New upstream version 249~rc1

[systemd.git] / man / systemd-system.conf.xml

<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="systemd-system.conf"
    xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>systemd-system.conf</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-system.conf</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-system.conf</refname>
    <refname>system.conf.d</refname>
    <refname>systemd-user.conf</refname>
    <refname>user.conf.d</refname>
    <refpurpose>System and session service manager configuration files</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>/etc/systemd/system.conf</filename>,
    <filename>/etc/systemd/system.conf.d/*.conf</filename>,
    <filename>/run/systemd/system.conf.d/*.conf</filename>,
    <filename>/usr/lib/systemd/system.conf.d/*.conf</filename></para>

    <para><filename>~/.config/systemd/user.conf</filename>,
    <filename>/etc/systemd/user.conf</filename>,
    <filename>/etc/systemd/user.conf.d/*.conf</filename>,
    <filename>/run/systemd/user.conf.d/*.conf</filename>,
    <filename>/usr/lib/systemd/user.conf.d/*.conf</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>When run as a system instance, <command>systemd</command> interprets the configuration file
    <filename>system.conf</filename> and the files in <filename>system.conf.d</filename> directories; when
    run as a user instance, it interprets the configuration file <filename>user.conf</filename> (either in
    the home directory of the user, or if not found, under <filename>/etc/systemd/</filename>) and the files
    in <filename>user.conf.d</filename> directories. These configuration files contain a few settings
    controlling basic manager operations.</para>

    <para>See
    <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> for a
    general description of the syntax.</para>
  </refsect1>

  <xi:include href="standard-conf.xml" xpointer="main-conf" />

  <refsect1>
    <title>Options</title>

    <para>All options are configured in the
    [Manager] section:</para>

    <variablelist class='config-directives'>

      <varlistentry>
        <term><varname>LogColor=</varname></term>
        <term><varname>LogLevel=</varname></term>
        <term><varname>LogLocation=</varname></term>
        <term><varname>LogTarget=</varname></term>
        <term><varname>LogTime=</varname></term>
        <term><varname>DumpCore=yes</varname></term>
        <term><varname>CrashChangeVT=no</varname></term>
        <term><varname>CrashShell=no</varname></term>
        <term><varname>CrashReboot=no</varname></term>
        <term><varname>ShowStatus=yes</varname></term>
        <term><varname>DefaultStandardOutput=journal</varname></term>
        <term><varname>DefaultStandardError=inherit</varname></term>

        <listitem><para>Configures various parameters of basic manager operation. These options may be overridden by
        the respective process and kernel command line arguments. See
        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
        details.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>CtrlAltDelBurstAction=</varname></term>

        <listitem><para>Defines what action will be performed
        if user presses Ctrl-Alt-Delete more than 7 times in 2s.
        Can be set to <literal>reboot-force</literal>, <literal>poweroff-force</literal>,
        <literal>reboot-immediate</literal>, <literal>poweroff-immediate</literal>
        or disabled with <literal>none</literal>. Defaults to
        <literal>reboot-force</literal>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>CPUAffinity=</varname></term>

        <listitem><para>Configures the CPU affinity for the service manager as well as the default CPU
        affinity for all forked off processes. Takes a list of CPU indices or ranges separated by either
        whitespace or commas. CPU ranges are specified by the lower and upper CPU indices separated by a
        dash. This option may be specified more than once, in which case the specified CPU affinity masks are
        merged. If the empty string is assigned, the mask is reset, all assignments prior to this will have
        no effect. Individual services may override the CPU affinity for their processes with the
        <varname>CPUAffinity=</varname> setting in unit files, see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>NUMAPolicy=</varname></term>

        <listitem><para>Configures the NUMA memory policy for the service manager and the default NUMA memory policy
        for all forked off processes. Individual services may override the default policy with the
        <varname>NUMAPolicy=</varname> setting in unit files, see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>NUMAMask=</varname></term>

        <listitem><para>Configures the NUMA node mask that will be associated with the selected NUMA policy. Note that
        <option>default</option> and <option>local</option> NUMA policies don't require explicit NUMA node mask and
        value of the option can be empty. Similarly to <varname>NUMAPolicy=</varname>, value can be overridden
        by individual services in unit files, see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>RuntimeWatchdogSec=</varname></term>
        <term><varname>RebootWatchdogSec=</varname></term>
        <term><varname>KExecWatchdogSec=</varname></term>

        <listitem><para>Configure the hardware watchdog at runtime and at reboot. Takes a timeout value in seconds (or
        in other time units if suffixed with <literal>ms</literal>, <literal>min</literal>, <literal>h</literal>,
        <literal>d</literal>, <literal>w</literal>). If <varname>RuntimeWatchdogSec=</varname> is set to a non-zero
        value, the watchdog hardware (<filename>/dev/watchdog</filename> or the path specified with
        <varname>WatchdogDevice=</varname> or the kernel option <varname>systemd.watchdog-device=</varname>) will be
        programmed to automatically reboot the system if it is not contacted within the specified timeout interval. The
        system manager will ensure to contact it at least once in half the specified timeout interval. This feature
        requires a hardware watchdog device to be present, as it is commonly the case in embedded and server
        systems. Not all hardware watchdogs allow configuration of all possible reboot timeout values, in which case
        the closest available timeout is picked. <varname>RebootWatchdogSec=</varname> may be used to configure the
        hardware watchdog when the system is asked to reboot. It works as a safety net to ensure that the reboot takes
        place even if a clean reboot attempt times out. Note that the <varname>RebootWatchdogSec=</varname> timeout
        applies only to the second phase of the reboot, i.e. after all regular services are already terminated, and
        after the system and service manager process (PID 1) got replaced by the <filename>systemd-shutdown</filename>
        binary, see system <citerefentry><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry>
        for details. During the first phase of the shutdown operation the system and service manager remains running
        and hence <varname>RuntimeWatchdogSec=</varname> is still honoured. In order to define a timeout on this first
        phase of system shutdown, configure <varname>JobTimeoutSec=</varname> and <varname>JobTimeoutAction=</varname>
        in the [Unit] section of the <filename>shutdown.target</filename> unit. By default
        <varname>RuntimeWatchdogSec=</varname> defaults to 0 (off), and <varname>RebootWatchdogSec=</varname> to
        10min. <varname>KExecWatchdogSec=</varname> may be used to additionally enable the watchdog when kexec
        is being executed rather than when rebooting. Note that if the kernel does not reset the watchdog on kexec (depending
        on the specific hardware and/or driver), in this case the watchdog might not get disabled after kexec succeeds
        and thus the system might get rebooted, unless <varname>RuntimeWatchdogSec=</varname> is also enabled at the same time.
        For this reason it is recommended to enable <varname>KExecWatchdogSec=</varname> only if
        <varname>RuntimeWatchdogSec=</varname> is also enabled.
        These settings have no effect if a hardware watchdog is not available.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>WatchdogDevice=</varname></term>

        <listitem><para>Configure the hardware watchdog device that the
        runtime and shutdown watchdog timers will open and use. Defaults
        to <filename>/dev/watchdog</filename>. This setting has no
        effect if a hardware watchdog is not available.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>CapabilityBoundingSet=</varname></term>

        <listitem><para>Controls which capabilities to include in the
        capability bounding set for PID 1 and its children. See
        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
        for details. Takes a whitespace-separated list of capability
        names as read by
        <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
        Capabilities listed will be included in the bounding set, all
        others are removed. If the list of capabilities is prefixed
        with ~, all but the listed capabilities will be included, the
        effect of the assignment inverted. Note that this option also
        affects the respective capabilities in the effective,
        permitted and inheritable capability sets. The capability
        bounding set may also be individually configured for units
        using the <varname>CapabilityBoundingSet=</varname> directive
        for units, but note that capabilities dropped for PID 1 cannot
        be regained in individual units, they are lost for
        good.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>NoNewPrivileges=</varname></term>

        <listitem><para>Takes a boolean argument. If true, ensures that PID 1
        and all its children can never gain new privileges through
        <citerefentry project='man-pages'><refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum></citerefentry>
        (e.g. via setuid or setgid bits, or filesystem capabilities).
        Defaults to false. General purpose distributions commonly rely
        on executables with setuid or setgid bits and will thus not
        function properly with this option enabled. Individual units
        cannot disable this option.
        Also see <ulink url="https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html">No New Privileges Flag</ulink>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>SystemCallArchitectures=</varname></term>

        <listitem><para>Takes a space-separated list of architecture
        identifiers. Selects from which architectures system calls may
        be invoked on this system. This may be used as an effective
        way to disable invocation of non-native binaries system-wide,
        for example to prohibit execution of 32-bit x86 binaries on
        64-bit x86-64 systems. This option operates system-wide, and
        acts similar to the
        <varname>SystemCallArchitectures=</varname> setting of unit
        files, see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details. This setting defaults to the empty list, in which
        case no filtering of system calls based on architecture is
        applied. Known architecture identifiers are
        <literal>x86</literal>, <literal>x86-64</literal>,
        <literal>x32</literal>, <literal>arm</literal> and the special
        identifier <literal>native</literal>. The latter implicitly
        maps to the native architecture of the system (or more
        specifically, the architecture the system manager was compiled
        for). Set this setting to <literal>native</literal> to
        prohibit execution of any non-native binaries. When a binary
        executes a system call of an architecture that is not listed
        in this setting, it will be immediately terminated with the
        SIGSYS signal.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>TimerSlackNSec=</varname></term>

        <listitem><para>Sets the timer slack in nanoseconds for PID 1,
        which is inherited by all executed processes, unless
        overridden individually, for example with the
        <varname>TimerSlackNSec=</varname> setting in service units
        (for details see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
        The timer slack controls the accuracy of wake-ups triggered by
        system timers. See
        <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
        for more information. Note that in contrast to most other time
        span definitions this parameter takes an integer value in
        nano-seconds if no unit is specified. The usual time units are
        understood too.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>StatusUnitFormat=</varname></term>

        <listitem><para>Takes either <option>name</option> or <option>description</option> as the value. If
        <option>name</option>, the system manager will use unit names in status messages, instead of the
        longer and more informative descriptions set with <varname>Description=</varname>, see
        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultTimerAccuracySec=</varname></term>

        <listitem><para>Sets the default accuracy of timer units. This
        controls the global default for the
        <varname>AccuracySec=</varname> setting of timer units, see
        <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details. <varname>AccuracySec=</varname> set in individual
        units override the global default for the specific unit.
        Defaults to 1min. Note that the accuracy of timer units is
        also affected by the configured timer slack for PID 1, see
        <varname>TimerSlackNSec=</varname> above.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultTimeoutStartSec=</varname></term>
        <term><varname>DefaultTimeoutStopSec=</varname></term>
        <term><varname>DefaultTimeoutAbortSec=</varname></term>
        <term><varname>DefaultRestartSec=</varname></term>

        <listitem><para>Configures the default timeouts for starting,
        stopping and aborting of units, as well as the default time to sleep
        between automatic restarts of units, as configured per-unit in
        <varname>TimeoutStartSec=</varname>,
        <varname>TimeoutStopSec=</varname>,
        <varname>TimeoutAbortSec=</varname> and
        <varname>RestartSec=</varname> (for services, see
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details on the per-unit settings). Disabled by default, when
        service with <varname>Type=oneshot</varname> is used.
        For non-service units,
        <varname>DefaultTimeoutStartSec=</varname> sets the default
        <varname>TimeoutSec=</varname>
        value. <varname>DefaultTimeoutStartSec=</varname> and
        <varname>DefaultTimeoutStopSec=</varname> default to
        90s. <varname>DefaultTimeoutAbortSec=</varname> is not set by default
        so that all units fall back to <varname>TimeoutStopSec=</varname>.
        <varname>DefaultRestartSec=</varname> defaults to
        100ms.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultStartLimitIntervalSec=</varname></term>
        <term><varname>DefaultStartLimitBurst=</varname></term>

        <listitem><para>Configure the default unit start rate
        limiting, as configured per-service by
        <varname>StartLimitIntervalSec=</varname> and
        <varname>StartLimitBurst=</varname>. See
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details on the per-service settings.
        <varname>DefaultStartLimitIntervalSec=</varname> defaults to
        10s. <varname>DefaultStartLimitBurst=</varname> defaults to
        5.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultEnvironment=</varname></term>

        <listitem><para>Configures environment variables passed to all executed processes. Takes a
        space-separated list of variable assignments. See <citerefentry
        project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
        details about environment variables.</para>

        <para>Simple <literal>%</literal>-specifier expansion is supported, see below for a list of supported
        specifiers.</para>

        <para>Example:

        <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>

        Sets three variables
        <literal>VAR1</literal>,
        <literal>VAR2</literal>,
        <literal>VAR3</literal>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>ManagerEnvironment=</varname></term>

        <listitem><para>Takes the same arguments as <varname>DefaultEnvironment=</varname>, see above. Sets
        environment variables just for the manager process itself. In contrast to user managers, these variables
        are not inherited by processes spawned by the system manager, use <varname>DefaultEnvironment=</varname>
        for that. Note that these variables are merged into the existing environment block. In particular, in
        case of the system manager, this includes variables set by the kernel based on the kernel command line.</para>

        <para>Setting environment variables for the manager process may be useful to modify its behaviour.
        See <ulink url="https://systemd.io/ENVIRONMENT">ENVIRONMENT</ulink> for a descriptions of some
        variables understood by <command>systemd</command>.</para>

        <para>Simple <literal>%</literal>-specifier expansion is supported, see below for a list of supported
        specifiers.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultCPUAccounting=</varname></term>
        <term><varname>DefaultBlockIOAccounting=</varname></term>
        <term><varname>DefaultMemoryAccounting=</varname></term>
        <term><varname>DefaultTasksAccounting=</varname></term>
        <term><varname>DefaultIOAccounting=</varname></term>
        <term><varname>DefaultIPAccounting=</varname></term>

        <listitem><para>Configure the default resource accounting settings, as configured per-unit by
        <varname>CPUAccounting=</varname>, <varname>BlockIOAccounting=</varname>, <varname>MemoryAccounting=</varname>,
        <varname>TasksAccounting=</varname>, <varname>IOAccounting=</varname> and <varname>IPAccounting=</varname>. See
        <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details on the per-unit settings. <varname>DefaultTasksAccounting=</varname> defaults to yes,
        <varname>DefaultMemoryAccounting=</varname> to &MEMORY_ACCOUNTING_DEFAULT;. <varname>DefaultCPUAccounting=</varname>
        defaults to yes if enabling CPU accounting doesn't require the CPU controller to be enabled (Linux 4.15+ using the
        unified hierarchy for resource control), otherwise it defaults to no. The other three settings default to no.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultTasksMax=</varname></term>

        <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
        <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details. This setting applies to all unit types that support resource control settings, with the exception
        of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
        and root cgroup <varname>pids.max</varname>.
        Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
        For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
        but might be greater in other systems or smaller in OS containers.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultLimitCPU=</varname></term>
        <term><varname>DefaultLimitFSIZE=</varname></term>
        <term><varname>DefaultLimitDATA=</varname></term>
        <term><varname>DefaultLimitSTACK=</varname></term>
        <term><varname>DefaultLimitCORE=</varname></term>
        <term><varname>DefaultLimitRSS=</varname></term>
        <term><varname>DefaultLimitNOFILE=</varname></term>
        <term><varname>DefaultLimitAS=</varname></term>
        <term><varname>DefaultLimitNPROC=</varname></term>
        <term><varname>DefaultLimitMEMLOCK=</varname></term>
        <term><varname>DefaultLimitLOCKS=</varname></term>
        <term><varname>DefaultLimitSIGPENDING=</varname></term>
        <term><varname>DefaultLimitMSGQUEUE=</varname></term>
        <term><varname>DefaultLimitNICE=</varname></term>
        <term><varname>DefaultLimitRTPRIO=</varname></term>
        <term><varname>DefaultLimitRTTIME=</varname></term>

        <listitem><para>These settings control various default resource limits for processes executed by
        units. See
        <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
        details. These settings may be overridden in individual units using the corresponding
        <varname>LimitXXX=</varname> directives and they accept the same parameter syntax,
        see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details. Note that these resource limits are only defaults
        for units, they are not applied to the service manager process (i.e. PID 1) itself.</para>

        <para>Most of these settings are unset, which means the resource limits are inherited from the kernel or, if
        invoked in a container, from the container manager. However, the following have defaults:</para>
        <itemizedlist>
          <listitem><para><varname>DefaultLimitNOFILE=</varname> defaults to <literal>1024:&HIGH_RLIMIT_NOFILE;</literal>.
          </para></listitem>

          <listitem><para><varname>DefaultLimitCORE=</varname> does not have a default but it is worth mentioning that
          <varname>RLIMIT_CORE</varname> is set to <literal>infinity</literal> by PID 1 which is inherited by its
          children.</para></listitem>

          <listitem><para>Note that the service manager internally increases <varname>RLIMIT_MEMLOCK</varname> for
          itself, however the limit is reverted to the original value for child processes forked off.</para></listitem>
        </itemizedlist>

      </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>DefaultOOMPolicy=</varname></term>

        <listitem><para>Configure the default policy for reacting to processes being killed by the Linux
        Out-Of-Memory (OOM) killer. This may be used to pick a global default for the per-unit
        <varname>OOMPolicy=</varname> setting. See
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        for details. Note that this default is not used for services that have <varname>Delegate=</varname>
        turned on.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Specifiers</title>

    <para>Specifiers may be used in the <varname>DefaultEnvironment=</varname> and
    <varname>ManagerEnvironment=</varname> settings. The following expansions are understood:</para>
      <table class='specifiers'>
        <title>Specifiers available</title>
        <tgroup cols='3' align='left' colsep='1' rowsep='1'>
          <colspec colname="spec" />
          <colspec colname="mean" />
          <colspec colname="detail" />
          <thead>
            <row>
              <entry>Specifier</entry>
              <entry>Meaning</entry>
              <entry>Details</entry>
            </row>
          </thead>
          <tbody>
            <xi:include href="standard-specifiers.xml" xpointer="a"/>
            <xi:include href="standard-specifiers.xml" xpointer="A"/>
            <xi:include href="standard-specifiers.xml" xpointer="b"/>
            <xi:include href="standard-specifiers.xml" xpointer="B"/>
            <xi:include href="standard-specifiers.xml" xpointer="H"/>
            <xi:include href="standard-specifiers.xml" xpointer="l"/>
            <xi:include href="standard-specifiers.xml" xpointer="m"/>
            <xi:include href="standard-specifiers.xml" xpointer="M"/>
            <xi:include href="standard-specifiers.xml" xpointer="o"/>
            <xi:include href="standard-specifiers.xml" xpointer="v"/>
            <xi:include href="standard-specifiers.xml" xpointer="w"/>
            <xi:include href="standard-specifiers.xml" xpointer="W"/>
            <xi:include href="standard-specifiers.xml" xpointer="T"/>
            <xi:include href="standard-specifiers.xml" xpointer="V"/>
            <xi:include href="standard-specifiers.xml" xpointer="percent"/>
          </tbody>
        </tgroup>
      </table>
  </refsect1>

  <refsect1>
      <title>See Also</title>
      <para>
        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
        <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
      </para>
  </refsect1>

</refentry>