
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek namespace. Note that <option>slave</option> means that file
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek systems mounted on the host might stay mounted continuously in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the unit's namespace, and thus keep the device busy. Note that
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the file system namespace related options
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (<varname>PrivateTmp=</varname>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>PrivateDevices=</varname>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>ProtectSystem=</varname>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>ProtectHome=</varname>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>ReadOnlyDirectories=</varname>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>InaccessibleDirectories=</varname> and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>ReadWriteDirectories=</varname>) require that mount
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek and unmount propagation from the unit's file system namespace
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is disabled, and hence downgrade <option>shared</option> to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <option>slave</option>. </para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>UtmpIdentifier=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a four character identifier string for
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering an <citerefentry
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering project='man-pages'><refentrytitle>utmp</refentrytitle><manvolnum>5</manvolnum></citerefentry>
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering and wtmp entry for this service. This should only be
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering set for services such as <command>getty</command>
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering implementations (such as <citerefentry
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering project='die-net'><refentrytitle>agetty</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek where utmp/wtmp entries must be created and cleared before and
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering after execution, or for services that shall be executed as if
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering they were run by a <command>getty</command> process (see
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering below). If the configured string is longer than four
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek characters, it is truncated and the terminal four characters
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek are used. This setting interprets %I style string
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek replacements. This setting is unset by default, i.e. no
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek utmp/wtmp entries are created or cleaned up for this
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering <varlistentry>
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering <term><varname>UtmpMode=</varname></term>
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering <listitem><para>Takes one of <literal>init</literal>,
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering <literal>login</literal> or <literal>user</literal>. If
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering <varname>UtmpIdentifier=</varname> is set, controls which
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering type of <citerefentry
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering project='man-pages'><refentrytitle>utmp</refentrytitle><manvolnum>5</manvolnum></citerefentry>/wtmp
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering entries for this service are generated. This setting has no
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering effect unless <varname>UtmpIdentifier=</varname> is set
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering too. If <literal>init</literal> is set, only an
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering <constant>INIT_PROCESS</constant> entry is generated and the
6cd16034fc7d7dff3551a9a010d44589ae377a88Lennart Poettering invoked process must implement a
6cd16034fc7d7dff3551a9a010d44589ae377a88Lennart Poettering <command>getty</command>-compatible utmp/wtmp logic. If
6cd16034fc7d7dff3551a9a010d44589ae377a88Lennart Poettering <literal>login</literal> is set, first an
a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt <constant>INIT_PROCESS</constant> entry, followed by a
6cd16034fc7d7dff3551a9a010d44589ae377a88Lennart Poettering <constant>LOGIN_PROCESS</constant> entry is generated. In
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt this case, the invoked process must implement a <citerefentry
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering project='die-net'><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>-compatible
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering utmp/wtmp logic. If <literal>user</literal> is set, first an
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering <constant>INIT_PROCESS</constant> entry, then a
a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt <constant>LOGIN_PROCESS</constant> entry and finally a
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering <constant>USER_PROCESS</constant> entry is generated. In this
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt case, the invoked process may be any process that is suitable
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering to be run as session leader. Defaults to
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering <literal>init</literal>.</para></listitem>
023a4f67011f24d4b085995a4a3a02661c4794a2Lennart Poettering </varlistentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SELinuxContext=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Set the SELinux security context of the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek executed process. If set, this will override the automated
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek domain transition. However, the policy still needs to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek authorize the transition. This directive is ignored if SELinux
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is disabled. If prefixed by <literal>-</literal>, all errors
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek will be ignored. See
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>AppArmorProfile=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a profile name as argument. The process
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek executed by the unit will switch to this profile when started.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Profiles must already be loaded in the kernel, or the unit
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek will fail. This result in a non operation if AppArmor is not
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek enabled. If prefixed by <literal>-</literal>, all errors will
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SmackProcessLabel=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a <option>SMACK64</option> security
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek label as argument. The process executed by the unit will be
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek started under this label and SMACK will decide whether the
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt process is allowed to run or not, based on it. The process
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek will continue to run under the label specified here unless the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek executable has its own <option>SMACK64EXEC</option> label, in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek which case the process will transition to run under that
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek label. When not specified, the label that systemd is running
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek under is used. This directive is ignored if SMACK is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek disabled.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>The value may be prefixed by <literal>-</literal>, in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek which case all errors will be ignored. An empty value may be
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek specified to unset previous assignments.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>IgnoreSIGPIPE=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a boolean argument. If true, causes
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>SIGPIPE</constant> to be ignored in the executed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek process. Defaults to true because <constant>SIGPIPE</constant>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek generally is useful only in shell pipelines.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>NoNewPrivileges=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a boolean argument. If true, ensures
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek that the service process and all its children can never gain
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek new privileges. This option is more powerful than the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek respective secure bits flags (see above), as it also prohibits
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek UID changes of any kind. This is the simplest, most effective
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek way to ensure that a process and its children can never
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek elevate privileges again.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SystemCallFilter=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a space-separated list of system call
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek names. If this setting is used, all system calls executed by
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the unit processes except for the listed ones will result in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek immediate process termination with the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>SIGSYS</constant> signal (whitelisting). If the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek first character of the list is <literal>~</literal>, the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek effect is inverted: only the listed system calls will result
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek in immediate process termination (blacklisting). If running in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek user mode and this option is used,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>NoNewPrivileges=yes</varname> is implied. This
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek feature makes use of the Secure Computing Mode 2 interfaces of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the kernel ('seccomp filtering') and is useful for enforcing a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek minimal sandboxing environment. Note that the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <function>rt_sigreturn</function>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <function>exit_group</function>, <function>exit</function>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek system calls are implicitly whitelisted and do not need to be
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt listed explicitly. This option may be specified more than once,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek in which case the filter masks are merged. If the empty string
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is assigned, the filter is reset, all prior assignments will
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek have no effect.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>If you specify both types of this option (i.e.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek whitelisting and blacklisting), the first encountered will
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek take precedence and will dictate the default action
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (termination or approval of a system call). Then the next
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek occurrences of this option will add or delete the listed
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek system calls from the set of the filtered system calls,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek depending of its type and the default action. (For example, if
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek you have started with a whitelisting of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <function>read</function> and <function>write</function>, and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek right after it add a blacklisting of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <function>write</function>, then <function>write</function>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek will be removed from the set.) </para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SystemCallErrorNumber=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes an <literal>errno</literal> error number
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek name to return when the system call filter configured with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>SystemCallFilter=</varname> is triggered, instead of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek terminating the process immediately. Takes an error name such
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek as <constant>EPERM</constant>, <constant>EACCES</constant> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>EUCLEAN</constant>. When this setting is not used,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek or when the empty string is assigned, the process will be
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek terminated immediately when the filter is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>SystemCallArchitectures=</varname></term>
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt <listitem><para>Takes a space-separated list of architecture
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek identifiers to include in the system call filter. The known
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek architecture identifiers are <constant>x86</constant>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>x86-64</constant>, <constant>x32</constant>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>arm</constant> as well as the special identifier
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>native</constant>. Only system calls of the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek specified architectures will be permitted to processes of this
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek unit. This is an effective way to disable compatibility with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek non-native architectures for processes, for example to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek prohibit execution of 32-bit x86 binaries on 64-bit x86-64
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek systems. The special <constant>native</constant> identifier
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek implicitly maps to the native architecture of the system (or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek more strictly: to the architecture the system manager is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek compiled for). If running in user mode and this option is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek used, <varname>NoNewPrivileges=yes</varname> is implied. Note
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek that setting this option to a non-empty list implies that
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>native</constant> is included too. By default, this
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek option is set to the empty list, i.e. no architecture system
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek call filtering is applied.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>RestrictAddressFamilies=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Restricts the set of socket address families
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek accessible to the processes of this unit. Takes a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek space-separated list of address family names to whitelist,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>AF_INET6</constant>. When
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek prefixed with <constant>~</constant> the listed address
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek families will be applied as blacklist, otherwise as whitelist.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Note that this restricts access to the
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek system call only. Sockets passed into the process by other
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek means (for example, by using socket activation with socket
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek are unaffected. Also, sockets created with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <function>socketpair()</function> (which creates connected
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek AF_UNIX sockets only) are unaffected. Note that this option
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek has no effect on 32-bit x86 and is ignored (but works
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek correctly on x86-64). If running in user mode and this option
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is used, <varname>NoNewPrivileges=yes</varname> is implied. By
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek default, no restriction applies, all address families are
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek accessible to processes. If assigned the empty string, any
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek previous list changes are undone.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>Use this option to limit exposure of processes to remote
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek systems, in particular via exotic network protocols. Note that
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek in most cases, the local <constant>AF_UNIX</constant> address
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek family should be included in the configured whitelist as it is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek frequently used for local communication, including for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>Personality=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Controls which kernel architecture
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek shall report, when invoked by unit processes. Takes one of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <constant>x86</constant> and <constant>x86-64</constant>. This
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is useful when running 32-bit services on a 64-bit host
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek system. If not specified, the personality is left unmodified
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek and thus reflects the personality of the host system's
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>RuntimeDirectory=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>RuntimeDirectoryMode=</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Takes a list of directory names. If set, one
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek or more directories by the specified names will be created
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek below <filename>/run</filename> (for system services) or below
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>$XDG_RUNTIME_DIR</varname> (for user services) when
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the unit is started, and removed when the unit is stopped. The
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek directories will have the access mode specified in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>RuntimeDirectoryMode=</varname>, and will be owned by
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the user and group specified in <varname>User=</varname> and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>Group=</varname>. Use this to manage one or more
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek runtime directories of the unit and bind their lifetime to the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek daemon runtime. The specified directory names must be
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek relative, and may not include a <literal>/</literal>, i.e.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek must refer to simple directories to create or remove. This is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek particularly useful for unprivileged daemons that cannot
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek create runtime directories in <filename>/run</filename> due to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek lack of privileges, and to make sure the runtime directory is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek cleaned up automatically after use. For runtime directories
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek that require more complex or different configuration or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek lifetime guarantees, please consider using
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <title>Environment variables in spawned processes</title>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>Processes started by the system are executed in a clean
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek environment in which select variables listed below are set. System
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek processes started by systemd do not inherit variables from PID 1,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek but processes started by user systemd instances inherit all
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek environment variables from the user systemd instance.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <variablelist class='environment-variables'>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$PATH</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Colon-separated list of directories to use
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek when launching executables. Systemd uses a fixed value of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$LANG</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Locale. Can be set in
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek or on the kernel command line (see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$USER</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$LOGNAME</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$HOME</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$SHELL</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>User name (twice), home directory, and the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek login shell. The variables are set for the units that have
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>User=</varname> set, which includes user
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <command>systemd</command> instances. See
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$XDG_RUNTIME_DIR</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>The directory for volatile state. Set for the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek user <command>systemd</command> instance, and also in user
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$XDG_SESSION_ID</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$XDG_SEAT</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$XDG_VTNR</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>The identifier of the session, the seat name,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek and virtual terminal of the session. Set by
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for login sessions. <varname>$XDG_SEAT</varname> and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>$XDG_VTNR</varname> will only be set when attached to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek a seat and a tty.</para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$MAINPID</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>The PID of the units main process if it is
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek known. This is only set for control processes as invoked by
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>ExecReload=</varname> and similar. </para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$MANAGERPID</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>The PID of the user <command>systemd</command>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek instance, set for processes spawned by it. </para></listitem>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$LISTEN_FDS</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$LISTEN_PID</varname></term>
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <term><varname>$LISTEN_FDNAMES</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Information about file descriptors passed to a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek service for socket activation. See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <varlistentry>
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <term><varname>$NOTIFY_SOCKET</varname></term>
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <function>sd_notify()</function> talks to. See
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin </varlistentry>
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <varlistentry>
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <term><varname>$WATCHDOG_PID</varname></term>
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <term><varname>$WATCHDOG_USEC</varname></term>
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <listitem><para>Information about watchdog keep-alive notifications. See
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <citerefentry><refentrytitle>sd_watchdog_enabled</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin </varlistentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <term><varname>$TERM</varname></term>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <listitem><para>Terminal type, set only for units connected to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek a terminal (<varname>StandardInput=tty</varname>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardOutput=tty</varname>, or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <varname>StandardError=tty</varname>). See
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>termcap</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>Additional variables may be configured by the following
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek means: for processes spawned in specific units, use the
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin <varname>Environment=</varname>, <varname>EnvironmentFile=</varname>
5c019cf2602c035bb47bc59f71939ad53d6a9294Evgeny Vereshchagin and <varname>PassEnvironment=</varname> options above; to specify
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek variables globally, use <varname>DefaultEnvironment=</varname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek or the kernel option <varname>systemd.setenv=</varname> (see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Additional variables may also be set through PAM,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek cf. <citerefentry project='man-pages'><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
a4c1800284e3546bbfab2dc19eb59bcb91c4a2caLennart Poettering <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>