[systemd.git] / man / systemd-system.conf.html

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>systemd-system.conf</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
    a.headerlink {
      color: #c60f0f;
      font-size: 0.8em;
      padding: 0 4px 0 4px;
      text-decoration: none;
      visibility: hidden;
    }

    a.headerlink:hover {
      background-color: #c60f0f;
      color: white;
    }

    h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
      visibility: visible;
    }
  </style><a href="index.html">Index </a>·
  <a href="systemd.directives.html">Directives </a>·
  <a href="../python-systemd/index.html">Python </a>·
  <a href="../libudev/index.html">libudev </a>·
  <a href="../libudev/index.html">gudev </a><span style="float:right">systemd 214</span><hr><div class="refentry"><a name="systemd-system.conf"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>systemd-system.conf, systemd-user.conf — System and session service manager configuration file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">/etc/systemd/system.conf</code></p><p><code class="filename">/etc/systemd/user.conf</code></p></div><div class="refsect1"><a name="idm214192577744"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description">¶</a></h2><p>When run as system instance systemd reads the
                configuration file <code class="filename">system.conf</code>,
                otherwise <code class="filename">user.conf</code>. These
                configuration files contain a few settings controlling
                basic manager operations.</p></div><div class="refsect1"><a name="idm214192574992"></a><h2 id="Options">Options<a class="headerlink" title="Permalink to this headline" href="#Options">¶</a></h2><p>All options are configured in the
                "<code class="literal">[Manager]</code>" section:</p><div class="variablelist"><dl class="variablelist"><dt id="LogLevel="><span class="term"><code class="varname">LogLevel=</code>, </span><span class="term"><code class="varname">LogTarget=</code>, </span><span class="term"><code class="varname">LogColor=</code>, </span><span class="term"><code class="varname">LogLocation=</code>, </span><span class="term"><code class="varname">DumpCore=yes</code>, </span><span class="term"><code class="varname">CrashShell=no</code>, </span><span class="term"><code class="varname">ShowStatus=yes</code>, </span><span class="term"><code class="varname">CrashChVT=1</code>, </span><span class="term"><code class="varname">DefaultStandardOutput=journal</code>, </span><span class="term"><code class="varname">DefaultStandardError=inherit</code></span><a class="headerlink" title="Permalink to this term" href="#LogLevel=">¶</a></dt><dd><p>Configures various
                                parameters of basic manager
                                operation. These options may be
                                overridden by the respective command
                                line arguments. See
                                <a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>
                                for details about these command line
                                arguments.</p></dd><dt id="CPUAffinity="><span class="term"><code class="varname">CPUAffinity=</code></span><a class="headerlink" title="Permalink to this term" href="#CPUAffinity=">¶</a></dt><dd><p>Configures the initial
                                CPU affinity for the init
                                process. Takes a space-separated list
                                of CPU indices.</p></dd><dt id="JoinControllers=cpu,cpuacct net_cls,netprio"><span class="term"><code class="varname">JoinControllers=cpu,cpuacct net_cls,netprio</code></span><a class="headerlink" title="Permalink to this term" href="#JoinControllers=cpu,cpuacct%20net_cls,netprio">¶</a></dt><dd><p>Configures controllers
                                that shall be mounted in a single
                                hierarchy. By default, systemd will
                                mount all controllers which are
                                enabled in the kernel in individual
                                hierarchies, with the exception of
                                those listed in this setting. Takes a
                                space-separated list of comma-separated
                                controller names, in order
                                to allow multiple joined
                                hierarchies. Defaults to
                                'cpu,cpuacct'. Pass an empty string to
                                ensure that systemd mounts all
                                controllers in separate
                                hierarchies.</p><p>Note that this option is only
                                applied once, at very early boot. If
                                you use an initial RAM disk (initrd)
                                that uses systemd, it might hence be
                                necessary to rebuild the initrd if
                                this option is changed, and make sure
                                the new configuration file is included
                                in it. Otherwise, the initrd might
                                mount the controller hierarchies in a
                                different configuration than intended,
                                and the main system cannot remount
                                them anymore.</p></dd><dt id="RuntimeWatchdogSec="><span class="term"><code class="varname">RuntimeWatchdogSec=</code>, </span><span class="term"><code class="varname">ShutdownWatchdogSec=</code></span><a class="headerlink" title="Permalink to this term" href="#RuntimeWatchdogSec=">¶</a></dt><dd><p>Configure the hardware
                                watchdog at runtime and at
                                reboot. Takes a timeout value in
                                seconds (or in other time units if
                                suffixed with "<code class="literal">ms</code>",
                                "<code class="literal">min</code>",
                                "<code class="literal">h</code>",
                                "<code class="literal">d</code>",
                                "<code class="literal">w</code>"). If
                                <code class="varname">RuntimeWatchdogSec=</code>
                                is set to a non-zero value, the
                                watchdog hardware
                                (<code class="filename">/dev/watchdog</code>)
                                will be programmed to automatically
                                reboot the system if it is not
                                contacted within the specified timeout
                                interval. The system manager will
                                ensure to contact it at least once in
                                half the specified timeout
                                interval. This feature requires a
                                hardware watchdog device to be
                                present, as it is commonly the case in
                                embedded and server systems. Not all
                                hardware watchdogs allow configuration
                                of the reboot timeout, in which case
                                the closest available timeout is
                                picked. <code class="varname">ShutdownWatchdogSec=</code>
                                may be used to configure the hardware
                                watchdog when the system is asked to
                                reboot. It works as a safety net to
                                ensure that the reboot takes place
                                even if a clean reboot attempt times
                                out. By default
                                <code class="varname">RuntimeWatchdogSec=</code>
                                defaults to 0 (off), and
                                <code class="varname">ShutdownWatchdogSec=</code>
                                to 10min. These settings have no
                                effect if a hardware watchdog is not
                                available.</p></dd><dt id="CapabilityBoundingSet="><span class="term"><code class="varname">CapabilityBoundingSet=</code></span><a class="headerlink" title="Permalink to this term" href="#CapabilityBoundingSet=">¶</a></dt><dd><p>Controls which
                                capabilities to include in the
                                capability bounding set for PID 1 and
                                its children. See
                                <a href="capabilities.html"><span class="citerefentry"><span class="refentrytitle">capabilities</span>(7)</span></a>
                                for details. Takes a whitespace-separated
                                list of capability names as read by
                                <a href="cap_from_name.html"><span class="citerefentry"><span class="refentrytitle">cap_from_name</span>(3)</span></a>.
                                Capabilities listed will be included
                                in the bounding set, all others are
                                removed. If the list of capabilities
                                is prefixed with ~, all but the listed
                                capabilities will be included, the
                                effect of the assignment
                                inverted. Note that this option also
                                affects the respective capabilities in
                                the effective, permitted and
                                inheritable capability sets. The
                                capability bounding set may also be
                                individually configured for units
                                using the
                                <code class="varname">CapabilityBoundingSet=</code>
                                directive for units, but note that
                                capabilities dropped for PID 1 cannot
                                be regained in individual units, they
                                are lost for good.</p></dd><dt id="SystemCallArchitectures="><span class="term"><code class="varname">SystemCallArchitectures=</code></span><a class="headerlink" title="Permalink to this term" href="#SystemCallArchitectures=">¶</a></dt><dd><p>Takes a
                                space-separated list of architecture
                                identifiers. Selects from which
                                architectures system calls may be
                                invoked on this system. This may be
                                used as an effective way to disable
                                invocation of non-native binaries
                                system-wide, for example to prohibit
                                execution of 32-bit x86 binaries on
                                64-bit x86-64 systems. This option
                                operates system-wide, and acts
                                similar to the
                                <code class="varname">SystemCallArchitectures=</code>
                                setting of unit files, see
                                <a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>
                                for details. This setting defaults to
                                the empty list, in which case no
                                filtering of system calls based on
                                architecture is applied. Known
                                architecture identifiers are
                                "<code class="literal">x86</code>",
                                "<code class="literal">x86-64</code>",
                                "<code class="literal">x32</code>",
                                "<code class="literal">arm</code>" and the special
                                identifier
                                "<code class="literal">native</code>". The latter
                                implicitly maps to the native
                                architecture of the system (or more
                                specifically, the architecture the
                                system manager was compiled for). Set
                                this setting to
                                "<code class="literal">native</code>" to prohibit
                                execution of any non-native
                                binaries. When a binary executes a
                                system call of an architecture that is
                                not listed in this setting, it will be
                                immediately terminated with the SIGSYS
                                signal.</p></dd><dt id="TimerSlackNSec="><span class="term"><code class="varname">TimerSlackNSec=</code></span><a class="headerlink" title="Permalink to this term" href="#TimerSlackNSec=">¶</a></dt><dd><p>Sets the timer slack
                                in nanoseconds for PID 1, which is
                                inherited by all executed processes,
                                unless overridden individually, for
                                example with the
                                <code class="varname">TimerSlackNSec=</code>
                                setting in service units (for details
                                see
                                <a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>). The
                                timer slack controls the accuracy of
                                wake-ups triggered by system
                                timers. See
                                <a href="prctl.html"><span class="citerefentry"><span class="refentrytitle">prctl</span>(2)</span></a>
                                for more information. Note that in
                                contrast to most other time span
                                definitions this parameter takes an
                                integer value in nano-seconds if no
                                unit is specified. The usual time
                                units are understood
                                too.</p></dd><dt id="DefaultTimerAccuracySec="><span class="term"><code class="varname">DefaultTimerAccuracySec=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultTimerAccuracySec=">¶</a></dt><dd><p>Sets the default
                                accuracy of timer units. This controls
                                the global default for the
                                <code class="varname">AccuracySec=</code>
                                setting of timer units, see
                                <a href="systemd.timer.html"><span class="citerefentry"><span class="refentrytitle">systemd.timer</span>(5)</span></a>
                                for
                                details. <code class="varname">AccuracySec=</code>
                                set in individual units override the
                                global default for the specific
                                unit. Defaults to 1min. Note that the
                                accuracy of timer units is also
                                affected by the configured timer slack
                                for PID 1, see
                                <code class="varname">TimerSlackNSec=</code>
                                above.</p></dd><dt id="DefaultTimeoutStartSec="><span class="term"><code class="varname">DefaultTimeoutStartSec=</code>, </span><span class="term"><code class="varname">DefaultTimeoutStopSec=</code>, </span><span class="term"><code class="varname">DefaultRestartSec=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultTimeoutStartSec=">¶</a></dt><dd><p>Configures the default
                                timeouts for starting and stopping of
                                units, as well as the default time to
                                sleep between automatic restarts of
                                units, as configured per-unit in
                                <code class="varname">TimeoutStartSec=</code>,
                                <code class="varname">TimeoutStopSec=</code> and
                                <code class="varname">RestartSec=</code> (for
                                services, see
                                <a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>
                                for details on the per-unit
                                settings). For non-service units,
                                <code class="varname">DefaultTimeoutStartSec=</code>
                                sets the default
                                <code class="varname">TimeoutSec=</code> value.
                                </p></dd><dt id="DefaultStartLimitInterval="><span class="term"><code class="varname">DefaultStartLimitInterval=</code>, </span><span class="term"><code class="varname">DefaultStartLimitBurst=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultStartLimitInterval=">¶</a></dt><dd><p>Configure the default
                                unit start rate limiting, as
                                configured per-service by
                                <code class="varname">StartLimitInterval=</code>
                                and
                                <code class="varname">StartLimitBurst=</code>. See
                                <a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>
                                for details on the per-service
                                settings.</p></dd><dt id="DefaultEnvironment="><span class="term"><code class="varname">DefaultEnvironment=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultEnvironment=">¶</a></dt><dd><p>Sets manager
                                environment variables passed to all
                                executed processes. Takes a
                                space-separated list of variable
                                assignments. See
                                <a href="environ.html"><span class="citerefentry"><span class="refentrytitle">environ</span>(7)</span></a>
                                for details about environment
                                variables.</p><p>Example:

                                </p><pre class="programlisting">DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</pre><p>

                                Sets three variables
                                "<code class="literal">VAR1</code>",
                                "<code class="literal">VAR2</code>",
                                "<code class="literal">VAR3</code>".</p></dd><dt id="DefaultCPUAccounting="><span class="term"><code class="varname">DefaultCPUAccounting=</code>, </span><span class="term"><code class="varname">DefaultBlockIOAccounting=</code>, </span><span class="term"><code class="varname">DefaultMemoryAccounting=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultCPUAccounting=">¶</a></dt><dd><p>Configure the default
                                resource accounting settings, as
                                configured per-unit by
                                <code class="varname">CPUAccounting=</code>,
                                <code class="varname">BlockIOAccounting=</code>
                                and
                                <code class="varname">MemoryAccounting=</code>. See
                                <a href="systemd.resource-control.html"><span class="citerefentry"><span class="refentrytitle">systemd.resource-control</span>(5)</span></a>
                                for details on the per-unit
                                settings.</p></dd><dt id="DefaultLimitCPU="><span class="term"><code class="varname">DefaultLimitCPU=</code>, </span><span class="term"><code class="varname">DefaultLimitFSIZE=</code>, </span><span class="term"><code class="varname">DefaultLimitDATA=</code>, </span><span class="term"><code class="varname">DefaultLimitSTACK=</code>, </span><span class="term"><code class="varname">DefaultLimitCORE=</code>, </span><span class="term"><code class="varname">DefaultLimitRSS=</code>, </span><span class="term"><code class="varname">DefaultLimitNOFILE=</code>, </span><span class="term"><code class="varname">DefaultLimitAS=</code>, </span><span class="term"><code class="varname">DefaultLimitNPROC=</code>, </span><span class="term"><code class="varname">DefaultLimitMEMLOCK=</code>, </span><span class="term"><code class="varname">DefaultLimitLOCKS=</code>, </span><span class="term"><code class="varname">DefaultLimitSIGPENDING=</code>, </span><span class="term"><code class="varname">DefaultLimitMSGQUEUE=</code>, </span><span class="term"><code class="varname">DefaultLimitNICE=</code>, </span><span class="term"><code class="varname">DefaultLimitRTPRIO=</code>, </span><span class="term"><code class="varname">DefaultLimitRTTIME=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultLimitCPU=">¶</a></dt><dd><p>These settings control
                                various default resource limits for
                                units. See
                                <a href="setrlimit.html"><span class="citerefentry"><span class="refentrytitle">setrlimit</span>(2)</span></a>
                                for details. Use the string
                                <code class="varname">infinity</code> to
                                configure no limit on a specific
                                resource. These settings may be
                                overridden in individual units
                                using the corresponding LimitXXX=
                                directives. Note that these resource
                                limits are only defaults for units,
                                they are not applied to PID 1
                                itself.</p></dd></dl></div></div><div class="refsect1"><a name="idm214191475072"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also">¶</a></h2><p>
                          <a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
                          <a href="systemd.directives.html"><span class="citerefentry"><span class="refentrytitle">systemd.directives</span>(7)</span></a>,
                          <a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>,
                          <a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>,
                          <a href="environ.html"><span class="citerefentry"><span class="refentrytitle">environ</span>(7)</span></a>,
                          <a href="capabilities.html"><span class="citerefentry"><span class="refentrytitle">capabilities</span>(7)</span></a>
                  </p></div></div></body></html>
Commit	Line	Data
663996b3 MS	1	<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>systemd-system.conf</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
	2	a.headerlink {
	3	color: #c60f0f;
	4	font-size: 0.8em;
	5	padding: 0 4px 0 4px;
	6	text-decoration: none;
	7	visibility: hidden;
	8	}
	9
	10	a.headerlink:hover {
	11	background-color: #c60f0f;
	12	color: white;
	13	}
	14
	15	h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
	16	visibility: visible;
	17	}
	18	</style><a href="index.html">Index </a>·
	19	<a href="systemd.directives.html">Directives </a>·
	20	<a href="../python-systemd/index.html">Python </a>·
	21	<a href="../libudev/index.html">libudev </a>·
60f067b4	22	<a href="../libudev/index.html">gudev </a><span style="float:right">systemd 214</span><hr><div class="refentry"><a name="systemd-system.conf"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>systemd-system.conf, systemd-user.conf — System and session service manager configuration file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">/etc/systemd/system.conf</code></p><p><code class="filename">/etc/systemd/user.conf</code></p></div><div class="refsect1"><a name="idm214192577744"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description">¶</a></h2><p>When run as system instance systemd reads the
663996b3 MS	23	configuration file <code class="filename">system.conf</code>,
	24	otherwise <code class="filename">user.conf</code>. These
	25	configuration files contain a few settings controlling
60f067b4	26	basic manager operations.</p></div><div class="refsect1"><a name="idm214192574992"></a><h2 id="Options">Options<a class="headerlink" title="Permalink to this headline" href="#Options">¶</a></h2><p>All options are configured in the
14228c0d	27	"<code class="literal">[Manager]</code>" section:</p><div class="variablelist"><dl class="variablelist"><dt id="LogLevel="><span class="term"><code class="varname">LogLevel=</code>, </span><span class="term"><code class="varname">LogTarget=</code>, </span><span class="term"><code class="varname">LogColor=</code>, </span><span class="term"><code class="varname">LogLocation=</code>, </span><span class="term"><code class="varname">DumpCore=yes</code>, </span><span class="term"><code class="varname">CrashShell=no</code>, </span><span class="term"><code class="varname">ShowStatus=yes</code>, </span><span class="term"><code class="varname">CrashChVT=1</code>, </span><span class="term"><code class="varname">DefaultStandardOutput=journal</code>, </span><span class="term"><code class="varname">DefaultStandardError=inherit</code></span><a class="headerlink" title="Permalink to this term" href="#LogLevel=">¶</a></dt><dd><p>Configures various
663996b3 MS	28	parameters of basic manager
	29	operation. These options may be
	30	overridden by the respective command
	31	line arguments. See
	32	<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>
	33	for details about these command line
	34	arguments.</p></dd><dt id="CPUAffinity="><span class="term"><code class="varname">CPUAffinity=</code></span><a class="headerlink" title="Permalink to this term" href="#CPUAffinity=">¶</a></dt><dd><p>Configures the initial
	35	CPU affinity for the init
	36	process. Takes a space-separated list
60f067b4	37	of CPU indices.</p></dd><dt id="JoinControllers=cpu,cpuacct net_cls,netprio"><span class="term"><code class="varname">JoinControllers=cpu,cpuacct net_cls,netprio</code></span><a class="headerlink" title="Permalink to this term" href="#JoinControllers=cpu,cpuacct%20net_cls,netprio">¶</a></dt><dd><p>Configures controllers
663996b3	38	that shall be mounted in a single
14228c0d	39	hierarchy. By default, systemd will
663996b3 MS	40	mount all controllers which are
	41	enabled in the kernel in individual
	42	hierarchies, with the exception of
	43	those listed in this setting. Takes a
14228c0d MB	44	space-separated list of comma-separated
14228c0d MB	45	controller names, in order
663996b3 MS	46	to allow multiple joined
	47	hierarchies. Defaults to
	48	'cpu,cpuacct'. Pass an empty string to
	49	ensure that systemd mounts all
	50	controllers in separate
	51	hierarchies.</p><p>Note that this option is only
	52	applied once, at very early boot. If
	53	you use an initial RAM disk (initrd)
14228c0d	54	that uses systemd, it might hence be
663996b3 MS	55	necessary to rebuild the initrd if
	56	this option is changed, and make sure
	57	the new configuration file is included
14228c0d	58	in it. Otherwise, the initrd might
663996b3 MS	59	mount the controller hierarchies in a
	60	different configuration than intended,
	61	and the main system cannot remount
	62	them anymore.</p></dd><dt id="RuntimeWatchdogSec="><span class="term"><code class="varname">RuntimeWatchdogSec=</code>, </span><span class="term"><code class="varname">ShutdownWatchdogSec=</code></span><a class="headerlink" title="Permalink to this term" href="#RuntimeWatchdogSec=">¶</a></dt><dd><p>Configure the hardware
	63	watchdog at runtime and at
	64	reboot. Takes a timeout value in
	65	seconds (or in other time units if
14228c0d MB	66	suffixed with "<code class="literal">ms</code>",
	67	"<code class="literal">min</code>",
	68	"<code class="literal">h</code>",
	69	"<code class="literal">d</code>",
	70	"<code class="literal">w</code>"). If
663996b3	71	<code class="varname">RuntimeWatchdogSec=</code>
14228c0d	72	is set to a non-zero value, the
663996b3 MS	73	watchdog hardware
	74	(<code class="filename">/dev/watchdog</code>)
	75	will be programmed to automatically
	76	reboot the system if it is not
	77	contacted within the specified timeout
	78	interval. The system manager will
	79	ensure to contact it at least once in
	80	half the specified timeout
	81	interval. This feature requires a
	82	hardware watchdog device to be
	83	present, as it is commonly the case in
	84	embedded and server systems. Not all
	85	hardware watchdogs allow configuration
	86	of the reboot timeout, in which case
	87	the closest available timeout is
	88	picked. <code class="varname">ShutdownWatchdogSec=</code>
	89	may be used to configure the hardware
	90	watchdog when the system is asked to
	91	reboot. It works as a safety net to
	92	ensure that the reboot takes place
	93	even if a clean reboot attempt times
	94	out. By default
	95	<code class="varname">RuntimeWatchdogSec=</code>
	96	defaults to 0 (off), and
	97	<code class="varname">ShutdownWatchdogSec=</code>
	98	to 10min. These settings have no
	99	effect if a hardware watchdog is not
	100	available.</p></dd><dt id="CapabilityBoundingSet="><span class="term"><code class="varname">CapabilityBoundingSet=</code></span><a class="headerlink" title="Permalink to this term" href="#CapabilityBoundingSet=">¶</a></dt><dd><p>Controls which
	101	capabilities to include in the
	102	capability bounding set for PID 1 and
	103	its children. See
	104	<a href="capabilities.html"><span class="citerefentry"><span class="refentrytitle">capabilities</span>(7)</span></a>
14228c0d MB	105	for details. Takes a whitespace-separated
14228c0d MB	106	list of capability names as read by
663996b3 MS	107	<a href="cap_from_name.html"><span class="citerefentry"><span class="refentrytitle">cap_from_name</span>(3)</span></a>.
	108	Capabilities listed will be included
	109	in the bounding set, all others are
	110	removed. If the list of capabilities
14228c0d	111	is prefixed with ~, all but the listed
663996b3 MS	112	capabilities will be included, the
	113	effect of the assignment
	114	inverted. Note that this option also
	115	affects the respective capabilities in
	116	the effective, permitted and
	117	inheritable capability sets. The
	118	capability bounding set may also be
	119	individually configured for units
	120	using the
	121	<code class="varname">CapabilityBoundingSet=</code>
	122	directive for units, but note that
	123	capabilities dropped for PID 1 cannot
	124	be regained in individual units, they
60f067b4 JS	125	are lost for good.</p></dd><dt id="SystemCallArchitectures="><span class="term"><code class="varname">SystemCallArchitectures=</code></span><a class="headerlink" title="Permalink to this term" href="#SystemCallArchitectures=">¶</a></dt><dd><p>Takes a
	126	space-separated list of architecture
	127	identifiers. Selects from which
	128	architectures system calls may be
	129	invoked on this system. This may be
	130	used as an effective way to disable
	131	invocation of non-native binaries
	132	system-wide, for example to prohibit
	133	execution of 32-bit x86 binaries on
	134	64-bit x86-64 systems. This option
	135	operates system-wide, and acts
	136	similar to the
	137	<code class="varname">SystemCallArchitectures=</code>
	138	setting of unit files, see
	139	<a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>
	140	for details. This setting defaults to
	141	the empty list, in which case no
	142	filtering of system calls based on
	143	architecture is applied. Known
	144	architecture identifiers are
	145	"<code class="literal">x86</code>",
	146	"<code class="literal">x86-64</code>",
	147	"<code class="literal">x32</code>",
	148	"<code class="literal">arm</code>" and the special
	149	identifier
	150	"<code class="literal">native</code>". The latter
	151	implicitly maps to the native
	152	architecture of the system (or more
	153	specifically, the architecture the
	154	system manager was compiled for). Set
	155	this setting to
	156	"<code class="literal">native</code>" to prohibit
	157	execution of any non-native
	158	binaries. When a binary executes a
	159	system call of an architecture that is
	160	not listed in this setting, it will be
	161	immediately terminated with the SIGSYS
	162	signal.</p></dd><dt id="TimerSlackNSec="><span class="term"><code class="varname">TimerSlackNSec=</code></span><a class="headerlink" title="Permalink to this term" href="#TimerSlackNSec=">¶</a></dt><dd><p>Sets the timer slack
	163	in nanoseconds for PID 1, which is
	164	inherited by all executed processes,
663996b3 MS	165	unless overridden individually, for
	166	example with the
	167	<code class="varname">TimerSlackNSec=</code>
	168	setting in service units (for details
	169	see
	170	<a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>). The
	171	timer slack controls the accuracy of
60f067b4 JS	172	wake-ups triggered by system
60f067b4 JS	173	timers. See
663996b3 MS	174	<a href="prctl.html"><span class="citerefentry"><span class="refentrytitle">prctl</span>(2)</span></a>
	175	for more information. Note that in
	176	contrast to most other time span
	177	definitions this parameter takes an
	178	integer value in nano-seconds if no
	179	unit is specified. The usual time
	180	units are understood
60f067b4 JS	181	too.</p></dd><dt id="DefaultTimerAccuracySec="><span class="term"><code class="varname">DefaultTimerAccuracySec=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultTimerAccuracySec=">¶</a></dt><dd><p>Sets the default
	182	accuracy of timer units. This controls
	183	the global default for the
	184	<code class="varname">AccuracySec=</code>
	185	setting of timer units, see
	186	<a href="systemd.timer.html"><span class="citerefentry"><span class="refentrytitle">systemd.timer</span>(5)</span></a>
	187	for
	188	details. <code class="varname">AccuracySec=</code>
	189	set in individual units override the
	190	global default for the specific
	191	unit. Defaults to 1min. Note that the
	192	accuracy of timer units is also
	193	affected by the configured timer slack
	194	for PID 1, see
	195	<code class="varname">TimerSlackNSec=</code>
	196	above.</p></dd><dt id="DefaultTimeoutStartSec="><span class="term"><code class="varname">DefaultTimeoutStartSec=</code>, </span><span class="term"><code class="varname">DefaultTimeoutStopSec=</code>, </span><span class="term"><code class="varname">DefaultRestartSec=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultTimeoutStartSec=">¶</a></dt><dd><p>Configures the default
	197	timeouts for starting and stopping of
	198	units, as well as the default time to
	199	sleep between automatic restarts of
	200	units, as configured per-unit in
	201	<code class="varname">TimeoutStartSec=</code>,
	202	<code class="varname">TimeoutStopSec=</code> and
	203	<code class="varname">RestartSec=</code> (for
	204	services, see
	205	<a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>
	206	for details on the per-unit
	207	settings). For non-service units,
	208	<code class="varname">DefaultTimeoutStartSec=</code>
	209	sets the default
	210	<code class="varname">TimeoutSec=</code> value.
	211	</p></dd><dt id="DefaultStartLimitInterval="><span class="term"><code class="varname">DefaultStartLimitInterval=</code>, </span><span class="term"><code class="varname">DefaultStartLimitBurst=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultStartLimitInterval=">¶</a></dt><dd><p>Configure the default
	212	unit start rate limiting, as
	213	configured per-service by
	214	<code class="varname">StartLimitInterval=</code>
	215	and
	216	<code class="varname">StartLimitBurst=</code>. See
	217	<a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>
	218	for details on the per-service
	219	settings.</p></dd><dt id="DefaultEnvironment="><span class="term"><code class="varname">DefaultEnvironment=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultEnvironment=">¶</a></dt><dd><p>Sets manager
14228c0d MB	220	environment variables passed to all
	221	executed processes. Takes a
	222	space-separated list of variable
	223	assignments. See
	224	<a href="environ.html"><span class="citerefentry"><span class="refentrytitle">environ</span>(7)</span></a>
	225	for details about environment
	226	variables.</p><p>Example:
	227
	228	</p><pre class="programlisting">DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</pre><p>
	229
	230	Sets three variables
	231	"<code class="literal">VAR1</code>",
	232	"<code class="literal">VAR2</code>",
60f067b4 JS	233	"<code class="literal">VAR3</code>".</p></dd><dt id="DefaultCPUAccounting="><span class="term"><code class="varname">DefaultCPUAccounting=</code>, </span><span class="term"><code class="varname">DefaultBlockIOAccounting=</code>, </span><span class="term"><code class="varname">DefaultMemoryAccounting=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultCPUAccounting=">¶</a></dt><dd><p>Configure the default
	234	resource accounting settings, as
	235	configured per-unit by
	236	<code class="varname">CPUAccounting=</code>,
	237	<code class="varname">BlockIOAccounting=</code>
	238	and
	239	<code class="varname">MemoryAccounting=</code>. See
	240	<a href="systemd.resource-control.html"><span class="citerefentry"><span class="refentrytitle">systemd.resource-control</span>(5)</span></a>
	241	for details on the per-unit
	242	settings.</p></dd><dt id="DefaultLimitCPU="><span class="term"><code class="varname">DefaultLimitCPU=</code>, </span><span class="term"><code class="varname">DefaultLimitFSIZE=</code>, </span><span class="term"><code class="varname">DefaultLimitDATA=</code>, </span><span class="term"><code class="varname">DefaultLimitSTACK=</code>, </span><span class="term"><code class="varname">DefaultLimitCORE=</code>, </span><span class="term"><code class="varname">DefaultLimitRSS=</code>, </span><span class="term"><code class="varname">DefaultLimitNOFILE=</code>, </span><span class="term"><code class="varname">DefaultLimitAS=</code>, </span><span class="term"><code class="varname">DefaultLimitNPROC=</code>, </span><span class="term"><code class="varname">DefaultLimitMEMLOCK=</code>, </span><span class="term"><code class="varname">DefaultLimitLOCKS=</code>, </span><span class="term"><code class="varname">DefaultLimitSIGPENDING=</code>, </span><span class="term"><code class="varname">DefaultLimitMSGQUEUE=</code>, </span><span class="term"><code class="varname">DefaultLimitNICE=</code>, </span><span class="term"><code class="varname">DefaultLimitRTPRIO=</code>, </span><span class="term"><code class="varname">DefaultLimitRTTIME=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultLimitCPU=">¶</a></dt><dd><p>These settings control
663996b3 MS	243	various default resource limits for
	244	units. See
	245	<a href="setrlimit.html"><span class="citerefentry"><span class="refentrytitle">setrlimit</span>(2)</span></a>
	246	for details. Use the string
	247	<code class="varname">infinity</code> to
	248	configure no limit on a specific
	249	resource. These settings may be
	250	overridden in individual units
	251	using the corresponding LimitXXX=
	252	directives. Note that these resource
	253	limits are only defaults for units,
	254	they are not applied to PID 1
60f067b4	255	itself.</p></dd></dl></div></div><div class="refsect1"><a name="idm214191475072"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also">¶</a></h2><p>
663996b3	256	<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
14228c0d	257	<a href="systemd.directives.html"><span class="citerefentry"><span class="refentrytitle">systemd.directives</span>(7)</span></a>,
60f067b4 JS	258	<a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>,
	259	<a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>,
	260	<a href="environ.html"><span class="citerefentry"><span class="refentrytitle">environ</span>(7)</span></a>,
	261	<a href="capabilities.html"><span class="citerefentry"><span class="refentrytitle">capabilities</span>(7)</span></a>
663996b3	262	</p></div></div></body></html>