]> git.proxmox.com Git - systemd.git/blob - man/systemd-system.conf.xml
Enable seccomp support on powerpc, ppc64el, and s390x
[systemd.git] / man / systemd-system.conf.xml
1 <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4
5 <!--
6 This file is part of systemd.
7
8 Copyright 2010 Lennart Poettering
9
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
14
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
19
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 -->
23
24 <refentry id="systemd-system.conf"
25 xmlns:xi="http://www.w3.org/2001/XInclude">
26 <refentryinfo>
27 <title>systemd-system.conf</title>
28 <productname>systemd</productname>
29
30 <authorgroup>
31 <author>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
36 </author>
37 </authorgroup>
38 </refentryinfo>
39
40 <refmeta>
41 <refentrytitle>systemd-system.conf</refentrytitle>
42 <manvolnum>5</manvolnum>
43 </refmeta>
44
45 <refnamediv>
46 <refname>systemd-system.conf</refname>
47 <refname>system.conf.d</refname>
48 <refname>systemd-user.conf</refname>
49 <refname>user.conf.d</refname>
50 <refpurpose>System and session service manager configuration files</refpurpose>
51 </refnamediv>
52
53 <refsynopsisdiv>
54 <para><filename>/etc/systemd/system.conf</filename>,
55 <filename>/etc/systemd/system.conf.d/*.conf</filename>,
56 <filename>/run/systemd/system.conf.d/*.conf</filename>,
57 <filename>/usr/lib/systemd/system.conf.d/*.conf</filename></para>
58 <para><filename>/etc/systemd/user.conf</filename>,
59 <filename>/etc/systemd/user.conf.d/*.conf</filename>,
60 <filename>/run/systemd/user.conf.d/*.conf</filename>,
61 <filename>/usr/lib/systemd/user.conf.d/*.conf</filename></para>
62 </refsynopsisdiv>
63
64 <refsect1>
65 <title>Description</title>
66
67 <para>When run as a system instance, systemd interprets the
68 configuration file <filename>system.conf</filename> and the files
69 in <filename>system.conf.d</filename> directories; when run as a
70 user instance, systemd interprets the configuration file
71 <filename>user.conf</filename> and the files in
72 <filename>user.conf.d</filename> directories. These configuration
73 files contain a few settings controlling basic manager
74 operations.</para>
75 </refsect1>
76
77 <xi:include href="standard-conf.xml" xpointer="main-conf" />
78
79 <refsect1>
80 <title>Options</title>
81
82 <para>All options are configured in the
83 <literal>[Manager]</literal> section:</para>
84
85 <variablelist class='systemd-directives'>
86
87 <varlistentry>
88 <term><varname>LogLevel=</varname></term>
89 <term><varname>LogTarget=</varname></term>
90 <term><varname>LogColor=</varname></term>
91 <term><varname>LogLocation=</varname></term>
92 <term><varname>DumpCore=yes</varname></term>
93 <term><varname>CrashChangeVT=no</varname></term>
94 <term><varname>CrashShell=no</varname></term>
95 <term><varname>CrashReboot=no</varname></term>
96 <term><varname>ShowStatus=yes</varname></term>
97 <term><varname>DefaultStandardOutput=journal</varname></term>
98 <term><varname>DefaultStandardError=inherit</varname></term>
99
100 <listitem><para>Configures various parameters of basic manager
101 operation. These options may be overridden by the respective
102 command line arguments. See
103 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
104 for details about these command line
105 arguments.</para></listitem>
106 </varlistentry>
107
108 <varlistentry>
109 <term><varname>CPUAffinity=</varname></term>
110
111 <listitem><para>Configures the initial CPU affinity for the
112 init process. Takes a list of CPU indices or ranges separated
113 by either whitespace or commas. CPU ranges are specified by
114 the lower and upper CPU indices separated by a
115 dash.</para></listitem>
116 </varlistentry>
117
118 <varlistentry>
119 <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
120
121 <listitem><para>Configures controllers that shall be mounted
122 in a single hierarchy. By default, systemd will mount all
123 controllers which are enabled in the kernel in individual
124 hierarchies, with the exception of those listed in this
125 setting. Takes a space-separated list of comma-separated
126 controller names, in order to allow multiple joined
127 hierarchies. Defaults to 'cpu,cpuacct'. Pass an empty string
128 to ensure that systemd mounts all controllers in separate
129 hierarchies.</para>
130
131 <para>Note that this option is only applied once, at very
132 early boot. If you use an initial RAM disk (initrd) that uses
133 systemd, it might hence be necessary to rebuild the initrd if
134 this option is changed, and make sure the new configuration
135 file is included in it. Otherwise, the initrd might mount the
136 controller hierarchies in a different configuration than
137 intended, and the main system cannot remount them
138 anymore.</para></listitem>
139 </varlistentry>
140
141 <varlistentry>
142 <term><varname>RuntimeWatchdogSec=</varname></term>
143 <term><varname>ShutdownWatchdogSec=</varname></term>
144
145 <listitem><para>Configure the hardware watchdog at runtime and
146 at reboot. Takes a timeout value in seconds (or in other time
147 units if suffixed with <literal>ms</literal>,
148 <literal>min</literal>, <literal>h</literal>,
149 <literal>d</literal>, <literal>w</literal>). If
150 <varname>RuntimeWatchdogSec=</varname> is set to a non-zero
151 value, the watchdog hardware
152 (<filename>/dev/watchdog</filename>) will be programmed to
153 automatically reboot the system if it is not contacted within
154 the specified timeout interval. The system manager will ensure
155 to contact it at least once in half the specified timeout
156 interval. This feature requires a hardware watchdog device to
157 be present, as it is commonly the case in embedded and server
158 systems. Not all hardware watchdogs allow configuration of the
159 reboot timeout, in which case the closest available timeout is
160 picked. <varname>ShutdownWatchdogSec=</varname> may be used to
161 configure the hardware watchdog when the system is asked to
162 reboot. It works as a safety net to ensure that the reboot
163 takes place even if a clean reboot attempt times out. By
164 default <varname>RuntimeWatchdogSec=</varname> defaults to 0
165 (off), and <varname>ShutdownWatchdogSec=</varname> to 10min.
166 These settings have no effect if a hardware watchdog is not
167 available.</para></listitem>
168 </varlistentry>
169
170 <varlistentry>
171 <term><varname>CapabilityBoundingSet=</varname></term>
172
173 <listitem><para>Controls which capabilities to include in the
174 capability bounding set for PID 1 and its children. See
175 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
176 for details. Takes a whitespace-separated list of capability
177 names as read by
178 <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
179 Capabilities listed will be included in the bounding set, all
180 others are removed. If the list of capabilities is prefixed
181 with ~, all but the listed capabilities will be included, the
182 effect of the assignment inverted. Note that this option also
183 affects the respective capabilities in the effective,
184 permitted and inheritable capability sets. The capability
185 bounding set may also be individually configured for units
186 using the <varname>CapabilityBoundingSet=</varname> directive
187 for units, but note that capabilities dropped for PID 1 cannot
188 be regained in individual units, they are lost for
189 good.</para></listitem>
190 </varlistentry>
191
192 <varlistentry>
193 <term><varname>SystemCallArchitectures=</varname></term>
194
195 <listitem><para>Takes a space-separated list of architecture
196 identifiers. Selects from which architectures system calls may
197 be invoked on this system. This may be used as an effective
198 way to disable invocation of non-native binaries system-wide,
199 for example to prohibit execution of 32-bit x86 binaries on
200 64-bit x86-64 systems. This option operates system-wide, and
201 acts similar to the
202 <varname>SystemCallArchitectures=</varname> setting of unit
203 files, see
204 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
205 for details. This setting defaults to the empty list, in which
206 case no filtering of system calls based on architecture is
207 applied. Known architecture identifiers are
208 <literal>x86</literal>, <literal>x86-64</literal>,
209 <literal>x32</literal>, <literal>arm</literal> and the special
210 identifier <literal>native</literal>. The latter implicitly
211 maps to the native architecture of the system (or more
212 specifically, the architecture the system manager was compiled
213 for). Set this setting to <literal>native</literal> to
214 prohibit execution of any non-native binaries. When a binary
215 executes a system call of an architecture that is not listed
216 in this setting, it will be immediately terminated with the
217 SIGSYS signal.</para></listitem>
218 </varlistentry>
219
220 <varlistentry>
221 <term><varname>TimerSlackNSec=</varname></term>
222
223 <listitem><para>Sets the timer slack in nanoseconds for PID 1,
224 which is inherited by all executed processes, unless
225 overridden individually, for example with the
226 <varname>TimerSlackNSec=</varname> setting in service units
227 (for details see
228 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
229 The timer slack controls the accuracy of wake-ups triggered by
230 system timers. See
231 <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
232 for more information. Note that in contrast to most other time
233 span definitions this parameter takes an integer value in
234 nano-seconds if no unit is specified. The usual time units are
235 understood too.</para></listitem>
236 </varlistentry>
237
238 <varlistentry>
239 <term><varname>DefaultTimerAccuracySec=</varname></term>
240
241 <listitem><para>Sets the default accuracy of timer units. This
242 controls the global default for the
243 <varname>AccuracySec=</varname> setting of timer units, see
244 <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
245 for details. <varname>AccuracySec=</varname> set in individual
246 units override the global default for the specific unit.
247 Defaults to 1min. Note that the accuracy of timer units is
248 also affected by the configured timer slack for PID 1, see
249 <varname>TimerSlackNSec=</varname> above.</para></listitem>
250 </varlistentry>
251
252 <varlistentry>
253 <term><varname>DefaultTimeoutStartSec=</varname></term>
254 <term><varname>DefaultTimeoutStopSec=</varname></term>
255 <term><varname>DefaultRestartSec=</varname></term>
256
257 <listitem><para>Configures the default timeouts for starting
258 and stopping of units, as well as the default time to sleep
259 between automatic restarts of units, as configured per-unit in
260 <varname>TimeoutStartSec=</varname>,
261 <varname>TimeoutStopSec=</varname> and
262 <varname>RestartSec=</varname> (for services, see
263 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
264 for details on the per-unit settings). For non-service units,
265 <varname>DefaultTimeoutStartSec=</varname> sets the default
266 <varname>TimeoutSec=</varname>
267 value. <varname>DefaultTimeoutStartSec=</varname> and
268 <varname>DefaultTimeoutStopSec=</varname> default to
269 90s. <varname>DefaultRestartSec=</varname> defaults to
270 100ms.</para></listitem>
271 </varlistentry>
272
273 <varlistentry>
274 <term><varname>DefaultStartLimitInterval=</varname></term>
275 <term><varname>DefaultStartLimitBurst=</varname></term>
276
277 <listitem><para>Configure the default unit start rate
278 limiting, as configured per-service by
279 <varname>StartLimitInterval=</varname> and
280 <varname>StartLimitBurst=</varname>. See
281 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
282 for details on the per-service settings.
283 <varname>DefaultStartLimitInterval=</varname> defaults to
284 10s. <varname>DefaultStartLimitBurst=</varname> defaults to
285 5.</para></listitem>
286 </varlistentry>
287
288 <varlistentry>
289 <term><varname>DefaultEnvironment=</varname></term>
290
291 <listitem><para>Sets manager environment variables passed to
292 all executed processes. Takes a space-separated list of
293 variable assignments. See
294 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
295 for details about environment variables.</para>
296
297 <para>Example:
298
299 <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
300
301 Sets three variables
302 <literal>VAR1</literal>,
303 <literal>VAR2</literal>,
304 <literal>VAR3</literal>.</para></listitem>
305 </varlistentry>
306
307 <varlistentry>
308 <term><varname>DefaultCPUAccounting=</varname></term>
309 <term><varname>DefaultBlockIOAccounting=</varname></term>
310 <term><varname>DefaultMemoryAccounting=</varname></term>
311 <term><varname>DefaultTasksAccounting=</varname></term>
312
313 <listitem><para>Configure the default resource accounting
314 settings, as configured per-unit by
315 <varname>CPUAccounting=</varname>,
316 <varname>BlockIOAccounting=</varname>,
317 <varname>MemoryAccounting=</varname> and
318 <varname>TasksAccounting=</varname>. See
319 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
320 for details on the per-unit
321 settings. <varname>DefaulTasksAccounting=</varname> defaults
322 to on, the other three settings to off.</para></listitem>
323 </varlistentry>
324
325 <varlistentry>
326 <term><varname>DefaultTasksMax=</varname></term>
327
328 <listitem><para>Configure the default value for the per-unit
329 <varname>TasksMax=</varname> setting. See
330 <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
331 for details. This setting applies to all unit types that
332 support resource control settings, with the exception of slice
333 units. Defaults to 512.</para></listitem>
334 </varlistentry>
335
336 <varlistentry>
337 <term><varname>DefaultLimitCPU=</varname></term>
338 <term><varname>DefaultLimitFSIZE=</varname></term>
339 <term><varname>DefaultLimitDATA=</varname></term>
340 <term><varname>DefaultLimitSTACK=</varname></term>
341 <term><varname>DefaultLimitCORE=</varname></term>
342 <term><varname>DefaultLimitRSS=</varname></term>
343 <term><varname>DefaultLimitNOFILE=</varname></term>
344 <term><varname>DefaultLimitAS=</varname></term>
345 <term><varname>DefaultLimitNPROC=</varname></term>
346 <term><varname>DefaultLimitMEMLOCK=</varname></term>
347 <term><varname>DefaultLimitLOCKS=</varname></term>
348 <term><varname>DefaultLimitSIGPENDING=</varname></term>
349 <term><varname>DefaultLimitMSGQUEUE=</varname></term>
350 <term><varname>DefaultLimitNICE=</varname></term>
351 <term><varname>DefaultLimitRTPRIO=</varname></term>
352 <term><varname>DefaultLimitRTTIME=</varname></term>
353
354 <listitem><para>These settings control various default
355 resource limits for units. See
356 <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
357 for details. Use the string <varname>infinity</varname> to
358 configure no limit on a specific resource. The multiplicative suffixes
359 K (=1024), M (=1024*1024) and so on for G, T, P and E may be used for
360 resource limits measured in bytes (e.g. DefaultLimitAS=16G). These
361 settings may be overridden in individual units using the corresponding
362 LimitXXX= directives. Note that these resource limits are only
363 defaults for units, they are not applied to PID 1
364 itself.</para></listitem>
365 </varlistentry>
366 </variablelist>
367 </refsect1>
368
369 <refsect1>
370 <title>See Also</title>
371 <para>
372 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
373 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
374 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
375 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
376 <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
377 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
378 </para>
379 </refsect1>
380
381 </refentry>