2020-04-10 12:34:32 +03:00
<?xml version='1.0'?>
< !DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" >
2020-11-09 07:23:58 +03:00
<!-- SPDX - License - Identifier: LGPL - 2.1 - or - later -->
2020-04-10 12:34:32 +03:00
<refentry id= "org.freedesktop.systemd1" xmlns:xi= "http://www.w3.org/2001/XInclude" >
<refentryinfo >
<title > org.freedesktop.systemd1</title>
<productname > systemd</productname>
</refentryinfo>
<refmeta >
<refentrytitle > org.freedesktop.systemd1</refentrytitle>
<manvolnum > 5</manvolnum>
</refmeta>
<refnamediv >
<refname > org.freedesktop.systemd1</refname>
2020-04-14 14:43:11 +03:00
<refpurpose > The D-Bus interface of systemd</refpurpose>
2020-04-10 12:34:32 +03:00
</refnamediv>
<refsect1 >
<title > Introduction</title>
<para >
<citerefentry > <refentrytitle > systemd</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> and its
2020-04-14 14:43:11 +03:00
auxiliary daemons expose a number of APIs over D-Bus. This page only describes the various APIs exposed by the
system and service manager itself. It does not cover the auxiliary daemons.
2020-04-10 12:34:32 +03:00
</para>
<para > The service manager exposes a number of objects on the bus: one
2020-04-14 14:43:11 +03:00
<interfacename > Manager</interfacename> object as a central entry point for clients along with individual objects
2022-03-04 16:03:50 +03:00
for each unit and for each queued job. The unit objects implement a generic
2020-04-14 14:43:11 +03:00
<interfacename > Unit</interfacename> interface as well as a type-specific interface. For example, service units
implement both <interfacename > org.freedesktop.systemd1.Unit</interfacename> and
<interfacename > org.freedesktop.system1.Service</interfacename> . The manager object can list
2022-03-04 16:03:50 +03:00
unit and job objects or directly convert a unit name or job identifier to a bus path of the corresponding
2020-04-10 12:34:32 +03:00
D-Bus object.</para>
2023-06-14 11:13:08 +03:00
<para > Properties exposing time values are usually encoded in microseconds (μs) on the bus, even if
2020-04-10 12:34:32 +03:00
their corresponding settings in the unit files are in seconds.</para>
2022-03-04 16:03:50 +03:00
<para > PID 1 uses <ulink url= "https://www.freedesktop.org/software/polkit/docs/latest/" > polkit</ulink> to
allow access to privileged operations for unprivileged processes. Some operations (such as
shutdown/reboot/suspend) are also available through the D-Bus API of logind, see
2020-04-10 12:34:32 +03:00
<citerefentry > <refentrytitle > org.freedesktop.login1</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> .
</para>
</refsect1>
<refsect1 >
<title > The Manager Object</title>
<para > The main entry point object is available on the fixed
<constant > /org/freedesktop/systemd1</constant> object path:</para>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1" interface= "org.freedesktop.systemd1.Manager" >
2020-04-10 12:34:32 +03:00
node /org/freedesktop/systemd1 {
interface org.freedesktop.systemd1.Manager {
methods:
GetUnit(in s name,
out o unit);
GetUnitByPID(in u pid,
out o unit);
2020-04-21 11:55:25 +03:00
GetUnitByInvocationID(in ay invocation_id,
out o unit);
GetUnitByControlGroup(in s cgroup,
out o unit);
2023-01-17 02:46:01 +03:00
GetUnitByPIDFD(in h pidfd,
out o unit,
out s unit_id,
out ay invocation_id);
2020-04-10 12:34:32 +03:00
LoadUnit(in s name,
out o unit);
StartUnit(in s name,
in s mode,
out o job);
2021-12-03 04:36:05 +03:00
StartUnitWithFlags(in s name,
in s mode,
in t flags,
out o job);
2020-04-10 12:34:32 +03:00
StartUnitReplace(in s old_unit,
in s new_unit,
in s mode,
out o job);
StopUnit(in s name,
in s mode,
out o job);
ReloadUnit(in s name,
in s mode,
out o job);
RestartUnit(in s name,
in s mode,
out o job);
TryRestartUnit(in s name,
in s mode,
out o job);
ReloadOrRestartUnit(in s name,
in s mode,
out o job);
ReloadOrTryRestartUnit(in s name,
in s mode,
out o job);
2020-04-21 11:55:25 +03:00
EnqueueUnitJob(in s name,
in s job_type,
in s job_mode,
out u job_id,
out o job_path,
out s unit_id,
out o unit_path,
out s job_type,
out a(uosos) affected_jobs);
2020-04-10 12:34:32 +03:00
KillUnit(in s name,
2020-04-21 11:55:25 +03:00
in s whom,
2020-04-10 12:34:32 +03:00
in i signal);
2023-02-15 12:25:51 +03:00
QueueSignalUnit(in s name,
in s whom,
in i signal,
in i value);
2020-04-21 11:55:25 +03:00
CleanUnit(in s name,
in as mask);
2020-05-12 11:37:28 +03:00
FreezeUnit(in s name);
ThawUnit(in s name);
2020-04-10 12:34:32 +03:00
ResetFailedUnit(in s name);
2020-04-21 11:55:25 +03:00
SetUnitProperties(in s name,
in b runtime,
in a(sv) properties);
2020-07-30 21:37:10 +03:00
BindMountUnit(in s name,
in s source,
in s destination,
in b read_only,
in b mkdir);
2021-01-21 21:36:33 +03:00
MountImageUnit(in s name,
in s source,
in s destination,
in b read_only,
in b mkdir,
in a(ss) options);
2020-04-21 11:55:25 +03:00
RefUnit(in s name);
UnrefUnit(in s name);
StartTransientUnit(in s name,
in s mode,
in a(sv) properties,
in a(sa(sv)) aux,
out o job);
GetUnitProcesses(in s name,
out a(sus) processes);
AttachProcessesToUnit(in s unit_name,
in s subcgroup,
in au pids);
AbandonScope(in s name);
2020-04-10 12:34:32 +03:00
GetJob(in u id,
out o job);
2020-04-21 11:55:25 +03:00
GetJobAfter(in u id,
out a(usssoo) jobs);
GetJobBefore(in u id,
out a(usssoo) jobs);
2020-04-10 12:34:32 +03:00
CancelJob(in u id);
ClearJobs();
ResetFailed();
2020-08-22 13:25:44 +03:00
SetShowStatus(in s mode);
2020-04-10 12:34:32 +03:00
ListUnits(out a(ssssssouso) units);
2020-04-21 11:55:25 +03:00
ListUnitsFiltered(in as states,
out a(ssssssouso) units);
ListUnitsByPatterns(in as states,
in as patterns,
out a(ssssssouso) units);
ListUnitsByNames(in as names,
out a(ssssssouso) units);
2020-04-10 12:34:32 +03:00
ListJobs(out a(usssoo) jobs);
Subscribe();
Unsubscribe();
2020-04-21 11:55:25 +03:00
Dump(out s output);
2022-10-14 19:29:14 +03:00
DumpUnitsMatchingPatterns(in as patterns,
out s output);
2020-04-21 11:55:25 +03:00
DumpByFileDescriptor(out h fd);
2022-10-17 15:23:04 +03:00
DumpUnitsMatchingPatternsByFileDescriptor(in as patterns,
out h fd);
2020-04-10 12:34:32 +03:00
Reload();
2022-05-10 00:43:40 +03:00
@org.freedesktop.DBus.Method.NoReply("true")
2020-04-10 12:34:32 +03:00
Reexecute();
2021-12-24 08:52:44 +03:00
@org.freedesktop.systemd1.Privileged("true")
2020-04-10 12:34:32 +03:00
Exit();
2021-12-24 08:52:44 +03:00
@org.freedesktop.systemd1.Privileged("true")
2020-04-10 12:34:32 +03:00
Reboot();
2021-12-24 08:52:44 +03:00
@org.freedesktop.systemd1.Privileged("true")
2023-05-03 11:33:01 +03:00
SoftReboot(in s new_root);
@org.freedesktop.systemd1.Privileged("true")
2020-04-10 12:34:32 +03:00
PowerOff();
2021-12-24 08:52:44 +03:00
@org.freedesktop.systemd1.Privileged("true")
2020-04-10 12:34:32 +03:00
Halt();
2021-12-24 08:52:44 +03:00
@org.freedesktop.systemd1.Privileged("true")
2020-04-10 12:34:32 +03:00
KExec();
2021-12-24 08:52:44 +03:00
@org.freedesktop.systemd1.Privileged("true")
2020-04-10 12:34:32 +03:00
SwitchRoot(in s new_root,
in s init);
2020-04-21 11:55:25 +03:00
SetEnvironment(in as assignments);
2020-04-10 12:34:32 +03:00
UnsetEnvironment(in as names);
2020-04-21 11:55:25 +03:00
UnsetAndSetEnvironment(in as names,
in as assignments);
2021-01-30 21:44:15 +03:00
EnqueueMarkedJobs(out ao jobs);
2020-04-21 11:55:25 +03:00
ListUnitFiles(out a(ss) unit_files);
ListUnitFilesByPatterns(in as states,
in as patterns,
out a(ss) unit_files);
2020-04-10 12:34:32 +03:00
GetUnitFileState(in s file,
out s state);
EnableUnitFiles(in as files,
in b runtime,
in b force,
out b carries_install_info,
out a(sss) changes);
DisableUnitFiles(in as files,
in b runtime,
out a(sss) changes);
2020-09-01 19:08:29 +03:00
EnableUnitFilesWithFlags(in as files,
in t flags,
out b carries_install_info,
out a(sss) changes);
DisableUnitFilesWithFlags(in as files,
in t flags,
out a(sss) changes);
2022-11-18 10:43:34 +03:00
DisableUnitFilesWithFlagsAndInstallInfo(in as files,
in t flags,
out b carries_install_info,
out a(sss) changes);
2020-04-10 12:34:32 +03:00
ReenableUnitFiles(in as files,
in b runtime,
in b force,
out b carries_install_info,
out a(sss) changes);
LinkUnitFiles(in as files,
in b runtime,
in b force,
out a(sss) changes);
PresetUnitFiles(in as files,
in b runtime,
in b force,
out b carries_install_info,
out a(sss) changes);
2020-04-21 11:55:25 +03:00
PresetUnitFilesWithMode(in as files,
in s mode,
in b runtime,
in b force,
out b carries_install_info,
out a(sss) changes);
2020-04-10 12:34:32 +03:00
MaskUnitFiles(in as files,
in b runtime,
in b force,
out a(sss) changes);
UnmaskUnitFiles(in as files,
in b runtime,
out a(sss) changes);
2020-04-21 11:55:25 +03:00
RevertUnitFiles(in as files,
out a(sss) changes);
SetDefaultTarget(in s name,
in b force,
2020-04-10 12:34:32 +03:00
out a(sss) changes);
GetDefaultTarget(out s name);
2020-04-21 11:55:25 +03:00
PresetAllUnitFiles(in s mode,
in b runtime,
in b force,
out a(sss) changes);
AddDependencyUnitFiles(in as files,
in s target,
in s type,
in b runtime,
in b force,
out a(sss) changes);
GetUnitFileLinks(in s name,
in b runtime,
out as links);
SetExitCode(in y number);
LookupDynamicUserByName(in s name,
out u uid);
LookupDynamicUserByUID(in u uid,
out s name);
GetDynamicUsers(out a(us) users);
2023-03-27 19:16:40 +03:00
DumpUnitFileDescriptorStore(in s name,
out a(suuutuusu) entries);
2020-04-10 12:34:32 +03:00
signals:
UnitNew(s id,
o unit);
UnitRemoved(s id,
o unit);
JobNew(u id,
o job,
s unit);
JobRemoved(u id,
o job,
s unit,
s result);
StartupFinished(t firmware,
t loader,
t kernel,
t initrd,
t userspace,
t total);
UnitFilesChanged();
Reloading(b active);
properties:
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Version = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Features = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Virtualization = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-07-03 11:53:43 +03:00
readonly s ConfidentialVirtualization = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s Architecture = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Tainted = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t FirmwareTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t FirmwareTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LoaderTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LoaderTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t KernelTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t KernelTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UserspaceTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UserspaceTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t FinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t FinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t SecurityStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t SecurityStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t SecurityFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t SecurityFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t GeneratorsStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t GeneratorsStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t GeneratorsFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t GeneratorsFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-09-02 17:37:13 +03:00
readonly t UnitsLoadTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly t InitRDSecurityStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDSecurityStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDSecurityFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDSecurityFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDGeneratorsStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDGeneratorsStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDGeneratorsFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDGeneratorsFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDUnitsLoadStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDUnitsLoadStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDUnitsLoadFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDUnitsLoadFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite s LogLevel = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite s LogTarget = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NNames = ...;
readonly u NFailedUnits = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NJobs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NInstalledJobs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NFailedJobs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly d Progress = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as Environment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ConfirmSpawn = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b ShowStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UnitPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s DefaultStandardOutput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s DefaultStandardError = '...';
2022-09-16 15:50:58 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s WatchdogDevice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t WatchdogLastPingTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t WatchdogLastPingTimestampMonotonic = ...;
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite t RuntimeWatchdogUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
2021-06-28 01:36:49 +03:00
readwrite t RuntimeWatchdogPreUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
2022-02-08 15:58:30 +03:00
readwrite s RuntimeWatchdogPreGovernor = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
2020-04-21 11:55:25 +03:00
readwrite t RebootWatchdogUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite t KExecWatchdogUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite b ServiceWatchdogs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s SystemState = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly y ExitCode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultTimerAccuracyUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultTimeoutStartUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultTimeoutStopUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultTimeoutAbortUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-07-16 13:36:06 +03:00
readonly t DefaultDeviceTimeoutUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly t DefaultRestartUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultStartLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u DefaultStartLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultCPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultBlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-06-19 05:24:13 +03:00
readonly b DefaultIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultIPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b DefaultMemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultTasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitCPU = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitCPUSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitFSIZE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitFSIZESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitDATA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitDATASoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitSTACK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitSTACKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitCORE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitCORESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRSS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRSSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNOFILE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNOFILESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitAS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitASSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNPROC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNPROCSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitMEMLOCK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitMEMLOCKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitLOCKS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitLOCKSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitSIGPENDING = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitSIGPENDINGSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitMSGQUEUE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitMSGQUEUESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNICE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNICESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRTPRIO = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRTPRIOSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRTTIME = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRTTIMESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultTasksMax = ...;
2023-02-15 21:00:14 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryPressureThresholdUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DefaultMemoryPressureWatch = '...';
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimerSlackNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s DefaultOOMPolicy = '...';
2021-04-23 10:57:14 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-09-30 12:21:18 +03:00
readonly i DefaultOOMScoreAdjust = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-04-23 10:57:14 +03:00
readonly s CtrlAltDelBurstAction = '...';
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
2020-04-10 12:34:32 +03:00
};
</programlisting>
2020-04-21 11:55:25 +03:00
<!-- method GetUnitByInvocationID is not documented! -->
<!-- method GetUnitByControlGroup is not documented! -->
<!-- method EnqueueUnitJob is not documented! -->
<!-- method CleanUnit is not documented! -->
2020-05-12 11:37:28 +03:00
<!-- method FreezeUnit is not documented! -->
<!-- method ThawUnit is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- method RefUnit is not documented! -->
<!-- method UnrefUnit is not documented! -->
<!-- method GetUnitProcesses is not documented! -->
<!-- method AttachProcessesToUnit is not documented! -->
<!-- method AbandonScope is not documented! -->
<!-- method GetJobAfter is not documented! -->
<!-- method GetJobBefore is not documented! -->
2020-08-22 13:25:44 +03:00
<!-- method SetShowStatus is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- method ListUnitsFiltered is not documented! -->
<!-- method ListUnitsByPatterns is not documented! -->
<!-- method ListUnitsByNames is not documented! -->
<!-- method ListUnitFilesByPatterns is not documented! -->
<!-- method PresetUnitFilesWithMode is not documented! -->
<!-- method RevertUnitFiles is not documented! -->
<!-- method PresetAllUnitFiles is not documented! -->
<!-- method AddDependencyUnitFiles is not documented! -->
<!-- method GetUnitFileLinks is not documented! -->
<!-- method SetExitCode is not documented! -->
<!-- method LookupDynamicUserByName is not documented! -->
<!-- method LookupDynamicUserByUID is not documented! -->
<!-- method GetDynamicUsers is not documented! -->
<!-- signal UnitNew is not documented! -->
<!-- signal UnitRemoved is not documented! -->
<!-- signal JobNew is not documented! -->
<!-- signal JobRemoved is not documented! -->
<!-- signal StartupFinished is not documented! -->
<!-- signal UnitFilesChanged is not documented! -->
<!-- signal Reloading is not documented! -->
<!-- property SecurityStartTimestampMonotonic is not documented! -->
<!-- property SecurityFinishTimestamp is not documented! -->
<!-- property SecurityFinishTimestampMonotonic is not documented! -->
<!-- property GeneratorsStartTimestampMonotonic is not documented! -->
<!-- property GeneratorsFinishTimestamp is not documented! -->
<!-- property GeneratorsFinishTimestampMonotonic is not documented! -->
<!-- property UnitsLoadStartTimestamp is not documented! -->
<!-- property UnitsLoadStartTimestampMonotonic is not documented! -->
<!-- property UnitsLoadFinishTimestamp is not documented! -->
<!-- property UnitsLoadFinishTimestampMonotonic is not documented! -->
<!-- property InitRDSecurityStartTimestamp is not documented! -->
<!-- property InitRDSecurityStartTimestampMonotonic is not documented! -->
<!-- property InitRDSecurityFinishTimestamp is not documented! -->
<!-- property InitRDSecurityFinishTimestampMonotonic is not documented! -->
<!-- property InitRDGeneratorsStartTimestamp is not documented! -->
<!-- property InitRDGeneratorsStartTimestampMonotonic is not documented! -->
<!-- property InitRDGeneratorsFinishTimestamp is not documented! -->
<!-- property InitRDGeneratorsFinishTimestampMonotonic is not documented! -->
<!-- property InitRDUnitsLoadStartTimestamp is not documented! -->
<!-- property InitRDUnitsLoadStartTimestampMonotonic is not documented! -->
<!-- property InitRDUnitsLoadFinishTimestamp is not documented! -->
<!-- property InitRDUnitsLoadFinishTimestampMonotonic is not documented! -->
<!-- property LogLevel is not documented! -->
<!-- property LogTarget is not documented! -->
<!-- property NFailedUnits is not documented! -->
<!-- property ConfirmSpawn is not documented! -->
<!-- property ShowStatus is not documented! -->
<!-- property DefaultStandardOutput is not documented! -->
<!-- property DefaultStandardError is not documented! -->
2022-09-16 15:50:58 +03:00
<!-- property WatchdogDevice is not documented! -->
<!-- property WatchdogLastPingTimestamp is not documented! -->
<!-- property WatchdogLastPingTimestampMonotonic is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property RuntimeWatchdogUSec is not documented! -->
2021-06-28 01:36:49 +03:00
<!-- property RuntimeWatchdogPreUSec is not documented! -->
2022-02-08 15:58:30 +03:00
<!-- property RuntimeWatchdogPreGovernor is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property RebootWatchdogUSec is not documented! -->
<!-- property KExecWatchdogUSec is not documented! -->
<!-- property ServiceWatchdogs is not documented! -->
<!-- property ExitCode is not documented! -->
<!-- property DefaultTimerAccuracyUSec is not documented! -->
<!-- property DefaultTimeoutStartUSec is not documented! -->
<!-- property DefaultTimeoutStopUSec is not documented! -->
<!-- property DefaultTimeoutAbortUSec is not documented! -->
2022-07-16 13:36:06 +03:00
<!-- property DefaultDeviceTimeoutUSec is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property DefaultRestartUSec is not documented! -->
<!-- property DefaultStartLimitIntervalUSec is not documented! -->
<!-- property DefaultStartLimitBurst is not documented! -->
<!-- property DefaultCPUAccounting is not documented! -->
<!-- property DefaultBlockIOAccounting is not documented! -->
2023-06-19 05:24:13 +03:00
<!-- property DefaultIOAccounting is not documented! -->
<!-- property DefaultIPAccounting is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property DefaultMemoryAccounting is not documented! -->
<!-- property DefaultTasksAccounting is not documented! -->
<!-- property DefaultLimitCPU is not documented! -->
<!-- property DefaultLimitCPUSoft is not documented! -->
<!-- property DefaultLimitFSIZE is not documented! -->
<!-- property DefaultLimitFSIZESoft is not documented! -->
<!-- property DefaultLimitDATA is not documented! -->
<!-- property DefaultLimitDATASoft is not documented! -->
<!-- property DefaultLimitSTACK is not documented! -->
<!-- property DefaultLimitSTACKSoft is not documented! -->
<!-- property DefaultLimitCORE is not documented! -->
<!-- property DefaultLimitCORESoft is not documented! -->
<!-- property DefaultLimitRSS is not documented! -->
<!-- property DefaultLimitRSSSoft is not documented! -->
<!-- property DefaultLimitNOFILE is not documented! -->
<!-- property DefaultLimitNOFILESoft is not documented! -->
<!-- property DefaultLimitAS is not documented! -->
<!-- property DefaultLimitASSoft is not documented! -->
<!-- property DefaultLimitNPROC is not documented! -->
<!-- property DefaultLimitNPROCSoft is not documented! -->
<!-- property DefaultLimitMEMLOCK is not documented! -->
<!-- property DefaultLimitMEMLOCKSoft is not documented! -->
<!-- property DefaultLimitLOCKS is not documented! -->
<!-- property DefaultLimitLOCKSSoft is not documented! -->
<!-- property DefaultLimitSIGPENDING is not documented! -->
<!-- property DefaultLimitSIGPENDINGSoft is not documented! -->
<!-- property DefaultLimitMSGQUEUE is not documented! -->
<!-- property DefaultLimitMSGQUEUESoft is not documented! -->
<!-- property DefaultLimitNICE is not documented! -->
<!-- property DefaultLimitNICESoft is not documented! -->
<!-- property DefaultLimitRTPRIO is not documented! -->
<!-- property DefaultLimitRTPRIOSoft is not documented! -->
<!-- property DefaultLimitRTTIME is not documented! -->
<!-- property DefaultLimitRTTIMESoft is not documented! -->
<!-- property DefaultTasksMax is not documented! -->
2023-02-15 21:00:14 +03:00
<!-- property DefaultMemoryPressureThresholdUSec is not documented! -->
<!-- property DefaultMemoryPressureWatch is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property TimerSlackNSec is not documented! -->
<!-- property DefaultOOMPolicy is not documented! -->
2021-09-30 12:21:18 +03:00
<!-- property DefaultOOMScoreAdjust is not documented! -->
2021-04-23 10:57:14 +03:00
<!-- property CtrlAltDelBurstAction is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Manager" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Manager" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetUnitByPID()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetUnitByInvocationID()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetUnitByControlGroup()" />
2023-01-17 02:46:01 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetUnitByPIDFD()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "LoadUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "StartUnit()" />
2021-12-03 04:36:05 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "StartUnitWithFlags()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "StartUnitReplace()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "StopUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ReloadUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "RestartUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "TryRestartUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ReloadOrRestartUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ReloadOrTryRestartUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "EnqueueUnitJob()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "KillUnit()" />
2023-02-15 12:25:51 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "QueueSignalUnit()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "CleanUnit()" />
2020-05-12 11:37:28 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "FreezeUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ThawUnit()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "ResetFailedUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "SetUnitProperties()" />
2020-07-30 21:37:10 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "BindMountUnit()" />
2021-01-21 21:36:33 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "MountImageUnit()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "RefUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "UnrefUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "StartTransientUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetUnitProcesses()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "AttachProcessesToUnit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "AbandonScope()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetJob()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetJobAfter()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetJobBefore()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "CancelJob()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ClearJobs()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ResetFailed()" />
2020-08-22 13:25:44 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "SetShowStatus()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "ListUnits()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ListUnitsFiltered()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ListUnitsByPatterns()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ListUnitsByNames()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ListJobs()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Subscribe()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Unsubscribe()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Dump()" />
2022-10-14 19:29:14 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "DumpUnitsMatchingPatterns()" />
2022-09-13 17:13:16 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "DumpByFileDescriptor()" />
2022-10-17 15:23:04 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "DumpUnitsMatchingPatternsByFileDescriptor()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "Reload()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Reexecute()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Exit()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Reboot()" />
2023-05-03 11:33:01 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "SoftReboot()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "PowerOff()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Halt()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "KExec()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "SwitchRoot()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "SetEnvironment()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "UnsetEnvironment()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "UnsetAndSetEnvironment()" />
2021-01-30 21:44:15 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "EnqueueMarkedJobs()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "ListUnitFiles()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "ListUnitFilesByPatterns()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetUnitFileState()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "EnableUnitFiles()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "DisableUnitFiles()" />
2020-09-01 19:08:29 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "EnableUnitFilesWithFlags()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "DisableUnitFilesWithFlags()" />
2022-11-18 10:43:34 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "DisableUnitFilesWithFlagsAndInstallInfo()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "ReenableUnitFiles()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "LinkUnitFiles()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "PresetUnitFiles()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "PresetUnitFilesWithMode()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "MaskUnitFiles()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "UnmaskUnitFiles()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "RevertUnitFiles()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "SetDefaultTarget()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetDefaultTarget()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "PresetAllUnitFiles()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "AddDependencyUnitFiles()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetUnitFileLinks()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "SetExitCode()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "LookupDynamicUserByName()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "LookupDynamicUserByUID()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetDynamicUsers()" />
2023-03-27 19:16:40 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "DumpUnitFileDescriptorStore()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-signal" generated= "True" extra-ref= "UnitNew" />
<variablelist class= "dbus-signal" generated= "True" extra-ref= "UnitRemoved" />
<variablelist class= "dbus-signal" generated= "True" extra-ref= "JobNew" />
<variablelist class= "dbus-signal" generated= "True" extra-ref= "JobRemoved" />
<variablelist class= "dbus-signal" generated= "True" extra-ref= "StartupFinished" />
<variablelist class= "dbus-signal" generated= "True" extra-ref= "UnitFilesChanged" />
<variablelist class= "dbus-signal" generated= "True" extra-ref= "Reloading" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Version" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Features" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Virtualization" />
2023-07-03 11:53:43 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConfidentialVirtualization" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Architecture" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Tainted" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "FirmwareTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "FirmwareTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoaderTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoaderTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "KernelTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "KernelTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UserspaceTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UserspaceTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "FinishTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "FinishTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SecurityStartTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SecurityStartTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SecurityFinishTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SecurityFinishTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "GeneratorsStartTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "GeneratorsStartTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "GeneratorsFinishTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "GeneratorsFinishTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnitsLoadStartTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnitsLoadStartTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnitsLoadFinishTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnitsLoadFinishTimestampMonotonic" />
2021-09-02 17:37:13 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnitsLoadTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnitsLoadTimestampMonotonic" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDSecurityStartTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDSecurityStartTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDSecurityFinishTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDSecurityFinishTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDGeneratorsStartTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDGeneratorsStartTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDGeneratorsFinishTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDGeneratorsFinishTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDUnitsLoadStartTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDUnitsLoadStartTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDUnitsLoadFinishTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InitRDUnitsLoadFinishTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogLevel" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogTarget" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NNames" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NFailedUnits" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NJobs" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NInstalledJobs" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NFailedJobs" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Progress" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Environment" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConfirmSpawn" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ShowStatus" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnitPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultStandardOutput" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultStandardError" />
2022-09-16 15:50:58 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogDevice" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogLastPingTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogLastPingTimestampMonotonic" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeWatchdogUSec" />
2021-06-28 01:36:49 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeWatchdogPreUSec" />
2022-02-08 15:58:30 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeWatchdogPreGovernor" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RebootWatchdogUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "KExecWatchdogUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ServiceWatchdogs" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroup" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemState" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExitCode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultTimerAccuracyUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultTimeoutStartUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultTimeoutStopUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultTimeoutAbortUSec" />
2022-07-16 13:36:06 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultDeviceTimeoutUSec" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultRestartUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultStartLimitIntervalUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultStartLimitBurst" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultCPUAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultBlockIOAccounting" />
2023-06-19 05:24:13 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultIOAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultIPAccounting" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultTasksAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitCPU" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitCPUSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitFSIZE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitFSIZESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitDATA" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitDATASoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitSTACK" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitSTACKSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitCORE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitCORESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitRSS" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitRSSSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitNOFILE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitNOFILESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitAS" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitASSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitNPROC" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitNPROCSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitMEMLOCK" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitMEMLOCKSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitLOCKS" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitLOCKSSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitSIGPENDING" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitSIGPENDINGSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitMSGQUEUE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitMSGQUEUESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitNICE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitNICESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitRTPRIO" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitRTPRIOSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitRTTIME" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultLimitRTTIMESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultTasksMax" />
2023-02-15 21:00:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryPressureThresholdUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryPressureWatch" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimerSlackNSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultOOMPolicy" />
2021-09-30 12:21:18 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultOOMScoreAdjust" />
2021-04-23 10:57:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CtrlAltDelBurstAction" />
2020-04-21 11:29:09 +03:00
<!-- End of Autogenerated section -->
2020-04-10 12:34:32 +03:00
<refsect2 >
<title > Methods</title>
2020-04-14 14:43:11 +03:00
<para > Note that many of the methods exist twice: once on the <interfacename > Manager</interfacename>
object and once on the respective unit objects. This is to optimize access times so that methods that
2020-04-10 12:34:32 +03:00
belong to unit objects do not have to be called with a resolved unit path, but can be called with only
the unit id, too.</para>
<para > <function > GetUnit()</function> may be used to get the unit object path for a unit name. It takes
2020-04-14 14:43:11 +03:00
the unit name and returns the object path. If a unit has not been loaded yet by this name this method
2020-04-10 12:34:32 +03:00
will fail.</para>
<para > <function > GetUnitByPID()</function> may be used to get the unit object path of the unit a process
2023-01-17 02:46:01 +03:00
ID belongs to. It takes a UNIX PID and returns the object path. The PID must refer to an existing system process.
<function > GetUnitByPIDFD()</function> may be used to query with a Linux PIDFD (see:
<citerefentry > <refentrytitle > pidfd_open</refentrytitle> <manvolnum > 2</manvolnum> </citerefentry> ) instead
of a PID, which is safer as UNIX PIDs can be recycled. The latter method returns the unit id and the
invocation id together with the unit object path.</para>
2020-04-10 12:34:32 +03:00
<para > <function > LoadUnit()</function> is similar to <function > GetUnit()</function> but will load the
unit from disk if possible.</para>
2020-04-14 14:43:11 +03:00
<para > <function > StartUnit()</function> enqueues a start job and possibly depending jobs. It takes the unit
to activate and a mode string as arguments. The mode needs to be one of <literal > replace</literal> ,
<literal > fail</literal> , <literal > isolate</literal> , <literal > ignore-dependencies</literal> , or
<literal > ignore-requirements</literal> . If <literal > replace</literal> , the method will start the unit and
its dependencies, possibly replacing already queued jobs that conflict with it. If
<literal > fail</literal> , the method will start the unit and its dependencies, but will fail if this would
change an already queued job. If <literal > isolate</literal> , the method will start the unit in question
and terminate all units that aren't dependencies of it. If <literal > ignore-dependencies</literal> , it
will start a unit but ignore all its dependencies. If <literal > ignore-requirements</literal> , it will
2020-04-10 12:34:32 +03:00
start a unit but only ignore the requirement dependencies. It is not recommended to make use of the
2020-04-14 14:43:11 +03:00
latter two options. On completion, this method returns the newly created job object.</para>
2020-04-10 12:34:32 +03:00
<para > <function > StartUnitReplace()</function> is similar to <function > StartUnit()</function> but
2020-04-14 14:43:11 +03:00
replaces a job that is queued for one unit by a job for another unit.</para>
2020-04-10 12:34:32 +03:00
2021-12-03 04:36:05 +03:00
<para > <function > StartUnitWithFlags()</function> is similar to <function > StartUnit()</function> but
allows the caller to pass an extra <varname > flags</varname> parameter, which does not support any
2022-03-09 01:13:37 +03:00
flags for now, and is reserved for future extensions.</para>
2021-12-03 04:36:05 +03:00
2020-04-10 12:34:32 +03:00
<para > <function > StopUnit()</function> is similar to <function > StartUnit()</function> but stops the
2020-04-14 14:43:11 +03:00
specified unit rather than starting it. Note that the <literal > isolate</literal> mode is invalid for this
method.</para>
2020-04-10 12:34:32 +03:00
<para > <function > ReloadUnit()</function> , <function > RestartUnit()</function> ,
2020-04-14 14:43:11 +03:00
<function > TryRestartUnit()</function> , <function > ReloadOrRestartUnit()</function> , or
<function > ReloadOrTryRestartUnit()</function> may be used to restart and/or reload a unit. These methods take
2020-04-10 12:34:32 +03:00
similar arguments as <function > StartUnit()</function> . Reloading is done only if the unit is already
2020-04-14 14:43:11 +03:00
running and fails otherwise. If a service is restarted that isn't running, it will be started unless
2020-04-10 12:34:32 +03:00
the "Try" flavor is used in which case a service that isn't running is not affected by the restart. The
"ReloadOrRestart" flavors attempt a reload if the unit supports it and use a restart otherwise.</para>
2021-01-30 21:44:15 +03:00
<para > <function > EnqueueMarkedJobs()</function> creates reload/restart jobs for units which have been
2022-11-02 13:48:23 +03:00
appropriately marked, see <varname > Markers</varname> property above. This is equivalent to calling
2021-01-30 21:44:15 +03:00
<function > TryRestartUnit()</function> or <function > ReloadOrTryRestartUnit()</function> for the marked
units.</para>
2023-09-29 03:50:15 +03:00
<para > <function > BindMountUnit()</function> can be used to bind mount new files or directories into a
running service mount namespace. If supported by the kernel, any prior mount on the selected target
will be replaced by the new mount. If not supported, any prior mount will be over-mounted, but remain
pinned and inaccessible.
</para>
2020-07-30 21:37:10 +03:00
2021-01-21 21:36:33 +03:00
<para > <function > MountImageUnit()</function> can be used to mount new images into a running service
2023-09-29 03:50:15 +03:00
mount namespace. If supported by the kernel, any prior mount on the selected target will be replaced
by the new mount. If not supported, any prior mount will be over-mounted, but remain pinned and
inaccessible.</para>
2021-01-21 21:36:33 +03:00
2020-04-10 12:34:32 +03:00
<para > <function > KillUnit()</function> may be used to kill (i.e. send a signal to) all processes of a
2020-04-14 14:43:11 +03:00
unit. It takes the unit <varname > name</varname> , an enum <varname > who</varname> and a UNIX
2020-04-10 12:34:32 +03:00
<varname > signal</varname> number to send. The <varname > who</varname> enum is one of
<literal > main</literal> , <literal > control</literal> or <literal > all</literal> . If
2020-04-14 14:43:11 +03:00
<literal > main</literal> , only the main process of the unit is killed. If <literal > control</literal> , only
the control process of the unit is killed. If <literal > all</literal> , all processes are killed. A
2020-04-10 12:34:32 +03:00
<literal > control</literal> process is for example a process that is configured via
2020-04-14 14:43:11 +03:00
<varname > ExecStop=</varname> and is spawned in parallel to the main daemon process in order to shut it
2020-04-10 12:34:32 +03:00
down.</para>
2023-02-15 12:25:51 +03:00
<para > <function > QueueSignalUnit()</function> is similar to <function > KillUnit()</function> but may be
used to enqueue a POSIX Realtime Signal (i.e. <constant > SIGRTMIN+…</constant> and
2023-02-22 08:46:19 +03:00
<constant > SIGRTMAX-…</constant> ) to the selected process(es). Takes the same parameters as
2023-02-15 12:25:51 +03:00
<function > KillUnit()</function> with one additional argument: an integer that is passed in the
2023-02-22 08:46:19 +03:00
<varname > sival_int</varname> value accompanying the queued signal. See
<citerefentry project= "man-pages" > <refentrytitle > sigqueue</refentrytitle> <manvolnum > 3</manvolnum> </citerefentry>
for details.</para>
2023-02-15 12:25:51 +03:00
2020-04-10 12:34:32 +03:00
<para > <function > GetJob()</function> returns the job object path for a specific job, identified by its
id.</para>
2020-04-14 14:43:11 +03:00
<para > <function > CancelJob()</function> cancels a specific job identified by its numeric ID. This
operation is also available in the <function > Cancel()</function> method of Job objects (see below) and
2020-04-10 12:34:32 +03:00
exists primarily to reduce the necessary round trips to execute this operation. Note that this will not
have any effect on jobs whose execution has already begun.</para>
<para > <function > ClearJobs()</function> flushes the job queue, removing all jobs that are still
2020-04-14 14:43:11 +03:00
queued. Note that this does not have any effect on jobs whose execution has already begun. It only
2020-04-10 12:34:32 +03:00
flushes jobs that are queued and have not yet begun execution.</para>
<para > <function > ResetFailedUnit()</function> resets the "failed" state of a specific unit.</para>
<para > <function > ResetFailed()</function> resets the "failed" state of all units.</para>
2020-04-14 14:43:11 +03:00
<para > <function > ListUnits()</function> returns an array of all currently loaded units. Note that
2020-04-10 12:34:32 +03:00
units may be known by multiple names at the same name, and hence there might be more unit names loaded
than actual units behind them. The array consists of structures with the following elements:
<itemizedlist >
<listitem > <para > The primary unit name as string</para> </listitem>
<listitem > <para > The human readable description string</para> </listitem>
<listitem > <para > The load state (i.e. whether the unit file has been loaded
successfully)</para> </listitem>
<listitem > <para > The active state (i.e. whether the unit is currently started or
not)</para> </listitem>
<listitem > <para > The sub state (a more fine-grained version of the active state that is specific to
the unit type, which the active state is not)</para> </listitem>
<listitem > <para > A unit that is being followed in its state by this unit, if there is any, otherwise
the empty string.</para> </listitem>
<listitem > <para > The unit object path</para> </listitem>
2020-04-14 14:43:11 +03:00
<listitem > <para > If there is a job queued for the job unit, the numeric job id, 0
2020-04-10 12:34:32 +03:00
otherwise</para> </listitem>
<listitem > <para > The job type as string</para> </listitem>
<listitem > <para > The job object path</para> </listitem>
</itemizedlist> </para>
<para > <function > ListJobs()</function> returns an array with all currently queued jobs. Returns an array
consisting of structures with the following elements:
<itemizedlist >
<listitem > <para > The numeric job id</para> </listitem>
<listitem > <para > The primary unit name for this job</para> </listitem>
<listitem > <para > The job type as string</para> </listitem>
<listitem > <para > The job state as string</para> </listitem>
<listitem > <para > The job object path</para> </listitem>
<listitem > <para > The unit object path</para> </listitem>
</itemizedlist> </para>
<para > <function > Subscribe()</function> enables most bus signals to be sent out. Clients which are
2020-04-14 14:43:11 +03:00
interested in signals need to call this method. Signals are only sent out if at least one client
invoked this method. <function > Unsubscribe()</function> reverts the signal subscription that
2020-04-10 12:34:32 +03:00
<function > Subscribe()</function> implements. It is not necessary to invoke
<function > Unsubscribe()</function> as clients are tracked. Signals are no longer sent out as soon as
2020-04-19 14:05:44 +03:00
all clients which previously asked for <function > Subscribe()</function> either closed their connection
to the bus or invoked <function > Unsubscribe()</function> .</para>
2020-04-10 12:34:32 +03:00
2022-09-27 13:18:43 +03:00
<para > <function > Dump()</function> returns a text dump of the internal service manager state. This is a
privileged, low-level debugging interface only. The returned string is supposed to be readable
exclusively by developers, and not programmatically. There's no interface stability on the returned
string guaranteed, and new fields may be added any time, and old fields removed. The general structure
may be rearranged drastically between releases. This is exposed by
<citerefentry > <refentrytitle > systemd-analyze</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> 's
2022-10-17 15:23:04 +03:00
<command > dump</command> command. Similarly, <function > DumpUnitsMatchingPatterns()</function> returns
the internal state of units whose names match the glob expressions specified in the
<varname > patterns</varname> argument. The
<function > DumpByFileDescriptor()</function> /<function > DumpUnitsMatchingPatternsByFileDescriptor()</function>
methods are identical to <function > Dump()</function> /<function > DumpUnitsMatchingPatterns()</function> ,
but return data serialized into a file descriptor (the client should read the text data from it until
hitting EOF). Given the size limits on D-Bus messages and the possibly large size of the returned
strings,
<function > DumpByFileDescriptor()</function> /<function > DumpUnitsMatchingPatternsByFileDescriptor()</function>
are usually the preferred interface, since it ensures the data can be passed reliably from the service
manager to the client. Note though that they cannot work when communicating with the service manager
2023-04-28 01:23:30 +03:00
remotely, as file descriptors are strictly local to a system. All the <function > Dump*()</function>
methods are rate limited for unprivileged users.</para>
2022-09-27 13:18:43 +03:00
2020-04-10 12:34:32 +03:00
<para > <function > Reload()</function> may be invoked to reload all unit files.</para>
<para > <function > Reexecute()</function> may be invoked to reexecute the main manager process. It will
serialize its state, reexecute, and deserizalize the state again. This is useful for upgrades and is a
more comprehensive version of <function > Reload()</function> .</para>
<para > <function > Exit()</function> may be invoked to ask the manager to exit. This is not available for
the system manager and is useful only for user session managers.</para>
2023-05-03 11:33:01 +03:00
<para > <function > Reboot()</function> , <function > PowerOff()</function> , <function > Halt()</function> ,
<function > KExec()</function> and <function > SoftReboot()</function> may be used to ask for immediate
reboot, powering down, halt, kexec based reboot, or soft reboot of the system. Note that this does not
shut down any services and immediately transitions into the later shutdown operation. These functions
are normally only called as the last step of shutdown and should not be called directly. To shut down
the machine, it is generally a better idea to invoke <function > Reboot()</function> ,
<function > RebootWithFlags()</function> or <function > PowerOff()</function> on the
2020-04-10 12:34:32 +03:00
<filename > systemd-logind</filename> manager object; see
<citerefentry > <refentrytitle > org.freedesktop.login1</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry>
2023-05-03 11:33:01 +03:00
for more information. <function > SoftReboot()</function> accepts an argument indicating the path for the
root file system to activate for the next boot cycle. If an empty string is specified the
<filename > /run/nextroot/</filename> path is used if it exists.</para>
2020-04-10 12:34:32 +03:00
<para > <function > SwitchRoot()</function> may be used to transition to a new root directory. This is
man: "the initial RAM disk" → "the initrd"
In many places we spelled out the phrase behind "initrd" in full, but this
isn't terribly useful. In fact, no "RAM disk" is used, so emphasizing this
is just confusing to the reader. Let's just say "initrd" everywhere, people
understand what this refers to, and that it's in fact an initramfs image.
Also, s/i.e./e.g./ where appropriate.
Also, don't say "in RAM", when in fact it's virtual memory, whose pages
may or may not be loaded in page frames in RAM, and we have no control over
this.
Also, add <filename></filename> and other minor cleanups.
2022-09-15 15:43:59 +03:00
intended to be used in the initrd, and also to transition from the host system into a shutdown initrd.
The method takes two arguments: the new root directory (which needs to be specified) and an init binary
path (which may be left empty, in which case it is automatically searched for). The state of the system
manager will be serialized before the transition. After the transition, the manager binary on the main
system is invoked and replaces the old PID 1. All state will then be deserialized.</para>
2020-04-10 12:34:32 +03:00
<para > <function > SetEnvironment()</function> may be used to alter the environment block that is passed
2020-04-19 14:05:44 +03:00
to all spawned processes. It takes a string array of environment variable assignments. Any previously set
environment variables will be overridden.</para>
2020-04-10 12:34:32 +03:00
2020-04-19 14:05:44 +03:00
<para > <function > UnsetEnvironment()</function> may be used to unset environment variables. It takes a
string array of environment variable names. All variables specified will be unset (if they have been
set previously) and no longer be passed to all spawned processes. This method has no effect for variables
2020-04-10 12:34:32 +03:00
that were previously not set, but will not fail in that case.</para>
<para > <function > UnsetAndSetEnvironment()</function> is a combination of
<function > UnsetEnvironment()</function> and <function > SetEnvironment()</function> . It takes two
2020-04-19 14:05:44 +03:00
lists. The first list contains variables to unset, the second one contains assignments to set. If a
variable is listed in both, the variable is set after this method returns, i.e. the set list overrides the
unset list.</para>
2020-04-10 12:34:32 +03:00
2020-04-19 14:05:44 +03:00
<para > <function > ListUnitFiles()</function> returns an array of unit names and their enablement
2020-04-10 12:34:32 +03:00
status. Note that <function > ListUnit()</function> returns a list of units currently loaded into memory,
2020-04-19 14:05:44 +03:00
while <function > ListUnitFiles()</function> returns a list of unit <emphasis > files</emphasis> that were
found on disk. Note that while most units are read directly from a unit file with the same name, some
units are not backed by files and some files (templates) cannot directly be loaded as units but need
to be instantiated instead.</para>
2020-04-10 12:34:32 +03:00
2020-04-19 14:05:44 +03:00
<para > <function > GetUnitFileState()</function> returns the current enablement status of a specific unit
2020-04-10 12:34:32 +03:00
file.</para>
<para > <function > EnableUnitFiles()</function> may be used to enable one or more units in the system (by
2020-10-05 19:08:21 +03:00
creating symlinks to them in <filename > /etc/</filename> or <filename > /run/</filename> ). It takes a list
2020-04-10 12:34:32 +03:00
of unit files to enable (either just file names or full absolute paths if the unit files are residing
2020-04-19 14:05:44 +03:00
outside the usual unit search paths) and two booleans: the first controls whether the unit shall be
2020-10-05 19:08:21 +03:00
enabled for runtime only (true, <filename > /run/</filename> ), or persistently (false,
<filename > /etc/</filename> ). The second one controls whether symlinks pointing to other units shall be
2020-04-19 14:05:44 +03:00
replaced if necessary. This method returns one boolean and an array of the changes made. The boolean
2022-11-18 10:43:34 +03:00
signals whether the unit files contained any enablement information (i.e. an [Install] section). The
2020-04-19 14:05:44 +03:00
changes array consists of structures with three strings: the type of the change (one of
2020-04-10 12:34:32 +03:00
<literal > symlink</literal> or <literal > unlink</literal> ), the file name of the symlink and the
destination of the symlink. Note that most of the following calls return a changes list in the same
format.</para>
<para > Similarly, <function > DisableUnitFiles()</function> disables one or more units in the system,
2020-10-05 19:08:21 +03:00
i.e. removes all symlinks to them in <filename > /etc/</filename> and <filename > /run/</filename> .</para>
2020-04-10 12:34:32 +03:00
2020-09-01 19:08:29 +03:00
<para > The <function > EnableUnitFilesWithFlags()</function> and <function > DisableUnitFilesWithFlags()</function>
take in options as flags instead of booleans to allow for extendability, defined as follows:</para>
<programlisting >
#define SD_SYSTEMD_UNIT_RUNTIME (UINT64_C(1) < < 0)
#define SD_SYSTEMD_UNIT_FORCE (UINT64_C(1) < < 1)
#define SD_SYSTEMD_UNIT_PORTABLE (UINT64_C(1) < < 2)
</programlisting>
<para > <varname > SD_SYSTEMD_UNIT_RUNTIME</varname> will enable or disable the unit for runtime only,
<varname > SD_SYSTEMD_UNIT_FORCE</varname> controls whether symlinks pointing to other units shall be
replaced if necessary. <varname > SD_SYSTEMD_UNIT_PORTABLE</varname> will add or remove the symlinks in
<filename > /etc/systemd/system.attached</filename> and <filename > /run/systemd/system.attached</filename> .</para>
2022-11-18 10:43:34 +03:00
<para > <function > DisableUnitFilesWithFlagsAndInstallInfo()</function> is similar to
<function > DisableUnitFilesWithFlags()</function> and takes the same arguments, but returns
a boolean to indicate whether the unit files contain any enablement information, like
<function > EnableUnitFiles()</function> . The changes made are still returned in an array.</para>
2020-04-10 12:34:32 +03:00
<para > Similarly, <function > ReenableUnitFiles()</function> applies the changes to one or more units that
would result from disabling and enabling the unit quickly one after the other in an atomic
fashion. This is useful to apply updated [Install] information contained in unit files.</para>
<para > Similarly, <function > LinkUnitFiles()</function> links unit files (that are located outside of the
usual unit search paths) into the unit search path.</para>
2020-04-19 14:05:44 +03:00
<para > Similarly, <function > PresetUnitFiles()</function> enables/disables one or more unit files
2020-04-10 12:34:32 +03:00
according to the preset policy. See
<citerefentry > <refentrytitle > systemd.preset</refentrytitle> <manvolnum > 7</manvolnum> </citerefentry> for more
information.</para>
2020-04-19 14:05:44 +03:00
<para > Similarly, <function > MaskUnitFiles()</function> masks unit files and
2020-04-10 12:34:32 +03:00
<function > UnmaskUnitFiles()</function> unmasks them again.</para>
<para > <function > SetDefaultTarget()</function> changes the <filename > default.target</filename> link. See
<citerefentry > <refentrytitle > bootup</refentrytitle> <manvolnum > 7</manvolnum> </citerefentry> for more
2020-04-19 14:05:44 +03:00
information.</para>
2020-04-10 12:34:32 +03:00
<para > <function > GetDefaultTarget()</function> retrieves the name of the unit to which
2020-04-19 14:05:44 +03:00
<filename > default.target</filename> is aliased.</para>
2020-04-10 12:34:32 +03:00
<para > <function > SetUnitProperties()</function> may be used to modify certain unit properties at
runtime. Not all properties may be changed at runtime, but many resource management settings (primarily
those listed in
2020-06-25 15:38:21 +03:00
<citerefentry > <refentrytitle > systemd.resource-control</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> )
2020-04-19 14:05:44 +03:00
may. The changes are applied instantly and stored on disk for future boots, unless
2020-04-10 12:34:32 +03:00
<varname > runtime</varname> is true, in which case the settings only apply until the next
reboot. <varname > name</varname> is the name of the unit to modify. <varname > properties</varname> are
the settings to set, encoded as an array of property name and value pairs. Note that this is not a
2020-04-19 14:05:44 +03:00
dictionary! Also note that when setting array properties with this method usually results in appending to
the pre-configured array. To reset the configured arrays, set the property to an empty array first and
then append to it.</para>
2020-04-10 12:34:32 +03:00
2020-04-19 14:05:44 +03:00
<para > <function > StartTransientUnit()</function> may be used to create and start a transient unit which
2020-04-10 12:34:32 +03:00
will be released as soon as it is not running or referenced anymore or the system is
2020-04-19 14:05:44 +03:00
rebooted. <varname > name</varname> is the unit name including its suffix and must be
2020-04-10 12:34:32 +03:00
unique. <varname > mode</varname> is the same as in <function > StartUnit()</function> ,
<varname > properties</varname> contains properties of the unit, specified like in
<function > SetUnitProperties()</function> . <varname > aux</varname> is currently unused and should be
2020-04-21 11:55:25 +03:00
passed as an empty array. See the
2022-05-19 15:18:34 +03:00
<ulink url= "https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface" > New Control Group
2020-04-10 12:34:32 +03:00
Interface</ulink> for more information how to make use of this functionality for resource control
purposes.</para>
2023-03-27 19:16:40 +03:00
<para > <function > DumpUnitFileDescriptorStore()</function> returns an array with information about the
file descriptors currently in the file descriptor store of the specified unit. This call is equivalent
to <function > DumpFileDescriptorStore()</function> on the
<interfacename > org.freedesktop.systemd1.Service</interfacename> . For further details, see below.</para>
2020-04-10 12:34:32 +03:00
</refsect2>
<refsect2 >
<title > Signals</title>
<para > Note that most signals are sent out only after <function > Subscribe()</function> has been invoked
2020-04-19 14:05:44 +03:00
by at least one client. Make sure to invoke this method when subscribing to these signals!</para>
2020-04-10 12:34:32 +03:00
<para > <function > UnitNew()</function> and <function > UnitRemoved()</function> are sent out each time a
new unit is loaded or unloaded. Note that this has little to do with whether a unit is available on
disk or not, and simply reflects the units that are currently loaded into memory. The signals take two
parameters: the primary unit name and the object path.</para>
<para > <function > JobNew()</function> and <function > JobRemoved()</function> are sent out each time a new
job is queued or dequeued. Both signals take the numeric job ID, the bus path and the primary unit name
2020-04-19 14:05:44 +03:00
for this job as arguments. <function > JobRemoved()</function> also includes a result string which is one
of <literal > done</literal> , <literal > canceled</literal> , <literal > timeout</literal> ,
<literal > failed</literal> , <literal > dependency</literal> , or
2020-04-10 12:34:32 +03:00
<literal > skipped</literal> . <literal > done</literal> indicates successful execution of a
job. <literal > canceled</literal> indicates that a job has been canceled (via
<function > CancelJob()</function> above) before it finished execution (this doesn't necessarily mean
though that the job operation is actually cancelled too, see above). <literal > timeout</literal>
indicates that the job timeout was reached. <literal > failed</literal> indicates that the job
2020-04-19 14:05:44 +03:00
failed. <literal > dependency</literal> indicates that a job this job depended on failed and the job hence
was removed as well. <literal > skipped</literal> indicates that a job was skipped because
it didn't apply to the unit's current state.</para>
2020-04-10 12:34:32 +03:00
2020-04-19 14:05:44 +03:00
<para > <function > StartupFinished()</function> is sent out when startup finishes. It carries six
microsecond timespan values, each indicating how much boot time has been spent in the firmware (if
2020-04-10 12:34:32 +03:00
known), in the boot loader (if known), in the kernel initialization phase, in the initrd (if known), in
userspace and in total. These values may also be calculated from the
<varname > FirmwareTimestampMonotonic</varname> , <varname > LoaderTimestampMonotonic</varname> ,
2020-04-19 14:05:44 +03:00
<varname > InitRDTimestampMonotonic</varname> , <varname > UserspaceTimestampMonotonic</varname> , and
2020-04-10 12:34:32 +03:00
<varname > FinishTimestampMonotonic</varname> properties (see below).</para>
<para > <function > UnitFilesChanged()</function> is sent out each time the list of enabled or masked unit
files on disk have changed.</para>
<para > <function > Reloading()</function> is sent out immediately before a daemon reload is done (with the
boolean parameter set to True) and after a daemon reload is completed (with the boolean parameter set
2020-04-19 14:05:44 +03:00
to False). This may be used by UIs to optimize UI updates.</para>
2020-04-10 12:34:32 +03:00
</refsect2>
<refsect2 >
<title > Properties</title>
<para > Most properties simply reflect the respective options in
<filename > /etc/systemd/system.conf</filename> and the kernel command line.</para>
<para > The others:</para>
<para > <varname > Version</varname> encodes the version string of the running systemd instance. Note that
2020-04-19 14:05:44 +03:00
the version string is purely informational. It should not be parsed and one may not assume the version to
2020-04-10 12:34:32 +03:00
be formatted in any particular way. We take the liberty to change the versioning scheme at any time and
2020-04-19 14:05:44 +03:00
it is not part of the public API.</para>
2020-04-10 12:34:32 +03:00
<para > <varname > Features</varname> encodes the features that have been enabled and disabled for this
2022-07-09 18:42:07 +03:00
build. Enabled options are prefixed with <literal > +</literal> , disabled options with
<literal > -</literal> .</para>
<para > <varname > Tainted</varname> encodes taint flags as a colon-separated list. When systemd detects it
is running on a system with a certain problem, it will set an appropriate taint flag. Taints may be
used to lower the chance of bogus bug reports. The following taints are currently known:</para>
<variablelist >
<varlistentry >
<term > <literal > unmerged-usr</literal> </term>
<listitem > <para > <filename > /bin</filename> , <filename > /sbin</filename> and
<filename > /lib*</filename> are not symlinks to their counterparts under <filename > /usr/</filename> .
For more information on this issue consult
<ulink url= "https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge" >
The Case for the /usr Merge
2023-08-22 19:52:36 +03:00
</ulink> .</para>
<xi:include href= "version-info.xml" xpointer= "v252" /> </listitem>
2022-07-09 18:42:07 +03:00
</varlistentry>
<varlistentry >
<term > <literal > cgroups-missing</literal> </term>
2023-08-22 19:52:36 +03:00
<listitem > <para > Support for cgroups is unavailable.</para>
<xi:include href= "version-info.xml" xpointer= "v252" /> </listitem>
2022-07-09 18:42:07 +03:00
</varlistentry>
<varlistentry >
<term > <literal > cgroupsv1</literal> </term>
2023-08-22 19:52:36 +03:00
<listitem > <para > The system is using the old cgroup hierarchy.</para>
<xi:include href= "version-info.xml" xpointer= "v252" /> </listitem>
2022-07-09 18:42:07 +03:00
</varlistentry>
<varlistentry >
<term > <literal > local-hwclock</literal> </term>
<listitem > <para > The local hardware clock (RTC) is configured to be in local time rather than
2023-08-22 19:52:36 +03:00
UTC.</para>
<xi:include href= "version-info.xml" xpointer= "v252" /> </listitem>
2022-07-09 18:42:07 +03:00
</varlistentry>
2022-07-09 19:00:33 +03:00
<varlistentry >
<term > <literal > support-ended</literal> </term>
<listitem > <para > The system is running past the end of support declared by the vendor. See the
description of <varname > SUPPORT_END=</varname> in
<citerefentry > <refentrytitle > os-release</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> .
2023-08-22 19:52:36 +03:00
</para>
<xi:include href= "version-info.xml" xpointer= "v252" /> </listitem>
2022-07-09 19:00:33 +03:00
</varlistentry>
2022-07-09 18:42:07 +03:00
<varlistentry >
<term > <literal > old-kernel</literal> </term>
<listitem > <para > The system is running a kernel version that is older than the minimum supported by
2023-08-22 19:52:36 +03:00
this version of systemd.</para>
<xi:include href= "version-info.xml" xpointer= "v252" /> </listitem>
2022-07-09 18:42:07 +03:00
</varlistentry>
<varlistentry >
<term > <literal > var-run-bad</literal> </term>
<listitem > <para > <filename > /run/</filename> does not exist or <filename > /var/run</filename> is not a
2023-08-22 19:52:36 +03:00
symlink to <filename > /run/</filename> .</para>
<xi:include href= "version-info.xml" xpointer= "v252" /> </listitem>
2022-07-09 18:42:07 +03:00
</varlistentry>
<varlistentry >
<term > <literal > overflowuid-not-65534</literal> </term>
<term > <literal > overflowgid-not-65534</literal> </term>
2023-08-22 19:52:36 +03:00
<listitem > <para > The kernel overflow UID or GID have a value other than 65534.</para>
<xi:include href= "version-info.xml" xpointer= "v252" /> </listitem>
2022-07-09 18:42:07 +03:00
</varlistentry>
<varlistentry >
<term > <literal > short-uid-range</literal> </term>
<term > <literal > short-gid-range</literal> </term>
<listitem > <para > The UID or GID range assigned to the running systemd instance covers less than
2023-08-22 19:52:36 +03:00
0…65534.</para>
<xi:include href= "version-info.xml" xpointer= "v252" /> </listitem>
2022-07-09 18:42:07 +03:00
</varlistentry>
<!-- mtab - not - symlink was removed in b492ce8a22d4527c1372b2d3fbd580627d70c917 -->
</variablelist>
2020-04-10 12:34:32 +03:00
<para > <varname > FirmwareTimestamp</varname> , <varname > FirmwareTimestampMonotonic</varname> ,
<varname > LoaderTimestamp</varname> , <varname > LoaderTimestampMonotonic</varname> ,
<varname > KernelTimestamp</varname> , <varname > KernelTimestampMonotonic</varname> ,
<varname > InitRDTimestamp</varname> , <varname > InitRDTimestampMonotonic</varname> ,
<varname > UserspaceTimestamp</varname> , <varname > UserspaceTimestampMonotonic</varname> ,
2020-04-19 14:05:44 +03:00
<varname > FinishTimestamp</varname> , and <varname > FinishTimestampMonotonic</varname> encode
2020-04-10 12:34:32 +03:00
<constant > CLOCK_REALTIME</constant> and <constant > CLOCK_MONOTONIC</constant> microsecond timestamps
taken when the firmware first began execution, when the boot loader first began execution, when the
kernel first began execution, when the initrd first began execution, when the main systemd instance
began execution and finally, when all queued startup jobs finished execution. These values are useful
2020-04-19 14:05:44 +03:00
for determining boot-time performance. Note that as monotonic time begins with the kernel startup, the
<varname > KernelTimestampMonotonic</varname> timestamp will always be 0 and
<varname > FirmwareTimestampMonotonic</varname> and <varname > LoaderTimestampMonotonic</varname> are to
be read as negative values. Also, not all fields are always available, depending on the used firmware,
boot loader or initrd implementation. In these cases the respective pairs of timestamps are both 0,
indicating that no data is available.</para>
2020-04-10 12:34:32 +03:00
2021-09-02 17:37:13 +03:00
<para > <varname > UnitsLoadTimestamp</varname> and <varname > UnitsLoadTimestampMonotonic</varname> encode
<constant > CLOCK_REALTIME</constant> and <constant > CLOCK_MONOTONIC</constant> microseconds timestamps
(as described above). The timestamps are taken every time when the manager starts loading unit files.
</para>
2020-04-10 12:34:32 +03:00
<para > Similarly, the <varname > SecurityStartTimestamp</varname> ,
2020-04-19 14:05:44 +03:00
<varname > GeneratorsStartTimestamp</varname> and <varname > LoadUnitTimestamp</varname> (as well as their
2020-04-10 12:34:32 +03:00
monotonic and stop counterparts) expose performance data for uploading the security policies to the
kernel (such as the SELinux, IMA, or SMACK policies), for running the generator tools and for loading
2020-04-19 14:05:44 +03:00
the unit files.</para>
2020-04-10 12:34:32 +03:00
<para > <varname > NNames</varname> encodes how many unit names are currently known. This only includes
2020-04-19 14:05:44 +03:00
names of units that are currently loaded and can be more than the amount of actually loaded units since
units may have more than one name.</para>
2020-04-10 12:34:32 +03:00
<para > <varname > NJobs</varname> encodes how many jobs are currently queued.</para>
<para > <varname > NInstalledJobs</varname> encodes how many jobs have ever been queued in total.</para>
<para > <varname > NFailedJobs</varname> encodes how many jobs have ever failed in total.</para>
2020-04-19 14:05:44 +03:00
<para > <varname > Progress</varname> encodes boot progress as a floating point value between 0.0 and
2020-04-10 12:34:32 +03:00
1.0. This value begins at 0.0 at early-boot and ends at 1.0 when boot is finished and is based on the
2020-04-19 14:05:44 +03:00
number of executed and queued jobs. After startup, this field is always 1.0 indicating a finished
2020-04-10 12:34:32 +03:00
boot.</para>
<para > <varname > Environment</varname> encodes the environment block passed to all executed services. It
may be altered with bus calls such as <function > SetEnvironment()</function> (see above).</para>
<para > <varname > UnitPath</varname> encodes the currently active unit file search path. It is an array of
2020-04-19 14:05:44 +03:00
file system paths encoded as strings.</para>
2020-04-10 12:34:32 +03:00
<para > <varname > Virtualization</varname> contains a short ID string describing the virtualization
2020-04-19 14:05:44 +03:00
technology the system runs in. On bare-metal hardware this is the empty string. Otherwise, it contains
an identifier such as <literal > kvm</literal> , <literal > vmware</literal> and so on. For a full list of
IDs see
2020-04-10 12:34:32 +03:00
<citerefentry > <refentrytitle > systemd-detect-virt</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> .
Note that only the "innermost" virtualization technology is exported here. This detects both
full-machine virtualizations (VMs) and shared-kernel virtualization (containers).</para>
2023-07-03 11:53:43 +03:00
<para > <varname > ConfidentialVirtualization</varname> contains a short ID string describing the confidential
virtualization technology the system runs in. On bare-metal hardware this is the empty string. Otherwise,
it contains an identifier such as <literal > sev</literal> , <literal > sev-es</literal> , <literal > sev-snp</literal> ,
<literal > tdx</literal> and so on. For a full list of IDs see
<citerefentry > <refentrytitle > systemd-detect-virt</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> </para> .
2020-04-10 12:34:32 +03:00
<para > <varname > Architecture</varname> contains a short ID string describing the architecture the
systemd instance is running on. This follows the same vocabulary as
<varname > ConditionArchitectures=</varname> .</para>
<para > <varname > ControlGroup</varname> contains the root control group path of this system manager. Note
2020-04-19 14:05:44 +03:00
that the root path is encoded as the empty string here (not as <literal > /</literal> !), so that it can be
2020-04-10 12:34:32 +03:00
appended to <filename > /sys/fs/cgroup/systemd</filename> easily. This value will be set to the empty
2020-04-19 14:05:44 +03:00
string for the host instance and some other string for container instances.</para>
2022-07-12 17:13:40 +03:00
<para > <varname > AccessSELinuxContext</varname> contains the SELinux context that is used to control
access to the unit. It's read from the unit file when it is loaded and cached until the service manager
is reloaded. This property contains an empty string if SELinux is not used or if no label could be read
(for example because the unit is not backed by a file on disk).</para>
2023-09-25 21:14:58 +03:00
<para > <varname > SystemState</varname> contains the current state of the system manager. The possible
values are:</para>
<variablelist >
<varlistentry >
<term > <literal > initializing</literal> </term>
<listitem > <para > The system is booting, and <filename > basic.target</filename> has not been reached
yet.</para> </listitem>
</varlistentry>
<varlistentry >
<term > <literal > starting</literal> </term>
<listitem > <para > The system is booting, and <filename > basic.target</filename> has been reached.
</para> </listitem>
</varlistentry>
<varlistentry >
<term > <literal > running</literal> </term>
<listitem > <para > The system has finished booting, and no units are in the failed state.</para>
</listitem>
</varlistentry>
<varlistentry >
<term > <literal > degraded</literal> </term>
<listitem > <para > The system has finished booting, but some units are in the failed state.</para>
</listitem>
</varlistentry>
<varlistentry >
<term > <literal > maintenance</literal> </term>
<listitem > <para > The system has finished booting, but it has been put in rescue or maintenance
mode.</para> </listitem>
</varlistentry>
<varlistentry >
<term > <literal > stopping</literal> </term>
<listitem > <para > The system is shutting down.</para> </listitem>
</varlistentry>
</variablelist>
2020-04-10 12:34:32 +03:00
</refsect2>
2020-04-12 20:14:20 +03:00
<refsect2 >
<title > Security</title>
<para > Read access is generally granted to all clients. Additionally, for unprivileged clients, some
2020-04-18 18:47:51 +03:00
operations are allowed through the polkit privilege system. Operations which modify unit state
2020-04-12 20:14:20 +03:00
(<function > StartUnit()</function> , <function > StopUnit()</function> , <function > KillUnit()</function> ,
2023-02-15 12:25:51 +03:00
<function > QueueSignalUnit()</function> , <function > RestartUnit()</function> and similar,
<function > SetProperty()</function> ) require
2020-04-12 20:14:20 +03:00
<interfacename > org.freedesktop.systemd1.manage-units</interfacename> . Operations which modify unit file
enablement state (<function > EnableUnitFiles()</function> , <function > DisableUnitFiles()</function> ,
2020-09-01 19:08:29 +03:00
<function > EnableUnitFilesWithFlags()</function> , <function > DisableUnitFilesWithFlags()</function> ,
2020-04-12 20:14:20 +03:00
<function > ReenableUnitFiles()</function> , <function > LinkUnitFiles()</function> ,
<function > PresetUnitFiles</function> , <function > MaskUnitFiles</function> , and similar) require
2020-07-06 20:46:01 +03:00
<interfacename > org.freedesktop.systemd1.manage-unit-files</interfacename> . Operations which modify the
2020-04-19 14:05:44 +03:00
exported environment (<function > SetEnvironment()</function> , <function > UnsetEnvironment()</function> ,
2020-04-12 20:14:20 +03:00
<function > UnsetAndSetEnvironment()</function> ) require
2020-04-19 14:05:44 +03:00
<interfacename > org.freedesktop.systemd1.set-environment</interfacename> . <function > Reload()</function>
2020-04-12 20:14:20 +03:00
and <function > Reexecute()</function> require
2023-04-28 01:23:30 +03:00
<interfacename > org.freedesktop.systemd1.reload-daemon</interfacename> . Operations which dump internal
state require <interfacename > org.freedesktop.systemd1.bypass-dump-ratelimit</interfacename> to avoid
rate limits.
2020-04-12 20:14:20 +03:00
</para>
</refsect2>
2020-04-10 12:34:32 +03:00
</refsect1>
<refsect1 >
<title > Unit Objects</title>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice" interface= "org.freedesktop.systemd1.Unit" >
2020-04-10 12:34:32 +03:00
node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
interface org.freedesktop.systemd1.Unit {
methods:
Start(in s mode,
out o job);
Stop(in s mode,
out o job);
Reload(in s mode,
out o job);
Restart(in s mode,
out o job);
TryRestart(in s mode,
out o job);
ReloadOrRestart(in s mode,
out o job);
ReloadOrTryRestart(in s mode,
out o job);
2020-04-21 11:55:25 +03:00
EnqueueJob(in s job_type,
in s job_mode,
out u job_id,
out o job_path,
out s unit_id,
out o unit_path,
out s job_type,
out a(uosos) affected_jobs);
Kill(in s whom,
2020-04-10 12:34:32 +03:00
in i signal);
2023-02-15 12:25:51 +03:00
QueueSignal(in s whom,
in i signal,
in i value);
2020-04-10 12:34:32 +03:00
ResetFailed();
SetProperties(in b runtime,
in a(sv) properties);
2020-04-21 11:55:25 +03:00
Ref();
Unref();
Clean(in as mask);
2020-05-12 11:37:28 +03:00
Freeze();
Thaw();
2020-04-10 12:34:32 +03:00
properties:
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Id = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Names = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Following = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Requires = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Requisite = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Wants = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as BindsTo = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PartOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-01-16 09:32:27 +03:00
readonly as Upholds = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly as RequiredBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RequisiteOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as WantedBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as BoundBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-01-16 09:32:27 +03:00
readonly as UpheldBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly as ConsistsOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Conflicts = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConflictedBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Before = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as After = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-04-14 15:36:15 +03:00
readonly as OnSuccess = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as OnSuccessOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-01-16 09:32:27 +03:00
readonly as OnFailure = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as OnFailureOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly as Triggers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as TriggeredBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PropagatesReloadTo = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReloadPropagatedFrom = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
core: add new PropagateStopTo= dependency (and inverse)
This takes inspiration from PropagatesReloadTo=, but propagates
stop jobs instead of restart jobs.
This is defined based on exactly two atoms: UNIT_ATOM_PROPAGATE_STOP +
UNIT_ATOM_RETROACTIVE_STOP_ON_STOP. The former ensures that when the
unit the dependency is originating from is stopped based on user
request, we'll propagate the stop job to the target unit, too. In
addition, when the originating unit suddenly stops from external causes
the stopping is propagated too. Note that this does *not* include the
UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT atom (which is used by BoundBy=),
i.e. this dependency is purely about propagating "edges" and not
"levels", i.e. it's about propagating specific events, instead of
continious states.
This is supposed to be useful for dependencies between .mount units and
their backing .device units. So far we either placed a BindsTo= or
Requires= dependency between them. The former gave a very clear binding
of the to units together, however was problematic if users establish
mounnts manually with different block device sources than our
configuration defines, as we there might come to the conclusion that the
backing device was absent and thus we need to umount again what the user
mounted. By combining Requires= with the new StopPropagatedFrom= (i.e.
the inverse PropagateStopTo=) we can get behaviour that matches BindsTo=
in every single atom but one: UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT is
absent, and hence the level-triggered logic doesn't apply.
Replaces: #11340
2021-04-13 23:30:31 +03:00
readonly as PropagatesStopTo = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as StopPropagatedFrom = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly as JoinsNamespaceOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
core: convert Slice= into a proper dependency (and add a back dependency)
The slice a unit is assigned to is currently a UnitRef reference. Let's
turn it into a proper dependency, to simplify and clean up code a bit.
Now that new dep types are cheaper, deps should generally be preferable
over everything else, if the concept applies.
This brings one major benefit: we often have to iterate through all unit
a slice contains. So far we iterated through all Before= dependencies of
the slice unit to achieve that, filtering out unrelated units, and
taking benefit of the fact that slice units are implicitly ordered
Before= the units they contain. By making Slice= a proper dependency,
and having an accompanying SliceOf= dependency type, this is much
simpler and nicer as we can directly enumerate the units a slice
contains.
The forward dependency is actually called InSlice internally, since we
already used the UNIT_SLICE name as UnitType field. However, since we
don't intend to expose the dependency to users as dep anyway (we already
have the regular Slice D-Bus property for this) this shouldn't matter.
The SliceOf= implicit dependency type (the erverse of Slice=/InSlice=)
is exported over the bus, to make things a bit nicer to debug and
discoverable.
2021-04-13 19:37:25 +03:00
readonly as SliceOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly as RequiresMountsFor = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Documentation = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Description = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-07-12 17:13:40 +03:00
readonly s AccessSELinuxContext = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s LoadState = '...';
readonly s ActiveState = '...';
2020-05-12 11:37:28 +03:00
readonly s FreezerState = '...';
2020-04-21 11:55:25 +03:00
readonly s SubState = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s FragmentPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SourcePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as DropInPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s UnitFileState = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s UnitFilePreset = '...';
readonly t StateChangeTimestamp = ...;
readonly t StateChangeTimestampMonotonic = ...;
readonly t InactiveExitTimestamp = ...;
readonly t InactiveExitTimestampMonotonic = ...;
readonly t ActiveEnterTimestamp = ...;
readonly t ActiveEnterTimestampMonotonic = ...;
readonly t ActiveExitTimestamp = ...;
readonly t ActiveExitTimestampMonotonic = ...;
readonly t InactiveEnterTimestamp = ...;
readonly t InactiveEnterTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CanStart = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CanStop = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CanReload = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CanIsolate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as CanClean = ['...', ...];
2020-05-12 11:37:28 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CanFreeze = ...;
2020-04-21 11:55:25 +03:00
readonly (uo) Job = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b StopWhenUnneeded = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RefuseManualStart = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RefuseManualStop = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b AllowIsolate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultDependencies = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-07-28 01:14:31 +03:00
readonly b SurviveFinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-08-17 20:56:41 +03:00
readonly s OnSuccessJobMode = '...';
2021-04-14 15:36:15 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s OnFailureJobMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b IgnoreOnIsolate = ...;
2021-09-29 11:30:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b NeedDaemonReload = ...;
2021-01-30 18:58:19 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as Markers = ['...', ...];
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t JobTimeoutUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t JobRunningTimeoutUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s JobTimeoutAction = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s JobTimeoutRebootArgument = '...';
readonly b ConditionResult = ...;
readonly b AssertResult = ...;
readonly t ConditionTimestamp = ...;
readonly t ConditionTimestampMonotonic = ...;
readonly t AssertTimestamp = ...;
readonly t AssertTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sbbsi) Conditions = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sbbsi) Asserts = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (ss) LoadError = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Transient = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Perpetual = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t StartLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u StartLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StartLimitAction = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s FailureAction = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FailureActionExitStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SuccessAction = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SuccessActionExitStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RebootArgument = '...';
readonly ay InvocationID = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s CollectMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as Refs = ['...', ...];
2022-08-02 21:49:20 +03:00
readonly a(ss) ActivationDetails = [...];
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
2020-04-10 12:34:32 +03:00
};
</programlisting>
2020-04-21 11:55:25 +03:00
<!-- method EnqueueJob is not documented! -->
<!-- method Ref is not documented! -->
<!-- method Unref is not documented! -->
<!-- method Clean is not documented! -->
2020-05-12 11:37:28 +03:00
<!-- method Freeze is not documented! -->
<!-- method Thaw is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property PartOf is not documented! -->
2022-01-16 09:32:27 +03:00
<!-- property Upholds is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property RequisiteOf is not documented! -->
2022-01-16 09:32:27 +03:00
<!-- property UpheldBy is not documented! -->
2020-04-21 11:55:25 +03:00
2022-01-16 09:32:27 +03:00
<!-- property ConsistsOf is not documented! -->
2021-04-13 21:50:21 +03:00
2021-04-14 15:36:15 +03:00
<!-- property OnSuccess is not documented! -->
<!-- property OnSuccessOf is not documented! -->
2022-01-16 09:32:27 +03:00
<!-- property OnFailureOf is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property ReloadPropagatedFrom is not documented! -->
core: add new PropagateStopTo= dependency (and inverse)
This takes inspiration from PropagatesReloadTo=, but propagates
stop jobs instead of restart jobs.
This is defined based on exactly two atoms: UNIT_ATOM_PROPAGATE_STOP +
UNIT_ATOM_RETROACTIVE_STOP_ON_STOP. The former ensures that when the
unit the dependency is originating from is stopped based on user
request, we'll propagate the stop job to the target unit, too. In
addition, when the originating unit suddenly stops from external causes
the stopping is propagated too. Note that this does *not* include the
UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT atom (which is used by BoundBy=),
i.e. this dependency is purely about propagating "edges" and not
"levels", i.e. it's about propagating specific events, instead of
continious states.
This is supposed to be useful for dependencies between .mount units and
their backing .device units. So far we either placed a BindsTo= or
Requires= dependency between them. The former gave a very clear binding
of the to units together, however was problematic if users establish
mounnts manually with different block device sources than our
configuration defines, as we there might come to the conclusion that the
backing device was absent and thus we need to umount again what the user
mounted. By combining Requires= with the new StopPropagatedFrom= (i.e.
the inverse PropagateStopTo=) we can get behaviour that matches BindsTo=
in every single atom but one: UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT is
absent, and hence the level-triggered logic doesn't apply.
Replaces: #11340
2021-04-13 23:30:31 +03:00
<!-- property PropagatesStopTo is not documented! -->
<!-- property StopPropagatedFrom is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property JoinsNamespaceOf is not documented! -->
core: convert Slice= into a proper dependency (and add a back dependency)
The slice a unit is assigned to is currently a UnitRef reference. Let's
turn it into a proper dependency, to simplify and clean up code a bit.
Now that new dep types are cheaper, deps should generally be preferable
over everything else, if the concept applies.
This brings one major benefit: we often have to iterate through all unit
a slice contains. So far we iterated through all Before= dependencies of
the slice unit to achieve that, filtering out unrelated units, and
taking benefit of the fact that slice units are implicitly ordered
Before= the units they contain. By making Slice= a proper dependency,
and having an accompanying SliceOf= dependency type, this is much
simpler and nicer as we can directly enumerate the units a slice
contains.
The forward dependency is actually called InSlice internally, since we
already used the UNIT_SLICE name as UnitType field. However, since we
don't intend to expose the dependency to users as dep anyway (we already
have the regular Slice D-Bus property for this) this shouldn't matter.
The SliceOf= implicit dependency type (the erverse of Slice=/InSlice=)
is exported over the bus, to make things a bit nicer to debug and
discoverable.
2021-04-13 19:37:25 +03:00
<!-- property SliceOf is not documented! -->
2020-05-12 11:37:28 +03:00
<!-- property FreezerState is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property DropInPaths is not documented! -->
<!-- property UnitFilePreset is not documented! -->
<!-- property StateChangeTimestamp is not documented! -->
<!-- property StateChangeTimestampMonotonic is not documented! -->
<!-- property CanClean is not documented! -->
2020-05-12 11:37:28 +03:00
<!-- property CanFreeze is not documented! -->
2023-07-28 01:14:31 +03:00
<!-- property SurviveFinalKillSignal is not documented! -->
2021-08-17 20:56:41 +03:00
<!-- property OnSuccessJobMode is not documented! -->
2021-04-14 15:36:15 +03:00
2020-04-21 11:55:25 +03:00
<!-- property OnFailureJobMode is not documented! -->
<!-- property JobRunningTimeoutUSec is not documented! -->
<!-- property JobTimeoutAction is not documented! -->
<!-- property JobTimeoutRebootArgument is not documented! -->
<!-- property AssertResult is not documented! -->
<!-- property AssertTimestamp is not documented! -->
<!-- property AssertTimestampMonotonic is not documented! -->
<!-- property Asserts is not documented! -->
<!-- property Perpetual is not documented! -->
<!-- property StartLimitIntervalUSec is not documented! -->
<!-- property StartLimitAction is not documented! -->
<!-- property FailureAction is not documented! -->
<!-- property FailureActionExitStatus is not documented! -->
<!-- property SuccessAction is not documented! -->
<!-- property SuccessActionExitStatus is not documented! -->
<!-- property RebootArgument is not documented! -->
<!-- property InvocationID is not documented! -->
<!-- property CollectMode is not documented! -->
<!-- property Refs is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "Start()" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "Stop()" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "Reload()" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "Restart()" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "TryRestart()" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "ReloadOrRestart()" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "ReloadOrTryRestart()" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "EnqueueJob()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Kill()" />
2023-02-15 12:25:51 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "QueueSignal()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "ResetFailed()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "SetProperties()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Ref()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Unref()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Clean()" />
2020-05-12 11:37:28 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "Freeze()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Thaw()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Id" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Names" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Following" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Requires" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Requisite" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Wants" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindsTo" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PartOf" />
2022-01-16 09:32:27 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Upholds" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RequiredBy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RequisiteOf" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "WantedBy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BoundBy" />
2022-01-16 09:32:27 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UpheldBy" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConsistsOf" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Conflicts" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConflictedBy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Before" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "After" />
2021-04-14 15:36:15 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "OnSuccess" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "OnSuccessOf" />
2022-01-16 09:32:27 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "OnFailure" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "OnFailureOf" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Triggers" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TriggeredBy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PropagatesReloadTo" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReloadPropagatedFrom" />
core: add new PropagateStopTo= dependency (and inverse)
This takes inspiration from PropagatesReloadTo=, but propagates
stop jobs instead of restart jobs.
This is defined based on exactly two atoms: UNIT_ATOM_PROPAGATE_STOP +
UNIT_ATOM_RETROACTIVE_STOP_ON_STOP. The former ensures that when the
unit the dependency is originating from is stopped based on user
request, we'll propagate the stop job to the target unit, too. In
addition, when the originating unit suddenly stops from external causes
the stopping is propagated too. Note that this does *not* include the
UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT atom (which is used by BoundBy=),
i.e. this dependency is purely about propagating "edges" and not
"levels", i.e. it's about propagating specific events, instead of
continious states.
This is supposed to be useful for dependencies between .mount units and
their backing .device units. So far we either placed a BindsTo= or
Requires= dependency between them. The former gave a very clear binding
of the to units together, however was problematic if users establish
mounnts manually with different block device sources than our
configuration defines, as we there might come to the conclusion that the
backing device was absent and thus we need to umount again what the user
mounted. By combining Requires= with the new StopPropagatedFrom= (i.e.
the inverse PropagateStopTo=) we can get behaviour that matches BindsTo=
in every single atom but one: UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT is
absent, and hence the level-triggered logic doesn't apply.
Replaces: #11340
2021-04-13 23:30:31 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PropagatesStopTo" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StopPropagatedFrom" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "JoinsNamespaceOf" />
core: convert Slice= into a proper dependency (and add a back dependency)
The slice a unit is assigned to is currently a UnitRef reference. Let's
turn it into a proper dependency, to simplify and clean up code a bit.
Now that new dep types are cheaper, deps should generally be preferable
over everything else, if the concept applies.
This brings one major benefit: we often have to iterate through all unit
a slice contains. So far we iterated through all Before= dependencies of
the slice unit to achieve that, filtering out unrelated units, and
taking benefit of the fact that slice units are implicitly ordered
Before= the units they contain. By making Slice= a proper dependency,
and having an accompanying SliceOf= dependency type, this is much
simpler and nicer as we can directly enumerate the units a slice
contains.
The forward dependency is actually called InSlice internally, since we
already used the UNIT_SLICE name as UnitType field. However, since we
don't intend to expose the dependency to users as dep anyway (we already
have the regular Slice D-Bus property for this) this shouldn't matter.
The SliceOf= implicit dependency type (the erverse of Slice=/InSlice=)
is exported over the bus, to make things a bit nicer to debug and
discoverable.
2021-04-13 19:37:25 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SliceOf" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RequiresMountsFor" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Documentation" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Description" />
2022-07-12 17:13:40 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AccessSELinuxContext" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoadState" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ActiveState" />
2020-05-12 11:37:28 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "FreezerState" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SubState" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "FragmentPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SourcePath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DropInPaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnitFileState" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnitFilePreset" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateChangeTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateChangeTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InactiveExitTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InactiveExitTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ActiveEnterTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ActiveEnterTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ActiveExitTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ActiveExitTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InactiveEnterTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InactiveEnterTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CanStart" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CanStop" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CanReload" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CanIsolate" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CanClean" />
2020-05-12 11:37:28 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CanFreeze" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Job" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StopWhenUnneeded" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RefuseManualStart" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RefuseManualStop" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowIsolate" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultDependencies" />
2023-07-28 01:14:31 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SurviveFinalKillSignal" />
2021-08-17 20:56:41 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "OnSuccessJobMode" />
2021-04-14 15:36:15 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "OnFailureJobMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IgnoreOnIsolate" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NeedDaemonReload" />
2021-01-30 18:58:19 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Markers" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "JobTimeoutUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "JobRunningTimeoutUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "JobTimeoutAction" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "JobTimeoutRebootArgument" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConditionResult" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AssertResult" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConditionTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConditionTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AssertTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AssertTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Conditions" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Asserts" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoadError" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Transient" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Perpetual" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartLimitIntervalUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartLimitBurst" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartLimitAction" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "FailureAction" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "FailureActionExitStatus" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SuccessAction" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SuccessActionExitStatus" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RebootArgument" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InvocationID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CollectMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Refs" />
2022-08-02 21:49:20 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ActivationDetails" />
2020-04-21 11:29:09 +03:00
<!-- End of Autogenerated section -->
<refsect2 >
<title > Methods</title>
<para > <function > Start()</function> , <function > Stop()</function> , <function > Reload()</function> ,
<function > Restart()</function> , <function > TryRestart()</function> ,
<function > ReloadOrRestart()</function> , <function > ReloadOrTryRestart()</function> ,
2023-02-15 12:25:51 +03:00
<function > Kill()</function> , <function > QueueSignal()</function> , <function > ResetFailed()</function> ,
and <function > SetProperties()</function> implement the same operation as the respective methods on the
2020-04-21 11:29:09 +03:00
<interfacename > Manager</interfacename> object (see above). However, these methods operate on the unit
2023-02-15 12:25:51 +03:00
object and hence do not take a unit name parameter. Invoking the methods directly on the Manager object
has the advantage of not requiring a <function > GetUnit()</function> call to get the unit object for a
specific unit name. Calling the methods on the Manager object is hence a round trip
2020-04-21 11:29:09 +03:00
optimization.</para>
</refsect2>
<refsect2 >
<title > Properties</title>
<para > <varname > Id</varname> contains the primary name of the unit.</para>
<para > <varname > Names</varname> contains all names of the unit, including the primary name that is also
exposed in <varname > Id</varname> .</para>
<para > <varname > Following</varname> either contains the empty string or contains the name of another
unit that this unit follows in state. This is used for some device units which reflect the unit state
machine of another unit, and which other unit this is might possibly change.</para>
<para > <varname > Requires</varname> , <varname > RequiresOverridable</varname> ,
<varname > Requisite</varname> , <varname > RequisiteOverridable</varname> , <varname > Wants</varname> ,
<varname > BindsTo</varname> , <varname > RequiredBy</varname> , <varname > RequiredByOverridable</varname> ,
<varname > WantedBy</varname> , <varname > BoundBy</varname> , <varname > Conflicts</varname> ,
<varname > ConflictedBy</varname> , <varname > Before</varname> , <varname > After</varname> ,
<varname > OnFailure</varname> , <varname > Triggers</varname> , <varname > TriggeredBy</varname> ,
<varname > PropagatesReloadTo</varname> , and <varname > RequiresMountsFor</varname> contain arrays which encode
the dependencies and their inverse dependencies (where this applies) as configured in the unit file or
determined automatically.</para>
<para > <varname > Description</varname> contains the human readable description string for the
unit.</para>
<para > <varname > SourcePath</varname> contains the path to a configuration file this unit is
automatically generated from in case it is not a native unit (in which case it contains the empty
string). For example, all mount units generated from <filename > /etc/fstab</filename> have this field
set to <filename > /etc/fstab</filename> .</para>
<para > <varname > Documentation</varname> contains a string array with URLs of documentation for this
unit.</para>
<para > <varname > LoadState</varname> contains a state value that reflects whether the configuration file
of this unit has been loaded. The following states are currently defined: <literal > loaded</literal> ,
<literal > error</literal> , and <literal > masked</literal> . <literal > loaded</literal> indicates that the
configuration was successfully loaded. <literal > error</literal> indicates that the configuration failed
to load. The <varname > LoadError</varname> field (see below) contains information about the cause of
this failure. <literal > masked</literal> indicates that the unit is currently masked out (i.e. symlinked
to <filename > /dev/null</filename> or empty). Note that the <varname > LoadState</varname> is fully
orthogonal to the <varname > ActiveState</varname> (see below) as units without valid loaded
configuration might be active (because configuration might have been reloaded at a time where a unit
was already active).</para>
<para > <varname > ActiveState</varname> contains a state value that reflects whether the unit is currently
active or not. The following states are currently defined: <literal > active</literal> ,
<literal > reloading</literal> , <literal > inactive</literal> , <literal > failed</literal> ,
<literal > activating</literal> , and <literal > deactivating</literal> . <literal > active</literal> indicates
that unit is active (obviously...). <literal > reloading</literal> indicates that the unit is active and
currently reloading its configuration. <literal > inactive</literal> indicates that it is inactive and
the previous run was successful or no previous run has taken place yet. <literal > failed</literal>
indicates that it is inactive and the previous run was not successful (more information about the
reason for this is available on the unit type specific interfaces, for example for services in the
<varname > Result</varname> property, see below). <literal > activating</literal> indicates that the unit
has previously been inactive but is currently in the process of entering an active state. Conversely
<literal > deactivating</literal> indicates that the unit is currently in the process of
deactivation.</para>
<para > <varname > SubState</varname> encodes states of the same state machine that
<varname > ActiveState</varname> covers, but knows more fine-grained states that are
unit-type-specific. Where <varname > ActiveState</varname> only covers six high-level states,
<varname > SubState</varname> covers possibly many more low-level unit-type-specific states that are
mapped to the six high-level states. Note that multiple low-level states might map to the same
2020-04-10 12:34:32 +03:00
high-level state, but not vice versa. Not all high-level states have low-level counterparts on all unit
types. At this point the low-level states are not documented here, and are more likely to be extended
later on than the common high-level states explained above.</para>
<para > <varname > FragmentPath</varname> contains the unit file path this unit was read from, if there is
2020-04-19 14:05:44 +03:00
one (if not, it contains the empty string).</para>
2020-04-10 12:34:32 +03:00
<para > <varname > UnitFileState</varname> encodes the install state of the unit file of
<varname > FragmentPath</varname> . It currently knows the following states: <literal > enabled</literal> ,
<literal > enabled-runtime</literal> , <literal > linked</literal> , <literal > linked-runtime</literal> ,
<literal > masked</literal> , <literal > masked-runtime</literal> , <literal > static</literal> ,
2020-04-19 14:05:44 +03:00
<literal > disabled</literal> , and <literal > invalid</literal> . <literal > enabled</literal> indicates that a
2020-04-10 12:34:32 +03:00
unit file is permanently enabled. <literal > enable-runtime</literal> indicates the unit file is only
2020-04-19 14:05:44 +03:00
temporarily enabled and will no longer be enabled after a reboot (that means, it is enabled via
2020-10-05 19:08:21 +03:00
<filename > /run/</filename> symlinks, rather than <filename > /etc/</filename> ). <literal > linked</literal>
indicates that a unit is linked into <filename > /etc/</filename> permanently. <literal > linked-runtime</literal>
indicates that a unit is linked into <filename > /run/</filename> temporarily (until the next
2020-04-19 14:05:44 +03:00
reboot). <literal > masked</literal> indicates that the unit file is masked permanently.
2020-10-05 19:08:21 +03:00
<literal > masked-runtime</literal> indicates that it is masked in <filename > /run/</filename> temporarily
2020-04-19 14:05:44 +03:00
(until the next reboot). <literal > static</literal> indicates that the unit is statically enabled, i.e.
always enabled and doesn't need to be enabled explicitly. <literal > invalid</literal> indicates that it
could not be determined whether the unit file is enabled.</para>
2020-04-10 12:34:32 +03:00
<para > <varname > InactiveExitTimestamp</varname> , <varname > InactiveExitTimestampMonotonic</varname> ,
<varname > ActiveEnterTimestamp</varname> , <varname > ActiveEnterTimestampMonotonic</varname> ,
<varname > ActiveExitTimestamp</varname> , <varname > ActiveExitTimestampMonotonic</varname> ,
2020-04-19 14:05:44 +03:00
<varname > InactiveEnterTimestamp</varname> , and <varname > InactiveEnterTimestampMonotonic</varname>
contain <constant > CLOCK_REALTIME</constant> and <constant > CLOCK_MONOTONIC</constant> 64-bit microsecond
2020-04-10 12:34:32 +03:00
timestamps of the last time a unit left the inactive state, entered the active state, exited the active
state, or entered an inactive state. These are the points in time where the unit transitioned
<literal > inactive</literal> /<literal > failed</literal> → <literal > activating</literal> ,
<literal > activating</literal> → <literal > active</literal> , <literal > active</literal> →
<literal > deactivating</literal> , and finally <literal > deactivating</literal> →
<literal > inactive</literal> /<literal > failed</literal> . The fields are 0 in case such a transition has
2020-04-19 14:05:44 +03:00
not yet been recorded on this boot.</para>
2020-04-10 12:34:32 +03:00
2020-04-19 14:05:44 +03:00
<para > <varname > CanStart</varname> , <varname > CanStop</varname> , and <varname > CanReload</varname> encode
as booleans whether the unit supports the start, stop or reload operations. Even if a unit supports
such an operation, the client might not necessary have the necessary privileges to execute them.</para>
2020-04-10 12:34:32 +03:00
2020-04-19 14:05:44 +03:00
<para > <varname > CanIsolate</varname> encodes as a boolean whether the unit may be started in isolation
2020-04-10 12:34:32 +03:00
mode.</para>
<para > <varname > Job</varname> encodes the job ID and job object path of the job currently scheduled or
2020-04-19 14:05:44 +03:00
executed for this unit, if there is any. If no job is scheduled or executed, the job id field will be
2020-04-10 12:34:32 +03:00
0.</para>
<para > <varname > StopWhenUnneeded</varname> , <varname > RefuseManualStart</varname> ,
<varname > RefuseManualStop</varname> , <varname > AllowIsolate</varname> ,
<varname > DefaultDependencies</varname> , <varname > OnFailureIsolate</varname> ,
<varname > IgnoreOnIsolate</varname> , <varname > IgnoreOnSnapshot</varname> map directly to the
corresponding configuration booleans in the unit file.</para>
<para > <varname > NeedDaemonReload</varname> is a boolean that indicates whether the configuration file
this unit is loaded from (i.e. <varname > FragmentPath</varname> or <varname > SourcePath</varname> ) has
2021-01-30 18:58:19 +03:00
changed since the configuration was read and hence whether a configuration reload is recommended.
</para>
<para > <varname > Markers</varname> is an array of string flags that can be set using
<function > SetUnitProperties()</function> to indicate that the service should be reloaded or
restarted. Currently known values are <literal > needs-restart</literal> and
<literal > needs-reload</literal> . Package scripts may use the first to mark units for later restart when
a new version of the package is installed. Configuration management scripts may use the second to mark
units for a later reload when the configuration is adjusted. Those flags are not set by the manager,
2021-11-11 12:01:19 +03:00
except to unset as appropriate when the unit is stopped, restarted, or reloaded.</para>
2020-04-10 12:34:32 +03:00
<para > <varname > JobTimeoutUSec</varname> maps directly to the corresponding configuration setting in the
unit file.</para>
<para > <varname > ConditionTimestamp</varname> and <varname > ConditionTimestampMonotonic</varname> contain
the <constant > CLOCK_REALTIME</constant> /<constant > CLOCK_MONOTONIC</constant> microsecond timestamps of
2020-04-19 14:05:44 +03:00
the last time the configured conditions of the unit have been checked or 0 if they have never been
2020-04-10 12:34:32 +03:00
checked. Conditions are checked when a unit is requested to start.</para>
<para > <varname > ConditionResult</varname> contains the condition result of the last time the configured
conditions of this unit were checked. </para>
2020-04-19 14:05:44 +03:00
<para > <varname > Conditions</varname> contains all configured conditions of the unit. For each condition,
2020-04-10 12:34:32 +03:00
five fields are given: condition type (e.g. <varname > ConditionPathExists</varname> ), whether the
condition is a trigger condition, whether the condition is reversed, the right hand side of the
2020-04-12 20:14:20 +03:00
condition (e.g. the path in case of <varname > ConditionPathExists</varname> ), and the status. The status
2020-04-10 12:34:32 +03:00
can be 0, in which case the condition hasn't been checked yet, a positive value, in which case the
2023-04-10 23:22:25 +03:00
condition passed, or a negative value, in which case the condition is not met. Currently only 0, +1, and -1
2020-04-10 12:34:32 +03:00
are used, but additional values may be used in the future, retaining the meaning of
2020-04-19 14:05:44 +03:00
zero/positive/negative values.</para>
2020-04-10 12:34:32 +03:00
<para > <varname > LoadError</varname> contains a pair of strings. If the unit failed to load (as encoded
in <varname > LoadState</varname> , see above), then this will include a D-Bus error pair consisting of
2020-04-19 14:05:44 +03:00
the error ID and an explanatory human readable string of what happened. If it loaded successfully, this
2020-04-10 12:34:32 +03:00
will be a pair of empty strings.</para>
2020-04-19 14:05:44 +03:00
<para > <varname > Transient</varname> contains a boolean that indicates whether the unit was created as a
2022-10-17 12:31:52 +03:00
transient unit (i.e. via <function > StartTransientUnit()</function> on the manager object).</para>
2022-08-02 21:49:20 +03:00
<para > <varname > ActivationDetails</varname> contains a list of string pairs, key and value, that
describe the event that caused the unit to be activated, if any. The key describes the information
(e.g.: <varname > trigger_unit</varname> , with value <varname > foo.service</varname> ). This is only filled
in if the unit was triggered by a <varname > Path</varname> or <varname > Timer</varname> unit, and it is
only provided in a best effort fashion: it is not guaranteed to be set, and it is not guaranteed to be
the only trigger. It is only guaranteed to be a valid trigger that caused the activation job to be
enqueued and complete successfully. The key value pairs correspond (in lowercase) to the environment
2023-05-17 13:24:04 +03:00
variables described in the <literal > Environment Variables Set or Propagated by the Service
Manager</literal> section in
<citerefentry > <refentrytitle > systemd.exec</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> . Note
that new key value pair may be added at any time in future versions. Existing entries will not be
2022-08-02 21:49:20 +03:00
removed.</para>
2020-04-10 12:34:32 +03:00
</refsect2>
2020-04-12 20:14:20 +03:00
<refsect2 >
<title > Security</title>
<para > Similarly to methods on the <interfacename > Manager</interfacename> object, read-only access is
allowed for everyone. All operations are allowed for clients with the
<constant > CAP_SYS_ADMIN</constant> capability or when the
<interfacename > org.freedesktop.systemd1.manage-units</interfacename> privilege is granted by
2020-04-18 18:47:51 +03:00
polkit.</para>
2020-04-12 20:14:20 +03:00
</refsect2>
2020-04-10 12:34:32 +03:00
</refsect1>
<refsect1 >
<title > Service Unit Objects</title>
<para > All service unit objects implement the
<interfacename > org.freedesktop.systemd1.Service</interfacename> interface (described here) in addition to
the generic <interfacename > org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice" interface= "org.freedesktop.systemd1.Service" >
2020-04-21 11:55:25 +03:00
node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
2020-04-10 12:34:32 +03:00
interface org.freedesktop.systemd1.Service {
methods:
2020-07-30 21:37:10 +03:00
BindMount(in s source,
in s destination,
in b read_only,
in b mkdir);
2021-01-21 21:36:33 +03:00
MountImage(in s source,
in s destination,
in b read_only,
in b mkdir,
in a(ss) options);
2023-03-27 19:16:40 +03:00
DumpFileDescriptorStore(out a(suuutuusu) entries);
2020-04-21 11:55:25 +03:00
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
2020-04-10 12:34:32 +03:00
properties:
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Type = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-24 18:13:21 +03:00
readonly s ExitType = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s Restart = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-07-06 15:33:52 +03:00
readonly s RestartMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s PIDFile = '...';
readonly s NotifyAccess = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestartUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-03-20 13:49:39 +03:00
readonly u RestartSteps = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-05-17 19:15:23 +03:00
readonly t RestartMaxDelayUSec = ...;
2023-03-24 21:06:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-03-29 23:04:22 +03:00
readonly t RestartUSecNext = ...;
2023-03-20 13:49:39 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly t TimeoutStartUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutStopUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TimeoutAbortUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:25:44 +03:00
readonly s TimeoutStartFailureMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TimeoutStopFailureMode = '...';
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:25:44 +03:00
readonly t RuntimeMaxUSec = ...;
2021-07-13 20:38:08 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RuntimeRandomizedExtraUSec = ...;
2020-08-22 13:25:44 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t WatchdogUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t WatchdogTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t WatchdogTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RootDirectoryStartOnly = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RemainAfterExit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b GuessMainPID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (aiai) RestartPreventExitStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (aiai) RestartForceExitStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (aiai) SuccessExitStatus = ...;
readonly u MainPID = ...;
readonly u ControlPID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s BusName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u FileDescriptorStoreMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NFileDescriptorStore = ...;
service: add ability to pin fd store
Oftentimes it is useful to allow the per-service fd store to survive
longer than for a restart. This is useful in various scenarios:
1. An fd to some security relevant object needs to be stashed somewhere,
that should not be cleaned automatically, because the security
enforcement would be dropped then.
2. A user namespace fd should be allocated on first invocation and be
kept around until the user logs out (i.e. systemd --user ends), á la
#16328 (This does not implement what #16318 asks for, but should
solve the use-case discussed there.)
3. There's interest in allow a concept of "userspace reboots" where the
kernel stays running, and userspace is swapped out (i.e. all services
exit, and the rootfs transitioned into a new version of it) while
keeping some select resources pinned, very similar to how we
implement a switch root. Thus it is useful to allow services to exit,
while leaving their fds around till the very end.
This is exposed through a new FileDescriptorStorePreserve= setting that
is closely modelled after RuntimeDirectoryPreserve= (in fact it reused
the same internal type), since we want similar behaviour in the end, and
quite often they probably want to be used together.
2023-03-29 23:07:22 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s FileDescriptorStorePreserve = '...';
2020-04-21 11:55:25 +03:00
readonly s StatusText = '...';
readonly i StatusErrno = ...;
readonly s Result = '...';
readonly s ReloadResult = '...';
readonly s CleanResult = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s USBFunctionDescriptors = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s USBFunctionStrings = '...';
readonly u UID = ...;
readonly u GID = ...;
readonly u NRestarts = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s OOMPolicy = '...';
2022-11-07 19:13:15 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) OpenFile = [...];
2023-01-02 18:49:23 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i ReloadSignal = ...;
2020-04-21 11:55:25 +03:00
readonly t ExecMainStartTimestamp = ...;
readonly t ExecMainStartTimestampMonotonic = ...;
readonly t ExecMainExitTimestamp = ...;
readonly t ExecMainExitTimestampMonotonic = ...;
readonly u ExecMainPID = ...;
readonly i ExecMainCode = ...;
readonly i ExecMainStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecCondition = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecConditionEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStartPre = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecStartPreEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStart = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecStartEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStartPost = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecStartPostEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecReload = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecReloadEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStop = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecStopEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStopPost = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecStopPostEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-11 15:24:35 +03:00
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-06 15:15:55 +03:00
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-10 13:44:09 +03:00
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-08 21:22:06 +03:00
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-05-26 21:16:48 +03:00
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-04-21 19:22:35 +03:00
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-04 22:49:46 +03:00
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
2020-03-10 01:09:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-02-17 19:51:27 +03:00
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
2020-12-09 09:07:30 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindAllow = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindDeny = [...];
2021-01-21 23:35:33 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
2023-02-15 21:00:14 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Environment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sb) EnvironmentFiles = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PassEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UnsetEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u UMask = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPU = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPUSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATASoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitAS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitASSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROCSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDING = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDINGSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIO = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIOSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIME = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIMESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s WorkingDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImage = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:39:01 +03:00
readonly a(ss) RootImageOptions = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHash = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHashSignature = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashSignaturePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootVerity = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-06-06 18:44:09 +03:00
readonly b RootEphemeral = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-01-17 04:14:14 +03:00
readonly as ExtensionDirectories = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-22 15:20:33 +03:00
readonly a(sba(ss)) ExtensionImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:39:01 +03:00
readonly a(ssba(ss)) MountImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly i OOMScoreAdjust = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CoredumpFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Nice = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingClass = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay CPUAffinity = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUAffinityFromNUMA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i NUMAPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay NUMAMask = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimerSlackNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUSchedulingResetOnFork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NonBlocking = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay StandardInputData = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardError = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardErrorFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TTYPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYReset = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVHangup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVTDisallocate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-10-28 18:26:50 +03:00
readonly q TTYRows = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYColumns = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly i SyslogPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SyslogIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SyslogLevelPrefix = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogLevel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogFacility = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i LogLevelMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LogRateLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogRateLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly aay LogExtraFields = [[...], ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-11-07 22:30:01 +03:00
readonly a(bs) LogFilterPatterns = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s LogNamespace = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SecureBits = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CapabilityBoundingSet = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t AmbientCapabilities = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s User = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Group = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DynamicUser = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-10-07 15:08:21 +03:00
readonly b SetLoginEnvironment = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b RemoveIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly a(say) SetCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-06-21 15:19:07 +03:00
readonly a(say) SetCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly a(ss) LoadCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-06-21 15:19:07 +03:00
readonly a(ss) LoadCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-01-13 18:22:46 +03:00
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadWritePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadOnlyPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as InaccessiblePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-01-16 14:49:32 +03:00
readonly as ExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as NoExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-09 03:10:47 +03:00
readonly as ExecSearchPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly t MountFlags = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateTmp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateDevices = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectClock = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelTunables = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelModules = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelLogs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectControlGroups = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateNetwork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateUsers = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateMounts = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-16 18:58:56 +03:00
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SameProcessGroup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SELinuxContext = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) AppArmorProfile = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SmackProcessLabel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b IgnoreSIGPIPE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NoNewPrivileges = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SystemCallArchitectures = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SystemCallErrorNumber = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-09-16 19:30:31 +03:00
readonly (bas) SystemCallLog = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s Personality = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b LockPersonality = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictAddressFamilies = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) RuntimeDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s RuntimeDirectoryPreserve = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u RuntimeDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RuntimeDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) StateDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u StateDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as StateDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) CacheDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u CacheDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as CacheDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) LogsDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u LogsDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as LogsDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u ConfigurationDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConfigurationDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutCleanUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryDenyWriteExecute = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictRealtime = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictSUIDSGID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestrictNamespaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-12-11 15:20:23 +03:00
readonly (bas) RestrictFileSystems = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly a(ssbt) BindPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindReadOnlyPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) TemporaryFileSystem = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MountAPIVFS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KeyringMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly s ProtectProc = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProcSubset = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b ProtectHostname = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-02-28 23:39:35 +03:00
readonly b MemoryKSM = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s NetworkNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-16 18:58:56 +03:00
readonly s IPCNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-11-30 20:43:18 +03:00
readonly s RootImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s MountImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ExtensionImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s KillMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i KillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i RestartKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGKILL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGHUP = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i WatchdogSignal = ...;
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
2020-04-10 12:34:32 +03:00
};
</programlisting>
2020-04-21 11:55:25 +03:00
<!-- method GetProcesses is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<!-- method AttachProcesses is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<!-- property Type is not documented! -->
2020-04-10 12:34:32 +03:00
2021-02-24 18:13:21 +03:00
<!-- property ExitType is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property Restart is not documented! -->
2020-04-10 12:34:32 +03:00
2023-07-06 15:33:52 +03:00
<!-- property RestartMode is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property PIDFile is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<!-- property NotifyAccess is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<!-- property RestartUSec is not documented! -->
2020-04-10 12:34:32 +03:00
2023-03-20 13:49:39 +03:00
<!-- property RestartSteps is not documented! -->
2023-05-17 19:15:23 +03:00
<!-- property RestartMaxDelayUSec is not documented! -->
2023-03-20 13:49:39 +03:00
2023-03-29 23:04:22 +03:00
<!-- property RestartUSecNext is not documented! -->
2023-03-24 21:06:42 +03:00
2020-08-22 13:25:44 +03:00
<!-- property TimeoutStartFailureMode is not documented! -->
<!-- property TimeoutStopFailureMode is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property RuntimeMaxUSec is not documented! -->
2020-04-10 12:34:32 +03:00
2021-07-13 20:38:08 +03:00
<!-- property RuntimeRandomizedExtraUSec is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property WatchdogUSec is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<!-- property RootDirectoryStartOnly is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<!-- property RemainAfterExit is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<!-- property GuessMainPID is not documented! -->
<!-- property RestartPreventExitStatus is not documented! -->
<!-- property RestartForceExitStatus is not documented! -->
<!-- property SuccessExitStatus is not documented! -->
<!-- property BusName is not documented! -->
<!-- property FileDescriptorStoreMax is not documented! -->
<!-- property NFileDescriptorStore is not documented! -->
service: add ability to pin fd store
Oftentimes it is useful to allow the per-service fd store to survive
longer than for a restart. This is useful in various scenarios:
1. An fd to some security relevant object needs to be stashed somewhere,
that should not be cleaned automatically, because the security
enforcement would be dropped then.
2. A user namespace fd should be allocated on first invocation and be
kept around until the user logs out (i.e. systemd --user ends), á la
#16328 (This does not implement what #16318 asks for, but should
solve the use-case discussed there.)
3. There's interest in allow a concept of "userspace reboots" where the
kernel stays running, and userspace is swapped out (i.e. all services
exit, and the rootfs transitioned into a new version of it) while
keeping some select resources pinned, very similar to how we
implement a switch root. Thus it is useful to allow services to exit,
while leaving their fds around till the very end.
This is exposed through a new FileDescriptorStorePreserve= setting that
is closely modelled after RuntimeDirectoryPreserve= (in fact it reused
the same internal type), since we want similar behaviour in the end, and
quite often they probably want to be used together.
2023-03-29 23:07:22 +03:00
<!-- property FileDescriptorStorePreserve is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property StatusErrno is not documented! -->
<!-- property ReloadResult is not documented! -->
<!-- property CleanResult is not documented! -->
<!-- property USBFunctionDescriptors is not documented! -->
<!-- property USBFunctionStrings is not documented! -->
<!-- property UID is not documented! -->
<!-- property GID is not documented! -->
<!-- property NRestarts is not documented! -->
<!-- property OOMPolicy is not documented! -->
2022-11-07 19:13:15 +03:00
<!-- property OpenFile is not documented! -->
2023-01-02 18:49:23 +03:00
<!-- property ReloadSignal is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property ExecCondition is not documented! -->
<!-- property ExecConditionEx is not documented! -->
<!-- property ExecStartPreEx is not documented! -->
<!-- property ExecStartEx is not documented! -->
<!-- property ExecStartPostEx is not documented! -->
<!-- property ExecReloadEx is not documented! -->
<!-- property ExecStopEx is not documented! -->
<!-- property ExecStopPost is not documented! -->
<!-- property ExecStopPostEx is not documented! -->
<!-- property Slice is not documented! -->
2022-02-11 15:24:35 +03:00
<!-- property ControlGroupId is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryCurrent is not documented! -->
2023-11-06 15:15:55 +03:00
<!-- property MemoryPeak is not documented! -->
2023-11-10 13:44:09 +03:00
<!-- property MemorySwapCurrent is not documented! -->
2023-11-08 21:22:06 +03:00
<!-- property MemorySwapPeak is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property CPUUsageNSec is not documented! -->
<!-- property EffectiveCPUs is not documented! -->
<!-- property EffectiveMemoryNodes is not documented! -->
<!-- property TasksCurrent is not documented! -->
<!-- property IPIngressBytes is not documented! -->
<!-- property IPIngressPackets is not documented! -->
<!-- property IPEgressBytes is not documented! -->
<!-- property IPEgressPackets is not documented! -->
<!-- property IOReadBytes is not documented! -->
<!-- property IOReadOperations is not documented! -->
<!-- property IOWriteBytes is not documented! -->
<!-- property IOWriteOperations is not documented! -->
<!-- property Delegate is not documented! -->
<!-- property DelegateControllers is not documented! -->
<!-- property CPUAccounting is not documented! -->
<!-- property CPUWeight is not documented! -->
<!-- property StartupCPUWeight is not documented! -->
<!-- property CPUShares is not documented! -->
<!-- property StartupCPUShares is not documented! -->
<!-- property CPUQuotaPerSecUSec is not documented! -->
<!-- property CPUQuotaPeriodUSec is not documented! -->
<!-- property AllowedCPUs is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedCPUs is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property AllowedMemoryNodes is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedMemoryNodes is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property IOAccounting is not documented! -->
<!-- property IOWeight is not documented! -->
<!-- property StartupIOWeight is not documented! -->
<!-- property IODeviceWeight is not documented! -->
<!-- property IOReadBandwidthMax is not documented! -->
<!-- property IOWriteBandwidthMax is not documented! -->
<!-- property IOReadIOPSMax is not documented! -->
<!-- property IOWriteIOPSMax is not documented! -->
<!-- property IODeviceLatencyTargetUSec is not documented! -->
<!-- property BlockIOAccounting is not documented! -->
<!-- property BlockIOWeight is not documented! -->
<!-- property StartupBlockIOWeight is not documented! -->
<!-- property BlockIODeviceWeight is not documented! -->
<!-- property BlockIOReadBandwidth is not documented! -->
<!-- property BlockIOWriteBandwidth is not documented! -->
<!-- property MemoryAccounting is not documented! -->
<!-- property DefaultMemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property DefaultStartupMemoryLow is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property DefaultMemoryMin is not documented! -->
<!-- property MemoryMin is not documented! -->
<!-- property MemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryLow is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryHigh is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryHigh is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryMax is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemorySwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemorySwapMax is not documented! -->
2022-02-04 22:49:46 +03:00
<!-- property MemoryZSwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryZSwapMax is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryLimit is not documented! -->
<!-- property DevicePolicy is not documented! -->
<!-- property DeviceAllow is not documented! -->
<!-- property TasksAccounting is not documented! -->
<!-- property TasksMax is not documented! -->
<!-- property IPAccounting is not documented! -->
<!-- property IPAddressAllow is not documented! -->
<!-- property IPAddressDeny is not documented! -->
<!-- property IPIngressFilterPath is not documented! -->
<!-- property IPEgressFilterPath is not documented! -->
<!-- property DisableControllers is not documented! -->
2020-03-10 01:09:17 +03:00
<!-- property ManagedOOMSwap is not documented! -->
<!-- property ManagedOOMMemoryPressure is not documented! -->
2021-02-17 19:51:27 +03:00
<!-- property ManagedOOMMemoryPressureLimit is not documented! -->
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<!-- property ManagedOOMPreference is not documented! -->
2020-12-09 09:07:30 +03:00
<!-- property BPFProgram is not documented! -->
2020-11-18 11:31:55 +03:00
<!-- property SocketBindAllow is not documented! -->
<!-- property SocketBindDeny is not documented! -->
2021-01-21 23:35:33 +03:00
<!-- property RestrictNetworkInterfaces is not documented! -->
2023-02-15 21:00:14 +03:00
<!-- property MemoryPressureWatch is not documented! -->
<!-- property MemoryPressureThresholdUSec is not documented! -->
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<!-- property NFTSet is not documented! -->
2023-10-11 17:46:42 +03:00
<!-- property CoredumpReceive is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property EnvironmentFiles is not documented! -->
<!-- property PassEnvironment is not documented! -->
<!-- property UnsetEnvironment is not documented! -->
<!-- property UMask is not documented! -->
<!-- property LimitCPUSoft is not documented! -->
<!-- property LimitFSIZE is not documented! -->
<!-- property LimitFSIZESoft is not documented! -->
<!-- property LimitDATA is not documented! -->
<!-- property LimitDATASoft is not documented! -->
<!-- property LimitSTACK is not documented! -->
<!-- property LimitSTACKSoft is not documented! -->
<!-- property LimitCORE is not documented! -->
<!-- property LimitCORESoft is not documented! -->
<!-- property LimitRSS is not documented! -->
<!-- property LimitRSSSoft is not documented! -->
<!-- property LimitNOFILE is not documented! -->
<!-- property LimitNOFILESoft is not documented! -->
<!-- property LimitAS is not documented! -->
<!-- property LimitASSoft is not documented! -->
<!-- property LimitNPROC is not documented! -->
<!-- property LimitNPROCSoft is not documented! -->
<!-- property LimitMEMLOCK is not documented! -->
<!-- property LimitMEMLOCKSoft is not documented! -->
<!-- property LimitLOCKS is not documented! -->
<!-- property LimitLOCKSSoft is not documented! -->
<!-- property LimitSIGPENDING is not documented! -->
<!-- property LimitSIGPENDINGSoft is not documented! -->
<!-- property LimitMSGQUEUE is not documented! -->
<!-- property LimitMSGQUEUESoft is not documented! -->
<!-- property LimitNICE is not documented! -->
<!-- property LimitNICESoft is not documented! -->
<!-- property LimitRTPRIO is not documented! -->
<!-- property LimitRTPRIOSoft is not documented! -->
<!-- property LimitRTTIME is not documented! -->
<!-- property LimitRTTIMESoft is not documented! -->
<!-- property WorkingDirectory is not documented! -->
2020-08-22 13:39:01 +03:00
<!-- property RootHashPath is not documented! -->
<!-- property RootHashSignaturePath is not documented! -->
2023-06-06 18:44:09 +03:00
<!-- property RootEphemeral is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property OOMScoreAdjust is not documented! -->
<!-- property CoredumpFilter is not documented! -->
<!-- property Nice is not documented! -->
<!-- property IOSchedulingClass is not documented! -->
<!-- property IOSchedulingPriority is not documented! -->
<!-- property CPUSchedulingPolicy is not documented! -->
<!-- property CPUSchedulingPriority is not documented! -->
<!-- property CPUAffinity is not documented! -->
<!-- property CPUAffinityFromNUMA is not documented! -->
<!-- property NUMAPolicy is not documented! -->
<!-- property NUMAMask is not documented! -->
<!-- property TimerSlackNSec is not documented! -->
<!-- property CPUSchedulingResetOnFork is not documented! -->
<!-- property NonBlocking is not documented! -->
<!-- property StandardInput is not documented! -->
<!-- property StandardInputFileDescriptorName is not documented! -->
<!-- property StandardInputData is not documented! -->
<!-- property StandardOutput is not documented! -->
<!-- property StandardOutputFileDescriptorName is not documented! -->
<!-- property StandardError is not documented! -->
<!-- property StandardErrorFileDescriptorName is not documented! -->
<!-- property TTYPath is not documented! -->
<!-- property TTYReset is not documented! -->
<!-- property TTYVHangup is not documented! -->
<!-- property TTYVTDisallocate is not documented! -->
2021-10-28 18:26:50 +03:00
<!-- property TTYRows is not documented! -->
<!-- property TTYColumns is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property SyslogPriority is not documented! -->
<!-- property SyslogIdentifier is not documented! -->
<!-- property SyslogLevelPrefix is not documented! -->
<!-- property SyslogLevel is not documented! -->
<!-- property SyslogFacility is not documented! -->
<!-- property LogLevelMax is not documented! -->
<!-- property LogRateLimitIntervalUSec is not documented! -->
<!-- property LogRateLimitBurst is not documented! -->
<!-- property LogExtraFields is not documented! -->
2022-11-07 22:30:01 +03:00
<!-- property LogFilterPatterns is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property LogNamespace is not documented! -->
<!-- property AmbientCapabilities is not documented! -->
<!-- property User is not documented! -->
<!-- property Group is not documented! -->
<!-- property DynamicUser is not documented! -->
2023-10-07 15:08:21 +03:00
<!-- property SetLoginEnvironment is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property RemoveIPC is not documented! -->
2020-08-27 21:20:08 +03:00
<!-- property SetCredential is not documented! -->
2021-06-21 15:19:07 +03:00
<!-- property SetCredentialEncrypted is not documented! -->
2020-08-27 21:20:08 +03:00
<!-- property LoadCredential is not documented! -->
2021-06-21 15:19:07 +03:00
<!-- property LoadCredentialEncrypted is not documented! -->
2023-01-13 18:22:46 +03:00
<!-- property ImportCredential is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property SupplementaryGroups is not documented! -->
<!-- property PAMName is not documented! -->
<!-- property ReadWritePaths is not documented! -->
<!-- property ReadOnlyPaths is not documented! -->
<!-- property InaccessiblePaths is not documented! -->
2021-01-16 14:49:32 +03:00
<!-- property ExecPaths is not documented! -->
<!-- property NoExecPaths is not documented! -->
2021-07-09 03:10:47 +03:00
<!-- property ExecSearchPath is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property PrivateTmp is not documented! -->
<!-- property PrivateDevices is not documented! -->
<!-- property ProtectClock is not documented! -->
<!-- property ProtectKernelTunables is not documented! -->
<!-- property ProtectKernelModules is not documented! -->
<!-- property ProtectKernelLogs is not documented! -->
<!-- property ProtectControlGroups is not documented! -->
<!-- property PrivateNetwork is not documented! -->
<!-- property PrivateUsers is not documented! -->
<!-- property PrivateMounts is not documented! -->
2021-02-16 18:58:56 +03:00
<!-- property PrivateIPC is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property ProtectHome is not documented! -->
<!-- property ProtectSystem is not documented! -->
<!-- property SameProcessGroup is not documented! -->
<!-- property UtmpIdentifier is not documented! -->
<!-- property UtmpMode is not documented! -->
<!-- property SELinuxContext is not documented! -->
<!-- property AppArmorProfile is not documented! -->
<!-- property SmackProcessLabel is not documented! -->
<!-- property IgnoreSIGPIPE is not documented! -->
<!-- property NoNewPrivileges is not documented! -->
<!-- property SystemCallFilter is not documented! -->
<!-- property SystemCallArchitectures is not documented! -->
<!-- property SystemCallErrorNumber is not documented! -->
2020-09-16 19:30:31 +03:00
<!-- property SystemCallLog is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property Personality is not documented! -->
<!-- property LockPersonality is not documented! -->
<!-- property RestrictAddressFamilies is not documented! -->
<!-- property RuntimeDirectoryPreserve is not documented! -->
<!-- property RuntimeDirectoryMode is not documented! -->
<!-- property StateDirectoryMode is not documented! -->
<!-- property CacheDirectoryMode is not documented! -->
<!-- property LogsDirectoryMode is not documented! -->
<!-- property ConfigurationDirectoryMode is not documented! -->
<!-- property ConfigurationDirectory is not documented! -->
<!-- property TimeoutCleanUSec is not documented! -->
<!-- property MemoryDenyWriteExecute is not documented! -->
<!-- property RestrictRealtime is not documented! -->
<!-- property RestrictSUIDSGID is not documented! -->
<!-- property RestrictNamespaces is not documented! -->
2020-12-11 15:20:23 +03:00
<!-- property RestrictFileSystems is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property BindPaths is not documented! -->
<!-- property BindReadOnlyPaths is not documented! -->
<!-- property TemporaryFileSystem is not documented! -->
<!-- property MountAPIVFS is not documented! -->
<!-- property KeyringMode is not documented! -->
2020-08-27 21:20:08 +03:00
<!-- property ProtectProc is not documented! -->
<!-- property ProcSubset is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property ProtectHostname is not documented! -->
2023-02-28 23:39:35 +03:00
<!-- property MemoryKSM is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property NetworkNamespacePath is not documented! -->
2021-02-16 18:58:56 +03:00
<!-- property IPCNamespacePath is not documented! -->
2022-11-30 20:43:18 +03:00
<!-- property RootImagePolicy is not documented! -->
<!-- property MountImagePolicy is not documented! -->
<!-- property ExtensionImagePolicy is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property KillMode is not documented! -->
<!-- property KillSignal is not documented! -->
<!-- property RestartKillSignal is not documented! -->
<!-- property FinalKillSignal is not documented! -->
<!-- property SendSIGKILL is not documented! -->
<!-- property SendSIGHUP is not documented! -->
<!-- property WatchdogSignal is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Service" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-21 11:55:25 +03:00
2020-04-24 13:08:10 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Service" />
2020-07-30 21:37:10 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "BindMount()" />
2021-01-21 21:36:33 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "MountImage()" />
2023-03-27 19:16:40 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "DumpFileDescriptorStore()" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetProcesses()" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "AttachProcesses()" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Type" />
2020-04-21 11:55:25 +03:00
2021-02-24 18:13:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExitType" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Restart" />
2020-04-21 11:55:25 +03:00
2023-07-06 15:33:52 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartMode" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PIDFile" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NotifyAccess" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartUSec" />
2020-04-21 11:55:25 +03:00
2023-03-20 13:49:39 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartSteps" />
2023-05-17 19:15:23 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartMaxDelayUSec" />
2023-03-20 13:49:39 +03:00
2023-03-29 23:04:22 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartUSecNext" />
2023-03-24 21:06:42 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutStartUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutStopUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutAbortUSec" />
2020-08-22 13:25:44 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutStartFailureMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutStopFailureMode" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeMaxUSec" />
2021-07-13 20:38:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeRandomizedExtraUSec" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootDirectoryStartOnly" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RemainAfterExit" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "GuessMainPID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartPreventExitStatus" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartForceExitStatus" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SuccessExitStatus" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MainPID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlPID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BusName" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "FileDescriptorStoreMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NFileDescriptorStore" />
service: add ability to pin fd store
Oftentimes it is useful to allow the per-service fd store to survive
longer than for a restart. This is useful in various scenarios:
1. An fd to some security relevant object needs to be stashed somewhere,
that should not be cleaned automatically, because the security
enforcement would be dropped then.
2. A user namespace fd should be allocated on first invocation and be
kept around until the user logs out (i.e. systemd --user ends), á la
#16328 (This does not implement what #16318 asks for, but should
solve the use-case discussed there.)
3. There's interest in allow a concept of "userspace reboots" where the
kernel stays running, and userspace is swapped out (i.e. all services
exit, and the rootfs transitioned into a new version of it) while
keeping some select resources pinned, very similar to how we
implement a switch root. Thus it is useful to allow services to exit,
while leaving their fds around till the very end.
This is exposed through a new FileDescriptorStorePreserve= setting that
is closely modelled after RuntimeDirectoryPreserve= (in fact it reused
the same internal type), since we want similar behaviour in the end, and
quite often they probably want to be used together.
2023-03-29 23:07:22 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "FileDescriptorStorePreserve" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StatusText" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StatusErrno" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Result" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReloadResult" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CleanResult" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "USBFunctionDescriptors" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "USBFunctionStrings" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "GID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NRestarts" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "OOMPolicy" />
2022-11-07 19:13:15 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "OpenFile" />
2023-01-02 18:49:23 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReloadSignal" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecMainStartTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecMainStartTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecMainExitTimestamp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecMainExitTimestampMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecMainPID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecMainCode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecMainStatus" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecCondition" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecConditionEx" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStartPre" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStartPreEx" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStart" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStartEx" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStartPost" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStartPostEx" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecReload" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecReloadEx" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStop" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStopEx" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStopPost" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStopPostEx" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Slice" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroup" />
2022-02-11 15:24:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroupId" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryCurrent" />
2023-11-06 15:15:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPeak" />
2023-11-10 13:44:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapCurrent" />
2023-11-08 21:22:06 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapPeak" />
2021-05-26 21:16:48 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAvailable" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUUsageNSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveCPUs" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveMemoryNodes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksCurrent" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressPackets" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressPackets" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadOperations" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteOperations" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Delegate" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateControllers" />
2023-04-21 19:22:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateSubgroup" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUShares" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUShares" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPerSecUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPeriodUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedCPUs" />
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedCPUs" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedMemoryNodes" />
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedMemoryNodes" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupIOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBandwidthMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBandwidthMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadIOPSMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteIOPSMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceLatencyTargetUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupBlockIOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIODeviceWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOReadBandwidth" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWriteBandwidth" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryLow" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultStartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryMin" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMin" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLow" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryHigh" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryHigh" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemorySwapMax" />
2022-02-04 22:49:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryZSwapMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryZSwapMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLimit" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DevicePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DeviceAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressDeny" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressFilterPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressFilterPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DisableControllers" />
2020-03-10 01:09:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMSwap" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressure" />
2021-02-17 19:51:27 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressureLimit" />
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMPreference" />
2020-12-09 09:07:30 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BPFProgram" />
2020-11-18 11:31:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindDeny" />
2021-01-21 23:35:33 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictNetworkInterfaces" />
2023-02-15 21:00:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureWatch" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureThresholdUSec" />
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NFTSet" />
2023-10-11 17:46:42 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CoredumpReceive" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Environment" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "EnvironmentFiles" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PassEnvironment" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnsetEnvironment" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UMask" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCPU" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCPUSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitFSIZE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitFSIZESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitDATA" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitDATASoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSTACK" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSTACKSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCORE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCORESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRSS" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRSSSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNOFILE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNOFILESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitAS" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitASSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNPROC" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNPROCSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMEMLOCK" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMEMLOCKSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitLOCKS" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitLOCKSSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSIGPENDING" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSIGPENDINGSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMSGQUEUE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMSGQUEUESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNICE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNICESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTPRIO" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTPRIOSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTTIME" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTTIMESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "WorkingDirectory" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootDirectory" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImage" />
2020-08-22 13:39:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImageOptions" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHash" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashSignature" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashSignaturePath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootVerity" />
2023-06-06 18:44:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootEphemeral" />
2022-01-17 04:14:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionDirectories" />
2021-02-22 15:20:33 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionImages" />
2020-08-22 13:39:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountImages" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "OOMScoreAdjust" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CoredumpFilter" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Nice" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOSchedulingClass" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOSchedulingPriority" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingPolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingPriority" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAffinity" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAffinityFromNUMA" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NUMAPolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NUMAMask" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimerSlackNSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingResetOnFork" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NonBlocking" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInput" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInputFileDescriptorName" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInputData" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardOutput" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardOutputFileDescriptorName" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardError" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardErrorFileDescriptorName" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYReset" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYVHangup" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYVTDisallocate" />
2021-10-28 18:26:50 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYRows" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYColumns" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogPriority" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogIdentifier" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogLevelPrefix" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogLevel" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogFacility" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogLevelMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogRateLimitIntervalUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogRateLimitBurst" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogExtraFields" />
2022-11-07 22:30:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogFilterPatterns" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogNamespace" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SecureBits" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CapabilityBoundingSet" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AmbientCapabilities" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "User" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Group" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DynamicUser" />
2023-10-07 15:08:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetLoginEnvironment" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RemoveIPC" />
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetCredential" />
2021-06-21 15:19:07 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetCredentialEncrypted" />
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoadCredential" />
2021-06-21 15:19:07 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoadCredentialEncrypted" />
2023-01-13 18:22:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ImportCredential" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SupplementaryGroups" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PAMName" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReadWritePaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReadOnlyPaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InaccessiblePaths" />
2021-01-16 14:49:32 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecPaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NoExecPaths" />
2021-07-09 03:10:47 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecSearchPath" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountFlags" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateTmp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateDevices" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectClock" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelTunables" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelModules" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelLogs" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectControlGroups" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateNetwork" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateUsers" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateMounts" />
2021-02-16 18:58:56 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateIPC" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectHome" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectSystem" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SameProcessGroup" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UtmpIdentifier" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UtmpMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SELinuxContext" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AppArmorProfile" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SmackProcessLabel" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IgnoreSIGPIPE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NoNewPrivileges" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallFilter" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallArchitectures" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallErrorNumber" />
2020-09-16 19:30:31 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallLog" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Personality" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LockPersonality" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictAddressFamilies" />
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectoryPreserve" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectoryMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectory" />
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectoryMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectory" />
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectoryMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectory" />
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectoryMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectory" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConfigurationDirectoryMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConfigurationDirectory" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutCleanUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryDenyWriteExecute" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictRealtime" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictSUIDSGID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictNamespaces" />
2020-12-11 15:20:23 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictFileSystems" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindPaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindReadOnlyPaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TemporaryFileSystem" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountAPIVFS" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "KeyringMode" />
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectProc" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProcSubset" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectHostname" />
2023-02-28 23:39:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryKSM" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NetworkNamespacePath" />
2021-02-16 18:58:56 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPCNamespacePath" />
2022-11-30 20:43:18 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImagePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountImagePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionImagePolicy" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KillMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "KillSignal" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartKillSignal" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "FinalKillSignal" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendSIGKILL" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendSIGHUP" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogSignal" />
<!-- End of Autogenerated section -->
2020-07-30 21:37:10 +03:00
<refsect2 >
<title > Methods</title>
2021-01-21 21:36:33 +03:00
<para > <function > BindMount()</function> and <function > MountImage()</function> implement the same operations
as the respective methods on the <interfacename > Manager</interfacename> object (see above). However, these
methods operate on the service object and hence do not take a unit name parameter. Invoking the methods
directly on the Manager object has the advantage of not requiring a <function > GetUnit()</function> call
to get the unit object for a specific unit name. Calling the methods on the Manager object is hence a round
trip optimization.</para>
2023-03-27 19:16:40 +03:00
<para > <function > DumpFileDescriptorStore()</function> returns an array with information about the file
descriptors currently in the file descriptor store of the service. Each entry consists of a file
descriptor name (i.e. the <varname > FDNAME=</varname> field), the file descriptor inode type and access
mode as integer (i.e. a <type > mode_t</type> value, flags such as <constant > S_IFREG</constant> ,
<constant > S_IRUSR</constant> , …), the major and minor numbers of the device number of the file system
backing the inode of the file descriptor, the inode number, the major and minor numbers of the device
number if this refers to a character or block device node, a file system path pointing to the inode,
and the file descriptor flags (i.e. <constant > O_RDWR</constant> , <constant > O_RDONLY</constant> ,
…).</para>
2020-07-30 21:37:10 +03:00
</refsect2>
2020-04-21 11:29:09 +03:00
<refsect2 >
<title > Properties</title>
<para > Most properties of the Service interface map directly to the corresponding settings in service
unit files. For the sake of brevity, here's a list of all exceptions only:</para>
2020-08-27 16:45:29 +03:00
<para > <varname > TimeoutStartUSec</varname> , <varname > TimeoutStopUSec</varname> and
<varname > TimeoutAbortUSec</varname> contain the start, stop and abort timeouts, in microseconds. Note
the slight difference in naming when compared to the matching unit file settings (see
<citerefentry > <refentrytitle > systemd.service</refentrytitle> <manvolnum > 7</manvolnum> </citerefentry> ):
these bus properties strictly use microseconds (and thus are suffixed <varname > …USec</varname> ) while
the unit file settings default to a time unit of seconds (and thus are suffixed
<varname > …Sec</varname> ), unless a different unit is explicitly specified. This reflects that fact that
internally the service manager deals in microsecond units only, and the bus properties are a relatively
low-level (binary) concept exposing this. The unit file settings on the other hand are relatively
high-level (string-based) concepts and thus support more user friendly time specifications which
default to second time units but allow other units too, if specified.</para>
2020-04-21 11:29:09 +03:00
<para > <varname > WatchdogTimestamp</varname> and <varname > WatchdogTimestampMonotonic</varname> contain
<constant > CLOCK_REALTIME</constant> /<constant > CLOCK_MONOTONIC</constant> microsecond timestamps of the
last watchdog ping received from the service, or 0 if none was ever received.</para>
<para > <varname > ExecStartPre</varname> , <varname > ExecStart</varname> , <varname > ExecStartPost</varname> ,
<varname > ExecReload</varname> , <varname > ExecStop</varname> , and <varname > ExecStop</varname> are arrays
of structures where each struct contains: the binary path to execute; an array with all arguments to
pass to the executed command, starting with argument 0; a boolean whether it should be considered a
failure if the process exits uncleanly; two pairs of
<constant > CLOCK_REALTIME</constant> /<constant > CLOCK_MONOTONIC</constant> microsecond timestamps when
the process began and finished running the last time, or 0 if it never ran or never finished running;
the PID of the process, or 0 if it has not run yet; the exit code and status of the last run. This
field hence maps more or less to the corresponding setting in the service unit file but is augmented
with runtime data.</para>
<para > <varname > LimitCPU</varname> (and related properties) map more or less directly to the
corresponding settings in the service unit files except that if they aren't set, their value is
18446744073709551615 (i.e. -1).</para>
<para > <varname > Capabilities</varname> contains the configured capabilities, as formatted with
<citerefentry project= "man-pages" > <refentrytitle > cap_to_text</refentrytitle> <manvolnum > 3</manvolnum> </citerefentry> .
</para>
<para > <varname > SecureBits</varname> , <varname > CapabilityBoundingSet</varname> ,
<varname > MountFlags</varname> also correspond to the configured settings of the unit files, but
instead of being formatted as strings, they are encoded as the actual binary flags they are.
</para>
<para > <varname > ExecMainStartTimestamp</varname> , <varname > ExecMainStartTimestampMonotonic</varname> ,
<varname > ExecMainExitTimestamp</varname> , <varname > ExecMainExitTimestampMonotonic</varname> ,
<varname > ExecMainPID</varname> , <varname > ExecMainCode</varname> , <varname > ExecMainStatus</varname>
contain information about the main process of the service as far as it is known. This is often the same
runtime information that is stored in <varname > ExecStart</varname> . However, it deviates for
<varname > Type=forking</varname> services where the main process of the service is not forked off
systemd directly. These fields either contain information of the last run of the process or of the
current running process.</para>
<para > <varname > MainPID</varname> and <varname > ControlPID</varname> contain the main and control PID of
the service. The main PID is the current main PID of the service and is 0 when the service currently
has no main PID. The control PID is the PID of the current start/stop/reload process running and is 0
if no such process is currently running. That means that <varname > ExecMainPID</varname> and
<varname > MainPID</varname> differ in the way that the latter immediately reflects whether a main
process is currently running while the latter possible contains information collected from the last run
even if the process is no longer around.</para>
<para > <varname > StatusText</varname> contains the status text passed to the service manager via a call
to
<citerefentry > <refentrytitle > sd_notify</refentrytitle> <manvolnum > 3</manvolnum> </citerefentry> .
This may be used by services to inform the service manager about its internal state with a nice
explanatory string.</para>
<para > <varname > Result</varname> encodes the execution result of the last run of the service. It is
useful to determine the reason a service failed if it is in the <literal > failed</literal> state (see
<varname > ActiveState</varname> above). The following values are currently known:
<literal > success</literal> is set if the unit didn't fail. <literal > resources</literal> indicates that
not enough resources were available to fork off and execute the service
2020-05-22 10:39:36 +03:00
processes. <literal > timeout</literal> indicates that a timeout occurred while executing a service
2020-04-21 11:29:09 +03:00
operation. <literal > exit-code</literal> indicates that a service process exited with an unclean exit
code. <literal > signal</literal> indicates that a service process exited with an uncaught
signal. <literal > core-dump</literal> indicates that a service process exited uncleanly and dumped
core. <literal > watchdog</literal> indicates that a service did not send out watchdog ping messages
often enough. <literal > start-limit</literal> indicates that a service has been started too frequently
in a specific time frame (as configured in <varname > StartLimitInterval</varname> ,
<varname > StartLimitBurst</varname> ).</para>
<para > <varname > ControlGroup</varname> indicates the control group path the processes of this service
unit are placed in.</para>
2021-02-22 15:20:33 +03:00
<para > The following properties map 1:1 to corresponding settings in the unit file:
<varname > RootDirectory</varname>
<varname > RootImage</varname>
<varname > RootImageOptions</varname>
<varname > RootVerity</varname>
<varname > RootHash</varname>
<varname > RootHashSignature</varname>
<varname > MountImages</varname>
<varname > ExtensionImages</varname>
2022-01-17 04:14:14 +03:00
<varname > ExtensionDirectories</varname>
2021-02-22 15:20:33 +03:00
see systemd.exec(5) for their meaning.</para>
2021-05-26 21:16:48 +03:00
2023-09-07 21:00:28 +03:00
<para > <varname > MemoryAvailable</varname> takes into account unit's and parents' <literal > MemoryMax</literal>
or <literal > MemoryHigh</literal> or physically available RAM versus given level's memory consumption
and takes minimum. Beware that other units below the tightest parent slice may consume the memory quicker
and less than reported value would remain for own allocation.
It works better in conjunction with <varname > MemoryAccounting=yes</varname> on involved units.</para>
2021-07-14 20:22:21 +03:00
2023-04-21 19:22:35 +03:00
<para > <varname > DelegateSubgroup</varname> contains the cgroup subgroup to place invoked unit processes
in. As configured by the option of the same name in unit files. This is set to the empty string when it
does not apply or no subgroup has been configured.</para>
2021-07-14 20:22:21 +03:00
<para > <varname > RuntimeDirectorySymlink</varname> , <varname > StateDirectorySymlink</varname> ,
<varname > CacheDirectorySymlink</varname> and <varname > LogsDirectorySymlink</varname> respectively
implement the destination parameter of the unit files settings <varname > RuntimeDirectory</varname> ,
<varname > StateDirectory</varname> , <varname > CacheDirectory</varname> and <varname > LogsDirectory</varname> ,
which will create a symlink of the given name to the respective directory. The messages take an unused
<varname > flags</varname> parameter, reserved for future backward-compatible changes.</para>
2020-04-21 11:29:09 +03:00
</refsect2>
</refsect1>
<refsect1 >
<title > Socket Unit Objects</title>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket" interface= "org.freedesktop.systemd1.Socket" >
2020-04-21 11:29:09 +03:00
node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
interface org.freedesktop.systemd1.Socket {
methods:
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s BindIPv6Only = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u Backlog = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s BindToDevice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SocketUser = '...';
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SocketGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u SocketMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u DirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Accept = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-09-16 11:01:13 +03:00
readonly b FlushPending = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b Writable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b KeepAlive = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t KeepAliveTimeUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t KeepAliveIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u KeepAliveProbes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DeferAcceptUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NoDelay = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Priority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t ReceiveBuffer = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t SendBuffer = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IPTOS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IPTTL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t PipeSize = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b FreeBind = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Transparent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Broadcast = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PassCredentials = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PassSecurity = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:25:44 +03:00
readonly b PassPacketInfo = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-10-26 19:40:55 +03:00
readonly s Timestamping = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b RemoveOnStop = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) Listen = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Symlinks = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Mark = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u MaxConnections = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u MaxConnectionsPerSource = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly x MessageQueueMaxMessages = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly x MessageQueueMessageSize = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TCPCongestion = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ReusePort = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SmackLabel = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SmackLabelIPIn = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SmackLabelIPOut = '...';
readonly u ControlPID = ...;
readonly s Result = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NConnections = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NAccepted = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NRefused = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s FileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SocketProtocol = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TriggerLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u TriggerLimitBurst = ...;
2023-09-09 15:46:32 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t PollLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u PollLimitBurst = ...;
2020-04-21 11:55:25 +03:00
readonly u UID = ...;
readonly u GID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStartPre = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStartPost = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStopPre = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStopPost = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-11 15:24:35 +03:00
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-06 15:15:55 +03:00
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-10 13:44:09 +03:00
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-08 21:22:06 +03:00
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-05-26 21:16:48 +03:00
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-04-21 19:22:35 +03:00
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-04 22:49:46 +03:00
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
2020-03-10 01:09:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-02-17 19:51:27 +03:00
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
2020-12-09 09:07:30 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindAllow = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindDeny = [...];
2021-01-21 23:35:33 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
2023-02-15 21:00:14 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Environment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sb) EnvironmentFiles = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PassEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UnsetEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u UMask = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPU = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPUSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATASoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitAS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitASSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROCSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDING = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDINGSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIO = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIOSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIME = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIMESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s WorkingDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImage = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:39:01 +03:00
readonly a(ss) RootImageOptions = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHash = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHashSignature = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashSignaturePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootVerity = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-06-06 18:44:09 +03:00
readonly b RootEphemeral = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-01-17 04:14:14 +03:00
readonly as ExtensionDirectories = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-22 15:20:33 +03:00
readonly a(sba(ss)) ExtensionImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:39:01 +03:00
readonly a(ssba(ss)) MountImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly i OOMScoreAdjust = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CoredumpFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Nice = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingClass = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay CPUAffinity = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUAffinityFromNUMA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i NUMAPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay NUMAMask = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimerSlackNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUSchedulingResetOnFork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NonBlocking = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay StandardInputData = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardError = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardErrorFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TTYPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYReset = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVHangup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVTDisallocate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-10-28 18:26:50 +03:00
readonly q TTYRows = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYColumns = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly i SyslogPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SyslogIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SyslogLevelPrefix = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogLevel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogFacility = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i LogLevelMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LogRateLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogRateLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly aay LogExtraFields = [[...], ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-11-07 22:30:01 +03:00
readonly a(bs) LogFilterPatterns = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s LogNamespace = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SecureBits = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CapabilityBoundingSet = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t AmbientCapabilities = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s User = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Group = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DynamicUser = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-10-07 15:08:21 +03:00
readonly b SetLoginEnvironment = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b RemoveIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly a(say) SetCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-06-21 15:19:07 +03:00
readonly a(say) SetCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly a(ss) LoadCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-06-21 15:19:07 +03:00
readonly a(ss) LoadCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-01-13 18:22:46 +03:00
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadWritePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadOnlyPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as InaccessiblePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-01-16 14:49:32 +03:00
readonly as ExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as NoExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-09 03:10:47 +03:00
readonly as ExecSearchPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly t MountFlags = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateTmp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateDevices = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectClock = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelTunables = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelModules = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelLogs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectControlGroups = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateNetwork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateUsers = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateMounts = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-16 18:58:56 +03:00
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SameProcessGroup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SELinuxContext = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) AppArmorProfile = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SmackProcessLabel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b IgnoreSIGPIPE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NoNewPrivileges = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SystemCallArchitectures = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SystemCallErrorNumber = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-09-16 19:30:31 +03:00
readonly (bas) SystemCallLog = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s Personality = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b LockPersonality = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictAddressFamilies = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) RuntimeDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s RuntimeDirectoryPreserve = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u RuntimeDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RuntimeDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) StateDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u StateDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as StateDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) CacheDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u CacheDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as CacheDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) LogsDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u LogsDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as LogsDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u ConfigurationDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConfigurationDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutCleanUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryDenyWriteExecute = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictRealtime = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictSUIDSGID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestrictNamespaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-12-11 15:20:23 +03:00
readonly (bas) RestrictFileSystems = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly a(ssbt) BindPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindReadOnlyPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) TemporaryFileSystem = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MountAPIVFS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KeyringMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly s ProtectProc = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProcSubset = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b ProtectHostname = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-02-28 23:39:35 +03:00
readonly b MemoryKSM = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s NetworkNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-16 18:58:56 +03:00
readonly s IPCNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-11-30 20:43:18 +03:00
readonly s RootImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s MountImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ExtensionImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s KillMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i KillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i RestartKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGKILL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGHUP = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i WatchdogSignal = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
2020-04-21 11:29:09 +03:00
<!-- method GetProcesses is not documented! -->
<!-- method AttachProcesses is not documented! -->
<!-- property BindIPv6Only is not documented! -->
<!-- property Backlog is not documented! -->
<!-- property TimeoutUSec is not documented! -->
<!-- property BindToDevice is not documented! -->
<!-- property SocketUser is not documented! -->
<!-- property SocketGroup is not documented! -->
<!-- property SocketMode is not documented! -->
<!-- property DirectoryMode is not documented! -->
<!-- property Writable is not documented! -->
<!-- property KeepAlive is not documented! -->
<!-- property KeepAliveTimeUSec is not documented! -->
<!-- property KeepAliveIntervalUSec is not documented! -->
<!-- property KeepAliveProbes is not documented! -->
<!-- property DeferAcceptUSec is not documented! -->
<!-- property NoDelay is not documented! -->
<!-- property Priority is not documented! -->
<!-- property ReceiveBuffer is not documented! -->
<!-- property SendBuffer is not documented! -->
<!-- property IPTOS is not documented! -->
<!-- property IPTTL is not documented! -->
<!-- property PipeSize is not documented! -->
<!-- property FreeBind is not documented! -->
<!-- property Transparent is not documented! -->
<!-- property Broadcast is not documented! -->
<!-- property PassCredentials is not documented! -->
<!-- property PassSecurity is not documented! -->
2020-08-22 13:25:44 +03:00
<!-- property PassPacketInfo is not documented! -->
2020-10-26 19:40:55 +03:00
<!-- property Timestamping is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property RemoveOnStop is not documented! -->
<!-- property Listen is not documented! -->
<!-- property Symlinks is not documented! -->
<!-- property Mark is not documented! -->
<!-- property MaxConnections is not documented! -->
<!-- property MaxConnectionsPerSource is not documented! -->
<!-- property MessageQueueMaxMessages is not documented! -->
<!-- property MessageQueueMessageSize is not documented! -->
<!-- property TCPCongestion is not documented! -->
<!-- property ReusePort is not documented! -->
<!-- property SmackLabel is not documented! -->
<!-- property SmackLabelIPIn is not documented! -->
<!-- property SmackLabelIPOut is not documented! -->
<!-- property NRefused is not documented! -->
<!-- property FileDescriptorName is not documented! -->
<!-- property SocketProtocol is not documented! -->
<!-- property TriggerLimitIntervalUSec is not documented! -->
<!-- property TriggerLimitBurst is not documented! -->
<!-- property UID is not documented! -->
<!-- property GID is not documented! -->
<!-- property ExecStopPre is not documented! -->
<!-- property ExecStopPost is not documented! -->
<!-- property Slice is not documented! -->
2022-02-11 15:24:35 +03:00
<!-- property ControlGroupId is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryCurrent is not documented! -->
2023-11-06 15:15:55 +03:00
<!-- property MemoryPeak is not documented! -->
2023-11-10 13:44:09 +03:00
<!-- property MemorySwapCurrent is not documented! -->
2023-11-08 21:22:06 +03:00
<!-- property MemorySwapPeak is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property CPUUsageNSec is not documented! -->
<!-- property EffectiveCPUs is not documented! -->
<!-- property EffectiveMemoryNodes is not documented! -->
<!-- property TasksCurrent is not documented! -->
<!-- property IPIngressBytes is not documented! -->
<!-- property IPIngressPackets is not documented! -->
<!-- property IPEgressBytes is not documented! -->
<!-- property IPEgressPackets is not documented! -->
<!-- property IOReadBytes is not documented! -->
<!-- property IOReadOperations is not documented! -->
<!-- property IOWriteBytes is not documented! -->
<!-- property IOWriteOperations is not documented! -->
<!-- property Delegate is not documented! -->
<!-- property DelegateControllers is not documented! -->
<!-- property CPUAccounting is not documented! -->
<!-- property CPUWeight is not documented! -->
<!-- property StartupCPUWeight is not documented! -->
<!-- property CPUShares is not documented! -->
<!-- property StartupCPUShares is not documented! -->
<!-- property CPUQuotaPerSecUSec is not documented! -->
<!-- property CPUQuotaPeriodUSec is not documented! -->
<!-- property AllowedCPUs is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedCPUs is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property AllowedMemoryNodes is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedMemoryNodes is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property IOAccounting is not documented! -->
<!-- property IOWeight is not documented! -->
<!-- property StartupIOWeight is not documented! -->
<!-- property IODeviceWeight is not documented! -->
<!-- property IOReadBandwidthMax is not documented! -->
<!-- property IOWriteBandwidthMax is not documented! -->
<!-- property IOReadIOPSMax is not documented! -->
<!-- property IOWriteIOPSMax is not documented! -->
<!-- property IODeviceLatencyTargetUSec is not documented! -->
<!-- property BlockIOAccounting is not documented! -->
<!-- property BlockIOWeight is not documented! -->
<!-- property StartupBlockIOWeight is not documented! -->
<!-- property BlockIODeviceWeight is not documented! -->
<!-- property BlockIOReadBandwidth is not documented! -->
<!-- property BlockIOWriteBandwidth is not documented! -->
<!-- property MemoryAccounting is not documented! -->
<!-- property DefaultMemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property DefaultStartupMemoryLow is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property DefaultMemoryMin is not documented! -->
<!-- property MemoryMin is not documented! -->
<!-- property MemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryLow is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryHigh is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryHigh is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryMax is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemorySwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemorySwapMax is not documented! -->
2022-02-04 22:49:46 +03:00
<!-- property MemoryZSwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryZSwapMax is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryLimit is not documented! -->
<!-- property DevicePolicy is not documented! -->
<!-- property DeviceAllow is not documented! -->
<!-- property TasksAccounting is not documented! -->
<!-- property TasksMax is not documented! -->
<!-- property IPAccounting is not documented! -->
<!-- property IPAddressAllow is not documented! -->
<!-- property IPAddressDeny is not documented! -->
<!-- property IPIngressFilterPath is not documented! -->
<!-- property IPEgressFilterPath is not documented! -->
<!-- property DisableControllers is not documented! -->
2020-03-10 01:09:17 +03:00
<!-- property ManagedOOMSwap is not documented! -->
<!-- property ManagedOOMMemoryPressure is not documented! -->
2021-02-17 19:51:27 +03:00
<!-- property ManagedOOMMemoryPressureLimit is not documented! -->
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<!-- property ManagedOOMPreference is not documented! -->
2020-12-09 09:07:30 +03:00
<!-- property BPFProgram is not documented! -->
2020-11-18 11:31:55 +03:00
<!-- property SocketBindAllow is not documented! -->
<!-- property SocketBindDeny is not documented! -->
2021-01-21 23:35:33 +03:00
<!-- property RestrictNetworkInterfaces is not documented! -->
2023-02-15 21:00:14 +03:00
<!-- property MemoryPressureWatch is not documented! -->
<!-- property MemoryPressureThresholdUSec is not documented! -->
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<!-- property NFTSet is not documented! -->
2023-10-11 17:46:42 +03:00
<!-- property CoredumpReceive is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property EnvironmentFiles is not documented! -->
<!-- property PassEnvironment is not documented! -->
<!-- property UnsetEnvironment is not documented! -->
<!-- property UMask is not documented! -->
<!-- property LimitCPUSoft is not documented! -->
<!-- property LimitFSIZE is not documented! -->
<!-- property LimitFSIZESoft is not documented! -->
<!-- property LimitDATA is not documented! -->
<!-- property LimitDATASoft is not documented! -->
<!-- property LimitSTACK is not documented! -->
<!-- property LimitSTACKSoft is not documented! -->
<!-- property LimitCORE is not documented! -->
<!-- property LimitCORESoft is not documented! -->
<!-- property LimitRSS is not documented! -->
<!-- property LimitRSSSoft is not documented! -->
<!-- property LimitNOFILE is not documented! -->
<!-- property LimitNOFILESoft is not documented! -->
<!-- property LimitAS is not documented! -->
<!-- property LimitASSoft is not documented! -->
<!-- property LimitNPROC is not documented! -->
<!-- property LimitNPROCSoft is not documented! -->
<!-- property LimitMEMLOCK is not documented! -->
<!-- property LimitMEMLOCKSoft is not documented! -->
<!-- property LimitLOCKS is not documented! -->
<!-- property LimitLOCKSSoft is not documented! -->
<!-- property LimitSIGPENDING is not documented! -->
<!-- property LimitSIGPENDINGSoft is not documented! -->
<!-- property LimitMSGQUEUE is not documented! -->
<!-- property LimitMSGQUEUESoft is not documented! -->
<!-- property LimitNICE is not documented! -->
<!-- property LimitNICESoft is not documented! -->
<!-- property LimitRTPRIO is not documented! -->
<!-- property LimitRTPRIOSoft is not documented! -->
<!-- property LimitRTTIME is not documented! -->
<!-- property LimitRTTIMESoft is not documented! -->
<!-- property WorkingDirectory is not documented! -->
2020-08-22 13:39:01 +03:00
<!-- property RootHashPath is not documented! -->
<!-- property RootHashSignaturePath is not documented! -->
2023-06-06 18:44:09 +03:00
<!-- property RootEphemeral is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property OOMScoreAdjust is not documented! -->
<!-- property CoredumpFilter is not documented! -->
<!-- property Nice is not documented! -->
<!-- property IOSchedulingClass is not documented! -->
<!-- property IOSchedulingPriority is not documented! -->
<!-- property CPUSchedulingPolicy is not documented! -->
<!-- property CPUSchedulingPriority is not documented! -->
<!-- property CPUAffinity is not documented! -->
<!-- property CPUAffinityFromNUMA is not documented! -->
<!-- property NUMAPolicy is not documented! -->
<!-- property NUMAMask is not documented! -->
<!-- property TimerSlackNSec is not documented! -->
<!-- property CPUSchedulingResetOnFork is not documented! -->
<!-- property NonBlocking is not documented! -->
<!-- property StandardInput is not documented! -->
<!-- property StandardInputFileDescriptorName is not documented! -->
<!-- property StandardInputData is not documented! -->
<!-- property StandardOutput is not documented! -->
<!-- property StandardOutputFileDescriptorName is not documented! -->
<!-- property StandardError is not documented! -->
<!-- property StandardErrorFileDescriptorName is not documented! -->
<!-- property TTYPath is not documented! -->
<!-- property TTYReset is not documented! -->
<!-- property TTYVHangup is not documented! -->
<!-- property TTYVTDisallocate is not documented! -->
2021-10-28 18:26:50 +03:00
<!-- property TTYRows is not documented! -->
<!-- property TTYColumns is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property SyslogPriority is not documented! -->
<!-- property SyslogIdentifier is not documented! -->
<!-- property SyslogLevelPrefix is not documented! -->
<!-- property SyslogLevel is not documented! -->
<!-- property SyslogFacility is not documented! -->
<!-- property LogLevelMax is not documented! -->
<!-- property LogRateLimitIntervalUSec is not documented! -->
<!-- property LogRateLimitBurst is not documented! -->
<!-- property LogExtraFields is not documented! -->
2022-11-07 22:30:01 +03:00
<!-- property LogFilterPatterns is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property LogNamespace is not documented! -->
<!-- property AmbientCapabilities is not documented! -->
<!-- property User is not documented! -->
<!-- property Group is not documented! -->
<!-- property DynamicUser is not documented! -->
2023-10-07 15:08:21 +03:00
<!-- property SetLoginEnvironment is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property RemoveIPC is not documented! -->
2020-08-27 21:20:08 +03:00
<!-- property SetCredential is not documented! -->
2021-06-21 15:19:07 +03:00
<!-- property SetCredentialEncrypted is not documented! -->
2020-08-27 21:20:08 +03:00
<!-- property LoadCredential is not documented! -->
2021-06-21 15:19:07 +03:00
<!-- property LoadCredentialEncrypted is not documented! -->
2023-01-13 18:22:46 +03:00
<!-- property ImportCredential is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property SupplementaryGroups is not documented! -->
<!-- property PAMName is not documented! -->
<!-- property ReadWritePaths is not documented! -->
<!-- property ReadOnlyPaths is not documented! -->
<!-- property InaccessiblePaths is not documented! -->
2021-01-16 14:49:32 +03:00
<!-- property ExecPaths is not documented! -->
<!-- property NoExecPaths is not documented! -->
2021-07-09 03:10:47 +03:00
<!-- property ExecSearchPath is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property PrivateTmp is not documented! -->
<!-- property PrivateDevices is not documented! -->
<!-- property ProtectClock is not documented! -->
<!-- property ProtectKernelTunables is not documented! -->
<!-- property ProtectKernelModules is not documented! -->
<!-- property ProtectKernelLogs is not documented! -->
<!-- property ProtectControlGroups is not documented! -->
<!-- property PrivateNetwork is not documented! -->
<!-- property PrivateUsers is not documented! -->
<!-- property PrivateMounts is not documented! -->
2021-02-16 18:58:56 +03:00
<!-- property PrivateIPC is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property ProtectHome is not documented! -->
<!-- property ProtectSystem is not documented! -->
<!-- property SameProcessGroup is not documented! -->
<!-- property UtmpIdentifier is not documented! -->
<!-- property UtmpMode is not documented! -->
<!-- property SELinuxContext is not documented! -->
<!-- property AppArmorProfile is not documented! -->
<!-- property SmackProcessLabel is not documented! -->
<!-- property IgnoreSIGPIPE is not documented! -->
<!-- property NoNewPrivileges is not documented! -->
<!-- property SystemCallFilter is not documented! -->
<!-- property SystemCallArchitectures is not documented! -->
<!-- property SystemCallErrorNumber is not documented! -->
2020-09-16 19:30:31 +03:00
<!-- property SystemCallLog is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property Personality is not documented! -->
<!-- property LockPersonality is not documented! -->
<!-- property RestrictAddressFamilies is not documented! -->
<!-- property RuntimeDirectoryPreserve is not documented! -->
<!-- property RuntimeDirectoryMode is not documented! -->
<!-- property StateDirectoryMode is not documented! -->
<!-- property CacheDirectoryMode is not documented! -->
<!-- property LogsDirectoryMode is not documented! -->
<!-- property ConfigurationDirectoryMode is not documented! -->
<!-- property ConfigurationDirectory is not documented! -->
<!-- property TimeoutCleanUSec is not documented! -->
<!-- property MemoryDenyWriteExecute is not documented! -->
<!-- property RestrictRealtime is not documented! -->
<!-- property RestrictSUIDSGID is not documented! -->
<!-- property RestrictNamespaces is not documented! -->
2020-12-11 15:20:23 +03:00
<!-- property RestrictFileSystems is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property BindPaths is not documented! -->
<!-- property BindReadOnlyPaths is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property TemporaryFileSystem is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property MountAPIVFS is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property KeyringMode is not documented! -->
2020-04-21 11:55:25 +03:00
2020-08-27 21:20:08 +03:00
<!-- property ProtectProc is not documented! -->
<!-- property ProcSubset is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property ProtectHostname is not documented! -->
2020-04-21 11:55:25 +03:00
2023-02-28 23:39:35 +03:00
<!-- property MemoryKSM is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property NetworkNamespacePath is not documented! -->
2020-04-21 11:55:25 +03:00
2021-02-16 18:58:56 +03:00
<!-- property IPCNamespacePath is not documented! -->
2022-11-30 20:43:18 +03:00
<!-- property RootImagePolicy is not documented! -->
<!-- property MountImagePolicy is not documented! -->
<!-- property ExtensionImagePolicy is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property KillMode is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property KillSignal is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property RestartKillSignal is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property FinalKillSignal is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property SendSIGKILL is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property SendSIGHUP is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property WatchdogSignal is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Socket" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-21 11:55:25 +03:00
2020-04-24 13:08:10 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Socket" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetProcesses()" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "AttachProcesses()" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindIPv6Only" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Backlog" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindToDevice" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketUser" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketGroup" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Accept" />
2020-04-21 11:55:25 +03:00
2020-09-16 11:01:13 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "FlushPending" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Writable" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KeepAlive" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KeepAliveTimeUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KeepAliveIntervalUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KeepAliveProbes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DeferAcceptUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NoDelay" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Priority" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReceiveBuffer" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendBuffer" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPTOS" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPTTL" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PipeSize" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "FreeBind" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Transparent" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Broadcast" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PassCredentials" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PassSecurity" />
2020-04-21 11:55:25 +03:00
2020-08-22 13:25:44 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PassPacketInfo" />
2020-10-26 19:40:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Timestamping" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RemoveOnStop" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Listen" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Symlinks" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Mark" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MaxConnections" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MaxConnectionsPerSource" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MessageQueueMaxMessages" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MessageQueueMessageSize" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TCPCongestion" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReusePort" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SmackLabel" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SmackLabelIPIn" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SmackLabelIPOut" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlPID" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Result" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NConnections" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NAccepted" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NRefused" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "FileDescriptorName" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketProtocol" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TriggerLimitIntervalUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TriggerLimitBurst" />
2020-04-21 11:55:25 +03:00
2023-09-09 15:46:32 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PollLimitIntervalUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PollLimitBurst" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UID" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "GID" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStartPre" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStartPost" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStopPre" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecStopPost" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Slice" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroup" />
2020-04-21 11:55:25 +03:00
2022-02-11 15:24:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroupId" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryCurrent" />
2020-04-21 11:55:25 +03:00
2023-11-06 15:15:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPeak" />
2023-11-10 13:44:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapCurrent" />
2023-11-08 21:22:06 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapPeak" />
2021-05-26 21:16:48 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAvailable" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUUsageNSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveCPUs" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveMemoryNodes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksCurrent" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressBytes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressPackets" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressBytes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressPackets" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBytes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadOperations" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBytes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteOperations" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Delegate" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateControllers" />
2020-04-21 11:55:25 +03:00
2023-04-21 19:22:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateSubgroup" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUShares" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUShares" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPerSecUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPeriodUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedCPUs" />
2020-04-21 11:55:25 +03:00
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedCPUs" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedMemoryNodes" />
2020-04-21 11:55:25 +03:00
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedMemoryNodes" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupIOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBandwidthMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBandwidthMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadIOPSMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteIOPSMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceLatencyTargetUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupBlockIOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIODeviceWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOReadBandwidth" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWriteBandwidth" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryLow" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultStartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryMin" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMin" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLow" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryHigh" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryHigh" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMax" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapMax" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemorySwapMax" />
2022-02-04 22:49:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryZSwapMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryZSwapMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLimit" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DevicePolicy" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DeviceAllow" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressAllow" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressDeny" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressFilterPath" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressFilterPath" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DisableControllers" />
2020-04-21 11:55:25 +03:00
2020-03-10 01:09:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMSwap" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressure" />
2021-02-17 19:51:27 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressureLimit" />
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMPreference" />
2020-12-09 09:07:30 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BPFProgram" />
2020-11-18 11:31:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindDeny" />
2021-01-21 23:35:33 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictNetworkInterfaces" />
2023-02-15 21:00:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureWatch" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureThresholdUSec" />
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NFTSet" />
2023-10-11 17:46:42 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CoredumpReceive" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Environment" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "EnvironmentFiles" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PassEnvironment" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnsetEnvironment" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UMask" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCPU" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCPUSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitFSIZE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitFSIZESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitDATA" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitDATASoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSTACK" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSTACKSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCORE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCORESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRSS" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRSSSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNOFILE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNOFILESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitAS" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitASSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNPROC" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNPROCSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMEMLOCK" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMEMLOCKSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitLOCKS" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitLOCKSSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSIGPENDING" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSIGPENDINGSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMSGQUEUE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMSGQUEUESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNICE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNICESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTPRIO" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTPRIOSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTTIME" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTTIMESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "WorkingDirectory" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootDirectory" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImage" />
2020-04-21 11:55:25 +03:00
2020-08-22 13:39:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImageOptions" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHash" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashSignature" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashSignaturePath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootVerity" />
2023-06-06 18:44:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootEphemeral" />
2022-01-17 04:14:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionDirectories" />
2021-02-22 15:20:33 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionImages" />
2020-08-22 13:39:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountImages" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "OOMScoreAdjust" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CoredumpFilter" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Nice" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOSchedulingClass" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOSchedulingPriority" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingPolicy" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingPriority" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAffinity" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAffinityFromNUMA" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NUMAPolicy" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NUMAMask" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimerSlackNSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingResetOnFork" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NonBlocking" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInput" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInputFileDescriptorName" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInputData" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardOutput" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardOutputFileDescriptorName" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardError" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardErrorFileDescriptorName" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYPath" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYReset" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYVHangup" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYVTDisallocate" />
2020-04-21 11:55:25 +03:00
2021-10-28 18:26:50 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYRows" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYColumns" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogPriority" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogIdentifier" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogLevelPrefix" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogLevel" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogFacility" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogLevelMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogRateLimitIntervalUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogRateLimitBurst" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogExtraFields" />
2020-04-21 11:55:25 +03:00
2022-11-07 22:30:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogFilterPatterns" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogNamespace" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SecureBits" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CapabilityBoundingSet" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AmbientCapabilities" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "User" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Group" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DynamicUser" />
2023-10-07 15:08:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetLoginEnvironment" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RemoveIPC" />
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetCredential" />
2021-06-21 15:19:07 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetCredentialEncrypted" />
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoadCredential" />
2021-06-21 15:19:07 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoadCredentialEncrypted" />
2023-01-13 18:22:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ImportCredential" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SupplementaryGroups" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PAMName" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReadWritePaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReadOnlyPaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "InaccessiblePaths" />
2021-01-16 14:49:32 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecPaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NoExecPaths" />
2021-07-09 03:10:47 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecSearchPath" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountFlags" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateTmp" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateDevices" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectClock" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelTunables" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelModules" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelLogs" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectControlGroups" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateNetwork" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateUsers" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateMounts" />
2021-02-16 18:58:56 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateIPC" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectHome" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectSystem" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SameProcessGroup" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UtmpIdentifier" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UtmpMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SELinuxContext" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AppArmorProfile" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SmackProcessLabel" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IgnoreSIGPIPE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NoNewPrivileges" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallFilter" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallArchitectures" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallErrorNumber" />
2020-04-21 11:55:25 +03:00
2020-09-16 19:30:31 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallLog" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Personality" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LockPersonality" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictAddressFamilies" />
2020-04-21 11:55:25 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectoryPreserve" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectory" />
2020-04-21 11:55:25 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectory" />
2020-04-21 11:55:25 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectory" />
2020-04-21 11:55:25 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectory" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConfigurationDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConfigurationDirectory" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutCleanUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryDenyWriteExecute" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictRealtime" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictSUIDSGID" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictNamespaces" />
2020-04-21 11:55:25 +03:00
2020-12-11 15:20:23 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictFileSystems" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindPaths" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindReadOnlyPaths" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TemporaryFileSystem" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountAPIVFS" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KeyringMode" />
2020-04-21 11:55:25 +03:00
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectProc" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProcSubset" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectHostname" />
2020-04-21 11:55:25 +03:00
2023-02-28 23:39:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryKSM" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NetworkNamespacePath" />
2020-04-21 11:55:25 +03:00
2021-02-16 18:58:56 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPCNamespacePath" />
2022-11-30 20:43:18 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImagePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountImagePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionImagePolicy" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KillMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KillSignal" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartKillSignal" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "FinalKillSignal" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendSIGKILL" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendSIGHUP" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogSignal" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- End of Autogenerated section -->
2020-04-21 11:55:25 +03:00
2023-09-09 15:46:32 +03:00
<para > <varname > PollLimitIntervalUSec</varname> /<varname > PollLimitBurst</varname> properties configure the
polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to
zero the limiting feature is turned off.</para>
2020-04-21 11:55:25 +03:00
<refsect2 >
<title > Properties</title>
<para > Most of the properties map directly to the corresponding settings in socket unit files. As socket
units can include <varname > ExecStartPre</varname> (and similar) fields which contain information about
processes to execute. They also share most of the fields related to the execution context that Service
objects expose (see above).</para>
<para > In addition to these properties there are the following:</para>
<para > <varname > NAccepted</varname> contains the accumulated number of connections ever accepted on this
2020-09-18 09:58:52 +03:00
socket. This only applies to sockets with <varname > Accept</varname> set to <literal > yes</literal> ,
2020-04-21 11:55:25 +03:00
i.e. those where systemd is responsible for accepted connections. </para>
<para > Similarly <varname > NConnections</varname> contains the number of currently open connections on
this socket. It only applies only to socket units with <varname > Accept</varname> set to
2020-09-18 09:58:52 +03:00
<literal > yes</literal> .</para>
2020-04-21 11:55:25 +03:00
<para > <varname > Result</varname> encodes the reason why a socket unit failed if it is in the
<literal > failed</literal> state (see <varname > ActiveState</varname> above). The values
<literal > success</literal> , <literal > resources</literal> , <literal > timeout</literal> ,
<literal > exit-code</literal> , <literal > signal</literal> and <literal > core-dump</literal> have the same
meaning as they have for the corresponding field of service units (see above). In addition to that,
the value <literal > service-failed-permanent</literal> indicates that the service of this socket failed
continuously.</para>
2020-08-20 14:00:37 +03:00
<para > <varname > FlushPending</varname> specifies whether to flush the socket
just before entering the listening state. This setting only applies to sockets with
<varname > Accept=</varname> set to <literal > no</literal> .</para>
2020-04-21 11:55:25 +03:00
</refsect2>
</refsect1>
<refsect1 >
<title > Target Unit Objects</title>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/basic_2etarget" interface= "org.freedesktop.systemd1.Target" >
2020-04-21 11:55:25 +03:00
node /org/freedesktop/systemd1/unit/basic_2etarget {
interface org.freedesktop.systemd1.Target {
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<para > Target units have neither type-specific methods nor properties.</para>
</refsect1>
<refsect1 >
<title > Device Unit Objects</title>
<para > All device unit objects implement the <interfacename > org.freedesktop.systemd1.Device</interfacename> interface (described here)
in addition to the generic <interfacename > org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/dev_2dttyS0_2edevice" interface= "org.freedesktop.systemd1.Device" >
node /org/freedesktop/systemd1/unit/dev_2dttyS0_2edevice {
2020-04-21 11:55:25 +03:00
interface org.freedesktop.systemd1.Device {
properties:
readonly s SysFSPath = '...';
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Device" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-24 13:08:10 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Device" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SysFSPath" />
<!-- End of Autogenerated section -->
2020-04-21 11:55:25 +03:00
<refsect2 >
<title > Properties</title>
<para > Device units only expose a single type-specific property:</para>
<para > <varname > SysFSPath</varname> contains the sysfs path of the kernel device this object corresponds
to.</para>
</refsect2>
</refsect1>
<refsect1 >
<title > Mount Unit Objects</title>
<para > All mount unit objects implement the <interfacename > org.freedesktop.systemd1.Mount</interfacename>
interface (described here) in addition to the generic
<interfacename > org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/home_2emount" interface= "org.freedesktop.systemd1.Mount" >
2020-04-21 11:55:25 +03:00
node /org/freedesktop/systemd1/unit/home_2emount {
interface org.freedesktop.systemd1.Mount {
methods:
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Where = '...';
readonly s What = '...';
readonly s Options = '...';
readonly s Type = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutUSec = ...;
readonly u ControlPID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u DirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SloppyOptions = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b LazyUnmount = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ForceUnmount = ...;
2020-08-22 13:39:01 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ReadWriteOnly = ...;
2020-04-21 11:55:25 +03:00
readonly s Result = '...';
readonly u UID = ...;
readonly u GID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecMount = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecUnmount = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecRemount = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-11 15:24:35 +03:00
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-06 15:15:55 +03:00
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-10 13:44:09 +03:00
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-08 21:22:06 +03:00
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-05-26 21:16:48 +03:00
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-04-21 19:22:35 +03:00
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-04 22:49:46 +03:00
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
2020-03-10 01:09:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-02-17 19:51:27 +03:00
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
2020-12-09 09:07:30 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindAllow = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindDeny = [...];
2021-01-21 23:35:33 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
2023-02-15 21:00:14 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Environment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sb) EnvironmentFiles = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PassEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UnsetEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u UMask = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPU = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPUSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATASoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitAS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitASSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROCSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDING = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDINGSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIO = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIOSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIME = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIMESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s WorkingDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImage = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:39:01 +03:00
readonly a(ss) RootImageOptions = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHash = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHashSignature = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashSignaturePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootVerity = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-06-06 18:44:09 +03:00
readonly b RootEphemeral = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-01-17 04:14:14 +03:00
readonly as ExtensionDirectories = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-22 15:20:33 +03:00
readonly a(sba(ss)) ExtensionImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:39:01 +03:00
readonly a(ssba(ss)) MountImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly i OOMScoreAdjust = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CoredumpFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Nice = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingClass = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay CPUAffinity = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUAffinityFromNUMA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i NUMAPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay NUMAMask = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimerSlackNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUSchedulingResetOnFork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NonBlocking = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay StandardInputData = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardError = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardErrorFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TTYPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYReset = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVHangup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVTDisallocate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-10-28 18:26:50 +03:00
readonly q TTYRows = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYColumns = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly i SyslogPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SyslogIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SyslogLevelPrefix = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogLevel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogFacility = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i LogLevelMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LogRateLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogRateLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly aay LogExtraFields = [[...], ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-11-07 22:30:01 +03:00
readonly a(bs) LogFilterPatterns = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s LogNamespace = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SecureBits = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CapabilityBoundingSet = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t AmbientCapabilities = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s User = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Group = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DynamicUser = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-10-07 15:08:21 +03:00
readonly b SetLoginEnvironment = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b RemoveIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly a(say) SetCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-06-21 15:19:07 +03:00
readonly a(say) SetCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly a(ss) LoadCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-06-21 15:19:07 +03:00
readonly a(ss) LoadCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-01-13 18:22:46 +03:00
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadWritePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadOnlyPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as InaccessiblePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-01-16 14:49:32 +03:00
readonly as ExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as NoExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-09 03:10:47 +03:00
readonly as ExecSearchPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly t MountFlags = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateTmp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateDevices = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectClock = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelTunables = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelModules = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelLogs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectControlGroups = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateNetwork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateUsers = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateMounts = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-16 18:58:56 +03:00
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SameProcessGroup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SELinuxContext = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) AppArmorProfile = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SmackProcessLabel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b IgnoreSIGPIPE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NoNewPrivileges = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SystemCallArchitectures = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SystemCallErrorNumber = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-09-16 19:30:31 +03:00
readonly (bas) SystemCallLog = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s Personality = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b LockPersonality = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictAddressFamilies = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) RuntimeDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s RuntimeDirectoryPreserve = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u RuntimeDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RuntimeDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) StateDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u StateDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as StateDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) CacheDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u CacheDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as CacheDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) LogsDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u LogsDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as LogsDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u ConfigurationDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConfigurationDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutCleanUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryDenyWriteExecute = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictRealtime = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictSUIDSGID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestrictNamespaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-12-11 15:20:23 +03:00
readonly (bas) RestrictFileSystems = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly a(ssbt) BindPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindReadOnlyPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) TemporaryFileSystem = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MountAPIVFS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KeyringMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly s ProtectProc = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProcSubset = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b ProtectHostname = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-02-28 23:39:35 +03:00
readonly b MemoryKSM = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s NetworkNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-16 18:58:56 +03:00
readonly s IPCNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-11-30 20:43:18 +03:00
readonly s RootImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s MountImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ExtensionImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s KillMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i KillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i RestartKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGKILL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGHUP = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i WatchdogSignal = ...;
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
2020-04-21 11:29:09 +03:00
<!-- method GetProcesses is not documented! -->
<!-- method AttachProcesses is not documented! -->
<!-- property Where is not documented! -->
<!-- property What is not documented! -->
<!-- property Options is not documented! -->
<!-- property Type is not documented! -->
<!-- property TimeoutUSec is not documented! -->
<!-- property DirectoryMode is not documented! -->
<!-- property SloppyOptions is not documented! -->
<!-- property LazyUnmount is not documented! -->
<!-- property ForceUnmount is not documented! -->
2020-08-22 13:39:01 +03:00
<!-- property ReadWriteOnly is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property UID is not documented! -->
<!-- property GID is not documented! -->
<!-- property ExecUnmount is not documented! -->
<!-- property ExecRemount is not documented! -->
<!-- property Slice is not documented! -->
2022-02-11 15:24:35 +03:00
<!-- property ControlGroupId is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryCurrent is not documented! -->
2023-11-06 15:15:55 +03:00
<!-- property MemoryPeak is not documented! -->
2023-11-10 13:44:09 +03:00
<!-- property MemorySwapCurrent is not documented! -->
2023-11-08 21:22:06 +03:00
<!-- property MemorySwapPeak is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property CPUUsageNSec is not documented! -->
<!-- property EffectiveCPUs is not documented! -->
<!-- property EffectiveMemoryNodes is not documented! -->
<!-- property TasksCurrent is not documented! -->
<!-- property IPIngressBytes is not documented! -->
<!-- property IPIngressPackets is not documented! -->
<!-- property IPEgressBytes is not documented! -->
<!-- property IPEgressPackets is not documented! -->
<!-- property IOReadBytes is not documented! -->
<!-- property IOReadOperations is not documented! -->
<!-- property IOWriteBytes is not documented! -->
<!-- property IOWriteOperations is not documented! -->
<!-- property Delegate is not documented! -->
<!-- property DelegateControllers is not documented! -->
<!-- property CPUAccounting is not documented! -->
<!-- property CPUWeight is not documented! -->
<!-- property StartupCPUWeight is not documented! -->
<!-- property CPUShares is not documented! -->
<!-- property StartupCPUShares is not documented! -->
<!-- property CPUQuotaPerSecUSec is not documented! -->
<!-- property CPUQuotaPeriodUSec is not documented! -->
<!-- property AllowedCPUs is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedCPUs is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property AllowedMemoryNodes is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedMemoryNodes is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property IOAccounting is not documented! -->
<!-- property IOWeight is not documented! -->
<!-- property StartupIOWeight is not documented! -->
<!-- property IODeviceWeight is not documented! -->
<!-- property IOReadBandwidthMax is not documented! -->
<!-- property IOWriteBandwidthMax is not documented! -->
<!-- property IOReadIOPSMax is not documented! -->
<!-- property IOWriteIOPSMax is not documented! -->
<!-- property IODeviceLatencyTargetUSec is not documented! -->
<!-- property BlockIOAccounting is not documented! -->
<!-- property BlockIOWeight is not documented! -->
<!-- property StartupBlockIOWeight is not documented! -->
<!-- property BlockIODeviceWeight is not documented! -->
<!-- property BlockIOReadBandwidth is not documented! -->
<!-- property BlockIOWriteBandwidth is not documented! -->
<!-- property MemoryAccounting is not documented! -->
<!-- property DefaultMemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property DefaultStartupMemoryLow is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property DefaultMemoryMin is not documented! -->
<!-- property MemoryMin is not documented! -->
<!-- property MemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryLow is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryHigh is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryHigh is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryMax is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemorySwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemorySwapMax is not documented! -->
2022-02-04 22:49:46 +03:00
<!-- property MemoryZSwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryZSwapMax is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryLimit is not documented! -->
<!-- property DevicePolicy is not documented! -->
<!-- property DeviceAllow is not documented! -->
<!-- property TasksAccounting is not documented! -->
<!-- property TasksMax is not documented! -->
<!-- property IPAccounting is not documented! -->
<!-- property IPAddressAllow is not documented! -->
<!-- property IPAddressDeny is not documented! -->
<!-- property IPIngressFilterPath is not documented! -->
<!-- property IPEgressFilterPath is not documented! -->
<!-- property DisableControllers is not documented! -->
2020-03-10 01:09:17 +03:00
<!-- property ManagedOOMSwap is not documented! -->
<!-- property ManagedOOMMemoryPressure is not documented! -->
2021-02-17 19:51:27 +03:00
<!-- property ManagedOOMMemoryPressureLimit is not documented! -->
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<!-- property ManagedOOMPreference is not documented! -->
2020-12-09 09:07:30 +03:00
<!-- property BPFProgram is not documented! -->
2020-11-18 11:31:55 +03:00
<!-- property SocketBindAllow is not documented! -->
<!-- property SocketBindDeny is not documented! -->
2021-01-21 23:35:33 +03:00
<!-- property RestrictNetworkInterfaces is not documented! -->
2023-02-15 21:00:14 +03:00
<!-- property MemoryPressureWatch is not documented! -->
<!-- property MemoryPressureThresholdUSec is not documented! -->
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<!-- property NFTSet is not documented! -->
2023-10-11 17:46:42 +03:00
<!-- property CoredumpReceive is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property EnvironmentFiles is not documented! -->
<!-- property PassEnvironment is not documented! -->
<!-- property UnsetEnvironment is not documented! -->
<!-- property UMask is not documented! -->
<!-- property LimitCPUSoft is not documented! -->
<!-- property LimitFSIZE is not documented! -->
<!-- property LimitFSIZESoft is not documented! -->
<!-- property LimitDATA is not documented! -->
<!-- property LimitDATASoft is not documented! -->
<!-- property LimitSTACK is not documented! -->
<!-- property LimitSTACKSoft is not documented! -->
<!-- property LimitCORE is not documented! -->
<!-- property LimitCORESoft is not documented! -->
<!-- property LimitRSS is not documented! -->
<!-- property LimitRSSSoft is not documented! -->
<!-- property LimitNOFILE is not documented! -->
<!-- property LimitNOFILESoft is not documented! -->
<!-- property LimitAS is not documented! -->
<!-- property LimitASSoft is not documented! -->
<!-- property LimitNPROC is not documented! -->
<!-- property LimitNPROCSoft is not documented! -->
<!-- property LimitMEMLOCK is not documented! -->
<!-- property LimitMEMLOCKSoft is not documented! -->
<!-- property LimitLOCKS is not documented! -->
<!-- property LimitLOCKSSoft is not documented! -->
<!-- property LimitSIGPENDING is not documented! -->
<!-- property LimitSIGPENDINGSoft is not documented! -->
<!-- property LimitMSGQUEUE is not documented! -->
<!-- property LimitMSGQUEUESoft is not documented! -->
<!-- property LimitNICE is not documented! -->
<!-- property LimitNICESoft is not documented! -->
<!-- property LimitRTPRIO is not documented! -->
<!-- property LimitRTPRIOSoft is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property LimitRTTIME is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property LimitRTTIMESoft is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property WorkingDirectory is not documented! -->
2020-04-21 11:55:25 +03:00
2020-08-22 13:39:01 +03:00
<!-- property RootHashPath is not documented! -->
<!-- property RootHashSignaturePath is not documented! -->
2023-06-06 18:44:09 +03:00
<!-- property RootEphemeral is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property OOMScoreAdjust is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property CoredumpFilter is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property Nice is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property IOSchedulingClass is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property IOSchedulingPriority is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property CPUSchedulingPolicy is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property CPUSchedulingPriority is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property CPUAffinity is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property CPUAffinityFromNUMA is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property NUMAPolicy is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property NUMAMask is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property TimerSlackNSec is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property CPUSchedulingResetOnFork is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property NonBlocking is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property StandardInput is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property StandardInputFileDescriptorName is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property StandardInputData is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property StandardOutput is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property StandardOutputFileDescriptorName is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property StandardError is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property StandardErrorFileDescriptorName is not documented! -->
<!-- property TTYPath is not documented! -->
<!-- property TTYReset is not documented! -->
<!-- property TTYVHangup is not documented! -->
<!-- property TTYVTDisallocate is not documented! -->
2021-10-28 18:26:50 +03:00
<!-- property TTYRows is not documented! -->
<!-- property TTYColumns is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property SyslogPriority is not documented! -->
<!-- property SyslogIdentifier is not documented! -->
<!-- property SyslogLevelPrefix is not documented! -->
<!-- property SyslogLevel is not documented! -->
<!-- property SyslogFacility is not documented! -->
<!-- property LogLevelMax is not documented! -->
<!-- property LogRateLimitIntervalUSec is not documented! -->
<!-- property LogRateLimitBurst is not documented! -->
<!-- property LogExtraFields is not documented! -->
2022-11-07 22:30:01 +03:00
<!-- property LogFilterPatterns is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property LogNamespace is not documented! -->
<!-- property AmbientCapabilities is not documented! -->
<!-- property User is not documented! -->
<!-- property Group is not documented! -->
<!-- property DynamicUser is not documented! -->
2023-10-07 15:08:21 +03:00
<!-- property SetLoginEnvironment is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property RemoveIPC is not documented! -->
2020-08-27 21:20:08 +03:00
<!-- property SetCredential is not documented! -->
2021-06-21 15:19:07 +03:00
<!-- property SetCredentialEncrypted is not documented! -->
2020-08-27 21:20:08 +03:00
<!-- property LoadCredential is not documented! -->
2021-06-21 15:19:07 +03:00
<!-- property LoadCredentialEncrypted is not documented! -->
2023-01-13 18:22:46 +03:00
<!-- property ImportCredential is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property SupplementaryGroups is not documented! -->
<!-- property PAMName is not documented! -->
<!-- property ReadWritePaths is not documented! -->
<!-- property ReadOnlyPaths is not documented! -->
<!-- property InaccessiblePaths is not documented! -->
2021-01-16 14:49:32 +03:00
<!-- property ExecPaths is not documented! -->
<!-- property NoExecPaths is not documented! -->
2021-07-09 03:10:47 +03:00
<!-- property ExecSearchPath is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property PrivateTmp is not documented! -->
<!-- property PrivateDevices is not documented! -->
<!-- property ProtectClock is not documented! -->
<!-- property ProtectKernelTunables is not documented! -->
<!-- property ProtectKernelModules is not documented! -->
<!-- property ProtectKernelLogs is not documented! -->
<!-- property ProtectControlGroups is not documented! -->
<!-- property PrivateNetwork is not documented! -->
<!-- property PrivateUsers is not documented! -->
<!-- property PrivateMounts is not documented! -->
2021-02-16 18:58:56 +03:00
<!-- property PrivateIPC is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property ProtectHome is not documented! -->
<!-- property ProtectSystem is not documented! -->
<!-- property SameProcessGroup is not documented! -->
<!-- property UtmpIdentifier is not documented! -->
<!-- property UtmpMode is not documented! -->
<!-- property SELinuxContext is not documented! -->
<!-- property AppArmorProfile is not documented! -->
<!-- property SmackProcessLabel is not documented! -->
<!-- property IgnoreSIGPIPE is not documented! -->
<!-- property NoNewPrivileges is not documented! -->
<!-- property SystemCallFilter is not documented! -->
<!-- property SystemCallArchitectures is not documented! -->
<!-- property SystemCallErrorNumber is not documented! -->
2020-09-16 19:30:31 +03:00
<!-- property SystemCallLog is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property Personality is not documented! -->
<!-- property LockPersonality is not documented! -->
<!-- property RestrictAddressFamilies is not documented! -->
<!-- property RuntimeDirectoryPreserve is not documented! -->
<!-- property RuntimeDirectoryMode is not documented! -->
<!-- property StateDirectoryMode is not documented! -->
<!-- property CacheDirectoryMode is not documented! -->
<!-- property LogsDirectoryMode is not documented! -->
<!-- property ConfigurationDirectoryMode is not documented! -->
<!-- property ConfigurationDirectory is not documented! -->
<!-- property TimeoutCleanUSec is not documented! -->
<!-- property MemoryDenyWriteExecute is not documented! -->
<!-- property RestrictRealtime is not documented! -->
<!-- property RestrictSUIDSGID is not documented! -->
<!-- property RestrictNamespaces is not documented! -->
2020-12-11 15:20:23 +03:00
<!-- property RestrictFileSystems is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property BindPaths is not documented! -->
<!-- property BindReadOnlyPaths is not documented! -->
<!-- property TemporaryFileSystem is not documented! -->
<!-- property MountAPIVFS is not documented! -->
<!-- property KeyringMode is not documented! -->
2020-08-27 21:20:08 +03:00
<!-- property ProtectProc is not documented! -->
<!-- property ProcSubset is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property ProtectHostname is not documented! -->
2023-02-28 23:39:35 +03:00
<!-- property MemoryKSM is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property NetworkNamespacePath is not documented! -->
2021-02-16 18:58:56 +03:00
<!-- property IPCNamespacePath is not documented! -->
2022-11-30 20:43:18 +03:00
<!-- property RootImagePolicy is not documented! -->
<!-- property MountImagePolicy is not documented! -->
<!-- property ExtensionImagePolicy is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property KillMode is not documented! -->
<!-- property KillSignal is not documented! -->
<!-- property RestartKillSignal is not documented! -->
<!-- property FinalKillSignal is not documented! -->
<!-- property SendSIGKILL is not documented! -->
<!-- property SendSIGHUP is not documented! -->
<!-- property WatchdogSignal is not documented! -->
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Mount" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-24 13:08:10 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Mount" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetProcesses()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "AttachProcesses()" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Where" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "What" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Options" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Type" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlPID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DirectoryMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SloppyOptions" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LazyUnmount" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ForceUnmount" />
2020-08-22 13:39:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReadWriteOnly" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Result" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "GID" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecMount" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecUnmount" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecRemount" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Slice" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroup" />
2022-02-11 15:24:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroupId" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryCurrent" />
2023-11-06 15:15:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPeak" />
2023-11-10 13:44:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapCurrent" />
2023-11-08 21:22:06 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapPeak" />
2021-05-26 21:16:48 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAvailable" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUUsageNSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveCPUs" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveMemoryNodes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksCurrent" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressPackets" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressPackets" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadOperations" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteOperations" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Delegate" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateControllers" />
2023-04-21 19:22:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateSubgroup" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUShares" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUShares" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPerSecUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPeriodUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedCPUs" />
2020-04-21 11:55:25 +03:00
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedCPUs" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedMemoryNodes" />
2020-04-21 11:55:25 +03:00
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedMemoryNodes" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupIOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBandwidthMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBandwidthMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadIOPSMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteIOPSMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceLatencyTargetUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupBlockIOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIODeviceWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOReadBandwidth" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWriteBandwidth" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryLow" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultStartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryMin" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMin" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLow" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryHigh" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryHigh" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMax" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapMax" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemorySwapMax" />
2022-02-04 22:49:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryZSwapMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryZSwapMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLimit" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DevicePolicy" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DeviceAllow" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressAllow" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressDeny" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressFilterPath" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressFilterPath" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DisableControllers" />
2020-04-21 11:55:25 +03:00
2020-03-10 01:09:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMSwap" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressure" />
2021-02-17 19:51:27 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressureLimit" />
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMPreference" />
2020-12-09 09:07:30 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BPFProgram" />
2020-11-18 11:31:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindDeny" />
2021-01-21 23:35:33 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictNetworkInterfaces" />
2023-02-15 21:00:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureWatch" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureThresholdUSec" />
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NFTSet" />
2023-10-11 17:46:42 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CoredumpReceive" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Environment" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "EnvironmentFiles" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PassEnvironment" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnsetEnvironment" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UMask" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCPU" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCPUSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitFSIZE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitFSIZESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitDATA" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitDATASoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSTACK" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSTACKSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCORE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCORESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRSS" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRSSSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNOFILE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNOFILESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitAS" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitASSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNPROC" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNPROCSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMEMLOCK" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMEMLOCKSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitLOCKS" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitLOCKSSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSIGPENDING" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSIGPENDINGSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMSGQUEUE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMSGQUEUESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNICE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNICESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTPRIO" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTPRIOSoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTTIME" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTTIMESoft" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "WorkingDirectory" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootDirectory" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImage" />
2020-04-21 11:55:25 +03:00
2020-08-22 13:39:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImageOptions" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHash" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashSignature" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashSignaturePath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootVerity" />
2023-06-06 18:44:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootEphemeral" />
2022-01-17 04:14:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionDirectories" />
2021-02-22 15:20:33 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionImages" />
2020-08-22 13:39:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountImages" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "OOMScoreAdjust" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CoredumpFilter" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Nice" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOSchedulingClass" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOSchedulingPriority" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingPolicy" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingPriority" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAffinity" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAffinityFromNUMA" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NUMAPolicy" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NUMAMask" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimerSlackNSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingResetOnFork" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NonBlocking" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInput" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInputFileDescriptorName" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInputData" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardOutput" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardOutputFileDescriptorName" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardError" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardErrorFileDescriptorName" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYPath" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYReset" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYVHangup" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYVTDisallocate" />
2020-04-21 11:55:25 +03:00
2021-10-28 18:26:50 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYRows" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYColumns" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogPriority" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogIdentifier" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogLevelPrefix" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogLevel" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogFacility" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogLevelMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogRateLimitIntervalUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogRateLimitBurst" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogExtraFields" />
2020-04-21 11:55:25 +03:00
2022-11-07 22:30:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogFilterPatterns" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogNamespace" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SecureBits" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CapabilityBoundingSet" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AmbientCapabilities" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "User" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Group" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DynamicUser" />
2020-04-21 11:55:25 +03:00
2023-10-07 15:08:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetLoginEnvironment" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RemoveIPC" />
2020-04-21 11:55:25 +03:00
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetCredential" />
2021-06-21 15:19:07 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetCredentialEncrypted" />
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoadCredential" />
2021-06-21 15:19:07 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoadCredentialEncrypted" />
2023-01-13 18:22:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ImportCredential" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SupplementaryGroups" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PAMName" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReadWritePaths" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReadOnlyPaths" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "InaccessiblePaths" />
2020-04-21 11:55:25 +03:00
2021-01-16 14:49:32 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecPaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NoExecPaths" />
2021-07-09 03:10:47 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecSearchPath" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountFlags" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateTmp" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateDevices" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectClock" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelTunables" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelModules" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelLogs" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectControlGroups" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateNetwork" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateUsers" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateMounts" />
2020-04-21 11:55:25 +03:00
2021-02-16 18:58:56 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateIPC" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectHome" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectSystem" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SameProcessGroup" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UtmpIdentifier" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UtmpMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SELinuxContext" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AppArmorProfile" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SmackProcessLabel" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IgnoreSIGPIPE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NoNewPrivileges" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallFilter" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallArchitectures" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallErrorNumber" />
2020-04-21 11:55:25 +03:00
2020-09-16 19:30:31 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallLog" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Personality" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LockPersonality" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictAddressFamilies" />
2020-04-21 11:55:25 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectoryPreserve" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectory" />
2020-04-21 11:55:25 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectory" />
2020-04-21 11:55:25 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectory" />
2020-04-21 11:55:25 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectory" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConfigurationDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConfigurationDirectory" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutCleanUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryDenyWriteExecute" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictRealtime" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictSUIDSGID" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictNamespaces" />
2020-04-21 11:55:25 +03:00
2020-12-11 15:20:23 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictFileSystems" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindPaths" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindReadOnlyPaths" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TemporaryFileSystem" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountAPIVFS" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KeyringMode" />
2020-04-21 11:55:25 +03:00
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectProc" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProcSubset" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectHostname" />
2020-04-21 11:55:25 +03:00
2023-02-28 23:39:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryKSM" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NetworkNamespacePath" />
2020-04-21 11:55:25 +03:00
2021-02-16 18:58:56 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPCNamespacePath" />
2022-11-30 20:43:18 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImagePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountImagePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionImagePolicy" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KillMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KillSignal" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartKillSignal" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "FinalKillSignal" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendSIGKILL" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendSIGHUP" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogSignal" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- End of Autogenerated section -->
2020-04-21 11:55:25 +03:00
<refsect2 >
<title > Properties</title>
<para > Most of the properties map directly to the corresponding settings in mount unit files. As mount
units invoke the <filename > /usr/bin/mount</filename> command, their bus objects include implicit
<varname > ExecMount</varname> (and similar) fields which contain information about processes to
execute. They also share most of the fields related to the execution context that Service objects
expose (see above). In addition to these properties there are the following:</para>
<para > <varname > ControlPID</varname> contains the PID of the currently running
<filename > /usr/bin/mount</filename> or <filename > /usr/bin/umount</filename> command if there is one
running, otherwise 0.</para>
<para > <varname > Result</varname> contains a value explaining why a mount unit failed if it failed. It
can take the values <literal > success</literal> , <literal > resources</literal> ,
<literal > timeout</literal> , <literal > exit-code</literal> , <literal > signal</literal> , or
<literal > core-dump</literal> which have the identical meaning as the corresponding values of the
corresponding field of service unit objects (see above).</para>
</refsect2>
</refsect1>
<refsect1 >
<title > Automount Unit Objects</title>
<para > All automount unit objects implement the
<interfacename > org.freedesktop.systemd1.Automount</interfacename> interface (described here) in addition
to the generic <interfacename > org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/proc_2dsys_2dfs_2dbinfmt_5fmisc_2eautomount" interface= "org.freedesktop.systemd1.Automount" >
2020-04-21 11:55:25 +03:00
node /org/freedesktop/systemd1/unit/proc_2dsys_2dfs_2dbinfmt_5fmisc_2eautomount {
interface org.freedesktop.systemd1.Automount {
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Where = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-11-12 00:45:47 +03:00
readonly s ExtraOptions = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u DirectoryMode = ...;
readonly s Result = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutIdleUSec = ...;
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!-- property Where is not documented! -->
2021-11-12 00:45:47 +03:00
<!-- property ExtraOptions is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property DirectoryMode is not documented! -->
<!-- property TimeoutIdleUSec is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Automount" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-24 13:08:10 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Automount" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Where" />
2021-11-12 00:45:47 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtraOptions" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DirectoryMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Result" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutIdleUSec" />
<!-- End of Autogenerated section -->
2020-04-21 11:55:25 +03:00
<refsect2 >
<title > Properties</title>
<para > Most of the properties map directly to the corresponding settings in the automount unit
files.</para>
<para > <varname > Result</varname> knows the values <literal > success</literal> and
<literal > resources</literal> at this time. They have the same meanings as the corresponding values of
the corresponding field of the Service object.</para>
</refsect2>
</refsect1>
<refsect1 >
<title > Timer Unit Objects</title>
<para > All timer unit objects implement the <interfacename > org.freedesktop.systemd1.Timer</interfacename>
interface (described here) in addition to the generic
<interfacename > org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/systemd_2dtmpfiles_2dclean_2etimer" interface= "org.freedesktop.systemd1.Timer" >
2020-04-21 11:55:25 +03:00
node /org/freedesktop/systemd1/unit/systemd_2dtmpfiles_2dclean_2etimer {
interface org.freedesktop.systemd1.Timer {
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Unit = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(stt) TimersMonotonic = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sst) TimersCalendar = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b OnClockChange = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b OnTimezoneChange = ...;
readonly t NextElapseUSecRealtime = ...;
readonly t NextElapseUSecMonotonic = ...;
readonly t LastTriggerUSec = ...;
readonly t LastTriggerUSecMonotonic = ...;
readonly s Result = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t AccuracyUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RandomizedDelayUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-02-01 20:27:08 +03:00
readonly b FixedRandomDelay = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b Persistent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b WakeSystem = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RemainAfterElapse = ...;
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
2020-04-10 12:34:32 +03:00
};
</programlisting>
2020-04-21 11:55:25 +03:00
<!-- property OnClockChange is not documented! -->
<!-- property OnTimezoneChange is not documented! -->
<!-- property LastTriggerUSec is not documented! -->
<!-- property LastTriggerUSecMonotonic is not documented! -->
<!-- property AccuracyUSec is not documented! -->
<!-- property RandomizedDelayUSec is not documented! -->
2020-02-01 20:27:08 +03:00
<!-- property FixedRandomDelay is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property Persistent is not documented! -->
<!-- property WakeSystem is not documented! -->
<!-- property RemainAfterElapse is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Timer" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-24 13:08:10 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Timer" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Unit" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimersMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimersCalendar" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "OnClockChange" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "OnTimezoneChange" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NextElapseUSecRealtime" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NextElapseUSecMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LastTriggerUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LastTriggerUSecMonotonic" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Result" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AccuracyUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RandomizedDelayUSec" />
2020-02-01 20:27:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "FixedRandomDelay" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Persistent" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "WakeSystem" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RemainAfterElapse" />
<!-- End of Autogenerated section -->
2020-04-10 12:34:32 +03:00
<refsect2 >
<title > Properties</title>
2020-04-21 11:55:25 +03:00
<para > <varname > Unit</varname> contains the name of the unit to activate when the timer elapses.</para>
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<para > <varname > TimersMonotonic</varname> contains an array of structs that contain information about
all monotonic timers of this timer unit. The structs contain a string identifying the timer base, which
is one of <literal > OnActiveUSec</literal> , <literal > OnBootUSec</literal> ,
<literal > OnStartupUSec</literal> , <literal > OnUnitActiveUSec</literal> , or
<literal > OnUnitInactiveUSec</literal> which correspond to the settings of the same names in the timer
unit files; the microsecond offset from this timer base in monotonic time; the next elapsation point on
the <constant > CLOCK_MONOTONIC</constant> clock, relative to its epoch.</para>
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<para > <varname > TimersCalendar</varname> contains an array of structs that contain information about all
realtime/calendar timers of this timer unit. The structs contain a string identifying the timer base,
which may only be <literal > OnCalendar</literal> for now; the calendar specification string; the next
elapsation point on the <constant > CLOCK_REALTIME</constant> clock, relative to its epoch.</para>
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<para > <varname > NextElapseUSecRealtime</varname> contains the next elapsation point on the
<constant > CLOCK_REALTIME</constant> clock in miscroseconds since the epoch, or 0 if this timer event
does not include at least one calendar event.</para>
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<para > Similarly, <varname > NextElapseUSecMonotonic</varname> contains the next elapsation point on the
<constant > CLOCK_MONOTONIC</constant> clock in microseconds since the epoch, or 0 if this timer event
does not include at least one monotonic event.</para>
<para > <varname > Result</varname> knows the values <literal > success</literal> and
<literal > resources</literal> with the same meanings as the matching values of the corresponding
property of the service interface.</para>
2020-04-10 12:34:32 +03:00
</refsect2>
</refsect1>
<refsect1 >
2020-04-21 11:55:25 +03:00
<title > Swap Unit Objects</title>
2020-04-10 12:34:32 +03:00
2020-04-21 11:55:25 +03:00
<para > All swap unit objects implement the <interfacename > org.freedesktop.systemd1.Swap</interfacename>
interface (described here) in addition to the generic
<interfacename > org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/dev_2dsda3_2eswap" interface= "org.freedesktop.systemd1.Swap" >
2020-04-21 11:55:25 +03:00
node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
interface org.freedesktop.systemd1.Swap {
2020-04-10 12:34:32 +03:00
methods:
2020-04-21 11:55:25 +03:00
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
2020-04-10 12:34:32 +03:00
properties:
2020-04-21 11:55:25 +03:00
readonly s What = '...';
readonly i Priority = ...;
readonly s Options = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutUSec = ...;
readonly u ControlPID = ...;
readonly s Result = '...';
readonly u UID = ...;
readonly u GID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecActivate = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecDeactivate = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-11 15:24:35 +03:00
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-06 15:15:55 +03:00
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-10 13:44:09 +03:00
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-08 21:22:06 +03:00
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-05-26 21:16:48 +03:00
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-04-21 19:22:35 +03:00
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-04 22:49:46 +03:00
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
2020-03-10 01:09:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-02-17 19:51:27 +03:00
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
2020-12-09 09:07:30 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindAllow = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindDeny = [...];
2021-01-21 23:35:33 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
2023-02-15 21:00:14 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Environment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sb) EnvironmentFiles = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PassEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UnsetEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u UMask = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPU = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPUSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATASoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitAS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitASSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROCSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDING = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDINGSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIO = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIOSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIME = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIMESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s WorkingDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImage = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:39:01 +03:00
readonly a(ss) RootImageOptions = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHash = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHashSignature = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashSignaturePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootVerity = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-06-06 18:44:09 +03:00
readonly b RootEphemeral = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-01-17 04:14:14 +03:00
readonly as ExtensionDirectories = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-22 15:20:33 +03:00
readonly a(sba(ss)) ExtensionImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-22 13:39:01 +03:00
readonly a(ssba(ss)) MountImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly i OOMScoreAdjust = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CoredumpFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Nice = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingClass = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay CPUAffinity = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUAffinityFromNUMA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i NUMAPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay NUMAMask = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimerSlackNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUSchedulingResetOnFork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NonBlocking = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay StandardInputData = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardError = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardErrorFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TTYPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYReset = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVHangup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVTDisallocate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-10-28 18:26:50 +03:00
readonly q TTYRows = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYColumns = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly i SyslogPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SyslogIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SyslogLevelPrefix = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogLevel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogFacility = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i LogLevelMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LogRateLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogRateLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly aay LogExtraFields = [[...], ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-11-07 22:30:01 +03:00
readonly a(bs) LogFilterPatterns = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s LogNamespace = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SecureBits = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CapabilityBoundingSet = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t AmbientCapabilities = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s User = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Group = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DynamicUser = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-10-07 15:08:21 +03:00
readonly b SetLoginEnvironment = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b RemoveIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly a(say) SetCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-06-21 15:19:07 +03:00
readonly a(say) SetCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly a(ss) LoadCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-06-21 15:19:07 +03:00
readonly a(ss) LoadCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-01-13 18:22:46 +03:00
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadWritePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadOnlyPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as InaccessiblePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-01-16 14:49:32 +03:00
readonly as ExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as NoExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-09 03:10:47 +03:00
readonly as ExecSearchPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly t MountFlags = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateTmp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateDevices = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectClock = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelTunables = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelModules = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelLogs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectControlGroups = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateNetwork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateUsers = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateMounts = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-16 18:58:56 +03:00
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SameProcessGroup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SELinuxContext = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) AppArmorProfile = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SmackProcessLabel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b IgnoreSIGPIPE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NoNewPrivileges = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SystemCallArchitectures = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SystemCallErrorNumber = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-09-16 19:30:31 +03:00
readonly (bas) SystemCallLog = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s Personality = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b LockPersonality = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictAddressFamilies = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) RuntimeDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s RuntimeDirectoryPreserve = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u RuntimeDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RuntimeDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) StateDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u StateDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as StateDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) CacheDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u CacheDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as CacheDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-07-14 20:22:21 +03:00
readonly a(sst) LogsDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly u LogsDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as LogsDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u ConfigurationDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConfigurationDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutCleanUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryDenyWriteExecute = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictRealtime = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictSUIDSGID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestrictNamespaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-12-11 15:20:23 +03:00
readonly (bas) RestrictFileSystems = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly a(ssbt) BindPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindReadOnlyPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) TemporaryFileSystem = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MountAPIVFS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KeyringMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-08-27 21:20:08 +03:00
readonly s ProtectProc = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProcSubset = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly b ProtectHostname = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2023-02-28 23:39:35 +03:00
readonly b MemoryKSM = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s NetworkNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-02-16 18:58:56 +03:00
readonly s IPCNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-11-30 20:43:18 +03:00
readonly s RootImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s MountImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ExtensionImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2020-04-21 11:55:25 +03:00
readonly s KillMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i KillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i RestartKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGKILL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGHUP = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i WatchdogSignal = ...;
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
2020-04-10 12:34:32 +03:00
};
</programlisting>
2020-04-21 11:29:09 +03:00
<!-- method GetProcesses is not documented! -->
<!-- method AttachProcesses is not documented! -->
<!-- property What is not documented! -->
<!-- property Priority is not documented! -->
<!-- property Options is not documented! -->
<!-- property TimeoutUSec is not documented! -->
<!-- property UID is not documented! -->
<!-- property GID is not documented! -->
<!-- property ExecDeactivate is not documented! -->
<!-- property Slice is not documented! -->
2022-02-11 15:24:35 +03:00
<!-- property ControlGroupId is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryCurrent is not documented! -->
2023-11-06 15:15:55 +03:00
<!-- property MemoryPeak is not documented! -->
2023-11-10 13:44:09 +03:00
<!-- property MemorySwapCurrent is not documented! -->
2023-11-08 21:22:06 +03:00
<!-- property MemorySwapPeak is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property CPUUsageNSec is not documented! -->
<!-- property EffectiveCPUs is not documented! -->
<!-- property EffectiveMemoryNodes is not documented! -->
<!-- property TasksCurrent is not documented! -->
<!-- property IPIngressBytes is not documented! -->
<!-- property IPIngressPackets is not documented! -->
<!-- property IPEgressBytes is not documented! -->
<!-- property IPEgressPackets is not documented! -->
<!-- property IOReadBytes is not documented! -->
<!-- property IOReadOperations is not documented! -->
<!-- property IOWriteBytes is not documented! -->
<!-- property IOWriteOperations is not documented! -->
<!-- property Delegate is not documented! -->
<!-- property DelegateControllers is not documented! -->
<!-- property CPUAccounting is not documented! -->
<!-- property CPUWeight is not documented! -->
<!-- property StartupCPUWeight is not documented! -->
<!-- property CPUShares is not documented! -->
<!-- property StartupCPUShares is not documented! -->
<!-- property CPUQuotaPerSecUSec is not documented! -->
<!-- property CPUQuotaPeriodUSec is not documented! -->
<!-- property AllowedCPUs is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedCPUs is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property AllowedMemoryNodes is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedMemoryNodes is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property IOAccounting is not documented! -->
<!-- property IOWeight is not documented! -->
<!-- property StartupIOWeight is not documented! -->
<!-- property IODeviceWeight is not documented! -->
<!-- property IOReadBandwidthMax is not documented! -->
<!-- property IOWriteBandwidthMax is not documented! -->
<!-- property IOReadIOPSMax is not documented! -->
<!-- property IOWriteIOPSMax is not documented! -->
<!-- property IODeviceLatencyTargetUSec is not documented! -->
<!-- property BlockIOAccounting is not documented! -->
<!-- property BlockIOWeight is not documented! -->
<!-- property StartupBlockIOWeight is not documented! -->
<!-- property BlockIODeviceWeight is not documented! -->
<!-- property BlockIOReadBandwidth is not documented! -->
<!-- property BlockIOWriteBandwidth is not documented! -->
<!-- property MemoryAccounting is not documented! -->
<!-- property DefaultMemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property DefaultStartupMemoryLow is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property DefaultMemoryMin is not documented! -->
<!-- property MemoryMin is not documented! -->
<!-- property MemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryLow is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryHigh is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryHigh is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryMax is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemorySwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemorySwapMax is not documented! -->
2022-02-04 22:49:46 +03:00
<!-- property MemoryZSwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryZSwapMax is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property MemoryLimit is not documented! -->
<!-- property DevicePolicy is not documented! -->
<!-- property DeviceAllow is not documented! -->
<!-- property TasksAccounting is not documented! -->
<!-- property TasksMax is not documented! -->
<!-- property IPAccounting is not documented! -->
<!-- property IPAddressAllow is not documented! -->
<!-- property IPAddressDeny is not documented! -->
<!-- property IPIngressFilterPath is not documented! -->
<!-- property IPEgressFilterPath is not documented! -->
<!-- property DisableControllers is not documented! -->
2020-03-10 01:09:17 +03:00
<!-- property ManagedOOMSwap is not documented! -->
<!-- property ManagedOOMMemoryPressure is not documented! -->
2021-02-17 19:51:27 +03:00
<!-- property ManagedOOMMemoryPressureLimit is not documented! -->
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<!-- property ManagedOOMPreference is not documented! -->
2020-12-09 09:07:30 +03:00
<!-- property BPFProgram is not documented! -->
2020-11-18 11:31:55 +03:00
<!-- property SocketBindAllow is not documented! -->
<!-- property SocketBindDeny is not documented! -->
2021-01-21 23:35:33 +03:00
<!-- property RestrictNetworkInterfaces is not documented! -->
2023-02-15 21:00:14 +03:00
<!-- property MemoryPressureWatch is not documented! -->
<!-- property MemoryPressureThresholdUSec is not documented! -->
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<!-- property NFTSet is not documented! -->
2023-10-11 17:46:42 +03:00
<!-- property CoredumpReceive is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property EnvironmentFiles is not documented! -->
<!-- property PassEnvironment is not documented! -->
<!-- property UnsetEnvironment is not documented! -->
<!-- property UMask is not documented! -->
<!-- property LimitCPUSoft is not documented! -->
<!-- property LimitFSIZE is not documented! -->
<!-- property LimitFSIZESoft is not documented! -->
<!-- property LimitDATA is not documented! -->
<!-- property LimitDATASoft is not documented! -->
<!-- property LimitSTACK is not documented! -->
<!-- property LimitSTACKSoft is not documented! -->
<!-- property LimitCORE is not documented! -->
<!-- property LimitCORESoft is not documented! -->
<!-- property LimitRSS is not documented! -->
<!-- property LimitRSSSoft is not documented! -->
<!-- property LimitNOFILE is not documented! -->
<!-- property LimitNOFILESoft is not documented! -->
<!-- property LimitAS is not documented! -->
<!-- property LimitASSoft is not documented! -->
<!-- property LimitNPROC is not documented! -->
<!-- property LimitNPROCSoft is not documented! -->
<!-- property LimitMEMLOCK is not documented! -->
<!-- property LimitMEMLOCKSoft is not documented! -->
<!-- property LimitLOCKS is not documented! -->
<!-- property LimitLOCKSSoft is not documented! -->
<!-- property LimitSIGPENDING is not documented! -->
<!-- property LimitSIGPENDINGSoft is not documented! -->
<!-- property LimitMSGQUEUE is not documented! -->
<!-- property LimitMSGQUEUESoft is not documented! -->
<!-- property LimitNICE is not documented! -->
<!-- property LimitNICESoft is not documented! -->
<!-- property LimitRTPRIO is not documented! -->
<!-- property LimitRTPRIOSoft is not documented! -->
<!-- property LimitRTTIME is not documented! -->
<!-- property LimitRTTIMESoft is not documented! -->
<!-- property WorkingDirectory is not documented! -->
2020-08-22 13:39:01 +03:00
<!-- property RootHashPath is not documented! -->
<!-- property RootHashSignaturePath is not documented! -->
2023-06-06 18:44:09 +03:00
<!-- property RootEphemeral is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property OOMScoreAdjust is not documented! -->
<!-- property CoredumpFilter is not documented! -->
<!-- property Nice is not documented! -->
<!-- property IOSchedulingClass is not documented! -->
<!-- property IOSchedulingPriority is not documented! -->
<!-- property CPUSchedulingPolicy is not documented! -->
<!-- property CPUSchedulingPriority is not documented! -->
<!-- property CPUAffinity is not documented! -->
<!-- property CPUAffinityFromNUMA is not documented! -->
<!-- property NUMAPolicy is not documented! -->
<!-- property NUMAMask is not documented! -->
<!-- property TimerSlackNSec is not documented! -->
<!-- property CPUSchedulingResetOnFork is not documented! -->
<!-- property NonBlocking is not documented! -->
<!-- property StandardInput is not documented! -->
<!-- property StandardInputFileDescriptorName is not documented! -->
<!-- property StandardInputData is not documented! -->
<!-- property StandardOutput is not documented! -->
<!-- property StandardOutputFileDescriptorName is not documented! -->
<!-- property StandardError is not documented! -->
<!-- property StandardErrorFileDescriptorName is not documented! -->
<!-- property TTYPath is not documented! -->
<!-- property TTYReset is not documented! -->
<!-- property TTYVHangup is not documented! -->
<!-- property TTYVTDisallocate is not documented! -->
2021-10-28 18:26:50 +03:00
<!-- property TTYRows is not documented! -->
<!-- property TTYColumns is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property SyslogPriority is not documented! -->
<!-- property SyslogIdentifier is not documented! -->
<!-- property SyslogLevelPrefix is not documented! -->
<!-- property SyslogLevel is not documented! -->
<!-- property SyslogFacility is not documented! -->
<!-- property LogLevelMax is not documented! -->
<!-- property LogRateLimitIntervalUSec is not documented! -->
<!-- property LogRateLimitBurst is not documented! -->
<!-- property LogExtraFields is not documented! -->
2022-11-07 22:30:01 +03:00
<!-- property LogFilterPatterns is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property LogNamespace is not documented! -->
<!-- property AmbientCapabilities is not documented! -->
<!-- property User is not documented! -->
<!-- property Group is not documented! -->
<!-- property DynamicUser is not documented! -->
2023-10-07 15:08:21 +03:00
<!-- property SetLoginEnvironment is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property RemoveIPC is not documented! -->
2020-08-27 21:20:08 +03:00
<!-- property SetCredential is not documented! -->
2021-06-21 15:19:07 +03:00
<!-- property SetCredentialEncrypted is not documented! -->
2020-08-27 21:20:08 +03:00
<!-- property LoadCredential is not documented! -->
2021-06-21 15:19:07 +03:00
<!-- property LoadCredentialEncrypted is not documented! -->
2023-01-13 18:22:46 +03:00
<!-- property ImportCredential is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property SupplementaryGroups is not documented! -->
<!-- property PAMName is not documented! -->
<!-- property ReadWritePaths is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property ReadOnlyPaths is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property InaccessiblePaths is not documented! -->
2020-04-10 12:34:32 +03:00
2021-01-16 14:49:32 +03:00
<!-- property ExecPaths is not documented! -->
<!-- property NoExecPaths is not documented! -->
2021-07-09 03:10:47 +03:00
<!-- property ExecSearchPath is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property PrivateTmp is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property PrivateDevices is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property ProtectClock is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property ProtectKernelTunables is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property ProtectKernelModules is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property ProtectKernelLogs is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property ProtectControlGroups is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property PrivateNetwork is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property PrivateUsers is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property PrivateMounts is not documented! -->
2020-04-10 12:34:32 +03:00
2021-02-16 18:58:56 +03:00
<!-- property PrivateIPC is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property ProtectHome is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property ProtectSystem is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property SameProcessGroup is not documented! -->
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<!-- property UtmpIdentifier is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property UtmpMode is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property SELinuxContext is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property AppArmorProfile is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property SmackProcessLabel is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property IgnoreSIGPIPE is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property NoNewPrivileges is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property SystemCallFilter is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property SystemCallArchitectures is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property SystemCallErrorNumber is not documented! -->
2020-04-21 11:55:25 +03:00
2020-09-16 19:30:31 +03:00
<!-- property SystemCallLog is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property Personality is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property LockPersonality is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property RestrictAddressFamilies is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property RuntimeDirectoryPreserve is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property RuntimeDirectoryMode is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property StateDirectoryMode is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property CacheDirectoryMode is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property LogsDirectoryMode is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property ConfigurationDirectoryMode is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property ConfigurationDirectory is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property TimeoutCleanUSec is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property MemoryDenyWriteExecute is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property RestrictRealtime is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property RestrictSUIDSGID is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property RestrictNamespaces is not documented! -->
2020-04-21 11:55:25 +03:00
2020-12-11 15:20:23 +03:00
<!-- property RestrictFileSystems is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property BindPaths is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property BindReadOnlyPaths is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property TemporaryFileSystem is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property MountAPIVFS is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property KeyringMode is not documented! -->
2020-04-21 11:55:25 +03:00
2020-08-27 21:20:08 +03:00
<!-- property ProtectProc is not documented! -->
<!-- property ProcSubset is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property ProtectHostname is not documented! -->
2020-04-21 11:55:25 +03:00
2023-02-28 23:39:35 +03:00
<!-- property MemoryKSM is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property NetworkNamespacePath is not documented! -->
2020-04-21 11:55:25 +03:00
2021-02-16 18:58:56 +03:00
<!-- property IPCNamespacePath is not documented! -->
2022-11-30 20:43:18 +03:00
<!-- property RootImagePolicy is not documented! -->
<!-- property MountImagePolicy is not documented! -->
<!-- property ExtensionImagePolicy is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- property KillMode is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property KillSignal is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property RestartKillSignal is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property FinalKillSignal is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property SendSIGKILL is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property SendSIGHUP is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- property WatchdogSignal is not documented! -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Swap" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-21 11:55:25 +03:00
2020-04-24 13:08:10 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Swap" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetProcesses()" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "AttachProcesses()" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "What" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Priority" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Options" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlPID" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Result" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UID" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "GID" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecActivate" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecDeactivate" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Slice" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroup" />
2020-04-21 11:55:25 +03:00
2022-02-11 15:24:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroupId" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryCurrent" />
2020-04-21 11:55:25 +03:00
2023-11-06 15:15:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPeak" />
2023-11-10 13:44:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapCurrent" />
2023-11-08 21:22:06 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapPeak" />
2021-05-26 21:16:48 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAvailable" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUUsageNSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveCPUs" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveMemoryNodes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksCurrent" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressBytes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressPackets" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressBytes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressPackets" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBytes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadOperations" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBytes" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteOperations" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Delegate" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateControllers" />
2020-04-21 11:55:25 +03:00
2023-04-21 19:22:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateSubgroup" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUShares" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUShares" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPerSecUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPeriodUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedCPUs" />
2020-04-21 11:55:25 +03:00
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedCPUs" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedMemoryNodes" />
2020-04-21 11:55:25 +03:00
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedMemoryNodes" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupIOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBandwidthMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBandwidthMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadIOPSMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteIOPSMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceLatencyTargetUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupBlockIOWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIODeviceWeight" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOReadBandwidth" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWriteBandwidth" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAccounting" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryLow" />
2020-04-21 11:55:25 +03:00
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultStartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryMin" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMin" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLow" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryHigh" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryHigh" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemorySwapMax" />
2022-02-04 22:49:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryZSwapMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryZSwapMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLimit" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DevicePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DeviceAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressDeny" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressFilterPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressFilterPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DisableControllers" />
2020-03-10 01:09:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMSwap" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressure" />
2021-02-17 19:51:27 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressureLimit" />
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMPreference" />
2020-12-09 09:07:30 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BPFProgram" />
2020-11-18 11:31:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindDeny" />
2021-01-21 23:35:33 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictNetworkInterfaces" />
2023-02-15 21:00:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureWatch" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureThresholdUSec" />
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NFTSet" />
2023-10-11 17:46:42 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CoredumpReceive" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Environment" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "EnvironmentFiles" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "PassEnvironment" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UnsetEnvironment" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "UMask" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCPU" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCPUSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitFSIZE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitFSIZESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitDATA" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitDATASoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSTACK" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSTACKSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCORE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitCORESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRSS" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRSSSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNOFILE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNOFILESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitAS" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitASSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNPROC" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNPROCSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMEMLOCK" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMEMLOCKSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitLOCKS" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitLOCKSSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSIGPENDING" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitSIGPENDINGSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMSGQUEUE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitMSGQUEUESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNICE" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitNICESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTPRIO" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTPRIOSoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTTIME" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "LimitRTTIMESoft" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "WorkingDirectory" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootDirectory" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImage" />
2020-08-22 13:39:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImageOptions" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHash" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashSignature" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootHashSignaturePath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootVerity" />
2023-06-06 18:44:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootEphemeral" />
2022-01-17 04:14:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionDirectories" />
2021-02-22 15:20:33 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionImages" />
2020-08-22 13:39:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountImages" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "OOMScoreAdjust" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CoredumpFilter" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Nice" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOSchedulingClass" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOSchedulingPriority" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingPolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingPriority" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAffinity" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAffinityFromNUMA" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NUMAPolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NUMAMask" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimerSlackNSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUSchedulingResetOnFork" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NonBlocking" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInput" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInputFileDescriptorName" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardInputData" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardOutput" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardOutputFileDescriptorName" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardError" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StandardErrorFileDescriptorName" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYPath" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYReset" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYVHangup" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYVTDisallocate" />
2020-04-21 11:55:25 +03:00
2021-10-28 18:26:50 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYRows" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TTYColumns" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogPriority" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogIdentifier" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogLevelPrefix" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogLevel" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SyslogFacility" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogLevelMax" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogRateLimitIntervalUSec" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogRateLimitBurst" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogExtraFields" />
2020-04-21 11:55:25 +03:00
2022-11-07 22:30:01 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogFilterPatterns" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogNamespace" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SecureBits" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CapabilityBoundingSet" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AmbientCapabilities" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "User" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Group" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DynamicUser" />
2020-04-21 11:55:25 +03:00
2023-10-07 15:08:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetLoginEnvironment" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RemoveIPC" />
2020-04-21 11:55:25 +03:00
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetCredential" />
2021-06-21 15:19:07 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SetCredentialEncrypted" />
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoadCredential" />
2021-06-21 15:19:07 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LoadCredentialEncrypted" />
2023-01-13 18:22:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ImportCredential" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SupplementaryGroups" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PAMName" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReadWritePaths" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ReadOnlyPaths" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "InaccessiblePaths" />
2020-04-21 11:55:25 +03:00
2021-01-16 14:49:32 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecPaths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "NoExecPaths" />
2021-07-09 03:10:47 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExecSearchPath" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountFlags" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateTmp" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateDevices" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectClock" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelTunables" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelModules" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectKernelLogs" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectControlGroups" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateNetwork" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateUsers" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateMounts" />
2020-04-21 11:55:25 +03:00
2021-02-16 18:58:56 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "PrivateIPC" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectHome" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectSystem" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SameProcessGroup" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UtmpIdentifier" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "UtmpMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SELinuxContext" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AppArmorProfile" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SmackProcessLabel" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IgnoreSIGPIPE" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NoNewPrivileges" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallFilter" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallArchitectures" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallErrorNumber" />
2020-04-21 11:55:25 +03:00
2020-09-16 19:30:31 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SystemCallLog" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Personality" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LockPersonality" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictAddressFamilies" />
2020-04-21 11:55:25 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectoryPreserve" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeDirectory" />
2020-04-21 11:55:25 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectoryMode" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StateDirectory" />
2020-04-10 12:34:32 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectoryMode" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CacheDirectory" />
2020-04-10 12:34:32 +03:00
2021-07-14 20:22:21 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectorySymlink" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectoryMode" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "LogsDirectory" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConfigurationDirectoryMode" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ConfigurationDirectory" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutCleanUSec" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryDenyWriteExecute" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictRealtime" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictSUIDSGID" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictNamespaces" />
2020-04-10 12:34:32 +03:00
2020-12-11 15:20:23 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictFileSystems" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindPaths" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BindReadOnlyPaths" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TemporaryFileSystem" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountAPIVFS" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KeyringMode" />
2020-04-10 12:34:32 +03:00
2020-08-27 21:20:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectProc" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProcSubset" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ProtectHostname" />
2020-04-10 12:34:32 +03:00
2023-02-28 23:39:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryKSM" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NetworkNamespacePath" />
2020-04-10 12:34:32 +03:00
2021-02-16 18:58:56 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPCNamespacePath" />
2022-11-30 20:43:18 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RootImagePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MountImagePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ExtensionImagePolicy" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KillMode" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KillSignal" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartKillSignal" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "FinalKillSignal" />
2020-04-10 12:34:32 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendSIGKILL" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendSIGHUP" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogSignal" />
2020-04-21 11:55:25 +03:00
2020-04-21 11:29:09 +03:00
<!-- End of Autogenerated section -->
2020-04-10 12:34:32 +03:00
<refsect2 >
<title > Properties</title>
<para > Most of the properties map directly to the corresponding settings in swap unit files. As mount
units invoke the
2020-08-22 13:24:32 +03:00
<citerefentry project= "man-pages" > <refentrytitle > swapon</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> command,
2020-04-10 12:34:32 +03:00
their bus objects include implicit <varname > ExecActivate</varname> (and similar) fields which contain
information about processes to execute. They also share most of the fields related to the execution
context that Service objects expose (see above). In addition to these properties there are the
following:</para>
<para > <varname > ControlPID</varname> contains the PID of the currently running
2020-08-22 13:24:32 +03:00
<citerefentry project= "man-pages" > <refentrytitle > swapon</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> or
<citerefentry project= "man-pages" > <refentrytitle > swapoff</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry>
2020-06-25 15:37:24 +03:00
command if there is one running, otherwise 0.</para>
2020-04-10 12:34:32 +03:00
<para > <varname > Result</varname> contains a value explaining why a mount unit failed if it failed. It
can take the values <literal > success</literal> , <literal > resources</literal> ,
2020-04-19 14:05:44 +03:00
<literal > timeout</literal> , <literal > exit-code</literal> , <literal > signal</literal> , or
2020-04-10 12:34:32 +03:00
<literal > core-dump</literal> which have the identical meanings as the corresponding values of the
corresponding field of service unit objects (see above).</para>
</refsect2>
</refsect1>
<refsect1 >
<title > Path Unit Objects</title>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/cups_2epath" interface= "org.freedesktop.systemd1.Path" >
2020-04-10 12:34:32 +03:00
node /org/freedesktop/systemd1/unit/cups_2epath {
interface org.freedesktop.systemd1.Path {
properties:
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Unit = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) Paths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MakeDirectory = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u DirectoryMode = ...;
readonly s Result = '...';
2021-12-18 20:52:52 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TriggerLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u TriggerLimitBurst = ...;
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
2020-04-10 12:34:32 +03:00
};
</programlisting>
2020-04-21 11:55:25 +03:00
<!-- property MakeDirectory is not documented! -->
<!-- property DirectoryMode is not documented! -->
2021-12-18 20:52:52 +03:00
<!-- property TriggerLimitIntervalUSec is not documented! -->
<!-- property TriggerLimitBurst is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Path" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-24 13:08:10 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Path" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Unit" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Paths" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MakeDirectory" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DirectoryMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Result" />
2021-12-18 20:52:52 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "TriggerLimitIntervalUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TriggerLimitBurst" />
2020-04-21 11:29:09 +03:00
<!-- End of Autogenerated section -->
2020-04-10 12:34:32 +03:00
<refsect2 >
<title > Properties</title>
<para > Most properties correspond directly with the matching settings in path unit files.</para>
<para > The others:</para>
<para > <varname > Paths</varname> contains an array of structs. Each struct contains the condition to
watch, which can be one of <literal > PathExists</literal> , <literal > PathExistsGlob</literal> ,
2020-04-19 14:05:44 +03:00
<literal > PathChanged</literal> , <literal > PathModified</literal> , or <literal > DirectoryNotEmpty</literal>
2020-04-10 12:34:32 +03:00
which correspond directly to the matching settings in the path unit files; and the path to watch,
possibly including glob expressions.</para>
<para > <varname > Result</varname> contains a result value which can be <literal > success</literal> or
2020-04-19 14:05:44 +03:00
<literal > resources</literal> which have the same meaning as the corresponding field of the Service
2020-04-10 12:34:32 +03:00
interface.</para>
</refsect2>
</refsect1>
<refsect1 >
<title > Slice Unit Objects</title>
<para > All slice unit objects implement the <interfacename > org.freedesktop.systemd1.Slice</interfacename>
interface (described here) in addition to the generic
<interfacename > org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/system_2eslice" interface= "org.freedesktop.systemd1.Slice" >
2020-04-10 12:34:32 +03:00
node /org/freedesktop/systemd1/unit/system_2eslice {
interface org.freedesktop.systemd1.Slice {
methods:
2020-04-21 11:55:25 +03:00
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
2020-04-10 12:34:32 +03:00
properties:
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-11 15:24:35 +03:00
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-06 15:15:55 +03:00
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-10 13:44:09 +03:00
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-08 21:22:06 +03:00
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-05-26 21:16:48 +03:00
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-04-21 19:22:35 +03:00
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-04 22:49:46 +03:00
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
2020-03-10 01:09:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-02-17 19:51:27 +03:00
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
2020-12-09 09:07:30 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindAllow = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindDeny = [...];
2021-01-21 23:35:33 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
2023-02-15 21:00:14 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
2020-04-10 12:34:32 +03:00
};
</programlisting>
2020-04-21 11:55:25 +03:00
<!-- method GetProcesses is not documented! -->
<!-- method AttachProcesses is not documented! -->
<!-- property Slice is not documented! -->
2022-02-11 15:24:35 +03:00
<!-- property ControlGroupId is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryCurrent is not documented! -->
2023-11-06 15:15:55 +03:00
<!-- property MemoryPeak is not documented! -->
2023-11-10 13:44:09 +03:00
<!-- property MemorySwapCurrent is not documented! -->
2023-11-08 21:22:06 +03:00
<!-- property MemorySwapPeak is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property CPUUsageNSec is not documented! -->
<!-- property EffectiveCPUs is not documented! -->
<!-- property EffectiveMemoryNodes is not documented! -->
<!-- property TasksCurrent is not documented! -->
<!-- property IPIngressBytes is not documented! -->
<!-- property IPIngressPackets is not documented! -->
<!-- property IPEgressBytes is not documented! -->
<!-- property IPEgressPackets is not documented! -->
<!-- property IOReadBytes is not documented! -->
<!-- property IOReadOperations is not documented! -->
<!-- property IOWriteBytes is not documented! -->
<!-- property IOWriteOperations is not documented! -->
<!-- property Delegate is not documented! -->
<!-- property DelegateControllers is not documented! -->
<!-- property CPUAccounting is not documented! -->
<!-- property CPUWeight is not documented! -->
<!-- property StartupCPUWeight is not documented! -->
<!-- property CPUShares is not documented! -->
<!-- property StartupCPUShares is not documented! -->
<!-- property CPUQuotaPerSecUSec is not documented! -->
<!-- property CPUQuotaPeriodUSec is not documented! -->
<!-- property AllowedCPUs is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedCPUs is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property AllowedMemoryNodes is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedMemoryNodes is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property IOAccounting is not documented! -->
<!-- property IOWeight is not documented! -->
<!-- property StartupIOWeight is not documented! -->
<!-- property IODeviceWeight is not documented! -->
<!-- property IOReadBandwidthMax is not documented! -->
<!-- property IOWriteBandwidthMax is not documented! -->
<!-- property IOReadIOPSMax is not documented! -->
<!-- property IOWriteIOPSMax is not documented! -->
<!-- property IODeviceLatencyTargetUSec is not documented! -->
<!-- property BlockIOAccounting is not documented! -->
<!-- property BlockIOWeight is not documented! -->
<!-- property StartupBlockIOWeight is not documented! -->
<!-- property BlockIODeviceWeight is not documented! -->
<!-- property BlockIOReadBandwidth is not documented! -->
<!-- property BlockIOWriteBandwidth is not documented! -->
<!-- property MemoryAccounting is not documented! -->
<!-- property DefaultMemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property DefaultStartupMemoryLow is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property DefaultMemoryMin is not documented! -->
<!-- property MemoryMin is not documented! -->
<!-- property MemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryLow is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryHigh is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryHigh is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryMax is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemorySwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemorySwapMax is not documented! -->
2022-02-04 22:49:46 +03:00
<!-- property MemoryZSwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryZSwapMax is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryLimit is not documented! -->
<!-- property DevicePolicy is not documented! -->
<!-- property DeviceAllow is not documented! -->
<!-- property TasksAccounting is not documented! -->
<!-- property TasksMax is not documented! -->
<!-- property IPAccounting is not documented! -->
<!-- property IPAddressAllow is not documented! -->
<!-- property IPAddressDeny is not documented! -->
<!-- property IPIngressFilterPath is not documented! -->
<!-- property IPEgressFilterPath is not documented! -->
<!-- property DisableControllers is not documented! -->
2020-03-10 01:09:17 +03:00
<!-- property ManagedOOMSwap is not documented! -->
<!-- property ManagedOOMMemoryPressure is not documented! -->
2021-02-17 19:51:27 +03:00
<!-- property ManagedOOMMemoryPressureLimit is not documented! -->
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<!-- property ManagedOOMPreference is not documented! -->
2020-12-09 09:07:30 +03:00
<!-- property BPFProgram is not documented! -->
2020-11-18 11:31:55 +03:00
<!-- property SocketBindAllow is not documented! -->
<!-- property SocketBindDeny is not documented! -->
2021-01-21 23:35:33 +03:00
<!-- property RestrictNetworkInterfaces is not documented! -->
2023-02-15 21:00:14 +03:00
<!-- property MemoryPressureWatch is not documented! -->
<!-- property MemoryPressureThresholdUSec is not documented! -->
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<!-- property NFTSet is not documented! -->
2023-10-11 17:46:42 +03:00
<!-- property CoredumpReceive is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Slice" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-24 13:08:10 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Slice" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetProcesses()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "AttachProcesses()" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Slice" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroup" />
2022-02-11 15:24:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroupId" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryCurrent" />
2023-11-06 15:15:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPeak" />
2023-11-10 13:44:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapCurrent" />
2023-11-08 21:22:06 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapPeak" />
2021-05-26 21:16:48 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAvailable" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUUsageNSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveCPUs" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveMemoryNodes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksCurrent" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressPackets" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressPackets" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadOperations" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteOperations" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Delegate" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateControllers" />
2023-04-21 19:22:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateSubgroup" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUShares" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUShares" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPerSecUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPeriodUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedCPUs" />
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedCPUs" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedMemoryNodes" />
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedMemoryNodes" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupIOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBandwidthMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBandwidthMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadIOPSMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteIOPSMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceLatencyTargetUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupBlockIOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIODeviceWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOReadBandwidth" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWriteBandwidth" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryLow" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultStartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryMin" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMin" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLow" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryHigh" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryHigh" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemorySwapMax" />
2022-02-04 22:49:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryZSwapMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryZSwapMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLimit" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DevicePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DeviceAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressDeny" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressFilterPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressFilterPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DisableControllers" />
2020-03-10 01:09:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMSwap" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressure" />
2021-02-17 19:51:27 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressureLimit" />
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMPreference" />
2020-12-09 09:07:30 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BPFProgram" />
2020-11-18 11:31:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindDeny" />
2021-01-21 23:35:33 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictNetworkInterfaces" />
2023-02-15 21:00:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureWatch" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureThresholdUSec" />
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NFTSet" />
2023-10-11 17:46:42 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CoredumpReceive" />
2020-04-21 11:29:09 +03:00
<!-- End of Autogenerated section -->
2020-04-10 12:34:32 +03:00
<refsect2 >
<title > Properties</title>
<para > Most properties correspond directly with the matching settings in slice unit files.</para>
</refsect2>
</refsect1>
<refsect1 >
<title > Scope Unit Objects</title>
2020-08-05 20:44:53 +03:00
<para > All scope unit objects implement the <interfacename > org.freedesktop.systemd1.Scope</interfacename>
2020-04-10 12:34:32 +03:00
interface (described here) in addition to the generic
<interfacename > org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/unit/session_2d1_2escope" interface= "org.freedesktop.systemd1.Scope" >
2020-04-10 12:34:32 +03:00
node /org/freedesktop/systemd1/unit/session_2d1_2escope {
interface org.freedesktop.systemd1.Scope {
methods:
Abandon();
2020-04-21 11:55:25 +03:00
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
2020-04-10 12:34:32 +03:00
signals:
RequestStop();
properties:
2020-04-21 11:55:25 +03:00
readonly s Controller = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutStopUSec = ...;
readonly s Result = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RuntimeMaxUSec = ...;
2021-07-13 20:38:08 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RuntimeRandomizedExtraUSec = ...;
2022-11-14 15:48:09 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s OOMPolicy = '...';
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-11 15:24:35 +03:00
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-06 15:15:55 +03:00
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-10 13:44:09 +03:00
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-11-08 21:22:06 +03:00
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-05-26 21:16:48 +03:00
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-04-21 19:22:35 +03:00
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-09-14 19:28:46 +03:00
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2022-02-04 22:49:46 +03:00
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2023-02-06 17:13:09 +03:00
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2020-04-21 11:55:25 +03:00
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
2020-03-10 01:09:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-02-17 19:51:27 +03:00
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
2020-12-09 09:07:30 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindAllow = [...];
2020-11-18 11:31:55 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
2021-06-15 23:51:33 +03:00
readonly a(iiqq) SocketBindDeny = [...];
2021-01-21 23:35:33 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
2023-02-15 21:00:14 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KillMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i KillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i RestartKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGKILL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGHUP = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i WatchdogSignal = ...;
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
2020-04-10 12:34:32 +03:00
};
</programlisting>
2020-04-21 11:55:25 +03:00
<!-- method GetProcesses is not documented! -->
<!-- method AttachProcesses is not documented! -->
<!-- property RuntimeMaxUSec is not documented! -->
2021-07-13 20:38:08 +03:00
<!-- property RuntimeRandomizedExtraUSec is not documented! -->
2022-11-14 15:48:09 +03:00
<!-- property OOMPolicy is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property Slice is not documented! -->
2022-02-11 15:24:35 +03:00
<!-- property ControlGroupId is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryCurrent is not documented! -->
2023-11-06 15:15:55 +03:00
<!-- property MemoryPeak is not documented! -->
2023-11-10 13:44:09 +03:00
<!-- property MemorySwapCurrent is not documented! -->
2023-11-08 21:22:06 +03:00
<!-- property MemorySwapPeak is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property CPUUsageNSec is not documented! -->
<!-- property EffectiveCPUs is not documented! -->
<!-- property EffectiveMemoryNodes is not documented! -->
<!-- property TasksCurrent is not documented! -->
<!-- property IPIngressBytes is not documented! -->
<!-- property IPIngressPackets is not documented! -->
<!-- property IPEgressBytes is not documented! -->
<!-- property IPEgressPackets is not documented! -->
<!-- property IOReadBytes is not documented! -->
<!-- property IOReadOperations is not documented! -->
<!-- property IOWriteBytes is not documented! -->
<!-- property IOWriteOperations is not documented! -->
<!-- property Delegate is not documented! -->
<!-- property DelegateControllers is not documented! -->
<!-- property CPUAccounting is not documented! -->
<!-- property CPUWeight is not documented! -->
<!-- property StartupCPUWeight is not documented! -->
<!-- property CPUShares is not documented! -->
<!-- property StartupCPUShares is not documented! -->
<!-- property CPUQuotaPerSecUSec is not documented! -->
<!-- property CPUQuotaPeriodUSec is not documented! -->
<!-- property AllowedCPUs is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedCPUs is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property AllowedMemoryNodes is not documented! -->
2021-09-14 19:28:46 +03:00
<!-- property StartupAllowedMemoryNodes is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property IOAccounting is not documented! -->
<!-- property IOWeight is not documented! -->
<!-- property StartupIOWeight is not documented! -->
<!-- property IODeviceWeight is not documented! -->
<!-- property IOReadBandwidthMax is not documented! -->
<!-- property IOWriteBandwidthMax is not documented! -->
<!-- property IOReadIOPSMax is not documented! -->
<!-- property IOWriteIOPSMax is not documented! -->
<!-- property IODeviceLatencyTargetUSec is not documented! -->
<!-- property BlockIOAccounting is not documented! -->
<!-- property BlockIOWeight is not documented! -->
<!-- property StartupBlockIOWeight is not documented! -->
<!-- property BlockIODeviceWeight is not documented! -->
<!-- property BlockIOReadBandwidth is not documented! -->
<!-- property BlockIOWriteBandwidth is not documented! -->
<!-- property MemoryAccounting is not documented! -->
<!-- property DefaultMemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property DefaultStartupMemoryLow is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property DefaultMemoryMin is not documented! -->
<!-- property MemoryMin is not documented! -->
<!-- property MemoryLow is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryLow is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryHigh is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryHigh is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryMax is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemorySwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemorySwapMax is not documented! -->
2022-02-04 22:49:46 +03:00
<!-- property MemoryZSwapMax is not documented! -->
2023-02-06 17:13:09 +03:00
<!-- property StartupMemoryZSwapMax is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property MemoryLimit is not documented! -->
<!-- property DevicePolicy is not documented! -->
<!-- property DeviceAllow is not documented! -->
<!-- property TasksAccounting is not documented! -->
<!-- property TasksMax is not documented! -->
<!-- property IPAccounting is not documented! -->
<!-- property IPAddressAllow is not documented! -->
<!-- property IPAddressDeny is not documented! -->
<!-- property IPIngressFilterPath is not documented! -->
<!-- property IPEgressFilterPath is not documented! -->
<!-- property DisableControllers is not documented! -->
2020-03-10 01:09:17 +03:00
<!-- property ManagedOOMSwap is not documented! -->
<!-- property ManagedOOMMemoryPressure is not documented! -->
2021-02-17 19:51:27 +03:00
<!-- property ManagedOOMMemoryPressureLimit is not documented! -->
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<!-- property ManagedOOMPreference is not documented! -->
2020-12-09 09:07:30 +03:00
<!-- property BPFProgram is not documented! -->
2020-11-18 11:31:55 +03:00
<!-- property SocketBindAllow is not documented! -->
<!-- property SocketBindDeny is not documented! -->
2021-01-21 23:35:33 +03:00
<!-- property RestrictNetworkInterfaces is not documented! -->
2023-02-15 21:00:14 +03:00
<!-- property MemoryPressureWatch is not documented! -->
<!-- property MemoryPressureThresholdUSec is not documented! -->
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<!-- property NFTSet is not documented! -->
2023-10-11 17:46:42 +03:00
<!-- property CoredumpReceive is not documented! -->
2020-04-21 11:55:25 +03:00
<!-- property KillMode is not documented! -->
<!-- property KillSignal is not documented! -->
<!-- property RestartKillSignal is not documented! -->
<!-- property FinalKillSignal is not documented! -->
<!-- property SendSIGKILL is not documented! -->
<!-- property SendSIGHUP is not documented! -->
<!-- property WatchdogSignal is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Scope" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Unit" />
2020-04-24 13:08:10 +03:00
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Scope" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-method" generated= "True" extra-ref= "Abandon()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetProcesses()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "AttachProcesses()" />
<variablelist class= "dbus-signal" generated= "True" extra-ref= "RequestStop" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Controller" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TimeoutStopUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Result" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeMaxUSec" />
2021-07-13 20:38:08 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RuntimeRandomizedExtraUSec" />
2022-11-14 15:48:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "OOMPolicy" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "Slice" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroup" />
2022-02-11 15:24:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ControlGroupId" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryCurrent" />
2023-11-06 15:15:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPeak" />
2023-11-10 13:44:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapCurrent" />
2023-11-08 21:22:06 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapPeak" />
2021-05-26 21:16:48 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAvailable" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUUsageNSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveCPUs" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "EffectiveMemoryNodes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksCurrent" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressPackets" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressPackets" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadOperations" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBytes" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteOperations" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Delegate" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateControllers" />
2023-04-21 19:22:35 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DelegateSubgroup" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUShares" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupCPUShares" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPerSecUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "CPUQuotaPeriodUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedCPUs" />
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedCPUs" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "AllowedMemoryNodes" />
2021-09-14 19:28:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupAllowedMemoryNodes" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupIOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadBandwidthMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteBandwidthMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOReadIOPSMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IOWriteIOPSMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IODeviceLatencyTargetUSec" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupBlockIOWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIODeviceWeight" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOReadBandwidth" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "BlockIOWriteBandwidth" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryLow" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultStartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "DefaultMemoryMin" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMin" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLow" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryLow" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryHigh" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryHigh" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemorySwapMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemorySwapMax" />
2022-02-04 22:49:46 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryZSwapMax" />
2023-02-06 17:13:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "StartupMemoryZSwapMax" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryLimit" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DevicePolicy" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DeviceAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "TasksMax" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAccounting" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPAddressDeny" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPIngressFilterPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "IPEgressFilterPath" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "DisableControllers" />
2020-03-10 01:09:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMSwap" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressure" />
2021-02-17 19:51:27 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMMemoryPressureLimit" />
2020-03-10 01:09:17 +03:00
2021-01-29 04:35:17 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ManagedOOMPreference" />
2020-12-09 09:07:30 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "BPFProgram" />
2020-11-18 11:31:55 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindAllow" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SocketBindDeny" />
2021-01-21 23:35:33 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestrictNetworkInterfaces" />
2023-02-15 21:00:14 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureWatch" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "MemoryPressureThresholdUSec" />
core: firewall integration of cgroups with NFTSet=
New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs
into firewall rules with NFT sets. The benefit of using this setting is to be
able to use control group as a selector in firewall rules easily and this in
turn allows more fine grained filtering. Also, NFT rules for cgroup matching
use numeric cgroup IDs, which change every time a service is restarted, making
them hard to use in systemd environment.
This option expects a whitespace separated list of NFT set definitions. Each
definition consists of a colon-separated tuple of source type (only "cgroup"),
NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"),
table name and set name. The names of tables and sets must conform to lexical
restrictions of NFT table names. The type of the element used in the NFT filter
must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID
will be appended to the NFT sets and it will be be removed when the control
group is removed. systemd only inserts elements to (or removes from) the sets,
so the related NFT rules, tables and sets must be prepared elsewhere in
advance. Failures to manage the sets will be ignored.
If the firewall rules are reinstalled so that the contents of NFT sets are
destroyed, command systemctl daemon-reload can be used to refill the sets.
Example:
```
table inet filter {
...
set timesyncd {
type cgroupsv2
}
chain ntp_output {
socket cgroupv2 != @timesyncd counter drop
accept
}
...
}
```
/etc/systemd/system/systemd-timesyncd.service.d/override.conf
```
[Service]
NFTSet=cgroup:inet:filter:timesyncd
```
```
$ sudo nft list set inet filter timesyncd
table inet filter {
set timesyncd {
type cgroupsv2
elements = { "system.slice/systemd-timesyncd.service" }
}
}
```
2023-09-02 21:55:36 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "NFTSet" />
2023-10-11 17:46:42 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "CoredumpReceive" />
2020-04-21 11:29:09 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "KillMode" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "KillSignal" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "RestartKillSignal" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "FinalKillSignal" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendSIGKILL" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "SendSIGHUP" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "WatchdogSignal" />
<!-- End of Autogenerated section -->
2020-04-10 12:34:32 +03:00
<refsect2 >
<title > Methods</title>
<para > <function > Abandon()</function> may be used to place a scope unit in the "abandoned" state. This
may be used to inform the system manager that the manager that created the scope lost interest in the
2020-04-19 14:05:44 +03:00
scope (for example, because it is terminating), without wanting to shut down the scope entirely.</para>
2020-04-10 12:34:32 +03:00
</refsect2>
<refsect2 >
<title > Signals</title>
<para > <function > RequestStop</function> is sent to the peer that is configured in the
<varname > Controller</varname> property when systemd is requested to terminate the scope unit. A program
2020-04-19 14:05:44 +03:00
registering a scope can use this to cleanly shut down the processes it added to the scope instead of
2020-04-10 12:34:32 +03:00
letting systemd do it with the usual <constant > SIGTERM</constant> logic.</para>
</refsect2>
<refsect2 >
<title > Properties</title>
2020-04-19 14:05:44 +03:00
<para > All properties correspond directly with the matching properties of service units.</para>
2020-04-10 12:34:32 +03:00
<para > <varname > Controller</varname> contains the bus name (unique or well-known) that is notified when
the scope unit is to be shut down via a <function > RequestStop</function> signal (see below). This is
2020-04-19 14:05:44 +03:00
set when the scope is created. If not set, the scope's processes will terminated with
2020-04-10 12:34:32 +03:00
<constant > SIGTERM</constant> directly.</para>
</refsect2>
</refsect1>
<refsect1 >
<title > Job Objects</title>
<para > Job objects encapsulate scheduled or running jobs. Each unit can have none or one jobs in the
execution queue. Each job is attached to exactly one unit.</para>
2020-04-24 13:08:10 +03:00
<programlisting executable= "systemd" node= "/org/freedesktop/systemd1/job/666" interface= "org.freedesktop.systemd1.Job" >
node /org/freedesktop/systemd1/job/666 {
2020-04-10 12:34:32 +03:00
interface org.freedesktop.systemd1.Job {
methods:
Cancel();
2020-04-21 11:55:25 +03:00
GetAfter(out a(usssoo) jobs);
GetBefore(out a(usssoo) jobs);
2020-04-10 12:34:32 +03:00
properties:
2020-04-21 11:55:25 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u Id = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (so) Unit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s JobType = '...';
readonly s State = '...';
2022-08-02 21:49:20 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) ActivationDetails = [...];
2020-04-10 12:34:32 +03:00
};
2020-04-21 11:55:25 +03:00
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
2020-04-10 12:34:32 +03:00
};
</programlisting>
2020-04-21 11:55:25 +03:00
<!-- method GetAfter is not documented! -->
<!-- method GetBefore is not documented! -->
2020-04-21 11:29:09 +03:00
<!-- Autogenerated cross - references for systemd.directives, do not edit -->
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Job" />
<variablelist class= "dbus-interface" generated= "True" extra-ref= "org.freedesktop.systemd1.Job" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "Cancel()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetAfter()" />
<variablelist class= "dbus-method" generated= "True" extra-ref= "GetBefore()" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Id" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "Unit" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "JobType" />
<variablelist class= "dbus-property" generated= "True" extra-ref= "State" />
2022-08-02 21:49:20 +03:00
<variablelist class= "dbus-property" generated= "True" extra-ref= "ActivationDetails" />
2020-04-21 11:29:09 +03:00
<!-- End of Autogenerated section -->
2020-04-10 12:34:32 +03:00
<refsect2 >
<title > Methods</title>
<para > <function > Cancel()</function> cancels the job. Note that this will remove a job from the queue if
it is not yet executed but generally will not cause a job that is already in the process of being
executed to be aborted. This operation may also be requested via the <function > CancelJob()</function>
method of the Manager object (see above), which is sometimes useful to reduce roundtrips.</para>
</refsect2>
<refsect2 >
<title > Properties</title>
<para > <varname > Id</varname> is the numeric Id of the job. During the runtime of a systemd instance each
numeric ID is only assigned once.</para>
2020-04-19 14:05:44 +03:00
<para > <varname > Unit</varname> refers to the unit this job belongs to. It is a structure consisting of
2020-04-10 12:34:32 +03:00
the name of the unit and a bus path to the unit's object.</para>
<para > <varname > JobType</varname> refers to the job's type and is one of <literal > start</literal> ,
<literal > verify-active</literal> , <literal > stop</literal> , <literal > reload</literal> ,
2020-04-19 14:05:44 +03:00
<literal > restart</literal> , <literal > try-restart</literal> , or <literal > reload-or-start</literal> . Note
2020-04-10 12:34:32 +03:00
that later versions might define additional values.</para>
<para > <varname > State</varname> refers to the job's state and is one of <literal > waiting</literal> and
<literal > running</literal> . The former indicates that a job is currently queued but has not begun to
2020-04-19 14:05:44 +03:00
execute yet. The latter indicates that a job is currently being executed.</para>
2022-08-02 21:49:20 +03:00
<para > <varname > ActivationDetails</varname> has the same content as the property of the same name under
the <varname > org.freedesktop.systemd1.Unit</varname> interface.</para>
2020-04-10 12:34:32 +03:00
</refsect2>
</refsect1>
2020-04-24 13:08:10 +03:00
<refsect1 >
<title > Examples</title>
<example >
<title > Introspect <interfacename > org.freedesktop.systemd1.Manager</interfacename> on the bus</title>
<programlisting >
$ gdbus introspect --system \
--dest org.freedesktop.systemd1 \
--object-path /org/freedesktop/systemd1
</programlisting>
</example>
<example >
<title > Introspect a unit on the bus</title>
<programlisting >
$ busctl introspect org.freedesktop.systemd1 \
$(busctl call org.freedesktop.systemd1 \
/org/freedesktop/systemd1 \
org.freedesktop.systemd1.Manager \
GetUnit s systemd-resolved.service | cut -d'"' -f2)
</programlisting>
</example>
<example >
<title > Introspect <interfacename > org.freedesktop.systemd1.Job</interfacename> on the bus</title>
<programlisting >
$ gdbus introspect --system --dest org.freedesktop.systemd1 \
--object-path /org/freedesktop/systemd1/job/1292
</programlisting>
</example>
</refsect1>
2022-05-05 11:53:29 +03:00
<xi:include href= "org.freedesktop.locale1.xml" xpointer= "versioning" />
2023-09-10 16:40:03 +03:00
<refsect1 >
<title > History</title>
<refsect2 >
<title > The Manager Object</title>
<para > <varname > RuntimeWatchdogPreUSec</varname> and
<varname > RuntimeWatchdogPreGovernor</varname> were added in version 251.</para>
<para > <varname > WatchdogDevice</varname> ,
<varname > WatchdogLastPingTimestamp</varname> ,
<varname > WatchdogLastPingTimestampMonotonic</varname> ,
<varname > DefaultDeviceTimeoutUSec</varname> ,
<function > DumpUnitsMatchingPatterns()</function> , and
<function > DumpUnitsMatchingPatternsByFileDescriptor()</function> were added in version 252.</para>
<para > <function > GetUnitByPIDFD()</function> and
<function > DisableUnitFilesWithFlagsAndInstallInfo()</function> were added in version 253.</para>
<para > <varname > ConfidentialVirtualization</varname> ,
<varname > DefaultIOAccounting</varname> ,
<varname > DefaultIPAccounting</varname> ,
<varname > DefaultMemoryPressureThresholdUSec</varname> ,
<varname > DefaultMemoryPressureWatch</varname> ,
<function > QueueSignalUnit()</function> ,
<function > SoftReboot()</function> , and
<function > DumpUnitFileDescriptorStore()</function> were added in version 254.</para>
</refsect2>
<refsect2 >
<title > Unit Objects</title>
<para > <varname > Upholds</varname> and
<varname > UpheldBy</varname> were added in version 251.</para>
<para > <varname > AccessSELinuxContext</varname> and
<varname > ActivationDetails</varname> were added in version 252.</para>
<para > <function > QueueSignal()</function> was added in version 254.</para>
2023-07-28 01:14:31 +03:00
<para > <varname > SurviveFinalKillSignal</varname> was added in version 255.</para>
2023-09-10 16:40:03 +03:00
</refsect2>
<refsect2 >
<title > Service Unit Objects</title>
<para > <varname > ControlGroupId</varname> and
<varname > ExtensionDirectories</varname> were added in version 251.</para>
<para > <varname > OpenFile</varname> ,
<varname > ReloadSignal</varname> ,
<varname > MemoryZSwapMax</varname> , and
<varname > LogFilterPatterns</varname> were added in version 253.</para>
<para > <varname > RestartMode</varname> ,
<varname > RestartSteps</varname> ,
<varname > RestartMaxDelayUSec</varname> ,
<varname > RestartUSecNext</varname> ,
<varname > FileDescriptorStorePreserve</varname> ,
<function > DumpFileDescriptorStore()</function> ,
<varname > DelegateSubgroup</varname> ,
<varname > DefaultStartupMemoryLow</varname> ,
<varname > StartupMemoryLow</varname> ,
<varname > StartupMemoryHigh</varname> ,
<varname > StartupMemoryMax</varname> ,
<varname > StartupMemorySwapMax</varname> ,
<varname > StartupMemoryZSwapMax</varname> ,
<varname > MemoryPressureWatch</varname> ,
<varname > MemoryPressureThresholdUSec</varname> ,
<varname > RootEphemeral</varname> ,
<varname > ImportCredential</varname> ,
<varname > MemoryKSM</varname> ,
<varname > RootImagePolicy</varname> ,
<varname > MountImagePolicy</varname> , and
<varname > ExtensionImagePolicy</varname> were added in version 254.</para>
2023-10-11 17:46:42 +03:00
<para > <varname > NFTSet</varname> ,
2023-11-06 15:15:55 +03:00
<varname > SetLoginEnvironment</varname> ,
2023-11-08 21:22:06 +03:00
<varname > CoredumpReceive</varname> ,
2023-11-10 13:44:09 +03:00
<varname > MemoryPeak</varname> ,
<varname > MemorySwapCurrent</varname> , and
2023-11-08 21:22:06 +03:00
<varname > MemorySwapPeak</varname> were added in version 255.</para>
2023-09-10 16:40:03 +03:00
</refsect2>
<refsect2 >
<title > Socket Unit Objects</title>
<para > <varname > ControlGroupId</varname> and
<varname > ExtensionDirectories</varname> were added in version 251.</para>
<para > <varname > MemoryZSwapMax</varname> and
<varname > LogFilterPatterns</varname> were added in version 253.</para>
<para > <varname > DelegateSubgroup</varname> ,
<varname > DefaultStartupMemoryLow</varname> ,
<varname > StartupMemoryLow</varname> ,
<varname > StartupMemoryHigh</varname> ,
<varname > StartupMemoryMax</varname> ,
<varname > StartupMemorySwapMax</varname> ,
<varname > StartupMemoryZSwapMax</varname> ,
<varname > MemoryPressureWatch</varname> ,
<varname > MemoryPressureThresholdUSec</varname> ,
<varname > RootEphemeral</varname> ,
<varname > ImportCredential</varname> ,
<varname > MemoryKSM</varname> ,
<varname > RootImagePolicy</varname> ,
<varname > MountImagePolicy</varname> , and
<varname > ExtensionImagePolicy</varname> were added in version 254.</para>
2023-09-27 22:04:28 +03:00
<para > <varname > PollLimitIntervalUSec</varname> ,
2023-10-07 15:08:21 +03:00
<varname > PollLimitBurst</varname> ,
2023-10-11 17:46:42 +03:00
<varname > NFTSet</varname> ,
2023-11-06 15:15:55 +03:00
<varname > SetLoginEnvironment</varname> ,
2023-11-08 21:22:06 +03:00
<varname > CoredumpReceive</varname> ,
2023-11-10 13:44:09 +03:00
<varname > MemoryPeak</varname> ,
<varname > MemorySwapCurrent</varname> , and
2023-11-08 21:22:06 +03:00
<varname > MemorySwapPeak</varname> were added in version 255.</para>
2023-09-10 16:40:03 +03:00
</refsect2>
<refsect2 >
<title > Mount Unit Objects</title>
<para > <varname > ControlGroupId</varname> and
<varname > ExtensionDirectories</varname> were added in version 251.</para>
<para > <varname > MemoryZSwapMax</varname> and
<varname > LogFilterPatterns</varname> were added in version 253.</para>
<para > <varname > DelegateSubgroup</varname> ,
<varname > DefaultStartupMemoryLow</varname> ,
<varname > StartupMemoryLow</varname> ,
<varname > StartupMemoryHigh</varname> ,
<varname > StartupMemoryMax</varname> ,
<varname > StartupMemorySwapMax</varname> ,
<varname > StartupMemoryZSwapMax</varname> ,
<varname > MemoryPressureWatch</varname> ,
<varname > MemoryPressureThresholdUSec</varname> ,
<varname > RootEphemeral</varname> ,
<varname > ImportCredential</varname> ,
<varname > MemoryKSM</varname> ,
<varname > RootImagePolicy</varname> ,
<varname > MountImagePolicy</varname> , and
<varname > ExtensionImagePolicy</varname> were added in version 254.</para>
2023-10-11 17:46:42 +03:00
<para > <varname > NFTSet</varname> ,
2023-11-06 15:15:55 +03:00
<varname > SetLoginEnvironment</varname> ,
2023-11-08 21:22:06 +03:00
<varname > CoredumpReceive</varname> ,
2023-11-10 13:44:09 +03:00
<varname > MemoryPeak</varname> ,
<varname > MemorySwapCurrent</varname> , and
2023-11-08 21:22:06 +03:00
<varname > MemorySwapPeak</varname> were added in version 255.</para>
2023-09-10 16:40:03 +03:00
</refsect2>
<refsect2 >
<title > Swap Unit Objects</title>
<para > <varname > ControlGroupId</varname> and
<varname > ExtensionDirectories</varname> were added in version 251.</para>
<para > <varname > MemoryZSwapMax</varname> and
<varname > LogFilterPatterns</varname> were added in version 253.</para>
<para > <varname > DelegateSubgroup</varname> ,
<varname > DefaultStartupMemoryLow</varname> ,
<varname > StartupMemoryLow</varname> ,
<varname > StartupMemoryHigh</varname> ,
<varname > StartupMemoryMax</varname> ,
<varname > StartupMemorySwapMax</varname> ,
<varname > StartupMemoryZSwapMax</varname> ,
<varname > MemoryPressureWatch</varname> ,
<varname > MemoryPressureThresholdUSec</varname> ,
<varname > RootEphemeral</varname> ,
<varname > ImportCredential</varname> ,
<varname > MemoryKSM</varname> ,
<varname > RootImagePolicy</varname> ,
<varname > MountImagePolicy</varname> , and
<varname > ExtensionImagePolicy</varname> were added in version 254.</para>
2023-10-11 17:46:42 +03:00
<para > <varname > NFTSet</varname> ,
2023-11-06 15:15:55 +03:00
<varname > SetLoginEnvironment</varname> ,
2023-11-08 21:22:06 +03:00
<varname > CoredumpReceive</varname> ,
2023-11-10 13:44:09 +03:00
<varname > MemoryPeak</varname> ,
<varname > MemorySwapCurrent</varname> , and
2023-11-08 21:22:06 +03:00
<varname > MemorySwapPeak</varname> were added in version 255.</para>
2023-09-10 16:40:03 +03:00
</refsect2>
<refsect2 >
<title > Slice Unit Objects</title>
<para > <varname > ControlGroupId</varname> was added in version 251.</para>
<para > <varname > MemoryZSwapMax</varname> was added in version 253.</para>
<para > <varname > DelegateSubgroup</varname> ,
<varname > DefaultStartupMemoryLow</varname> ,
<varname > StartupMemoryLow</varname> ,
<varname > StartupMemoryHigh</varname> ,
<varname > StartupMemoryMax</varname> ,
<varname > StartupMemorySwapMax</varname> ,
<varname > StartupMemoryZSwapMax</varname> ,
<varname > MemoryPressureWatch</varname> , and
<varname > MemoryPressureThresholdUSec</varname> were added in version 254.</para>
2023-11-06 15:15:55 +03:00
<para > <varname > NFTSet</varname> ,
2023-11-08 21:22:06 +03:00
<varname > CoredumpReceive</varname> ,
2023-11-10 13:44:09 +03:00
<varname > MemoryPeak</varname> ,
<varname > MemorySwapCurrent</varname> , and
2023-11-08 21:22:06 +03:00
<varname > MemorySwapPeak</varname> were added in version 255.</para>
2023-09-10 16:40:03 +03:00
</refsect2>
<refsect2 >
<title > Scope Unit Objects</title>
<para > <varname > ControlGroupId</varname> was added in version 251.</para>
<para > <varname > OOMPolicy</varname> and
<varname > MemoryZSwapMax</varname> were added in version 253.</para>
<para > <varname > DelegateSubgroup</varname> ,
<varname > DefaultStartupMemoryLow</varname> ,
<varname > StartupMemoryLow</varname> ,
<varname > StartupMemoryHigh</varname> ,
<varname > StartupMemoryMax</varname> ,
<varname > StartupMemorySwapMax</varname> ,
<varname > StartupMemoryZSwapMax</varname> ,
<varname > MemoryPressureWatch</varname> , and
<varname > MemoryPressureThresholdUSec</varname> were added in version 254.</para>
2023-11-06 15:15:55 +03:00
<para > <varname > NFTSet</varname> ,
2023-11-08 21:22:06 +03:00
<varname > CoredumpReceive</varname> ,
2023-11-10 13:44:09 +03:00
<varname > MemoryPeak</varname> ,
<varname > MemorySwapCurrent</varname> , and
2023-11-08 21:22:06 +03:00
<varname > MemorySwapPeak</varname> were added in version 255.</para>
2023-09-10 16:40:03 +03:00
</refsect2>
<refsect2 >
<title > Job Objects</title>
<para > <varname > ActivationDetails</varname> was added in version 252.</para>
</refsect2>
</refsect1>
2020-04-10 12:34:32 +03:00
</refentry>