mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-25 23:21:33 +03:00
e59ccd035c
It takes an allow or deny list of filesystems services should have access to.
264 lines
4.1 KiB
SYSTEMD
264 lines
4.1 KiB
SYSTEMD
socket
|
|
[Socket]
|
|
Accept=
|
|
AllowedCPUs=
|
|
AllowedMemoryNodes=
|
|
AmbientCapabilities=
|
|
AppArmorProfile=
|
|
BPFProgram=
|
|
Backlog=
|
|
ExecSearchPath=
|
|
BindIPv6Only=
|
|
BindPaths=
|
|
BindReadOnlyPaths=
|
|
BindToDevice=
|
|
BlockIOAccounting=
|
|
BlockIODeviceWeight=
|
|
BlockIOReadBandwidth=
|
|
BlockIOWeight=
|
|
BlockIOWriteBandwidth=
|
|
Broadcast=
|
|
CPUAccounting=
|
|
CPUAffinity=
|
|
CPUQuota=
|
|
CPUQuotaPeriodSec=
|
|
CPUSchedulingPolicy=
|
|
CPUSchedulingPriority=
|
|
CPUSchedulingResetOnFork=
|
|
CPUShares=
|
|
CPUWeight=
|
|
CacheDirectory=
|
|
CacheDirectoryMode=
|
|
Capabilities=
|
|
CapabilityBoundingSet=
|
|
ConfigurationDirectory=
|
|
ConfigurationDirectoryMode=
|
|
CoredumpFilter=
|
|
DefaultMemoryLow=
|
|
DefaultMemoryMin=
|
|
DeferAcceptSec=
|
|
Delegate=
|
|
DeviceAllow=
|
|
DevicePolicy=
|
|
DirectoryMode=
|
|
DisableControllers=
|
|
DynamicUser=
|
|
Environment=
|
|
EnvironmentFile=
|
|
ExecPaths=
|
|
ExecStartPost=
|
|
ExecStartPre=
|
|
ExecStopPost=
|
|
ExecStopPre=
|
|
ExtensionImages=
|
|
FileDescriptorName=
|
|
FinalKillSignal=
|
|
FlushPending=
|
|
FreeBind=
|
|
Group=
|
|
IOAccounting=
|
|
IODeviceLatencyTargetSec=
|
|
IODeviceWeight=
|
|
IOReadBandwidthMax=
|
|
IOReadIOPSMax=
|
|
IOSchedulingClass=
|
|
IOSchedulingPriority=
|
|
IOWeight=
|
|
IOWriteBandwidthMax=
|
|
IOWriteIOPSMax=
|
|
IPAccounting=
|
|
IPAddressAllow=
|
|
IPAddressDeny=
|
|
IPCNamespacePath=
|
|
IPEgressFilterPath=
|
|
IPIngressFilterPath=
|
|
IPTOS=
|
|
IPTTL=
|
|
IgnoreSIGPIPE=
|
|
InaccessibleDirectories=
|
|
InaccessiblePaths=
|
|
KeepAlive=
|
|
KeepAliveIntervalSec=
|
|
KeepAliveProbes=
|
|
KeepAliveTimeSec=
|
|
KeyringMode=
|
|
KillMode=
|
|
KillSignal=
|
|
LimitAS=
|
|
LimitCORE=
|
|
LimitCPU=
|
|
LimitDATA=
|
|
LimitFSIZE=
|
|
LimitLOCKS=
|
|
LimitMEMLOCK=
|
|
LimitMSGQUEUE=
|
|
LimitNICE=
|
|
LimitNOFILE=
|
|
LimitNPROC=
|
|
LimitRSS=
|
|
LimitRTPRIO=
|
|
LimitRTTIME=
|
|
LimitSIGPENDING=
|
|
LimitSTACK=
|
|
ListenDatagram=
|
|
ListenFIFO=
|
|
ListenMessageQueue=
|
|
ListenNetlink=
|
|
ListenSequentialPacket=
|
|
ListenSpecial=
|
|
ListenStream=
|
|
ListenUSBFunction=
|
|
LoadCredential=
|
|
LoadCredentialEncrypted=
|
|
LockPersonality=
|
|
LogExtraFields=
|
|
LogLevelMax=
|
|
LogNamespace=
|
|
LogRateLimitBurst=
|
|
LogRateLimitIntervalSec=
|
|
LogsDirectory=
|
|
LogsDirectoryMode=
|
|
ManagedOOMMemoryPressure=
|
|
ManagedOOMMemoryPressureLimit=
|
|
ManagedOOMPreference=
|
|
ManagedOOMSwap=
|
|
Mark=
|
|
MaxConnections=
|
|
MaxConnectionsPerSource=
|
|
MemoryAccounting=
|
|
MemoryDenyWriteExecute=
|
|
MemoryHigh=
|
|
MemoryLimit=
|
|
MemoryLow=
|
|
MemoryMax=
|
|
MemoryMin=
|
|
MemorySwapMax=
|
|
MessageQueueMaxMessages=
|
|
MessageQueueMessageSize=
|
|
MountAPIVFS=
|
|
MountFlags=
|
|
MountImages=
|
|
NUMAMask=
|
|
NUMAPolicy=
|
|
NetClass=
|
|
NetworkNamespacePath=
|
|
Nice=
|
|
NoDelay=
|
|
NoExecPaths=
|
|
NoNewPrivileges=
|
|
OOMScoreAdjust=
|
|
PAMName=
|
|
PassCredentials=
|
|
PassEnvironment=
|
|
PassPacketInfo=
|
|
PassSecurity=
|
|
Personality=
|
|
PipeSize=
|
|
Priority=
|
|
PrivateDevices=
|
|
PrivateIPC=
|
|
PrivateMounts=
|
|
PrivateNetwork=
|
|
PrivateTmp=
|
|
PrivateUsers=
|
|
ProcSubset=
|
|
ProtectClock=
|
|
ProtectControlGroups=
|
|
ProtectHome=
|
|
ProtectHostname=
|
|
ProtectKernelLogs=
|
|
ProtectKernelModules=
|
|
ProtectKernelTunables=
|
|
ProtectProc=
|
|
ProtectSystem=
|
|
ReadOnlyDirectories=
|
|
ReadOnlyPaths=
|
|
ReadWriteDirectories=
|
|
ReadWritePaths=
|
|
ReceiveBuffer=
|
|
RemoveIPC=
|
|
RemoveOnStop=
|
|
RestartKillSignal=
|
|
RestrictAddressFamilies=
|
|
RestrictFileSystems=
|
|
RestrictNamespaces=
|
|
RestrictNetworkInterfaces=
|
|
RestrictRealtime=
|
|
RestrictSUIDSGID=
|
|
ReusePort=
|
|
RootDirectory=
|
|
RootHash=
|
|
RootHashSignature=
|
|
RootImage=
|
|
RootImageOptions=
|
|
RootVerity=
|
|
RuntimeDirectory=
|
|
RuntimeDirectoryMode=
|
|
RuntimeDirectoryPreserve=
|
|
SELinuxContext=
|
|
SELinuxContextFromNet=
|
|
SecureBits=
|
|
SendBuffer=
|
|
SendSIGHUP=
|
|
SendSIGKILL=
|
|
Service=
|
|
SetCredential=
|
|
SetCredentialEncrypted=
|
|
Slice=
|
|
SmackLabel=
|
|
SmackLabelIPIn=
|
|
SmackLabelIPOut=
|
|
SmackProcessLabel=
|
|
SocketBindAllow=
|
|
SocketBindDeny=
|
|
SocketGroup=
|
|
SocketMode=
|
|
SocketProtocol=
|
|
SocketUser=
|
|
StandardError=
|
|
StandardInput=
|
|
StandardInputData=
|
|
StandardInputText=
|
|
StandardOutput=
|
|
StartupAllowedCPUs=
|
|
StartupAllowedMemoryNodes=
|
|
StartupBlockIOWeight=
|
|
StartupCPUShares=
|
|
StartupCPUWeight=
|
|
StartupIOWeight=
|
|
StateDirectory=
|
|
StateDirectoryMode=
|
|
SupplementaryGroups=
|
|
Symlinks=
|
|
SyslogFacility=
|
|
SyslogIdentifier=
|
|
SyslogLevel=
|
|
SyslogLevelPrefix=
|
|
SystemCallArchitectures=
|
|
SystemCallErrorNumber=
|
|
SystemCallFilter=
|
|
SystemCallLog=
|
|
TCPCongestion=
|
|
TTYPath=
|
|
TTYReset=
|
|
TTYVHangup=
|
|
TTYVTDisallocate=
|
|
TasksAccounting=
|
|
TasksMax=
|
|
TemporaryFileSystem=
|
|
TimeoutCleanSec=
|
|
TimeoutSec=
|
|
TimerSlackNSec=
|
|
Timestamping=
|
|
Transparent=
|
|
TriggerLimitBurst=
|
|
TriggerLimitIntervalSec=
|
|
UMask=
|
|
UnsetEnvironment=
|
|
User=
|
|
UtmpIdentifier=
|
|
UtmpMode=
|
|
WatchdogSignal=
|
|
WorkingDirectory=
|
|
Writable=
|