1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-05 13:18:06 +03:00
systemd/man/org.freedesktop.systemd1.xml

12146 lines
527 KiB
XML
Raw Normal View History

<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" >
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="org.freedesktop.systemd1" xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>org.freedesktop.systemd1</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>org.freedesktop.systemd1</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>org.freedesktop.systemd1</refname>
<refpurpose>The D-Bus interface of systemd</refpurpose>
</refnamediv>
<refsect1>
<title>Introduction</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> and its
auxiliary daemons expose a number of APIs over D-Bus. This page only describes the various APIs exposed by the
system and service manager itself. It does not cover the auxiliary daemons.
</para>
<para>The service manager exposes a number of objects on the bus: one
<interfacename>Manager</interfacename> object as a central entry point for clients along with individual objects
for each unit and for each queued job. The unit objects implement a generic
<interfacename>Unit</interfacename> interface as well as a type-specific interface. For example, service units
implement both <interfacename>org.freedesktop.systemd1.Unit</interfacename> and
<interfacename>org.freedesktop.system1.Service</interfacename>. The manager object can list
unit and job objects or directly convert a unit name or job identifier to a bus path of the corresponding
D-Bus object.</para>
<para>Properties exposing time values are usually encoded in microseconds (μs) on the bus, even if
their corresponding settings in the unit files are in seconds.</para>
<para>PID 1 uses <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink> to
allow access to privileged operations for unprivileged processes. Some operations (such as
shutdown/reboot/suspend) are also available through the D-Bus API of logind, see
<citerefentry><refentrytitle>org.freedesktop.login1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
</refsect1>
<refsect1>
<title>The Manager Object</title>
<para>The main entry point object is available on the fixed
<constant>/org/freedesktop/systemd1</constant> object path:</para>
<programlisting executable="systemd" node="/org/freedesktop/systemd1" interface="org.freedesktop.systemd1.Manager">
node /org/freedesktop/systemd1 {
interface org.freedesktop.systemd1.Manager {
methods:
GetUnit(in s name,
out o unit);
GetUnitByPID(in u pid,
out o unit);
GetUnitByInvocationID(in ay invocation_id,
out o unit);
GetUnitByControlGroup(in s cgroup,
out o unit);
GetUnitByPIDFD(in h pidfd,
out o unit,
out s unit_id,
out ay invocation_id);
LoadUnit(in s name,
out o unit);
StartUnit(in s name,
in s mode,
out o job);
StartUnitWithFlags(in s name,
in s mode,
in t flags,
out o job);
StartUnitReplace(in s old_unit,
in s new_unit,
in s mode,
out o job);
StopUnit(in s name,
in s mode,
out o job);
ReloadUnit(in s name,
in s mode,
out o job);
RestartUnit(in s name,
in s mode,
out o job);
TryRestartUnit(in s name,
in s mode,
out o job);
ReloadOrRestartUnit(in s name,
in s mode,
out o job);
ReloadOrTryRestartUnit(in s name,
in s mode,
out o job);
EnqueueUnitJob(in s name,
in s job_type,
in s job_mode,
out u job_id,
out o job_path,
out s unit_id,
out o unit_path,
out s job_type,
out a(uosos) affected_jobs);
KillUnit(in s name,
in s whom,
in i signal);
QueueSignalUnit(in s name,
in s whom,
in i signal,
in i value);
CleanUnit(in s name,
in as mask);
2020-05-12 11:37:28 +03:00
FreezeUnit(in s name);
ThawUnit(in s name);
ResetFailedUnit(in s name);
SetUnitProperties(in s name,
in b runtime,
in a(sv) properties);
BindMountUnit(in s name,
in s source,
in s destination,
in b read_only,
in b mkdir);
MountImageUnit(in s name,
in s source,
in s destination,
in b read_only,
in b mkdir,
in a(ss) options);
RefUnit(in s name);
UnrefUnit(in s name);
StartTransientUnit(in s name,
in s mode,
in a(sv) properties,
in a(sa(sv)) aux,
out o job);
GetUnitProcesses(in s name,
out a(sus) processes);
AttachProcessesToUnit(in s unit_name,
in s subcgroup,
in au pids);
AbandonScope(in s name);
GetJob(in u id,
out o job);
GetJobAfter(in u id,
out a(usssoo) jobs);
GetJobBefore(in u id,
out a(usssoo) jobs);
CancelJob(in u id);
ClearJobs();
ResetFailed();
SetShowStatus(in s mode);
ListUnits(out a(ssssssouso) units);
ListUnitsFiltered(in as states,
out a(ssssssouso) units);
ListUnitsByPatterns(in as states,
in as patterns,
out a(ssssssouso) units);
ListUnitsByNames(in as names,
out a(ssssssouso) units);
ListJobs(out a(usssoo) jobs);
Subscribe();
Unsubscribe();
Dump(out s output);
DumpUnitsMatchingPatterns(in as patterns,
out s output);
DumpByFileDescriptor(out h fd);
DumpUnitsMatchingPatternsByFileDescriptor(in as patterns,
out h fd);
Reload();
@org.freedesktop.DBus.Method.NoReply("true")
Reexecute();
@org.freedesktop.systemd1.Privileged("true")
Exit();
@org.freedesktop.systemd1.Privileged("true")
Reboot();
@org.freedesktop.systemd1.Privileged("true")
SoftReboot(in s new_root);
@org.freedesktop.systemd1.Privileged("true")
PowerOff();
@org.freedesktop.systemd1.Privileged("true")
Halt();
@org.freedesktop.systemd1.Privileged("true")
KExec();
@org.freedesktop.systemd1.Privileged("true")
SwitchRoot(in s new_root,
in s init);
SetEnvironment(in as assignments);
UnsetEnvironment(in as names);
UnsetAndSetEnvironment(in as names,
in as assignments);
EnqueueMarkedJobs(out ao jobs);
ListUnitFiles(out a(ss) unit_files);
ListUnitFilesByPatterns(in as states,
in as patterns,
out a(ss) unit_files);
GetUnitFileState(in s file,
out s state);
EnableUnitFiles(in as files,
in b runtime,
in b force,
out b carries_install_info,
out a(sss) changes);
DisableUnitFiles(in as files,
in b runtime,
out a(sss) changes);
EnableUnitFilesWithFlags(in as files,
in t flags,
out b carries_install_info,
out a(sss) changes);
DisableUnitFilesWithFlags(in as files,
in t flags,
out a(sss) changes);
DisableUnitFilesWithFlagsAndInstallInfo(in as files,
in t flags,
out b carries_install_info,
out a(sss) changes);
ReenableUnitFiles(in as files,
in b runtime,
in b force,
out b carries_install_info,
out a(sss) changes);
LinkUnitFiles(in as files,
in b runtime,
in b force,
out a(sss) changes);
PresetUnitFiles(in as files,
in b runtime,
in b force,
out b carries_install_info,
out a(sss) changes);
PresetUnitFilesWithMode(in as files,
in s mode,
in b runtime,
in b force,
out b carries_install_info,
out a(sss) changes);
MaskUnitFiles(in as files,
in b runtime,
in b force,
out a(sss) changes);
UnmaskUnitFiles(in as files,
in b runtime,
out a(sss) changes);
RevertUnitFiles(in as files,
out a(sss) changes);
SetDefaultTarget(in s name,
in b force,
out a(sss) changes);
GetDefaultTarget(out s name);
PresetAllUnitFiles(in s mode,
in b runtime,
in b force,
out a(sss) changes);
AddDependencyUnitFiles(in as files,
in s target,
in s type,
in b runtime,
in b force,
out a(sss) changes);
GetUnitFileLinks(in s name,
in b runtime,
out as links);
SetExitCode(in y number);
LookupDynamicUserByName(in s name,
out u uid);
LookupDynamicUserByUID(in u uid,
out s name);
GetDynamicUsers(out a(us) users);
DumpUnitFileDescriptorStore(in s name,
out a(suuutuusu) entries);
StartAuxiliaryScope(in s name,
in ah pidfds,
in t flags,
in a(sv) properties,
out o job);
signals:
UnitNew(s id,
o unit);
UnitRemoved(s id,
o unit);
JobNew(u id,
o job,
s unit);
JobRemoved(u id,
o job,
s unit,
s result);
StartupFinished(t firmware,
t loader,
t kernel,
t initrd,
t userspace,
t total);
UnitFilesChanged();
Reloading(b active);
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Version = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Features = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Virtualization = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ConfidentialVirtualization = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Architecture = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Tainted = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t FirmwareTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t FirmwareTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LoaderTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LoaderTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t KernelTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t KernelTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UserspaceTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UserspaceTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t FinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t FinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t SecurityStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t SecurityStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t SecurityFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t SecurityFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t GeneratorsStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t GeneratorsStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t GeneratorsFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t GeneratorsFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t UnitsLoadTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDSecurityStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDSecurityStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDSecurityFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDSecurityFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDGeneratorsStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDGeneratorsStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDGeneratorsFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDGeneratorsFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDUnitsLoadStartTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDUnitsLoadStartTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDUnitsLoadFinishTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t InitRDUnitsLoadFinishTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite s LogLevel = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite s LogTarget = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NNames = ...;
readonly u NFailedUnits = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NJobs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NInstalledJobs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NFailedJobs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly d Progress = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as Environment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ConfirmSpawn = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b ShowStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UnitPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s DefaultStandardOutput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s DefaultStandardError = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s WatchdogDevice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t WatchdogLastPingTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t WatchdogLastPingTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite t RuntimeWatchdogUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite t RuntimeWatchdogPreUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite s RuntimeWatchdogPreGovernor = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite t RebootWatchdogUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite t KExecWatchdogUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@org.freedesktop.systemd1.Privileged("true")
readwrite b ServiceWatchdogs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s SystemState = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly y ExitCode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultTimerAccuracyUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultTimeoutStartUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultTimeoutStopUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultTimeoutAbortUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2022-07-16 13:36:06 +03:00
readonly t DefaultDeviceTimeoutUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultRestartUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultStartLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u DefaultStartLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultCPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultBlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultIPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultMemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultTasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitCPU = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitCPUSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitFSIZE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitFSIZESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitDATA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitDATASoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitSTACK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitSTACKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitCORE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitCORESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRSS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRSSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNOFILE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNOFILESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitAS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitASSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNPROC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNPROCSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitMEMLOCK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitMEMLOCKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitLOCKS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitLOCKSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitSIGPENDING = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitSIGPENDINGSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitMSGQUEUE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitMSGQUEUESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNICE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitNICESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRTPRIO = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRTPRIOSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRTTIME = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DefaultLimitRTTIMESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultTasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryPressureThresholdUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DefaultMemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimerSlackNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s DefaultOOMPolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i DefaultOOMScoreAdjust = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s CtrlAltDelBurstAction = '...';
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
};
</programlisting>
<!--method GetUnitByInvocationID is not documented!-->
<!--method GetUnitByControlGroup is not documented!-->
<!--method EnqueueUnitJob is not documented!-->
<!--method CleanUnit is not documented!-->
2020-05-12 11:37:28 +03:00
<!--method FreezeUnit is not documented!-->
<!--method ThawUnit is not documented!-->
<!--method RefUnit is not documented!-->
<!--method UnrefUnit is not documented!-->
<!--method GetUnitProcesses is not documented!-->
<!--method AttachProcessesToUnit is not documented!-->
<!--method AbandonScope is not documented!-->
<!--method GetJobAfter is not documented!-->
<!--method GetJobBefore is not documented!-->
<!--method SetShowStatus is not documented!-->
<!--method ListUnitsFiltered is not documented!-->
<!--method ListUnitsByPatterns is not documented!-->
<!--method ListUnitsByNames is not documented!-->
<!--method ListUnitFilesByPatterns is not documented!-->
<!--method PresetUnitFilesWithMode is not documented!-->
<!--method RevertUnitFiles is not documented!-->
<!--method PresetAllUnitFiles is not documented!-->
<!--method AddDependencyUnitFiles is not documented!-->
<!--method GetUnitFileLinks is not documented!-->
<!--method SetExitCode is not documented!-->
<!--method LookupDynamicUserByName is not documented!-->
<!--method LookupDynamicUserByUID is not documented!-->
<!--method GetDynamicUsers is not documented!-->
<!--property SecurityStartTimestampMonotonic is not documented!-->
<!--property SecurityFinishTimestamp is not documented!-->
<!--property SecurityFinishTimestampMonotonic is not documented!-->
<!--property GeneratorsStartTimestampMonotonic is not documented!-->
<!--property GeneratorsFinishTimestamp is not documented!-->
<!--property GeneratorsFinishTimestampMonotonic is not documented!-->
<!--property UnitsLoadStartTimestamp is not documented!-->
<!--property UnitsLoadStartTimestampMonotonic is not documented!-->
<!--property UnitsLoadFinishTimestamp is not documented!-->
<!--property UnitsLoadFinishTimestampMonotonic is not documented!-->
<!--property InitRDSecurityStartTimestamp is not documented!-->
<!--property InitRDSecurityStartTimestampMonotonic is not documented!-->
<!--property InitRDSecurityFinishTimestamp is not documented!-->
<!--property InitRDSecurityFinishTimestampMonotonic is not documented!-->
<!--property InitRDGeneratorsStartTimestamp is not documented!-->
<!--property InitRDGeneratorsStartTimestampMonotonic is not documented!-->
<!--property InitRDGeneratorsFinishTimestamp is not documented!-->
<!--property InitRDGeneratorsFinishTimestampMonotonic is not documented!-->
<!--property InitRDUnitsLoadStartTimestamp is not documented!-->
<!--property InitRDUnitsLoadStartTimestampMonotonic is not documented!-->
<!--property InitRDUnitsLoadFinishTimestamp is not documented!-->
<!--property InitRDUnitsLoadFinishTimestampMonotonic is not documented!-->
<!--property LogLevel is not documented!-->
<!--property LogTarget is not documented!-->
<!--property NFailedUnits is not documented!-->
<!--property ConfirmSpawn is not documented!-->
<!--property ShowStatus is not documented!-->
<!--property DefaultStandardOutput is not documented!-->
<!--property DefaultStandardError is not documented!-->
<!--property WatchdogDevice is not documented!-->
<!--property WatchdogLastPingTimestamp is not documented!-->
<!--property WatchdogLastPingTimestampMonotonic is not documented!-->
<!--property RuntimeWatchdogUSec is not documented!-->
<!--property RuntimeWatchdogPreUSec is not documented!-->
<!--property RuntimeWatchdogPreGovernor is not documented!-->
<!--property RebootWatchdogUSec is not documented!-->
<!--property KExecWatchdogUSec is not documented!-->
<!--property ServiceWatchdogs is not documented!-->
<!--property ExitCode is not documented!-->
<!--property DefaultTimerAccuracyUSec is not documented!-->
<!--property DefaultTimeoutStartUSec is not documented!-->
<!--property DefaultTimeoutStopUSec is not documented!-->
<!--property DefaultTimeoutAbortUSec is not documented!-->
2022-07-16 13:36:06 +03:00
<!--property DefaultDeviceTimeoutUSec is not documented!-->
<!--property DefaultRestartUSec is not documented!-->
<!--property DefaultStartLimitIntervalUSec is not documented!-->
<!--property DefaultStartLimitBurst is not documented!-->
<!--property DefaultCPUAccounting is not documented!-->
<!--property DefaultBlockIOAccounting is not documented!-->
<!--property DefaultIOAccounting is not documented!-->
<!--property DefaultIPAccounting is not documented!-->
<!--property DefaultMemoryAccounting is not documented!-->
<!--property DefaultTasksAccounting is not documented!-->
<!--property DefaultLimitCPU is not documented!-->
<!--property DefaultLimitCPUSoft is not documented!-->
<!--property DefaultLimitFSIZE is not documented!-->
<!--property DefaultLimitFSIZESoft is not documented!-->
<!--property DefaultLimitDATA is not documented!-->
<!--property DefaultLimitDATASoft is not documented!-->
<!--property DefaultLimitSTACK is not documented!-->
<!--property DefaultLimitSTACKSoft is not documented!-->
<!--property DefaultLimitCORE is not documented!-->
<!--property DefaultLimitCORESoft is not documented!-->
<!--property DefaultLimitRSS is not documented!-->
<!--property DefaultLimitRSSSoft is not documented!-->
<!--property DefaultLimitNOFILE is not documented!-->
<!--property DefaultLimitNOFILESoft is not documented!-->
<!--property DefaultLimitAS is not documented!-->
<!--property DefaultLimitASSoft is not documented!-->
<!--property DefaultLimitNPROC is not documented!-->
<!--property DefaultLimitNPROCSoft is not documented!-->
<!--property DefaultLimitMEMLOCK is not documented!-->
<!--property DefaultLimitMEMLOCKSoft is not documented!-->
<!--property DefaultLimitLOCKS is not documented!-->
<!--property DefaultLimitLOCKSSoft is not documented!-->
<!--property DefaultLimitSIGPENDING is not documented!-->
<!--property DefaultLimitSIGPENDINGSoft is not documented!-->
<!--property DefaultLimitMSGQUEUE is not documented!-->
<!--property DefaultLimitMSGQUEUESoft is not documented!-->
<!--property DefaultLimitNICE is not documented!-->
<!--property DefaultLimitNICESoft is not documented!-->
<!--property DefaultLimitRTPRIO is not documented!-->
<!--property DefaultLimitRTPRIOSoft is not documented!-->
<!--property DefaultLimitRTTIME is not documented!-->
<!--property DefaultLimitRTTIMESoft is not documented!-->
<!--property DefaultTasksMax is not documented!-->
<!--property DefaultMemoryPressureThresholdUSec is not documented!-->
<!--property DefaultMemoryPressureWatch is not documented!-->
<!--property TimerSlackNSec is not documented!-->
<!--property DefaultOOMPolicy is not documented!-->
<!--property DefaultOOMScoreAdjust is not documented!-->
<!--property CtrlAltDelBurstAction is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Manager"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Manager"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetUnitByPID()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetUnitByInvocationID()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetUnitByControlGroup()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetUnitByPIDFD()"/>
<variablelist class="dbus-method" generated="True" extra-ref="LoadUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="StartUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="StartUnitWithFlags()"/>
<variablelist class="dbus-method" generated="True" extra-ref="StartUnitReplace()"/>
<variablelist class="dbus-method" generated="True" extra-ref="StopUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ReloadUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="RestartUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="TryRestartUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ReloadOrRestartUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ReloadOrTryRestartUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="EnqueueUnitJob()"/>
<variablelist class="dbus-method" generated="True" extra-ref="KillUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="QueueSignalUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="CleanUnit()"/>
2020-05-12 11:37:28 +03:00
<variablelist class="dbus-method" generated="True" extra-ref="FreezeUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ThawUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ResetFailedUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SetUnitProperties()"/>
<variablelist class="dbus-method" generated="True" extra-ref="BindMountUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="MountImageUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="RefUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="UnrefUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="StartTransientUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetUnitProcesses()"/>
<variablelist class="dbus-method" generated="True" extra-ref="AttachProcessesToUnit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="AbandonScope()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetJob()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetJobAfter()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetJobBefore()"/>
<variablelist class="dbus-method" generated="True" extra-ref="CancelJob()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ClearJobs()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ResetFailed()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SetShowStatus()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ListUnits()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ListUnitsFiltered()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ListUnitsByPatterns()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ListUnitsByNames()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ListJobs()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Subscribe()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Unsubscribe()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Dump()"/>
<variablelist class="dbus-method" generated="True" extra-ref="DumpUnitsMatchingPatterns()"/>
<variablelist class="dbus-method" generated="True" extra-ref="DumpByFileDescriptor()"/>
<variablelist class="dbus-method" generated="True" extra-ref="DumpUnitsMatchingPatternsByFileDescriptor()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Reload()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Reexecute()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Exit()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Reboot()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SoftReboot()"/>
<variablelist class="dbus-method" generated="True" extra-ref="PowerOff()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Halt()"/>
<variablelist class="dbus-method" generated="True" extra-ref="KExec()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SwitchRoot()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SetEnvironment()"/>
<variablelist class="dbus-method" generated="True" extra-ref="UnsetEnvironment()"/>
<variablelist class="dbus-method" generated="True" extra-ref="UnsetAndSetEnvironment()"/>
<variablelist class="dbus-method" generated="True" extra-ref="EnqueueMarkedJobs()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ListUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ListUnitFilesByPatterns()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetUnitFileState()"/>
<variablelist class="dbus-method" generated="True" extra-ref="EnableUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="DisableUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="EnableUnitFilesWithFlags()"/>
<variablelist class="dbus-method" generated="True" extra-ref="DisableUnitFilesWithFlags()"/>
<variablelist class="dbus-method" generated="True" extra-ref="DisableUnitFilesWithFlagsAndInstallInfo()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ReenableUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="LinkUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="PresetUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="PresetUnitFilesWithMode()"/>
<variablelist class="dbus-method" generated="True" extra-ref="MaskUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="UnmaskUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="RevertUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SetDefaultTarget()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetDefaultTarget()"/>
<variablelist class="dbus-method" generated="True" extra-ref="PresetAllUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="AddDependencyUnitFiles()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetUnitFileLinks()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SetExitCode()"/>
<variablelist class="dbus-method" generated="True" extra-ref="LookupDynamicUserByName()"/>
<variablelist class="dbus-method" generated="True" extra-ref="LookupDynamicUserByUID()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetDynamicUsers()"/>
<variablelist class="dbus-method" generated="True" extra-ref="DumpUnitFileDescriptorStore()"/>
<variablelist class="dbus-method" generated="True" extra-ref="StartAuxiliaryScope()"/>
<variablelist class="dbus-signal" generated="True" extra-ref="UnitNew()"/>
<variablelist class="dbus-signal" generated="True" extra-ref="UnitRemoved()"/>
<variablelist class="dbus-signal" generated="True" extra-ref="JobNew()"/>
<variablelist class="dbus-signal" generated="True" extra-ref="JobRemoved()"/>
<variablelist class="dbus-signal" generated="True" extra-ref="StartupFinished()"/>
<variablelist class="dbus-signal" generated="True" extra-ref="UnitFilesChanged()"/>
<variablelist class="dbus-signal" generated="True" extra-ref="Reloading()"/>
<variablelist class="dbus-property" generated="True" extra-ref="Version"/>
<variablelist class="dbus-property" generated="True" extra-ref="Features"/>
<variablelist class="dbus-property" generated="True" extra-ref="Virtualization"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConfidentialVirtualization"/>
<variablelist class="dbus-property" generated="True" extra-ref="Architecture"/>
<variablelist class="dbus-property" generated="True" extra-ref="Tainted"/>
<variablelist class="dbus-property" generated="True" extra-ref="FirmwareTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="FirmwareTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoaderTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoaderTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="KernelTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="KernelTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="UserspaceTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="UserspaceTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="FinishTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="FinishTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="SecurityStartTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="SecurityStartTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="SecurityFinishTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="SecurityFinishTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="GeneratorsStartTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="GeneratorsStartTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="GeneratorsFinishTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="GeneratorsFinishTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnitsLoadStartTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnitsLoadStartTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnitsLoadFinishTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnitsLoadFinishTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnitsLoadTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnitsLoadTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDSecurityStartTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDSecurityStartTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDSecurityFinishTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDSecurityFinishTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDGeneratorsStartTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDGeneratorsStartTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDGeneratorsFinishTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDGeneratorsFinishTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDUnitsLoadStartTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDUnitsLoadStartTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDUnitsLoadFinishTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="InitRDUnitsLoadFinishTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogLevel"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogTarget"/>
<variablelist class="dbus-property" generated="True" extra-ref="NNames"/>
<variablelist class="dbus-property" generated="True" extra-ref="NFailedUnits"/>
<variablelist class="dbus-property" generated="True" extra-ref="NJobs"/>
<variablelist class="dbus-property" generated="True" extra-ref="NInstalledJobs"/>
<variablelist class="dbus-property" generated="True" extra-ref="NFailedJobs"/>
<variablelist class="dbus-property" generated="True" extra-ref="Progress"/>
<variablelist class="dbus-property" generated="True" extra-ref="Environment"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConfirmSpawn"/>
<variablelist class="dbus-property" generated="True" extra-ref="ShowStatus"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnitPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultStandardOutput"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultStandardError"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogDevice"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogLastPingTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogLastPingTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeWatchdogUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeWatchdogPreUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeWatchdogPreGovernor"/>
<variablelist class="dbus-property" generated="True" extra-ref="RebootWatchdogUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="KExecWatchdogUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="ServiceWatchdogs"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemState"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExitCode"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultTimerAccuracyUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultTimeoutStartUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultTimeoutStopUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultTimeoutAbortUSec"/>
2022-07-16 13:36:06 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="DefaultDeviceTimeoutUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultRestartUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultStartLimitIntervalUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultStartLimitBurst"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultCPUAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultBlockIOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultIOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultIPAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultTasksAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitCPU"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitCPUSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitFSIZE"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitFSIZESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitDATA"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitDATASoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitSTACK"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitSTACKSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitCORE"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitCORESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitRSS"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitRSSSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitNOFILE"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitNOFILESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitAS"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitASSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitNPROC"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitNPROCSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitMEMLOCK"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitMEMLOCKSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitLOCKS"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitLOCKSSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitSIGPENDING"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitSIGPENDINGSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitMSGQUEUE"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitMSGQUEUESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitNICE"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitNICESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitRTPRIO"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitRTPRIOSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitRTTIME"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultLimitRTTIMESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultTasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryPressureThresholdUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryPressureWatch"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimerSlackNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultOOMPolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultOOMScoreAdjust"/>
<variablelist class="dbus-property" generated="True" extra-ref="CtrlAltDelBurstAction"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Methods</title>
<para>Note that many of the methods exist twice: once on the <interfacename>Manager</interfacename>
object and once on the respective unit objects. This is to optimize access times so that methods that
belong to unit objects do not have to be called with a resolved unit path, but can be called with only
the unit id, too.</para>
<para><function>GetUnit()</function> may be used to get the unit object path for a unit name. It takes
the unit name and returns the object path. If a unit has not been loaded yet by this name this method
will fail.</para>
<para><function>GetUnitByPID()</function> may be used to get the unit object path of the unit a process
ID belongs to. It takes a UNIX PID and returns the object path. The PID must refer to an existing system process.
<function>GetUnitByPIDFD()</function> may be used to query with a Linux PIDFD (see:
<citerefentry><refentrytitle>pidfd_open</refentrytitle><manvolnum>2</manvolnum></citerefentry>) instead
of a PID, which is safer as UNIX PIDs can be recycled. The latter method returns the unit id and the
invocation id together with the unit object path.</para>
<para><function>LoadUnit()</function> is similar to <function>GetUnit()</function> but will load the
unit from disk if possible.</para>
<para><function>StartUnit()</function> enqueues a start job and possibly depending jobs. It takes the unit
to activate and a mode string as arguments. The mode needs to be one of <literal>replace</literal>,
<literal>fail</literal>, <literal>isolate</literal>, <literal>ignore-dependencies</literal>, or
<literal>ignore-requirements</literal>. If <literal>replace</literal>, the method will start the unit and
its dependencies, possibly replacing already queued jobs that conflict with it. If
<literal>fail</literal>, the method will start the unit and its dependencies, but will fail if this would
change an already queued job. If <literal>isolate</literal>, the method will start the unit in question
and terminate all units that aren't dependencies of it. If <literal>ignore-dependencies</literal>, it
will start a unit but ignore all its dependencies. If <literal>ignore-requirements</literal>, it will
start a unit but only ignore the requirement dependencies. It is not recommended to make use of the
latter two options. On reply, if successful, this method returns the newly created job object
which has been enqueued for asynchronous activation. Callers that want to track the outcome of the
actual start operation need to monitor the result of this job. This can be achieved in a race-free
manner by first subscribing to the <function>JobRemoved()</function> signal, then calling
<function>StartUnit()</function> and using the returned job object to filter out unrelated
<function>JobRemoved()</function> signals, until the desired one is received, which will then carry
the result of the start operation.</para>
<para><function>StartUnitReplace()</function> is similar to <function>StartUnit()</function> but
replaces a job that is queued for one unit by a job for another unit.</para>
<para><function>StartUnitWithFlags()</function> is similar to <function>StartUnit()</function> but
allows the caller to pass an extra <varname>flags</varname> parameter, which does not support any
flags for now, and is reserved for future extensions.</para>
<para><function>StopUnit()</function> is similar to <function>StartUnit()</function> but stops the
specified unit rather than starting it. Note that the <literal>isolate</literal> mode is invalid for this
method.</para>
<para><function>ReloadUnit()</function>, <function>RestartUnit()</function>,
<function>TryRestartUnit()</function>, <function>ReloadOrRestartUnit()</function>, or
<function>ReloadOrTryRestartUnit()</function> may be used to restart and/or reload a unit. These methods take
similar arguments as <function>StartUnit()</function>. Reloading is done only if the unit is already
running and fails otherwise. If a service is restarted that isn't running, it will be started unless
the "Try" flavor is used in which case a service that isn't running is not affected by the restart. The
"ReloadOrRestart" flavors attempt a reload if the unit supports it and use a restart otherwise.</para>
<para><function>EnqueueMarkedJobs()</function> creates reload/restart jobs for units which have been
appropriately marked, see <varname>Markers</varname> property above. This is equivalent to calling
<function>TryRestartUnit()</function> or <function>ReloadOrTryRestartUnit()</function> for the marked
units.</para>
<para><function>BindMountUnit()</function> can be used to bind mount new files or directories into a
running service mount namespace. If supported by the kernel, any prior mount on the selected target
will be replaced by the new mount. If not supported, any prior mount will be over-mounted, but remain
pinned and inaccessible.
</para>
<para><function>MountImageUnit()</function> can be used to mount new images into a running service
mount namespace. If supported by the kernel, any prior mount on the selected target will be replaced
by the new mount. If not supported, any prior mount will be over-mounted, but remain pinned and
inaccessible.</para>
<para><function>KillUnit()</function> may be used to kill (i.e. send a signal to) all processes of a
unit. It takes the unit <varname>name</varname>, an enum <varname>who</varname> and a UNIX
<varname>signal</varname> number to send. The <varname>who</varname> enum is one of
<literal>main</literal>, <literal>control</literal> or <literal>all</literal>. If
<literal>main</literal>, only the main process of the unit is killed. If <literal>control</literal>, only
the control process of the unit is killed. If <literal>all</literal>, all processes are killed. A
<literal>control</literal> process is for example a process that is configured via
<varname>ExecStop=</varname> and is spawned in parallel to the main daemon process in order to shut it
down.</para>
<para><function>QueueSignalUnit()</function> is similar to <function>KillUnit()</function> but may be
used to enqueue a POSIX Realtime Signal (i.e. <constant>SIGRTMIN+…</constant> and
2023-02-22 08:46:19 +03:00
<constant>SIGRTMAX-…</constant>) to the selected process(es). Takes the same parameters as
<function>KillUnit()</function> with one additional argument: an integer that is passed in the
2023-02-22 08:46:19 +03:00
<varname>sival_int</varname> value accompanying the queued signal. See
<citerefentry project="man-pages"><refentrytitle>sigqueue</refentrytitle><manvolnum>3</manvolnum></citerefentry>
for details.</para>
<para><function>GetJob()</function> returns the job object path for a specific job, identified by its
id.</para>
<para><function>CancelJob()</function> cancels a specific job identified by its numeric ID. This
operation is also available in the <function>Cancel()</function> method of Job objects (see below) and
exists primarily to reduce the necessary round trips to execute this operation. Note that this will not
have any effect on jobs whose execution has already begun.</para>
<para><function>ClearJobs()</function> flushes the job queue, removing all jobs that are still
queued. Note that this does not have any effect on jobs whose execution has already begun. It only
flushes jobs that are queued and have not yet begun execution.</para>
<para><function>ResetFailedUnit()</function> resets the "failed" state of a specific unit.</para>
<para><function>ResetFailed()</function> resets the "failed" state of all units.</para>
<para><function>ListUnits()</function> returns an array of all currently loaded units. Note that
units may be known by multiple names at the same time, and hence there might be more unit names loaded
than actual units behind them. The array consists of structures with the following elements:
<itemizedlist>
<listitem><para>The primary unit name as string</para></listitem>
<listitem><para>The human readable description string</para></listitem>
<listitem><para>The load state (i.e. whether the unit file has been loaded
successfully)</para></listitem>
<listitem><para>The active state (i.e. whether the unit is currently started or
not)</para></listitem>
<listitem><para>The sub state (a more fine-grained version of the active state that is specific to
the unit type, which the active state is not)</para></listitem>
<listitem><para>A unit that is being followed in its state by this unit, if there is any, otherwise
the empty string.</para></listitem>
<listitem><para>The unit object path</para></listitem>
<listitem><para>If there is a job queued for the job unit, the numeric job id, 0
otherwise</para></listitem>
<listitem><para>The job type as string</para></listitem>
<listitem><para>The job object path</para></listitem>
</itemizedlist></para>
<para><function>ListJobs()</function> returns an array with all currently queued jobs. Returns an array
consisting of structures with the following elements:
<itemizedlist>
<listitem><para>The numeric job id</para></listitem>
<listitem><para>The primary unit name for this job</para></listitem>
<listitem><para>The job type as string</para></listitem>
<listitem><para>The job state as string</para></listitem>
<listitem><para>The job object path</para></listitem>
<listitem><para>The unit object path</para></listitem>
</itemizedlist></para>
<para><function>Subscribe()</function> enables most bus signals to be sent out. Clients which are
interested in signals need to call this method. Signals are only sent out if at least one client
invoked this method. <function>Unsubscribe()</function> reverts the signal subscription that
<function>Subscribe()</function> implements. It is not necessary to invoke
<function>Unsubscribe()</function> as clients are tracked. Signals are no longer sent out as soon as
2020-04-19 14:05:44 +03:00
all clients which previously asked for <function>Subscribe()</function> either closed their connection
to the bus or invoked <function>Unsubscribe()</function>.</para>
<para><function>Dump()</function> returns a text dump of the internal service manager state. This is a
privileged, low-level debugging interface only. The returned string is supposed to be readable
exclusively by developers, and not programmatically. There's no interface stability on the returned
string guaranteed, and new fields may be added any time, and old fields removed. The general structure
may be rearranged drastically between releases. This is exposed by
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
<command>dump</command> command. Similarly, <function>DumpUnitsMatchingPatterns()</function> returns
the internal state of units whose names match the glob expressions specified in the
<varname>patterns</varname> argument. The
<function>DumpByFileDescriptor()</function>/<function>DumpUnitsMatchingPatternsByFileDescriptor()</function>
methods are identical to <function>Dump()</function>/<function>DumpUnitsMatchingPatterns()</function>,
but return data serialized into a file descriptor (the client should read the text data from it until
hitting EOF). Given the size limits on D-Bus messages and the possibly large size of the returned
strings,
<function>DumpByFileDescriptor()</function>/<function>DumpUnitsMatchingPatternsByFileDescriptor()</function>
are usually the preferred interface, since it ensures the data can be passed reliably from the service
manager to the client. Note though that they cannot work when communicating with the service manager
remotely, as file descriptors are strictly local to a system. All the <function>Dump*()</function>
methods are rate limited for unprivileged users.</para>
<para><function>Reload()</function> may be invoked to reload all unit files.</para>
<para><function>Reexecute()</function> may be invoked to reexecute the main manager process. It will
serialize its state, reexecute, and deserizalize the state again. This is useful for upgrades and is a
more comprehensive version of <function>Reload()</function>.</para>
<para><function>Exit()</function> may be invoked to ask the manager to exit. This is not available for
the system manager and is useful only for user session managers.</para>
<para><function>Reboot()</function>, <function>PowerOff()</function>, <function>Halt()</function>,
<function>KExec()</function> and <function>SoftReboot()</function> may be used to ask for immediate
reboot, powering down, halt, kexec based reboot, or soft reboot of the system. Note that this does not
shut down any services and immediately transitions into the later shutdown operation. These functions
are normally only called as the last step of shutdown and should not be called directly. To shut down
the machine, it is generally a better idea to invoke <function>Reboot()</function>,
<function>RebootWithFlags()</function> or <function>PowerOff()</function> on the
<filename>systemd-logind</filename> manager object; see
<citerefentry><refentrytitle>org.freedesktop.login1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for more information. <function>SoftReboot()</function> accepts an argument indicating the path for the
root file system to activate for the next boot cycle. If an empty string is specified the
<filename>/run/nextroot/</filename> path is used if it exists.</para>
<para><function>SwitchRoot()</function> may be used to transition to a new root directory. This is
intended to be used in the initrd, and also to transition from the host system into a shutdown initrd.
The method takes two arguments: the new root directory (which needs to be specified) and an init binary
path (which may be left empty, in which case it is automatically searched for). The state of the system
manager will be serialized before the transition. After the transition, the manager binary on the main
system is invoked and replaces the old PID 1. All state will then be deserialized.</para>
<para><function>SetEnvironment()</function> may be used to alter the environment block that is passed
2020-04-19 14:05:44 +03:00
to all spawned processes. It takes a string array of environment variable assignments. Any previously set
environment variables will be overridden.</para>
2020-04-19 14:05:44 +03:00
<para><function>UnsetEnvironment()</function> may be used to unset environment variables. It takes a
string array of environment variable names. All variables specified will be unset (if they have been
set previously) and no longer be passed to all spawned processes. This method has no effect for variables
that were previously not set, but will not fail in that case.</para>
<para><function>UnsetAndSetEnvironment()</function> is a combination of
<function>UnsetEnvironment()</function> and <function>SetEnvironment()</function>. It takes two
2020-04-19 14:05:44 +03:00
lists. The first list contains variables to unset, the second one contains assignments to set. If a
variable is listed in both, the variable is set after this method returns, i.e. the set list overrides the
unset list.</para>
2020-04-19 14:05:44 +03:00
<para><function>ListUnitFiles()</function> returns an array of unit names and their enablement
status. Note that <function>ListUnit()</function> returns a list of units currently loaded into memory,
2020-04-19 14:05:44 +03:00
while <function>ListUnitFiles()</function> returns a list of unit <emphasis>files</emphasis> that were
found on disk. Note that while most units are read directly from a unit file with the same name, some
units are not backed by files and some files (templates) cannot directly be loaded as units but need
to be instantiated instead.</para>
2020-04-19 14:05:44 +03:00
<para><function>GetUnitFileState()</function> returns the current enablement status of a specific unit
file.</para>
<para><function>EnableUnitFiles()</function> may be used to enable one or more units in the system (by
creating symlinks to them in <filename>/etc/</filename> or <filename>/run/</filename>). It takes a list
of unit files to enable (either just file names or full absolute paths if the unit files are residing
2020-04-19 14:05:44 +03:00
outside the usual unit search paths) and two booleans: the first controls whether the unit shall be
enabled for runtime only (true, <filename>/run/</filename>), or persistently (false,
<filename>/etc/</filename>). The second one controls whether symlinks pointing to other units shall be
2020-04-19 14:05:44 +03:00
replaced if necessary. This method returns one boolean and an array of the changes made. The boolean
signals whether the unit files contained any enablement information (i.e. an [Install] section). The
2020-04-19 14:05:44 +03:00
changes array consists of structures with three strings: the type of the change (one of
<literal>symlink</literal> or <literal>unlink</literal>), the file name of the symlink and the
destination of the symlink. Note that most of the following calls return a changes list in the same
format.</para>
<para>Similarly, <function>DisableUnitFiles()</function> disables one or more units in the system,
i.e. removes all symlinks to them in <filename>/etc/</filename> and <filename>/run/</filename>.</para>
<para>The <function>EnableUnitFilesWithFlags()</function> and <function>DisableUnitFilesWithFlags()</function>
take in options as flags instead of booleans to allow for extendability, defined as follows:</para>
<programlisting>
#define SD_SYSTEMD_UNIT_RUNTIME (UINT64_C(1) &lt;&lt; 0)
#define SD_SYSTEMD_UNIT_FORCE (UINT64_C(1) &lt;&lt; 1)
#define SD_SYSTEMD_UNIT_PORTABLE (UINT64_C(1) &lt;&lt; 2)
</programlisting>
<para><varname>SD_SYSTEMD_UNIT_RUNTIME</varname> will enable or disable the unit for runtime only,
<varname>SD_SYSTEMD_UNIT_FORCE</varname> controls whether symlinks pointing to other units shall be
replaced if necessary. <varname>SD_SYSTEMD_UNIT_PORTABLE</varname> will add or remove the symlinks in
<filename>/etc/systemd/system.attached</filename> and <filename>/run/systemd/system.attached</filename>.</para>
<para><function>DisableUnitFilesWithFlagsAndInstallInfo()</function> is similar to
<function>DisableUnitFilesWithFlags()</function> and takes the same arguments, but returns
a boolean to indicate whether the unit files contain any enablement information, like
<function>EnableUnitFiles()</function>. The changes made are still returned in an array.</para>
<para>Similarly, <function>ReenableUnitFiles()</function> applies the changes to one or more units that
would result from disabling and enabling the unit quickly one after the other in an atomic
fashion. This is useful to apply updated [Install] information contained in unit files.</para>
<para>Similarly, <function>LinkUnitFiles()</function> links unit files (that are located outside of the
usual unit search paths) into the unit search path.</para>
2020-04-19 14:05:44 +03:00
<para>Similarly, <function>PresetUnitFiles()</function> enables/disables one or more unit files
according to the preset policy. See
<citerefentry><refentrytitle>systemd.preset</refentrytitle><manvolnum>7</manvolnum></citerefentry> for more
information.</para>
2020-04-19 14:05:44 +03:00
<para>Similarly, <function>MaskUnitFiles()</function> masks unit files and
<function>UnmaskUnitFiles()</function> unmasks them again.</para>
<para><function>SetDefaultTarget()</function> changes the <filename>default.target</filename> link. See
<citerefentry><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry> for more
2020-04-19 14:05:44 +03:00
information.</para>
<para><function>GetDefaultTarget()</function> retrieves the name of the unit to which
2020-04-19 14:05:44 +03:00
<filename>default.target</filename> is aliased.</para>
<para><function>SetUnitProperties()</function> may be used to modify certain unit properties at
runtime. Not all properties may be changed at runtime, but many resource management settings (primarily
those listed in
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
2020-04-19 14:05:44 +03:00
may. The changes are applied instantly and stored on disk for future boots, unless
<varname>runtime</varname> is true, in which case the settings only apply until the next
reboot. <varname>name</varname> is the name of the unit to modify. <varname>properties</varname> are
the settings to set, encoded as an array of property name and value pairs. Note that this is not a
2020-04-19 14:05:44 +03:00
dictionary! Also note that when setting array properties with this method usually results in appending to
the pre-configured array. To reset the configured arrays, set the property to an empty array first and
then append to it.</para>
2020-04-19 14:05:44 +03:00
<para><function>StartTransientUnit()</function> may be used to create and start a transient unit which
will be released as soon as it is not running or referenced anymore or the system is
2020-04-19 14:05:44 +03:00
rebooted. <varname>name</varname> is the unit name including its suffix and must be
unique. <varname>mode</varname> is the same as in <function>StartUnit()</function>,
<varname>properties</varname> contains properties of the unit, specified like in
<function>SetUnitProperties()</function>. <varname>aux</varname> is currently unused and should be
passed as an empty array. See the
<ulink url="https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface">New Control Group
Interface</ulink> for more information how to make use of this functionality for resource control
purposes.</para>
<para><function>DumpUnitFileDescriptorStore()</function> returns an array with information about the
file descriptors currently in the file descriptor store of the specified unit. This call is equivalent
to <function>DumpFileDescriptorStore()</function> on the
<interfacename>org.freedesktop.systemd1.Service</interfacename>. For further details, see below.</para>
<para><function>StartAuxiliaryScope()</function> creates a new scope unit from a service where calling
process resides. Set of processes that will be migrated to newly created scope is passed in as an array
of pidfds. This is useful for creating auxiliary scopes that should contain worker processes and their lifecycle
shouldn't be bound to a lifecycle of the service, e.g. they should continue running after the restart
of the service. Note that the main PID of the service can not be migrated to an auxiliary scope.
Also, <varname>flags</varname> argument must be 0 and is reserved for future extensions.</para>
</refsect2>
<refsect2>
<title>Signals</title>
<para>Note that most signals are sent out only after <function>Subscribe()</function> has been invoked
2020-04-19 14:05:44 +03:00
by at least one client. Make sure to invoke this method when subscribing to these signals!</para>
<para><function>UnitNew()</function> and <function>UnitRemoved()</function> are sent out each time a
new unit is loaded or unloaded. Note that this has little to do with whether a unit is available on
disk or not, and simply reflects the units that are currently loaded into memory. The signals take two
parameters: the primary unit name and the object path.</para>
<para><function>JobNew()</function> and <function>JobRemoved()</function> are sent out each time a new
job is queued or dequeued. Both signals take the numeric job ID, the bus path and the primary unit name
2020-04-19 14:05:44 +03:00
for this job as arguments. <function>JobRemoved()</function> also includes a result string which is one
of <literal>done</literal>, <literal>canceled</literal>, <literal>timeout</literal>,
<literal>failed</literal>, <literal>dependency</literal>, or
<literal>skipped</literal>. <literal>done</literal> indicates successful execution of a
job. <literal>canceled</literal> indicates that a job has been canceled (via
<function>CancelJob()</function> above) before it finished execution (this doesn't necessarily mean
though that the job operation is actually cancelled too, see above). <literal>timeout</literal>
indicates that the job timeout was reached. <literal>failed</literal> indicates that the job
2020-04-19 14:05:44 +03:00
failed. <literal>dependency</literal> indicates that a job this job depended on failed and the job hence
was removed as well. <literal>skipped</literal> indicates that a job was skipped because
it didn't apply to the unit's current state.</para>
2020-04-19 14:05:44 +03:00
<para><function>StartupFinished()</function> is sent out when startup finishes. It carries six
microsecond timespan values, each indicating how much boot time has been spent in the firmware (if
known), in the boot loader (if known), in the kernel initialization phase, in the initrd (if known), in
userspace and in total. These values may also be calculated from the
<varname>FirmwareTimestampMonotonic</varname>, <varname>LoaderTimestampMonotonic</varname>,
2020-04-19 14:05:44 +03:00
<varname>InitRDTimestampMonotonic</varname>, <varname>UserspaceTimestampMonotonic</varname>, and
<varname>FinishTimestampMonotonic</varname> properties (see below).</para>
<para><function>UnitFilesChanged()</function> is sent out each time the list of enabled or masked unit
files on disk have changed.</para>
<para><function>Reloading()</function> is sent out immediately before a daemon reload is done (with the
boolean parameter set to True) and after a daemon reload is completed (with the boolean parameter set
2020-04-19 14:05:44 +03:00
to False). This may be used by UIs to optimize UI updates.</para>
</refsect2>
<refsect2>
<title>Properties</title>
<para>Most properties simply reflect the respective options in
<filename>/etc/systemd/system.conf</filename> and the kernel command line.</para>
<para>The others:</para>
<para><varname>Version</varname> encodes the version string of the running systemd instance. Note that
2020-04-19 14:05:44 +03:00
the version string is purely informational. It should not be parsed and one may not assume the version to
be formatted in any particular way. We take the liberty to change the versioning scheme at any time and
2020-04-19 14:05:44 +03:00
it is not part of the public API.</para>
<para><varname>Features</varname> encodes the features that have been enabled and disabled for this
build. Enabled options are prefixed with <literal>+</literal>, disabled options with
<literal>-</literal>.</para>
<para><varname>Tainted</varname> encodes taint flags as a colon-separated list. When systemd detects it
is running on a system with a certain problem, it will set an appropriate taint flag. Taints may be
used to lower the chance of bogus bug reports. The following taints are currently known:</para>
<variablelist>
<varlistentry>
<term><literal>unmerged-usr</literal></term>
<listitem><para><filename>/bin</filename>, <filename>/sbin</filename> and
<filename>/lib*</filename> are not symlinks to their counterparts under <filename>/usr/</filename>.
For more information on this issue consult
<ulink url="https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge">
The Case for the /usr Merge
</ulink>.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><literal>cgroups-missing</literal></term>
<listitem><para>Support for cgroups is unavailable.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><literal>cgroupsv1</literal></term>
<listitem><para>The system is using the old cgroup hierarchy.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><literal>local-hwclock</literal></term>
<listitem><para>The local hardware clock (RTC) is configured to be in local time rather than
UTC.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><literal>support-ended</literal></term>
<listitem><para>The system is running past the end of support declared by the vendor. See the
description of <varname>SUPPORT_END=</varname> in
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><literal>old-kernel</literal></term>
<listitem><para>The system is running a kernel version that is older than the minimum supported by
this version of systemd.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><literal>var-run-bad</literal></term>
<listitem><para><filename>/run/</filename> does not exist or <filename>/var/run</filename> is not a
symlink to <filename>/run/</filename>.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><literal>overflowuid-not-65534</literal></term>
<term><literal>overflowgid-not-65534</literal></term>
<listitem><para>The kernel overflow UID or GID have a value other than 65534.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><literal>short-uid-range</literal></term>
<term><literal>short-gid-range</literal></term>
<listitem><para>The UID or GID range assigned to the running systemd instance covers less than
0…65534.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<!-- mtab-not-symlink was removed in b492ce8a22d4527c1372b2d3fbd580627d70c917 -->
</variablelist>
<para><varname>FirmwareTimestamp</varname>, <varname>FirmwareTimestampMonotonic</varname>,
<varname>LoaderTimestamp</varname>, <varname>LoaderTimestampMonotonic</varname>,
<varname>KernelTimestamp</varname>, <varname>KernelTimestampMonotonic</varname>,
<varname>InitRDTimestamp</varname>, <varname>InitRDTimestampMonotonic</varname>,
<varname>UserspaceTimestamp</varname>, <varname>UserspaceTimestampMonotonic</varname>,
2020-04-19 14:05:44 +03:00
<varname>FinishTimestamp</varname>, and <varname>FinishTimestampMonotonic</varname> encode
<constant>CLOCK_REALTIME</constant> and <constant>CLOCK_MONOTONIC</constant> microsecond timestamps
taken when the firmware first began execution, when the boot loader first began execution, when the
kernel first began execution, when the initrd first began execution, when the main systemd instance
began execution and finally, when all queued startup jobs finished execution. These values are useful
2020-04-19 14:05:44 +03:00
for determining boot-time performance. Note that as monotonic time begins with the kernel startup, the
<varname>KernelTimestampMonotonic</varname> timestamp will always be 0 and
<varname>FirmwareTimestampMonotonic</varname> and <varname>LoaderTimestampMonotonic</varname> are to
be read as negative values. Also, not all fields are always available, depending on the used firmware,
boot loader or initrd implementation. In these cases the respective pairs of timestamps are both 0,
indicating that no data is available.</para>
<para><varname>UnitsLoadTimestamp</varname> and <varname>UnitsLoadTimestampMonotonic</varname> encode
<constant>CLOCK_REALTIME</constant> and <constant>CLOCK_MONOTONIC</constant> microseconds timestamps
(as described above). The timestamps are taken every time when the manager starts loading unit files.
</para>
<para>Similarly, the <varname>SecurityStartTimestamp</varname>,
2020-04-19 14:05:44 +03:00
<varname>GeneratorsStartTimestamp</varname> and <varname>LoadUnitTimestamp</varname> (as well as their
monotonic and stop counterparts) expose performance data for uploading the security policies to the
kernel (such as the SELinux, IMA, or SMACK policies), for running the generator tools and for loading
2020-04-19 14:05:44 +03:00
the unit files.</para>
<para><varname>NNames</varname> encodes how many unit names are currently known. This only includes
2020-04-19 14:05:44 +03:00
names of units that are currently loaded and can be more than the amount of actually loaded units since
units may have more than one name.</para>
<para><varname>NJobs</varname> encodes how many jobs are currently queued.</para>
<para><varname>NInstalledJobs</varname> encodes how many jobs have ever been queued in total.</para>
<para><varname>NFailedJobs</varname> encodes how many jobs have ever failed in total.</para>
2020-04-19 14:05:44 +03:00
<para><varname>Progress</varname> encodes boot progress as a floating point value between 0.0 and
1.0. This value begins at 0.0 at early-boot and ends at 1.0 when boot is finished and is based on the
2020-04-19 14:05:44 +03:00
number of executed and queued jobs. After startup, this field is always 1.0 indicating a finished
boot.</para>
<para><varname>Environment</varname> encodes the environment block passed to all executed services. It
may be altered with bus calls such as <function>SetEnvironment()</function> (see above).</para>
<para><varname>UnitPath</varname> encodes the currently active unit file search path. It is an array of
2020-04-19 14:05:44 +03:00
file system paths encoded as strings.</para>
<para><varname>Virtualization</varname> contains a short ID string describing the virtualization
2020-04-19 14:05:44 +03:00
technology the system runs in. On bare-metal hardware this is the empty string. Otherwise, it contains
an identifier such as <literal>kvm</literal>, <literal>vmware</literal> and so on. For a full list of
IDs see
<citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
Note that only the "innermost" virtualization technology is exported here. This detects both
full-machine virtualizations (VMs) and shared-kernel virtualization (containers).</para>
<para><varname>ConfidentialVirtualization</varname> contains a short ID string describing the confidential
virtualization technology the system runs in. On bare-metal hardware this is the empty string. Otherwise,
it contains an identifier such as <literal>sev</literal>, <literal>sev-es</literal>, <literal>sev-snp</literal>,
<literal>tdx</literal> and so on. For a full list of IDs see
<citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry></para>.
<para><varname>Architecture</varname> contains a short ID string describing the architecture the
systemd instance is running on. This follows the same vocabulary as
<varname>ConditionArchitectures=</varname>.</para>
<para><varname>ControlGroup</varname> contains the root control group path of this system manager. Note
2020-04-19 14:05:44 +03:00
that the root path is encoded as the empty string here (not as <literal>/</literal>!), so that it can be
appended to <filename>/sys/fs/cgroup/systemd</filename> easily. This value will be set to the empty
2020-04-19 14:05:44 +03:00
string for the host instance and some other string for container instances.</para>
<para><varname>AccessSELinuxContext</varname> contains the SELinux context that is used to control
access to the unit. It's read from the unit file when it is loaded and cached until the service manager
is reloaded. This property contains an empty string if SELinux is not used or if no label could be read
(for example because the unit is not backed by a file on disk).</para>
<para><varname>SystemState</varname> contains the current state of the system manager. The possible
values are:</para>
<variablelist>
<varlistentry>
<term><literal>initializing</literal></term>
<listitem><para>The system is booting, and <filename>basic.target</filename> has not been reached
yet.</para></listitem>
</varlistentry>
<varlistentry>
<term><literal>starting</literal></term>
<listitem><para>The system is booting, and <filename>basic.target</filename> has been reached.
</para></listitem>
</varlistentry>
<varlistentry>
<term><literal>running</literal></term>
<listitem><para>The system has finished booting, and no units are in the failed state.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>degraded</literal></term>
<listitem><para>The system has finished booting, but some units are in the failed state.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>maintenance</literal></term>
<listitem><para>The system has finished booting, but it has been put in rescue or maintenance
mode.</para></listitem>
</varlistentry>
<varlistentry>
<term><literal>stopping</literal></term>
<listitem><para>The system is shutting down.</para></listitem>
</varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>Security</title>
<para>Read access is generally granted to all clients. Additionally, for unprivileged clients, some
operations are allowed through the polkit privilege system. Operations which modify unit state
(<function>StartUnit()</function>, <function>StopUnit()</function>, <function>KillUnit()</function>,
<function>QueueSignalUnit()</function>, <function>RestartUnit()</function> and similar,
<function>SetProperty()</function>) require
<interfacename>org.freedesktop.systemd1.manage-units</interfacename>. Operations which modify unit file
enablement state (<function>EnableUnitFiles()</function>, <function>DisableUnitFiles()</function>,
<function>EnableUnitFilesWithFlags()</function>, <function>DisableUnitFilesWithFlags()</function>,
<function>ReenableUnitFiles()</function>, <function>LinkUnitFiles()</function>,
<function>PresetUnitFiles()</function>, <function>MaskUnitFiles()</function>, and similar) require
<interfacename>org.freedesktop.systemd1.manage-unit-files</interfacename>. Operations which modify the
2020-04-19 14:05:44 +03:00
exported environment (<function>SetEnvironment()</function>, <function>UnsetEnvironment()</function>,
<function>UnsetAndSetEnvironment()</function>) require
2020-04-19 14:05:44 +03:00
<interfacename>org.freedesktop.systemd1.set-environment</interfacename>. <function>Reload()</function>
and <function>Reexecute()</function> require
<interfacename>org.freedesktop.systemd1.reload-daemon</interfacename>. Operations which dump internal
state require <interfacename>org.freedesktop.systemd1.bypass-dump-ratelimit</interfacename> to avoid
rate limits.
</para>
</refsect2>
</refsect1>
<refsect1>
<title>Unit Objects</title>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice" interface="org.freedesktop.systemd1.Unit">
node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
interface org.freedesktop.systemd1.Unit {
methods:
Start(in s mode,
out o job);
Stop(in s mode,
out o job);
Reload(in s mode,
out o job);
Restart(in s mode,
out o job);
TryRestart(in s mode,
out o job);
ReloadOrRestart(in s mode,
out o job);
ReloadOrTryRestart(in s mode,
out o job);
EnqueueJob(in s job_type,
in s job_mode,
out u job_id,
out o job_path,
out s unit_id,
out o unit_path,
out s job_type,
out a(uosos) affected_jobs);
Kill(in s whom,
in i signal);
QueueSignal(in s whom,
in i signal,
in i value);
ResetFailed();
SetProperties(in b runtime,
in a(sv) properties);
Ref();
Unref();
Clean(in as mask);
2020-05-12 11:37:28 +03:00
Freeze();
Thaw();
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Id = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Names = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Following = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Requires = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Requisite = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Wants = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as BindsTo = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PartOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Upholds = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RequiredBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RequisiteOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as WantedBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as BoundBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UpheldBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConsistsOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Conflicts = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConflictedBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Before = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as After = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as OnSuccess = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as OnSuccessOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as OnFailure = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as OnFailureOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Triggers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as TriggeredBy = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PropagatesReloadTo = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReloadPropagatedFrom = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
core: add new PropagateStopTo= dependency (and inverse) This takes inspiration from PropagatesReloadTo=, but propagates stop jobs instead of restart jobs. This is defined based on exactly two atoms: UNIT_ATOM_PROPAGATE_STOP + UNIT_ATOM_RETROACTIVE_STOP_ON_STOP. The former ensures that when the unit the dependency is originating from is stopped based on user request, we'll propagate the stop job to the target unit, too. In addition, when the originating unit suddenly stops from external causes the stopping is propagated too. Note that this does *not* include the UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT atom (which is used by BoundBy=), i.e. this dependency is purely about propagating "edges" and not "levels", i.e. it's about propagating specific events, instead of continious states. This is supposed to be useful for dependencies between .mount units and their backing .device units. So far we either placed a BindsTo= or Requires= dependency between them. The former gave a very clear binding of the to units together, however was problematic if users establish mounnts manually with different block device sources than our configuration defines, as we there might come to the conclusion that the backing device was absent and thus we need to umount again what the user mounted. By combining Requires= with the new StopPropagatedFrom= (i.e. the inverse PropagateStopTo=) we can get behaviour that matches BindsTo= in every single atom but one: UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT is absent, and hence the level-triggered logic doesn't apply. Replaces: #11340
2021-04-13 23:30:31 +03:00
readonly as PropagatesStopTo = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as StopPropagatedFrom = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as JoinsNamespaceOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SliceOf = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RequiresMountsFor = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as WantsMountsFor = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Documentation = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Description = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s AccessSELinuxContext = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s LoadState = '...';
readonly s ActiveState = '...';
2020-05-12 11:37:28 +03:00
readonly s FreezerState = '...';
readonly s SubState = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s FragmentPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SourcePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as DropInPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s UnitFileState = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s UnitFilePreset = '...';
readonly t StateChangeTimestamp = ...;
readonly t StateChangeTimestampMonotonic = ...;
readonly t InactiveExitTimestamp = ...;
readonly t InactiveExitTimestampMonotonic = ...;
readonly t ActiveEnterTimestamp = ...;
readonly t ActiveEnterTimestampMonotonic = ...;
readonly t ActiveExitTimestamp = ...;
readonly t ActiveExitTimestampMonotonic = ...;
readonly t InactiveEnterTimestamp = ...;
readonly t InactiveEnterTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CanStart = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CanStop = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CanReload = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CanIsolate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as CanClean = ['...', ...];
2020-05-12 11:37:28 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CanFreeze = ...;
readonly (uo) Job = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b StopWhenUnneeded = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RefuseManualStart = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RefuseManualStop = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b AllowIsolate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DefaultDependencies = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SurviveFinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s OnSuccessJobMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s OnFailureJobMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b IgnoreOnIsolate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b NeedDaemonReload = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as Markers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t JobTimeoutUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t JobRunningTimeoutUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s JobTimeoutAction = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s JobTimeoutRebootArgument = '...';
readonly b ConditionResult = ...;
readonly b AssertResult = ...;
readonly t ConditionTimestamp = ...;
readonly t ConditionTimestampMonotonic = ...;
readonly t AssertTimestamp = ...;
readonly t AssertTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sbbsi) Conditions = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sbbsi) Asserts = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (ss) LoadError = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Transient = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Perpetual = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t StartLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u StartLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StartLimitAction = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s FailureAction = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FailureActionExitStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SuccessAction = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SuccessActionExitStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RebootArgument = '...';
readonly ay InvocationID = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s CollectMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as Refs = ['...', ...];
readonly a(ss) ActivationDetails = [...];
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
};
</programlisting>
<!--method EnqueueJob is not documented!-->
<!--method Ref is not documented!-->
<!--method Unref is not documented!-->
<!--method Clean is not documented!-->
2020-05-12 11:37:28 +03:00
<!--method Freeze is not documented!-->
<!--method Thaw is not documented!-->
<!--property PartOf is not documented!-->
<!--property Upholds is not documented!-->
<!--property RequisiteOf is not documented!-->
<!--property UpheldBy is not documented!-->
<!--property ConsistsOf is not documented!-->
<!--property OnSuccess is not documented!-->
<!--property OnSuccessOf is not documented!-->
<!--property OnFailureOf is not documented!-->
<!--property ReloadPropagatedFrom is not documented!-->
core: add new PropagateStopTo= dependency (and inverse) This takes inspiration from PropagatesReloadTo=, but propagates stop jobs instead of restart jobs. This is defined based on exactly two atoms: UNIT_ATOM_PROPAGATE_STOP + UNIT_ATOM_RETROACTIVE_STOP_ON_STOP. The former ensures that when the unit the dependency is originating from is stopped based on user request, we'll propagate the stop job to the target unit, too. In addition, when the originating unit suddenly stops from external causes the stopping is propagated too. Note that this does *not* include the UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT atom (which is used by BoundBy=), i.e. this dependency is purely about propagating "edges" and not "levels", i.e. it's about propagating specific events, instead of continious states. This is supposed to be useful for dependencies between .mount units and their backing .device units. So far we either placed a BindsTo= or Requires= dependency between them. The former gave a very clear binding of the to units together, however was problematic if users establish mounnts manually with different block device sources than our configuration defines, as we there might come to the conclusion that the backing device was absent and thus we need to umount again what the user mounted. By combining Requires= with the new StopPropagatedFrom= (i.e. the inverse PropagateStopTo=) we can get behaviour that matches BindsTo= in every single atom but one: UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT is absent, and hence the level-triggered logic doesn't apply. Replaces: #11340
2021-04-13 23:30:31 +03:00
<!--property PropagatesStopTo is not documented!-->
<!--property StopPropagatedFrom is not documented!-->
<!--property JoinsNamespaceOf is not documented!-->
<!--property SliceOf is not documented!-->
<!--property WantsMountsFor is not documented!-->
2020-05-12 11:37:28 +03:00
<!--property FreezerState is not documented!-->
<!--property DropInPaths is not documented!-->
<!--property UnitFilePreset is not documented!-->
<!--property StateChangeTimestamp is not documented!-->
<!--property StateChangeTimestampMonotonic is not documented!-->
<!--property CanClean is not documented!-->
2020-05-12 11:37:28 +03:00
<!--property CanFreeze is not documented!-->
<!--property SurviveFinalKillSignal is not documented!-->
<!--property OnSuccessJobMode is not documented!-->
<!--property OnFailureJobMode is not documented!-->
<!--property JobRunningTimeoutUSec is not documented!-->
<!--property JobTimeoutAction is not documented!-->
<!--property JobTimeoutRebootArgument is not documented!-->
<!--property AssertResult is not documented!-->
<!--property AssertTimestamp is not documented!-->
<!--property AssertTimestampMonotonic is not documented!-->
<!--property Asserts is not documented!-->
<!--property Perpetual is not documented!-->
<!--property StartLimitIntervalUSec is not documented!-->
<!--property StartLimitAction is not documented!-->
<!--property FailureAction is not documented!-->
<!--property FailureActionExitStatus is not documented!-->
<!--property SuccessAction is not documented!-->
<!--property SuccessActionExitStatus is not documented!-->
<!--property RebootArgument is not documented!-->
<!--property InvocationID is not documented!-->
<!--property CollectMode is not documented!-->
<!--property Refs is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-method" generated="True" extra-ref="Start()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Stop()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Reload()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Restart()"/>
<variablelist class="dbus-method" generated="True" extra-ref="TryRestart()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ReloadOrRestart()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ReloadOrTryRestart()"/>
<variablelist class="dbus-method" generated="True" extra-ref="EnqueueJob()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Kill()"/>
<variablelist class="dbus-method" generated="True" extra-ref="QueueSignal()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ResetFailed()"/>
<variablelist class="dbus-method" generated="True" extra-ref="SetProperties()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Ref()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Unref()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Clean()"/>
2020-05-12 11:37:28 +03:00
<variablelist class="dbus-method" generated="True" extra-ref="Freeze()"/>
<variablelist class="dbus-method" generated="True" extra-ref="Thaw()"/>
<variablelist class="dbus-property" generated="True" extra-ref="Id"/>
<variablelist class="dbus-property" generated="True" extra-ref="Names"/>
<variablelist class="dbus-property" generated="True" extra-ref="Following"/>
<variablelist class="dbus-property" generated="True" extra-ref="Requires"/>
<variablelist class="dbus-property" generated="True" extra-ref="Requisite"/>
<variablelist class="dbus-property" generated="True" extra-ref="Wants"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindsTo"/>
<variablelist class="dbus-property" generated="True" extra-ref="PartOf"/>
<variablelist class="dbus-property" generated="True" extra-ref="Upholds"/>
<variablelist class="dbus-property" generated="True" extra-ref="RequiredBy"/>
<variablelist class="dbus-property" generated="True" extra-ref="RequisiteOf"/>
<variablelist class="dbus-property" generated="True" extra-ref="WantedBy"/>
<variablelist class="dbus-property" generated="True" extra-ref="BoundBy"/>
<variablelist class="dbus-property" generated="True" extra-ref="UpheldBy"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConsistsOf"/>
<variablelist class="dbus-property" generated="True" extra-ref="Conflicts"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConflictedBy"/>
<variablelist class="dbus-property" generated="True" extra-ref="Before"/>
<variablelist class="dbus-property" generated="True" extra-ref="After"/>
<variablelist class="dbus-property" generated="True" extra-ref="OnSuccess"/>
<variablelist class="dbus-property" generated="True" extra-ref="OnSuccessOf"/>
<variablelist class="dbus-property" generated="True" extra-ref="OnFailure"/>
<variablelist class="dbus-property" generated="True" extra-ref="OnFailureOf"/>
<variablelist class="dbus-property" generated="True" extra-ref="Triggers"/>
<variablelist class="dbus-property" generated="True" extra-ref="TriggeredBy"/>
<variablelist class="dbus-property" generated="True" extra-ref="PropagatesReloadTo"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReloadPropagatedFrom"/>
core: add new PropagateStopTo= dependency (and inverse) This takes inspiration from PropagatesReloadTo=, but propagates stop jobs instead of restart jobs. This is defined based on exactly two atoms: UNIT_ATOM_PROPAGATE_STOP + UNIT_ATOM_RETROACTIVE_STOP_ON_STOP. The former ensures that when the unit the dependency is originating from is stopped based on user request, we'll propagate the stop job to the target unit, too. In addition, when the originating unit suddenly stops from external causes the stopping is propagated too. Note that this does *not* include the UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT atom (which is used by BoundBy=), i.e. this dependency is purely about propagating "edges" and not "levels", i.e. it's about propagating specific events, instead of continious states. This is supposed to be useful for dependencies between .mount units and their backing .device units. So far we either placed a BindsTo= or Requires= dependency between them. The former gave a very clear binding of the to units together, however was problematic if users establish mounnts manually with different block device sources than our configuration defines, as we there might come to the conclusion that the backing device was absent and thus we need to umount again what the user mounted. By combining Requires= with the new StopPropagatedFrom= (i.e. the inverse PropagateStopTo=) we can get behaviour that matches BindsTo= in every single atom but one: UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT is absent, and hence the level-triggered logic doesn't apply. Replaces: #11340
2021-04-13 23:30:31 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="PropagatesStopTo"/>
<variablelist class="dbus-property" generated="True" extra-ref="StopPropagatedFrom"/>
<variablelist class="dbus-property" generated="True" extra-ref="JoinsNamespaceOf"/>
<variablelist class="dbus-property" generated="True" extra-ref="SliceOf"/>
<variablelist class="dbus-property" generated="True" extra-ref="RequiresMountsFor"/>
<variablelist class="dbus-property" generated="True" extra-ref="WantsMountsFor"/>
<variablelist class="dbus-property" generated="True" extra-ref="Documentation"/>
<variablelist class="dbus-property" generated="True" extra-ref="Description"/>
<variablelist class="dbus-property" generated="True" extra-ref="AccessSELinuxContext"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoadState"/>
<variablelist class="dbus-property" generated="True" extra-ref="ActiveState"/>
2020-05-12 11:37:28 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="FreezerState"/>
<variablelist class="dbus-property" generated="True" extra-ref="SubState"/>
<variablelist class="dbus-property" generated="True" extra-ref="FragmentPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="SourcePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="DropInPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnitFileState"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnitFilePreset"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateChangeTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateChangeTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="InactiveExitTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="InactiveExitTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="ActiveEnterTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="ActiveEnterTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="ActiveExitTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="ActiveExitTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="InactiveEnterTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="InactiveEnterTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="CanStart"/>
<variablelist class="dbus-property" generated="True" extra-ref="CanStop"/>
<variablelist class="dbus-property" generated="True" extra-ref="CanReload"/>
<variablelist class="dbus-property" generated="True" extra-ref="CanIsolate"/>
<variablelist class="dbus-property" generated="True" extra-ref="CanClean"/>
2020-05-12 11:37:28 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="CanFreeze"/>
<variablelist class="dbus-property" generated="True" extra-ref="Job"/>
<variablelist class="dbus-property" generated="True" extra-ref="StopWhenUnneeded"/>
<variablelist class="dbus-property" generated="True" extra-ref="RefuseManualStart"/>
<variablelist class="dbus-property" generated="True" extra-ref="RefuseManualStop"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowIsolate"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultDependencies"/>
<variablelist class="dbus-property" generated="True" extra-ref="SurviveFinalKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="OnSuccessJobMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="OnFailureJobMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="IgnoreOnIsolate"/>
<variablelist class="dbus-property" generated="True" extra-ref="NeedDaemonReload"/>
<variablelist class="dbus-property" generated="True" extra-ref="Markers"/>
<variablelist class="dbus-property" generated="True" extra-ref="JobTimeoutUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="JobRunningTimeoutUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="JobTimeoutAction"/>
<variablelist class="dbus-property" generated="True" extra-ref="JobTimeoutRebootArgument"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConditionResult"/>
<variablelist class="dbus-property" generated="True" extra-ref="AssertResult"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConditionTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConditionTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="AssertTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="AssertTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="Conditions"/>
<variablelist class="dbus-property" generated="True" extra-ref="Asserts"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoadError"/>
<variablelist class="dbus-property" generated="True" extra-ref="Transient"/>
<variablelist class="dbus-property" generated="True" extra-ref="Perpetual"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartLimitIntervalUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartLimitBurst"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartLimitAction"/>
<variablelist class="dbus-property" generated="True" extra-ref="FailureAction"/>
<variablelist class="dbus-property" generated="True" extra-ref="FailureActionExitStatus"/>
<variablelist class="dbus-property" generated="True" extra-ref="SuccessAction"/>
<variablelist class="dbus-property" generated="True" extra-ref="SuccessActionExitStatus"/>
<variablelist class="dbus-property" generated="True" extra-ref="RebootArgument"/>
<variablelist class="dbus-property" generated="True" extra-ref="InvocationID"/>
<variablelist class="dbus-property" generated="True" extra-ref="CollectMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="Refs"/>
<variablelist class="dbus-property" generated="True" extra-ref="ActivationDetails"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Methods</title>
<para><function>Start()</function>, <function>Stop()</function>, <function>Reload()</function>,
<function>Restart()</function>, <function>TryRestart()</function>,
<function>ReloadOrRestart()</function>, <function>ReloadOrTryRestart()</function>,
<function>Kill()</function>, <function>QueueSignal()</function>, <function>ResetFailed()</function>,
and <function>SetProperties()</function> implement the same operation as the respective methods on the
<interfacename>Manager</interfacename> object (see above). However, these methods operate on the unit
object and hence do not take a unit name parameter. Invoking the methods directly on the Manager object
has the advantage of not requiring a <function>GetUnit()</function> call to get the unit object for a
specific unit name. Calling the methods on the Manager object is hence a round trip
optimization.</para>
</refsect2>
<refsect2>
<title>Properties</title>
<para><varname>Id</varname> contains the primary name of the unit.</para>
<para><varname>Names</varname> contains all names of the unit, including the primary name that is also
exposed in <varname>Id</varname>.</para>
<para><varname>Following</varname> either contains the empty string or contains the name of another
unit that this unit follows in state. This is used for some device units which reflect the unit state
machine of another unit, and which other unit this is might possibly change.</para>
<para><varname>Requires</varname>, <varname>RequiresOverridable</varname>,
<varname>Requisite</varname>, <varname>RequisiteOverridable</varname>, <varname>Wants</varname>,
<varname>BindsTo</varname>, <varname>RequiredBy</varname>, <varname>RequiredByOverridable</varname>,
<varname>WantedBy</varname>, <varname>BoundBy</varname>, <varname>Conflicts</varname>,
<varname>ConflictedBy</varname>, <varname>Before</varname>, <varname>After</varname>,
<varname>OnFailure</varname>, <varname>Triggers</varname>, <varname>TriggeredBy</varname>,
<varname>PropagatesReloadTo</varname>, and <varname>RequiresMountsFor</varname> contain arrays which encode
the dependencies and their inverse dependencies (where this applies) as configured in the unit file or
determined automatically.</para>
<para><varname>Description</varname> contains the human readable description string for the
unit.</para>
<para><varname>SourcePath</varname> contains the path to a configuration file this unit is
automatically generated from in case it is not a native unit (in which case it contains the empty
string). For example, all mount units generated from <filename>/etc/fstab</filename> have this field
set to <filename>/etc/fstab</filename>.</para>
<para><varname>Documentation</varname> contains a string array with URLs of documentation for this
unit.</para>
<para><varname>LoadState</varname> contains a state value that reflects whether the configuration file
of this unit has been loaded. The following states are currently defined: <literal>loaded</literal>,
<literal>error</literal>, and <literal>masked</literal>. <literal>loaded</literal> indicates that the
configuration was successfully loaded. <literal>error</literal> indicates that the configuration failed
to load. The <varname>LoadError</varname> field (see below) contains information about the cause of
this failure. <literal>masked</literal> indicates that the unit is currently masked out (i.e. symlinked
to <filename>/dev/null</filename> or empty). Note that the <varname>LoadState</varname> is fully
orthogonal to the <varname>ActiveState</varname> (see below) as units without valid loaded
configuration might be active (because configuration might have been reloaded at a time where a unit
was already active).</para>
<para><varname>ActiveState</varname> contains a state value that reflects whether the unit is currently
active or not. The following states are currently defined: <literal>active</literal>,
<literal>reloading</literal>, <literal>inactive</literal>, <literal>failed</literal>,
<literal>activating</literal>, and <literal>deactivating</literal>. <literal>active</literal> indicates
that unit is active (obviously...). <literal>reloading</literal> indicates that the unit is active and
currently reloading its configuration. <literal>inactive</literal> indicates that it is inactive and
the previous run was successful or no previous run has taken place yet. <literal>failed</literal>
indicates that it is inactive and the previous run was not successful (more information about the
reason for this is available on the unit type specific interfaces, for example for services in the
<varname>Result</varname> property, see below). <literal>activating</literal> indicates that the unit
has previously been inactive but is currently in the process of entering an active state. Conversely
<literal>deactivating</literal> indicates that the unit is currently in the process of
deactivation.</para>
<para><varname>SubState</varname> encodes states of the same state machine that
<varname>ActiveState</varname> covers, but knows more fine-grained states that are
unit-type-specific. Where <varname>ActiveState</varname> only covers six high-level states,
<varname>SubState</varname> covers possibly many more low-level unit-type-specific states that are
mapped to the six high-level states. Note that multiple low-level states might map to the same
high-level state, but not vice versa. Not all high-level states have low-level counterparts on all unit
types. At this point the low-level states are not documented here, and are more likely to be extended
later on than the common high-level states explained above.</para>
<para><varname>FragmentPath</varname> contains the unit file path this unit was read from, if there is
2020-04-19 14:05:44 +03:00
one (if not, it contains the empty string).</para>
<para><varname>UnitFileState</varname> encodes the install state of the unit file of
<varname>FragmentPath</varname>. It currently knows the following states: <literal>enabled</literal>,
<literal>enabled-runtime</literal>, <literal>linked</literal>, <literal>linked-runtime</literal>,
<literal>masked</literal>, <literal>masked-runtime</literal>, <literal>static</literal>,
2020-04-19 14:05:44 +03:00
<literal>disabled</literal>, and <literal>invalid</literal>. <literal>enabled</literal> indicates that a
unit file is permanently enabled. <literal>enable-runtime</literal> indicates the unit file is only
2020-04-19 14:05:44 +03:00
temporarily enabled and will no longer be enabled after a reboot (that means, it is enabled via
<filename>/run/</filename> symlinks, rather than <filename>/etc/</filename>). <literal>linked</literal>
indicates that a unit is linked into <filename>/etc/</filename> permanently. <literal>linked-runtime</literal>
indicates that a unit is linked into <filename>/run/</filename> temporarily (until the next
2020-04-19 14:05:44 +03:00
reboot). <literal>masked</literal> indicates that the unit file is masked permanently.
<literal>masked-runtime</literal> indicates that it is masked in <filename>/run/</filename> temporarily
2020-04-19 14:05:44 +03:00
(until the next reboot). <literal>static</literal> indicates that the unit is statically enabled, i.e.
always enabled and doesn't need to be enabled explicitly. <literal>invalid</literal> indicates that it
could not be determined whether the unit file is enabled.</para>
<para><varname>InactiveExitTimestamp</varname>, <varname>InactiveExitTimestampMonotonic</varname>,
<varname>ActiveEnterTimestamp</varname>, <varname>ActiveEnterTimestampMonotonic</varname>,
<varname>ActiveExitTimestamp</varname>, <varname>ActiveExitTimestampMonotonic</varname>,
2020-04-19 14:05:44 +03:00
<varname>InactiveEnterTimestamp</varname>, and <varname>InactiveEnterTimestampMonotonic</varname>
contain <constant>CLOCK_REALTIME</constant> and <constant>CLOCK_MONOTONIC</constant> 64-bit microsecond
timestamps of the last time a unit left the inactive state, entered the active state, exited the active
state, or entered an inactive state. These are the points in time where the unit transitioned
<literal>inactive</literal>/<literal>failed</literal><literal>activating</literal>,
<literal>activating</literal><literal>active</literal>, <literal>active</literal>
<literal>deactivating</literal>, and finally <literal>deactivating</literal>
<literal>inactive</literal>/<literal>failed</literal>. The fields are 0 in case such a transition has
2020-04-19 14:05:44 +03:00
not yet been recorded on this boot.</para>
2020-04-19 14:05:44 +03:00
<para><varname>CanStart</varname>, <varname>CanStop</varname>, and <varname>CanReload</varname> encode
as booleans whether the unit supports the start, stop or reload operations. Even if a unit supports
such an operation, the client might not necessary have the necessary privileges to execute them.</para>
2020-04-19 14:05:44 +03:00
<para><varname>CanIsolate</varname> encodes as a boolean whether the unit may be started in isolation
mode.</para>
<para><varname>Job</varname> encodes the job ID and job object path of the job currently scheduled or
2020-04-19 14:05:44 +03:00
executed for this unit, if there is any. If no job is scheduled or executed, the job id field will be
0.</para>
<para><varname>StopWhenUnneeded</varname>, <varname>RefuseManualStart</varname>,
<varname>RefuseManualStop</varname>, <varname>AllowIsolate</varname>,
<varname>DefaultDependencies</varname>, <varname>OnFailureIsolate</varname>,
<varname>IgnoreOnIsolate</varname>, <varname>IgnoreOnSnapshot</varname> map directly to the
corresponding configuration booleans in the unit file.</para>
<para><varname>NeedDaemonReload</varname> is a boolean that indicates whether the configuration file
this unit is loaded from (i.e. <varname>FragmentPath</varname> or <varname>SourcePath</varname>) has
changed since the configuration was read and hence whether a configuration reload is recommended.
</para>
<para><varname>Markers</varname> is an array of string flags that can be set using
<function>SetUnitProperties()</function> to indicate that the service should be reloaded or
restarted. Currently known values are <literal>needs-restart</literal> and
<literal>needs-reload</literal>. Package scripts may use the first to mark units for later restart when
a new version of the package is installed. Configuration management scripts may use the second to mark
units for a later reload when the configuration is adjusted. Those flags are not set by the manager,
except to unset as appropriate when the unit is stopped, restarted, or reloaded.</para>
<para><varname>JobTimeoutUSec</varname> maps directly to the corresponding configuration setting in the
unit file.</para>
<para><varname>ConditionTimestamp</varname> and <varname>ConditionTimestampMonotonic</varname> contain
the <constant>CLOCK_REALTIME</constant>/<constant>CLOCK_MONOTONIC</constant> microsecond timestamps of
2020-04-19 14:05:44 +03:00
the last time the configured conditions of the unit have been checked or 0 if they have never been
checked. Conditions are checked when a unit is requested to start.</para>
<para><varname>ConditionResult</varname> contains the condition result of the last time the configured
conditions of this unit were checked. </para>
2020-04-19 14:05:44 +03:00
<para><varname>Conditions</varname> contains all configured conditions of the unit. For each condition,
five fields are given: condition type (e.g. <varname>ConditionPathExists</varname>), whether the
condition is a trigger condition, whether the condition is reversed, the right hand side of the
condition (e.g. the path in case of <varname>ConditionPathExists</varname>), and the status. The status
can be 0, in which case the condition hasn't been checked yet, a positive value, in which case the
condition passed, or a negative value, in which case the condition is not met. Currently only 0, +1, and -1
are used, but additional values may be used in the future, retaining the meaning of
2020-04-19 14:05:44 +03:00
zero/positive/negative values.</para>
<para><varname>LoadError</varname> contains a pair of strings. If the unit failed to load (as encoded
in <varname>LoadState</varname>, see above), then this will include a D-Bus error pair consisting of
2020-04-19 14:05:44 +03:00
the error ID and an explanatory human readable string of what happened. If it loaded successfully, this
will be a pair of empty strings.</para>
2020-04-19 14:05:44 +03:00
<para><varname>Transient</varname> contains a boolean that indicates whether the unit was created as a
2022-10-17 12:31:52 +03:00
transient unit (i.e. via <function>StartTransientUnit()</function> on the manager object).</para>
<para><varname>ActivationDetails</varname> contains a list of string pairs, key and value, that
describe the event that caused the unit to be activated, if any. The key describes the information
(e.g.: <varname>trigger_unit</varname>, with value <varname>foo.service</varname>). This is only filled
in if the unit was triggered by a <varname>Path</varname> or <varname>Timer</varname> unit, and it is
only provided in a best effort fashion: it is not guaranteed to be set, and it is not guaranteed to be
the only trigger. It is only guaranteed to be a valid trigger that caused the activation job to be
enqueued and complete successfully. The key value pairs correspond (in lowercase) to the environment
variables described in the <literal>Environment Variables Set or Propagated by the Service
Manager</literal> section in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Note
that new key value pair may be added at any time in future versions. Existing entries will not be
removed.</para>
</refsect2>
<refsect2>
<title>Security</title>
<para>Similarly to methods on the <interfacename>Manager</interfacename> object, read-only access is
allowed for everyone. All operations are allowed for clients with the
<constant>CAP_SYS_ADMIN</constant> capability or when the
<interfacename>org.freedesktop.systemd1.manage-units</interfacename> privilege is granted by
polkit.</para>
</refsect2>
</refsect1>
<refsect1>
<title>Service Unit Objects</title>
<para>All service unit objects implement the
<interfacename>org.freedesktop.systemd1.Service</interfacename> interface (described here) in addition to
the generic <interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice" interface="org.freedesktop.systemd1.Service">
node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
interface org.freedesktop.systemd1.Service {
methods:
BindMount(in s source,
in s destination,
in b read_only,
in b mkdir);
MountImage(in s source,
in s destination,
in b read_only,
in b mkdir,
in a(ss) options);
DumpFileDescriptorStore(out a(suuutuusu) entries);
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Type = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
Reintroduce ExitType This introduces `ExitType=main|cgroup` for services. Similar to how `Type` specifies the launch of a service, `ExitType` is concerned with how systemd determines that a service exited. - If set to `main` (the current behavior), the service manager will consider the unit stopped when the main process exits. - The `cgroup` exit type is meant for applications whose forking model is not known ahead of time and which might not have a specific main process. The service will stay running as long as at least one process in the cgroup is running. This is intended for transient or automatically generated services, such as graphical applications inside of a desktop environment. Motivation for this is #16805. The original PR (#18782) was reverted (#20073) after realizing that the exit status of "the last process in the cgroup" can't reliably be known (#19385) This version instead uses the main process exit status if there is one and just listens to the cgroup empty event otherwise. The advantages of a service with `ExitType=cgroup` over scopes are: - Integrated logging / stdout redirection - Avoids the race / synchronisation issue between launch and scope creation - More extensive use of drop-ins and thus distro-level configuration: by moving from scopes to services we can have drop ins that will affect properties that can only be set during service creation, like `OOMPolicy` and security-related properties - It makes systemd-xdg-autostart-generator usable by fixing [1], as obviously only services can be used in the generator, not scopes. [1] https://bugs.kde.org/show_bug.cgi?id=433299
2021-02-24 18:13:21 +03:00
readonly s ExitType = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Restart = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RestartMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PIDFile = '...';
readonly s NotifyAccess = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestartUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u RestartSteps = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestartMaxDelayUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t RestartUSecNext = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutStartUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutStopUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TimeoutAbortUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TimeoutStartFailureMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TimeoutStopFailureMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RuntimeMaxUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RuntimeRandomizedExtraUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t WatchdogUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t WatchdogTimestamp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t WatchdogTimestampMonotonic = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RootDirectoryStartOnly = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RemainAfterExit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b GuessMainPID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (aiai) RestartPreventExitStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (aiai) RestartForceExitStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (aiai) SuccessExitStatus = ...;
readonly u MainPID = ...;
readonly u ControlPID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s BusName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u FileDescriptorStoreMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NFileDescriptorStore = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s FileDescriptorStorePreserve = '...';
readonly s StatusText = '...';
readonly i StatusErrno = ...;
readonly s Result = '...';
readonly s ReloadResult = '...';
readonly s CleanResult = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s USBFunctionDescriptors = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s USBFunctionStrings = '...';
readonly u UID = ...;
readonly u GID = ...;
readonly u NRestarts = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s OOMPolicy = '...';
2022-11-07 19:13:15 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) OpenFile = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i ReloadSignal = ...;
readonly t ExecMainStartTimestamp = ...;
readonly t ExecMainStartTimestampMonotonic = ...;
readonly t ExecMainExitTimestamp = ...;
readonly t ExecMainExitTimestampMonotonic = ...;
readonly u ExecMainPID = ...;
readonly i ExecMainCode = ...;
readonly i ExecMainStatus = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecCondition = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecConditionEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStartPre = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecStartPreEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStart = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecStartEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStartPost = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecStartPostEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecReload = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecReloadEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStop = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecStopEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStopPost = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasasttttuii) ExecStopPostEx = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveTasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Environment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sb) EnvironmentFiles = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PassEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UnsetEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u UMask = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPU = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPUSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATASoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitAS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitASSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROCSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDING = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDINGSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIO = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIOSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIME = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIMESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s WorkingDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImage = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) RootImageOptions = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHash = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHashSignature = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashSignaturePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootVerity = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RootEphemeral = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExtensionDirectories = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sba(ss)) ExtensionImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssba(ss)) MountImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i OOMScoreAdjust = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CoredumpFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Nice = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingClass = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay CPUAffinity = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUAffinityFromNUMA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i NUMAPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay NUMAMask = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimerSlackNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUSchedulingResetOnFork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NonBlocking = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay StandardInputData = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardError = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardErrorFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TTYPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYReset = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVHangup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVTDisallocate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYRows = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYColumns = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SyslogIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SyslogLevelPrefix = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogLevel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogFacility = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i LogLevelMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LogRateLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogRateLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly aay LogExtraFields = [[...], ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(bs) LogFilterPatterns = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s LogNamespace = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SecureBits = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CapabilityBoundingSet = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t AmbientCapabilities = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s User = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Group = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DynamicUser = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SetLoginEnvironment = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RemoveIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(say) SetCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(say) SetCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) LoadCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) LoadCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadWritePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadOnlyPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as InaccessiblePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as NoExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExecSearchPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t MountFlags = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateTmp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateDevices = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectClock = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelTunables = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelModules = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelLogs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectControlGroups = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateNetwork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateUsers = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateMounts = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SameProcessGroup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SELinuxContext = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) AppArmorProfile = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SmackProcessLabel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b IgnoreSIGPIPE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NoNewPrivileges = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SystemCallArchitectures = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SystemCallErrorNumber = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallLog = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Personality = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b LockPersonality = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictAddressFamilies = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) RuntimeDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RuntimeDirectoryPreserve = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u RuntimeDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RuntimeDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) StateDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u StateDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as StateDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) CacheDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u CacheDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as CacheDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) LogsDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogsDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as LogsDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u ConfigurationDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConfigurationDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutCleanUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryDenyWriteExecute = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictRealtime = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictSUIDSGID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestrictNamespaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictFileSystems = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindReadOnlyPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) TemporaryFileSystem = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MountAPIVFS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KeyringMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectProc = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProcSubset = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectHostname = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryKSM = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s NetworkNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s IPCNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s MountImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ExtensionImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KillMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i KillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i RestartKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGKILL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGHUP = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i WatchdogSignal = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!--method GetProcesses is not documented!-->
<!--method AttachProcesses is not documented!-->
<!--property Type is not documented!-->
Reintroduce ExitType This introduces `ExitType=main|cgroup` for services. Similar to how `Type` specifies the launch of a service, `ExitType` is concerned with how systemd determines that a service exited. - If set to `main` (the current behavior), the service manager will consider the unit stopped when the main process exits. - The `cgroup` exit type is meant for applications whose forking model is not known ahead of time and which might not have a specific main process. The service will stay running as long as at least one process in the cgroup is running. This is intended for transient or automatically generated services, such as graphical applications inside of a desktop environment. Motivation for this is #16805. The original PR (#18782) was reverted (#20073) after realizing that the exit status of "the last process in the cgroup" can't reliably be known (#19385) This version instead uses the main process exit status if there is one and just listens to the cgroup empty event otherwise. The advantages of a service with `ExitType=cgroup` over scopes are: - Integrated logging / stdout redirection - Avoids the race / synchronisation issue between launch and scope creation - More extensive use of drop-ins and thus distro-level configuration: by moving from scopes to services we can have drop ins that will affect properties that can only be set during service creation, like `OOMPolicy` and security-related properties - It makes systemd-xdg-autostart-generator usable by fixing [1], as obviously only services can be used in the generator, not scopes. [1] https://bugs.kde.org/show_bug.cgi?id=433299
2021-02-24 18:13:21 +03:00
<!--property ExitType is not documented!-->
<!--property Restart is not documented!-->
<!--property RestartMode is not documented!-->
<!--property PIDFile is not documented!-->
<!--property NotifyAccess is not documented!-->
<!--property RestartUSec is not documented!-->
<!--property RestartSteps is not documented!-->
<!--property RestartMaxDelayUSec is not documented!-->
<!--property RestartUSecNext is not documented!-->
<!--property TimeoutStartFailureMode is not documented!-->
<!--property TimeoutStopFailureMode is not documented!-->
<!--property RuntimeMaxUSec is not documented!-->
<!--property RuntimeRandomizedExtraUSec is not documented!-->
<!--property WatchdogUSec is not documented!-->
<!--property RootDirectoryStartOnly is not documented!-->
<!--property RemainAfterExit is not documented!-->
<!--property GuessMainPID is not documented!-->
<!--property RestartPreventExitStatus is not documented!-->
<!--property RestartForceExitStatus is not documented!-->
<!--property SuccessExitStatus is not documented!-->
<!--property BusName is not documented!-->
<!--property FileDescriptorStoreMax is not documented!-->
<!--property NFileDescriptorStore is not documented!-->
<!--property FileDescriptorStorePreserve is not documented!-->
<!--property StatusErrno is not documented!-->
<!--property ReloadResult is not documented!-->
<!--property CleanResult is not documented!-->
<!--property USBFunctionDescriptors is not documented!-->
<!--property USBFunctionStrings is not documented!-->
<!--property UID is not documented!-->
<!--property GID is not documented!-->
<!--property NRestarts is not documented!-->
<!--property OOMPolicy is not documented!-->
2022-11-07 19:13:15 +03:00
<!--property OpenFile is not documented!-->
<!--property ReloadSignal is not documented!-->
<!--property ExecCondition is not documented!-->
<!--property ExecConditionEx is not documented!-->
<!--property ExecStartPreEx is not documented!-->
<!--property ExecStartEx is not documented!-->
<!--property ExecStartPostEx is not documented!-->
<!--property ExecReloadEx is not documented!-->
<!--property ExecStopEx is not documented!-->
<!--property ExecStopPost is not documented!-->
<!--property ExecStopPostEx is not documented!-->
<!--property Slice is not documented!-->
<!--property ControlGroupId is not documented!-->
<!--property MemoryCurrent is not documented!-->
<!--property MemoryPeak is not documented!-->
<!--property MemorySwapCurrent is not documented!-->
<!--property MemorySwapPeak is not documented!-->
<!--property MemoryZSwapCurrent is not documented!-->
<!--property EffectiveMemoryMax is not documented!-->
<!--property EffectiveMemoryHigh is not documented!-->
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
<!--property EffectiveMemoryNodes is not documented!-->
<!--property TasksCurrent is not documented!-->
<!--property EffectiveTasksMax is not documented!-->
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
<!--property IPEgressBytes is not documented!-->
<!--property IPEgressPackets is not documented!-->
<!--property IOReadBytes is not documented!-->
<!--property IOReadOperations is not documented!-->
<!--property IOWriteBytes is not documented!-->
<!--property IOWriteOperations is not documented!-->
<!--property Delegate is not documented!-->
<!--property DelegateControllers is not documented!-->
<!--property CPUAccounting is not documented!-->
<!--property CPUWeight is not documented!-->
<!--property StartupCPUWeight is not documented!-->
<!--property CPUShares is not documented!-->
<!--property StartupCPUShares is not documented!-->
<!--property CPUQuotaPerSecUSec is not documented!-->
<!--property CPUQuotaPeriodUSec is not documented!-->
<!--property AllowedCPUs is not documented!-->
<!--property StartupAllowedCPUs is not documented!-->
<!--property AllowedMemoryNodes is not documented!-->
<!--property StartupAllowedMemoryNodes is not documented!-->
<!--property IOAccounting is not documented!-->
<!--property IOWeight is not documented!-->
<!--property StartupIOWeight is not documented!-->
<!--property IODeviceWeight is not documented!-->
<!--property IOReadBandwidthMax is not documented!-->
<!--property IOWriteBandwidthMax is not documented!-->
<!--property IOReadIOPSMax is not documented!-->
<!--property IOWriteIOPSMax is not documented!-->
<!--property IODeviceLatencyTargetUSec is not documented!-->
<!--property BlockIOAccounting is not documented!-->
<!--property BlockIOWeight is not documented!-->
<!--property StartupBlockIOWeight is not documented!-->
<!--property BlockIODeviceWeight is not documented!-->
<!--property BlockIOReadBandwidth is not documented!-->
<!--property BlockIOWriteBandwidth is not documented!-->
<!--property MemoryAccounting is not documented!-->
<!--property DefaultMemoryLow is not documented!-->
<!--property DefaultStartupMemoryLow is not documented!-->
<!--property DefaultMemoryMin is not documented!-->
<!--property MemoryMin is not documented!-->
<!--property MemoryLow is not documented!-->
<!--property StartupMemoryLow is not documented!-->
<!--property MemoryHigh is not documented!-->
<!--property StartupMemoryHigh is not documented!-->
<!--property MemoryMax is not documented!-->
<!--property StartupMemoryMax is not documented!-->
<!--property MemorySwapMax is not documented!-->
<!--property StartupMemorySwapMax is not documented!-->
<!--property MemoryZSwapMax is not documented!-->
<!--property StartupMemoryZSwapMax is not documented!-->
<!--property MemoryLimit is not documented!-->
<!--property DevicePolicy is not documented!-->
<!--property DeviceAllow is not documented!-->
<!--property TasksAccounting is not documented!-->
<!--property TasksMax is not documented!-->
<!--property IPAccounting is not documented!-->
<!--property IPAddressAllow is not documented!-->
<!--property IPAddressDeny is not documented!-->
<!--property IPIngressFilterPath is not documented!-->
<!--property IPEgressFilterPath is not documented!-->
<!--property DisableControllers is not documented!-->
<!--property ManagedOOMSwap is not documented!-->
<!--property ManagedOOMMemoryPressure is not documented!-->
<!--property ManagedOOMMemoryPressureLimit is not documented!-->
2021-01-29 04:35:17 +03:00
<!--property ManagedOOMPreference is not documented!-->
<!--property BPFProgram is not documented!-->
<!--property SocketBindAllow is not documented!-->
<!--property SocketBindDeny is not documented!-->
<!--property RestrictNetworkInterfaces is not documented!-->
<!--property MemoryPressureWatch is not documented!-->
<!--property MemoryPressureThresholdUSec is not documented!-->
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<!--property NFTSet is not documented!-->
2023-10-11 17:46:42 +03:00
<!--property CoredumpReceive is not documented!-->
<!--property EnvironmentFiles is not documented!-->
<!--property PassEnvironment is not documented!-->
<!--property UnsetEnvironment is not documented!-->
<!--property UMask is not documented!-->
<!--property LimitCPUSoft is not documented!-->
<!--property LimitFSIZE is not documented!-->
<!--property LimitFSIZESoft is not documented!-->
<!--property LimitDATA is not documented!-->
<!--property LimitDATASoft is not documented!-->
<!--property LimitSTACK is not documented!-->
<!--property LimitSTACKSoft is not documented!-->
<!--property LimitCORE is not documented!-->
<!--property LimitCORESoft is not documented!-->
<!--property LimitRSS is not documented!-->
<!--property LimitRSSSoft is not documented!-->
<!--property LimitNOFILE is not documented!-->
<!--property LimitNOFILESoft is not documented!-->
<!--property LimitAS is not documented!-->
<!--property LimitASSoft is not documented!-->
<!--property LimitNPROC is not documented!-->
<!--property LimitNPROCSoft is not documented!-->
<!--property LimitMEMLOCK is not documented!-->
<!--property LimitMEMLOCKSoft is not documented!-->
<!--property LimitLOCKS is not documented!-->
<!--property LimitLOCKSSoft is not documented!-->
<!--property LimitSIGPENDING is not documented!-->
<!--property LimitSIGPENDINGSoft is not documented!-->
<!--property LimitMSGQUEUE is not documented!-->
<!--property LimitMSGQUEUESoft is not documented!-->
<!--property LimitNICE is not documented!-->
<!--property LimitNICESoft is not documented!-->
<!--property LimitRTPRIO is not documented!-->
<!--property LimitRTPRIOSoft is not documented!-->
<!--property LimitRTTIME is not documented!-->
<!--property LimitRTTIMESoft is not documented!-->
<!--property WorkingDirectory is not documented!-->
<!--property RootHashPath is not documented!-->
<!--property RootHashSignaturePath is not documented!-->
<!--property RootEphemeral is not documented!-->
<!--property OOMScoreAdjust is not documented!-->
<!--property CoredumpFilter is not documented!-->
<!--property Nice is not documented!-->
<!--property IOSchedulingClass is not documented!-->
<!--property IOSchedulingPriority is not documented!-->
<!--property CPUSchedulingPolicy is not documented!-->
<!--property CPUSchedulingPriority is not documented!-->
<!--property CPUAffinity is not documented!-->
<!--property CPUAffinityFromNUMA is not documented!-->
<!--property NUMAPolicy is not documented!-->
<!--property NUMAMask is not documented!-->
<!--property TimerSlackNSec is not documented!-->
<!--property CPUSchedulingResetOnFork is not documented!-->
<!--property NonBlocking is not documented!-->
<!--property StandardInput is not documented!-->
<!--property StandardInputFileDescriptorName is not documented!-->
<!--property StandardInputData is not documented!-->
<!--property StandardOutput is not documented!-->
<!--property StandardOutputFileDescriptorName is not documented!-->
<!--property StandardError is not documented!-->
<!--property StandardErrorFileDescriptorName is not documented!-->
<!--property TTYPath is not documented!-->
<!--property TTYReset is not documented!-->
<!--property TTYVHangup is not documented!-->
<!--property TTYVTDisallocate is not documented!-->
<!--property TTYRows is not documented!-->
<!--property TTYColumns is not documented!-->
<!--property SyslogPriority is not documented!-->
<!--property SyslogIdentifier is not documented!-->
<!--property SyslogLevelPrefix is not documented!-->
<!--property SyslogLevel is not documented!-->
<!--property SyslogFacility is not documented!-->
<!--property LogLevelMax is not documented!-->
<!--property LogRateLimitIntervalUSec is not documented!-->
<!--property LogRateLimitBurst is not documented!-->
<!--property LogExtraFields is not documented!-->
<!--property LogFilterPatterns is not documented!-->
<!--property LogNamespace is not documented!-->
<!--property AmbientCapabilities is not documented!-->
<!--property User is not documented!-->
<!--property Group is not documented!-->
<!--property DynamicUser is not documented!-->
<!--property SetLoginEnvironment is not documented!-->
<!--property RemoveIPC is not documented!-->
<!--property SetCredential is not documented!-->
<!--property SetCredentialEncrypted is not documented!-->
<!--property LoadCredential is not documented!-->
<!--property LoadCredentialEncrypted is not documented!-->
<!--property ImportCredential is not documented!-->
<!--property SupplementaryGroups is not documented!-->
<!--property PAMName is not documented!-->
<!--property ReadWritePaths is not documented!-->
<!--property ReadOnlyPaths is not documented!-->
<!--property InaccessiblePaths is not documented!-->
<!--property ExecPaths is not documented!-->
<!--property NoExecPaths is not documented!-->
<!--property ExecSearchPath is not documented!-->
<!--property PrivateTmp is not documented!-->
<!--property PrivateDevices is not documented!-->
<!--property ProtectClock is not documented!-->
<!--property ProtectKernelTunables is not documented!-->
<!--property ProtectKernelModules is not documented!-->
<!--property ProtectKernelLogs is not documented!-->
<!--property ProtectControlGroups is not documented!-->
<!--property PrivateNetwork is not documented!-->
<!--property PrivateUsers is not documented!-->
<!--property PrivateMounts is not documented!-->
<!--property PrivateIPC is not documented!-->
<!--property ProtectHome is not documented!-->
<!--property ProtectSystem is not documented!-->
<!--property SameProcessGroup is not documented!-->
<!--property UtmpIdentifier is not documented!-->
<!--property UtmpMode is not documented!-->
<!--property SELinuxContext is not documented!-->
<!--property AppArmorProfile is not documented!-->
<!--property SmackProcessLabel is not documented!-->
<!--property IgnoreSIGPIPE is not documented!-->
<!--property NoNewPrivileges is not documented!-->
<!--property SystemCallFilter is not documented!-->
<!--property SystemCallArchitectures is not documented!-->
<!--property SystemCallErrorNumber is not documented!-->
<!--property SystemCallLog is not documented!-->
<!--property Personality is not documented!-->
<!--property LockPersonality is not documented!-->
<!--property RestrictAddressFamilies is not documented!-->
<!--property RuntimeDirectoryPreserve is not documented!-->
<!--property RuntimeDirectoryMode is not documented!-->
<!--property StateDirectoryMode is not documented!-->
<!--property CacheDirectoryMode is not documented!-->
<!--property LogsDirectoryMode is not documented!-->
<!--property ConfigurationDirectoryMode is not documented!-->
<!--property ConfigurationDirectory is not documented!-->
<!--property TimeoutCleanUSec is not documented!-->
<!--property MemoryDenyWriteExecute is not documented!-->
<!--property RestrictRealtime is not documented!-->
<!--property RestrictSUIDSGID is not documented!-->
<!--property RestrictNamespaces is not documented!-->
<!--property RestrictFileSystems is not documented!-->
<!--property BindPaths is not documented!-->
<!--property BindReadOnlyPaths is not documented!-->
<!--property TemporaryFileSystem is not documented!-->
<!--property MountAPIVFS is not documented!-->
<!--property KeyringMode is not documented!-->
<!--property ProtectProc is not documented!-->
<!--property ProcSubset is not documented!-->
<!--property ProtectHostname is not documented!-->
<!--property MemoryKSM is not documented!-->
<!--property NetworkNamespacePath is not documented!-->
<!--property IPCNamespacePath is not documented!-->
<!--property RootImagePolicy is not documented!-->
<!--property MountImagePolicy is not documented!-->
<!--property ExtensionImagePolicy is not documented!-->
<!--property KillMode is not documented!-->
<!--property KillSignal is not documented!-->
<!--property RestartKillSignal is not documented!-->
<!--property FinalKillSignal is not documented!-->
<!--property SendSIGKILL is not documented!-->
<!--property SendSIGHUP is not documented!-->
<!--property WatchdogSignal is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Service"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Service"/>
<variablelist class="dbus-method" generated="True" extra-ref="BindMount()"/>
<variablelist class="dbus-method" generated="True" extra-ref="MountImage()"/>
<variablelist class="dbus-method" generated="True" extra-ref="DumpFileDescriptorStore()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetProcesses()"/>
<variablelist class="dbus-method" generated="True" extra-ref="AttachProcesses()"/>
<variablelist class="dbus-property" generated="True" extra-ref="Type"/>
Reintroduce ExitType This introduces `ExitType=main|cgroup` for services. Similar to how `Type` specifies the launch of a service, `ExitType` is concerned with how systemd determines that a service exited. - If set to `main` (the current behavior), the service manager will consider the unit stopped when the main process exits. - The `cgroup` exit type is meant for applications whose forking model is not known ahead of time and which might not have a specific main process. The service will stay running as long as at least one process in the cgroup is running. This is intended for transient or automatically generated services, such as graphical applications inside of a desktop environment. Motivation for this is #16805. The original PR (#18782) was reverted (#20073) after realizing that the exit status of "the last process in the cgroup" can't reliably be known (#19385) This version instead uses the main process exit status if there is one and just listens to the cgroup empty event otherwise. The advantages of a service with `ExitType=cgroup` over scopes are: - Integrated logging / stdout redirection - Avoids the race / synchronisation issue between launch and scope creation - More extensive use of drop-ins and thus distro-level configuration: by moving from scopes to services we can have drop ins that will affect properties that can only be set during service creation, like `OOMPolicy` and security-related properties - It makes systemd-xdg-autostart-generator usable by fixing [1], as obviously only services can be used in the generator, not scopes. [1] https://bugs.kde.org/show_bug.cgi?id=433299
2021-02-24 18:13:21 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="ExitType"/>
<variablelist class="dbus-property" generated="True" extra-ref="Restart"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="PIDFile"/>
<variablelist class="dbus-property" generated="True" extra-ref="NotifyAccess"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartSteps"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartMaxDelayUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartUSecNext"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutStartUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutStopUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutAbortUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutStartFailureMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutStopFailureMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeMaxUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeRandomizedExtraUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootDirectoryStartOnly"/>
<variablelist class="dbus-property" generated="True" extra-ref="RemainAfterExit"/>
<variablelist class="dbus-property" generated="True" extra-ref="GuessMainPID"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartPreventExitStatus"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartForceExitStatus"/>
<variablelist class="dbus-property" generated="True" extra-ref="SuccessExitStatus"/>
<variablelist class="dbus-property" generated="True" extra-ref="MainPID"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlPID"/>
<variablelist class="dbus-property" generated="True" extra-ref="BusName"/>
<variablelist class="dbus-property" generated="True" extra-ref="FileDescriptorStoreMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="NFileDescriptorStore"/>
<variablelist class="dbus-property" generated="True" extra-ref="FileDescriptorStorePreserve"/>
<variablelist class="dbus-property" generated="True" extra-ref="StatusText"/>
<variablelist class="dbus-property" generated="True" extra-ref="StatusErrno"/>
<variablelist class="dbus-property" generated="True" extra-ref="Result"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReloadResult"/>
<variablelist class="dbus-property" generated="True" extra-ref="CleanResult"/>
<variablelist class="dbus-property" generated="True" extra-ref="USBFunctionDescriptors"/>
<variablelist class="dbus-property" generated="True" extra-ref="USBFunctionStrings"/>
<variablelist class="dbus-property" generated="True" extra-ref="UID"/>
<variablelist class="dbus-property" generated="True" extra-ref="GID"/>
<variablelist class="dbus-property" generated="True" extra-ref="NRestarts"/>
<variablelist class="dbus-property" generated="True" extra-ref="OOMPolicy"/>
2022-11-07 19:13:15 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="OpenFile"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReloadSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecMainStartTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecMainStartTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecMainExitTimestamp"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecMainExitTimestampMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecMainPID"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecMainCode"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecMainStatus"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecCondition"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecConditionEx"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStartPre"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStartPreEx"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStart"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStartEx"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStartPost"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStartPostEx"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecReload"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecReloadEx"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStop"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStopEx"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStopPost"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStopPostEx"/>
<variablelist class="dbus-property" generated="True" extra-ref="Slice"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroupId"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="Delegate"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateSubgroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultStartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="DisableControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMSwap"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimit"/>
2021-01-29 04:35:17 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMPreference"/>
<variablelist class="dbus-property" generated="True" extra-ref="BPFProgram"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictNetworkInterfaces"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureWatch"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureThresholdUSec"/>
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="NFTSet"/>
2023-10-11 17:46:42 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="CoredumpReceive"/>
<variablelist class="dbus-property" generated="True" extra-ref="Environment"/>
<variablelist class="dbus-property" generated="True" extra-ref="EnvironmentFiles"/>
<variablelist class="dbus-property" generated="True" extra-ref="PassEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnsetEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="UMask"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCPU"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCPUSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitFSIZE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitFSIZESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitDATA"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitDATASoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSTACK"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSTACKSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCORE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCORESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRSS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRSSSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNOFILE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNOFILESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitAS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitASSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNPROC"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNPROCSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMEMLOCK"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMEMLOCKSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitLOCKS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitLOCKSSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSIGPENDING"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSIGPENDINGSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMSGQUEUE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMSGQUEUESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNICE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNICESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTPRIO"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTPRIOSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTTIME"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTTIMESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="WorkingDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImage"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImageOptions"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHash"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashSignature"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashSignaturePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootVerity"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootEphemeral"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionDirectories"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionImages"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountImages"/>
<variablelist class="dbus-property" generated="True" extra-ref="OOMScoreAdjust"/>
<variablelist class="dbus-property" generated="True" extra-ref="CoredumpFilter"/>
<variablelist class="dbus-property" generated="True" extra-ref="Nice"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOSchedulingClass"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOSchedulingPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingPolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAffinity"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAffinityFromNUMA"/>
<variablelist class="dbus-property" generated="True" extra-ref="NUMAPolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="NUMAMask"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimerSlackNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingResetOnFork"/>
<variablelist class="dbus-property" generated="True" extra-ref="NonBlocking"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInput"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInputFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInputData"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardOutput"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardOutputFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardError"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardErrorFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYReset"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYVHangup"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYVTDisallocate"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYRows"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYColumns"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogIdentifier"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogLevelPrefix"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogLevel"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogFacility"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogLevelMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogRateLimitIntervalUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogRateLimitBurst"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogExtraFields"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogFilterPatterns"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogNamespace"/>
<variablelist class="dbus-property" generated="True" extra-ref="SecureBits"/>
<variablelist class="dbus-property" generated="True" extra-ref="CapabilityBoundingSet"/>
<variablelist class="dbus-property" generated="True" extra-ref="AmbientCapabilities"/>
<variablelist class="dbus-property" generated="True" extra-ref="User"/>
<variablelist class="dbus-property" generated="True" extra-ref="Group"/>
<variablelist class="dbus-property" generated="True" extra-ref="DynamicUser"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetLoginEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="RemoveIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetCredentialEncrypted"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoadCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoadCredentialEncrypted"/>
<variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PAMName"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReadWritePaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReadOnlyPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="InaccessiblePaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="NoExecPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecSearchPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountFlags"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateTmp"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateDevices"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectClock"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelTunables"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelModules"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelLogs"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectControlGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateNetwork"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateUsers"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateMounts"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHome"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectSystem"/>
<variablelist class="dbus-property" generated="True" extra-ref="SameProcessGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="UtmpIdentifier"/>
<variablelist class="dbus-property" generated="True" extra-ref="UtmpMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="SELinuxContext"/>
<variablelist class="dbus-property" generated="True" extra-ref="AppArmorProfile"/>
<variablelist class="dbus-property" generated="True" extra-ref="SmackProcessLabel"/>
<variablelist class="dbus-property" generated="True" extra-ref="IgnoreSIGPIPE"/>
<variablelist class="dbus-property" generated="True" extra-ref="NoNewPrivileges"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallFilter"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallArchitectures"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallErrorNumber"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallLog"/>
<variablelist class="dbus-property" generated="True" extra-ref="Personality"/>
<variablelist class="dbus-property" generated="True" extra-ref="LockPersonality"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictAddressFamilies"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectoryPreserve"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConfigurationDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConfigurationDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutCleanUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryDenyWriteExecute"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictRealtime"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictSUIDSGID"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictNamespaces"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictFileSystems"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindReadOnlyPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="TemporaryFileSystem"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountAPIVFS"/>
<variablelist class="dbus-property" generated="True" extra-ref="KeyringMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectProc"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProcSubset"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHostname"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryKSM"/>
<variablelist class="dbus-property" generated="True" extra-ref="NetworkNamespacePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPCNamespacePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="KillMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="KillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="FinalKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendSIGKILL"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendSIGHUP"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogSignal"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Methods</title>
<para><function>BindMount()</function> and <function>MountImage()</function> implement the same operations
as the respective methods on the <interfacename>Manager</interfacename> object (see above). However, these
methods operate on the service object and hence do not take a unit name parameter. Invoking the methods
directly on the Manager object has the advantage of not requiring a <function>GetUnit()</function> call
to get the unit object for a specific unit name. Calling the methods on the Manager object is hence a round
trip optimization.</para>
<para><function>DumpFileDescriptorStore()</function> returns an array with information about the file
descriptors currently in the file descriptor store of the service. Each entry consists of a file
descriptor name (i.e. the <varname>FDNAME=</varname> field), the file descriptor inode type and access
mode as integer (i.e. a <type>mode_t</type> value, flags such as <constant>S_IFREG</constant>,
<constant>S_IRUSR</constant>, …), the major and minor numbers of the device number of the file system
backing the inode of the file descriptor, the inode number, the major and minor numbers of the device
number if this refers to a character or block device node, a file system path pointing to the inode,
and the file descriptor flags (i.e. <constant>O_RDWR</constant>, <constant>O_RDONLY</constant>,
…).</para>
</refsect2>
<refsect2>
<title>Properties</title>
<para>Most properties of the Service interface map directly to the corresponding settings in service
unit files. For the sake of brevity, here's a list of all exceptions only:</para>
<para><varname>TimeoutStartUSec</varname>, <varname>TimeoutStopUSec</varname> and
<varname>TimeoutAbortUSec</varname> contain the start, stop and abort timeouts, in microseconds. Note
the slight difference in naming when compared to the matching unit file settings (see
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>7</manvolnum></citerefentry>):
these bus properties strictly use microseconds (and thus are suffixed <varname>…USec</varname>) while
the unit file settings default to a time unit of seconds (and thus are suffixed
<varname>…Sec</varname>), unless a different unit is explicitly specified. This reflects that fact that
internally the service manager deals in microsecond units only, and the bus properties are a relatively
low-level (binary) concept exposing this. The unit file settings on the other hand are relatively
high-level (string-based) concepts and thus support more user friendly time specifications which
default to second time units but allow other units too, if specified.</para>
<para><varname>WatchdogTimestamp</varname> and <varname>WatchdogTimestampMonotonic</varname> contain
<constant>CLOCK_REALTIME</constant>/<constant>CLOCK_MONOTONIC</constant> microsecond timestamps of the
last watchdog ping received from the service, or 0 if none was ever received.</para>
<para><varname>ExecStartPre</varname>, <varname>ExecStart</varname>, <varname>ExecStartPost</varname>,
<varname>ExecReload</varname>, <varname>ExecStop</varname>, and <varname>ExecStop</varname> are arrays
of structures where each struct contains: the binary path to execute; an array with all arguments to
pass to the executed command, starting with argument 0; a boolean whether it should be considered a
failure if the process exits uncleanly; two pairs of
<constant>CLOCK_REALTIME</constant>/<constant>CLOCK_MONOTONIC</constant> microsecond timestamps when
the process began and finished running the last time, or 0 if it never ran or never finished running;
the PID of the process, or 0 if it has not run yet; the exit code and status of the last run. This
field hence maps more or less to the corresponding setting in the service unit file but is augmented
with runtime data.</para>
<para><varname>LimitCPU</varname> (and related properties) map more or less directly to the
corresponding settings in the service unit files except that if they aren't set, their value is
18446744073709551615 (i.e. -1).</para>
<para><varname>Capabilities</varname> contains the configured capabilities, as formatted with
<citerefentry project="man-pages"><refentrytitle>cap_to_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
<para><varname>SecureBits</varname>, <varname>CapabilityBoundingSet</varname>,
<varname>MountFlags</varname> also correspond to the configured settings of the unit files, but
instead of being formatted as strings, they are encoded as the actual binary flags they are.
</para>
<para><varname>ExecMainStartTimestamp</varname>, <varname>ExecMainStartTimestampMonotonic</varname>,
<varname>ExecMainExitTimestamp</varname>, <varname>ExecMainExitTimestampMonotonic</varname>,
<varname>ExecMainPID</varname>, <varname>ExecMainCode</varname>, <varname>ExecMainStatus</varname>
contain information about the main process of the service as far as it is known. This is often the same
runtime information that is stored in <varname>ExecStart</varname>. However, it deviates for
<varname>Type=forking</varname> services where the main process of the service is not forked off
systemd directly. These fields either contain information of the last run of the process or of the
current running process.</para>
<para><varname>MainPID</varname> and <varname>ControlPID</varname> contain the main and control PID of
the service. The main PID is the current main PID of the service and is 0 when the service currently
has no main PID. The control PID is the PID of the current start/stop/reload process running and is 0
if no such process is currently running. That means that <varname>ExecMainPID</varname> and
<varname>MainPID</varname> differ in the way that the latter immediately reflects whether a main
process is currently running while the latter possible contains information collected from the last run
even if the process is no longer around.</para>
<para><varname>StatusText</varname> contains the status text passed to the service manager via a call
to
<citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
This may be used by services to inform the service manager about its internal state with a nice
explanatory string.</para>
<para><varname>Result</varname> encodes the execution result of the last run of the service. It is
useful to determine the reason a service failed if it is in the <literal>failed</literal> state (see
<varname>ActiveState</varname> above). The following values are currently known:
<literal>success</literal> is set if the unit didn't fail. <literal>resources</literal> indicates that
not enough resources were available to fork off and execute the service
processes. <literal>timeout</literal> indicates that a timeout occurred while executing a service
operation. <literal>exit-code</literal> indicates that a service process exited with an unclean exit
code. <literal>signal</literal> indicates that a service process exited with an uncaught
signal. <literal>core-dump</literal> indicates that a service process exited uncleanly and dumped
core. <literal>watchdog</literal> indicates that a service did not send out watchdog ping messages
often enough. <literal>start-limit</literal> indicates that a service has been started too frequently
in a specific time frame (as configured in <varname>StartLimitInterval</varname>,
<varname>StartLimitBurst</varname>).</para>
<para><varname>ControlGroup</varname> indicates the control group path the processes of this service
unit are placed in.</para>
<para>The following properties map 1:1 to corresponding settings in the unit file:
<varname>RootDirectory</varname>
<varname>RootImage</varname>
<varname>RootImageOptions</varname>
<varname>RootVerity</varname>
<varname>RootHash</varname>
<varname>RootHashSignature</varname>
<varname>MountImages</varname>
<varname>ExtensionImages</varname>
<varname>ExtensionDirectories</varname>
see systemd.exec(5) for their meaning.</para>
<para><varname>MemoryAvailable</varname> takes into account unit's and parents' <literal>MemoryMax</literal>
or <literal>MemoryHigh</literal> or physically available RAM versus given level's memory consumption
and takes minimum. Beware that other units below the tightest parent slice may consume the memory quicker
and less than reported value would remain for own allocation.
It works better in conjunction with <varname>MemoryAccounting=yes</varname> on involved units.</para>
<para><varname>DelegateSubgroup</varname> contains the cgroup subgroup to place invoked unit processes
in. As configured by the option of the same name in unit files. This is set to the empty string when it
does not apply or no subgroup has been configured.</para>
<para><varname>RuntimeDirectorySymlink</varname>, <varname>StateDirectorySymlink</varname>,
<varname>CacheDirectorySymlink</varname> and <varname>LogsDirectorySymlink</varname> respectively
implement the destination parameter of the unit files settings <varname>RuntimeDirectory</varname>,
<varname>StateDirectory</varname>, <varname>CacheDirectory</varname> and <varname>LogsDirectory</varname>,
which will create a symlink of the given name to the respective directory. The messages take an unused
<varname>flags</varname> parameter, reserved for future backward-compatible changes.</para>
</refsect2>
</refsect1>
<refsect1>
<title>Socket Unit Objects</title>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket" interface="org.freedesktop.systemd1.Socket">
node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
interface org.freedesktop.systemd1.Socket {
methods:
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s BindIPv6Only = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u Backlog = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s BindToDevice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SocketUser = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SocketGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u SocketMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u DirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Accept = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b FlushPending = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Writable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b KeepAlive = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t KeepAliveTimeUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t KeepAliveIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u KeepAliveProbes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t DeferAcceptUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NoDelay = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Priority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t ReceiveBuffer = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t SendBuffer = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IPTOS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IPTTL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t PipeSize = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b FreeBind = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Transparent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Broadcast = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PassCredentials = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PassSecurity = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PassPacketInfo = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Timestamping = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RemoveOnStop = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) Listen = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Symlinks = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Mark = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u MaxConnections = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u MaxConnectionsPerSource = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly x MessageQueueMaxMessages = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly x MessageQueueMessageSize = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TCPCongestion = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ReusePort = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SmackLabel = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SmackLabelIPIn = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SmackLabelIPOut = '...';
readonly u ControlPID = ...;
readonly s Result = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NConnections = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NAccepted = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u NRefused = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s FileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SocketProtocol = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TriggerLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u TriggerLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t PollLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u PollLimitBurst = ...;
readonly u UID = ...;
readonly u GID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStartPre = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStartPost = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStopPre = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecStopPost = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveTasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Environment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sb) EnvironmentFiles = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PassEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UnsetEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u UMask = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPU = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPUSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATASoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitAS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitASSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROCSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDING = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDINGSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIO = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIOSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIME = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIMESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s WorkingDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImage = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) RootImageOptions = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHash = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHashSignature = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashSignaturePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootVerity = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RootEphemeral = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExtensionDirectories = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sba(ss)) ExtensionImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssba(ss)) MountImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i OOMScoreAdjust = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CoredumpFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Nice = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingClass = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay CPUAffinity = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUAffinityFromNUMA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i NUMAPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay NUMAMask = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimerSlackNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUSchedulingResetOnFork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NonBlocking = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay StandardInputData = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardError = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardErrorFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TTYPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYReset = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVHangup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVTDisallocate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYRows = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYColumns = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SyslogIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SyslogLevelPrefix = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogLevel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogFacility = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i LogLevelMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LogRateLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogRateLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly aay LogExtraFields = [[...], ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(bs) LogFilterPatterns = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s LogNamespace = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SecureBits = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CapabilityBoundingSet = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t AmbientCapabilities = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s User = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Group = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DynamicUser = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SetLoginEnvironment = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RemoveIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(say) SetCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(say) SetCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) LoadCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) LoadCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadWritePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadOnlyPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as InaccessiblePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as NoExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExecSearchPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t MountFlags = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateTmp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateDevices = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectClock = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelTunables = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelModules = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelLogs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectControlGroups = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateNetwork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateUsers = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateMounts = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SameProcessGroup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SELinuxContext = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) AppArmorProfile = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SmackProcessLabel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b IgnoreSIGPIPE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NoNewPrivileges = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SystemCallArchitectures = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SystemCallErrorNumber = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallLog = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Personality = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b LockPersonality = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictAddressFamilies = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) RuntimeDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RuntimeDirectoryPreserve = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u RuntimeDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RuntimeDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) StateDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u StateDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as StateDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) CacheDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u CacheDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as CacheDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) LogsDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogsDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as LogsDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u ConfigurationDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConfigurationDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutCleanUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryDenyWriteExecute = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictRealtime = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictSUIDSGID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestrictNamespaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictFileSystems = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindReadOnlyPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) TemporaryFileSystem = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MountAPIVFS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KeyringMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectProc = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProcSubset = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectHostname = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryKSM = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s NetworkNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s IPCNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s MountImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ExtensionImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KillMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i KillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i RestartKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGKILL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGHUP = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i WatchdogSignal = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!--method GetProcesses is not documented!-->
<!--method AttachProcesses is not documented!-->
<!--property BindIPv6Only is not documented!-->
<!--property Backlog is not documented!-->
<!--property TimeoutUSec is not documented!-->
<!--property BindToDevice is not documented!-->
<!--property SocketUser is not documented!-->
<!--property SocketGroup is not documented!-->
<!--property SocketMode is not documented!-->
<!--property DirectoryMode is not documented!-->
<!--property Writable is not documented!-->
<!--property KeepAlive is not documented!-->
<!--property KeepAliveTimeUSec is not documented!-->
<!--property KeepAliveIntervalUSec is not documented!-->
<!--property KeepAliveProbes is not documented!-->
<!--property DeferAcceptUSec is not documented!-->
<!--property NoDelay is not documented!-->
<!--property Priority is not documented!-->
<!--property ReceiveBuffer is not documented!-->
<!--property SendBuffer is not documented!-->
<!--property IPTOS is not documented!-->
<!--property IPTTL is not documented!-->
<!--property PipeSize is not documented!-->
<!--property FreeBind is not documented!-->
<!--property Transparent is not documented!-->
<!--property Broadcast is not documented!-->
<!--property PassCredentials is not documented!-->
<!--property PassSecurity is not documented!-->
<!--property PassPacketInfo is not documented!-->
<!--property Timestamping is not documented!-->
<!--property RemoveOnStop is not documented!-->
<!--property Listen is not documented!-->
<!--property Symlinks is not documented!-->
<!--property Mark is not documented!-->
<!--property MaxConnections is not documented!-->
<!--property MaxConnectionsPerSource is not documented!-->
<!--property MessageQueueMaxMessages is not documented!-->
<!--property MessageQueueMessageSize is not documented!-->
<!--property TCPCongestion is not documented!-->
<!--property ReusePort is not documented!-->
<!--property SmackLabel is not documented!-->
<!--property SmackLabelIPIn is not documented!-->
<!--property SmackLabelIPOut is not documented!-->
<!--property NRefused is not documented!-->
<!--property FileDescriptorName is not documented!-->
<!--property SocketProtocol is not documented!-->
<!--property TriggerLimitIntervalUSec is not documented!-->
<!--property TriggerLimitBurst is not documented!-->
<!--property UID is not documented!-->
<!--property GID is not documented!-->
<!--property ExecStopPre is not documented!-->
<!--property ExecStopPost is not documented!-->
<!--property Slice is not documented!-->
<!--property ControlGroupId is not documented!-->
<!--property MemoryCurrent is not documented!-->
<!--property MemoryPeak is not documented!-->
<!--property MemorySwapCurrent is not documented!-->
<!--property MemorySwapPeak is not documented!-->
<!--property MemoryZSwapCurrent is not documented!-->
<!--property EffectiveMemoryMax is not documented!-->
<!--property EffectiveMemoryHigh is not documented!-->
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
<!--property EffectiveMemoryNodes is not documented!-->
<!--property TasksCurrent is not documented!-->
<!--property EffectiveTasksMax is not documented!-->
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
<!--property IPEgressBytes is not documented!-->
<!--property IPEgressPackets is not documented!-->
<!--property IOReadBytes is not documented!-->
<!--property IOReadOperations is not documented!-->
<!--property IOWriteBytes is not documented!-->
<!--property IOWriteOperations is not documented!-->
<!--property Delegate is not documented!-->
<!--property DelegateControllers is not documented!-->
<!--property CPUAccounting is not documented!-->
<!--property CPUWeight is not documented!-->
<!--property StartupCPUWeight is not documented!-->
<!--property CPUShares is not documented!-->
<!--property StartupCPUShares is not documented!-->
<!--property CPUQuotaPerSecUSec is not documented!-->
<!--property CPUQuotaPeriodUSec is not documented!-->
<!--property AllowedCPUs is not documented!-->
<!--property StartupAllowedCPUs is not documented!-->
<!--property AllowedMemoryNodes is not documented!-->
<!--property StartupAllowedMemoryNodes is not documented!-->
<!--property IOAccounting is not documented!-->
<!--property IOWeight is not documented!-->
<!--property StartupIOWeight is not documented!-->
<!--property IODeviceWeight is not documented!-->
<!--property IOReadBandwidthMax is not documented!-->
<!--property IOWriteBandwidthMax is not documented!-->
<!--property IOReadIOPSMax is not documented!-->
<!--property IOWriteIOPSMax is not documented!-->
<!--property IODeviceLatencyTargetUSec is not documented!-->
<!--property BlockIOAccounting is not documented!-->
<!--property BlockIOWeight is not documented!-->
<!--property StartupBlockIOWeight is not documented!-->
<!--property BlockIODeviceWeight is not documented!-->
<!--property BlockIOReadBandwidth is not documented!-->
<!--property BlockIOWriteBandwidth is not documented!-->
<!--property MemoryAccounting is not documented!-->
<!--property DefaultMemoryLow is not documented!-->
<!--property DefaultStartupMemoryLow is not documented!-->
<!--property DefaultMemoryMin is not documented!-->
<!--property MemoryMin is not documented!-->
<!--property MemoryLow is not documented!-->
<!--property StartupMemoryLow is not documented!-->
<!--property MemoryHigh is not documented!-->
<!--property StartupMemoryHigh is not documented!-->
<!--property MemoryMax is not documented!-->
<!--property StartupMemoryMax is not documented!-->
<!--property MemorySwapMax is not documented!-->
<!--property StartupMemorySwapMax is not documented!-->
<!--property MemoryZSwapMax is not documented!-->
<!--property StartupMemoryZSwapMax is not documented!-->
<!--property MemoryLimit is not documented!-->
<!--property DevicePolicy is not documented!-->
<!--property DeviceAllow is not documented!-->
<!--property TasksAccounting is not documented!-->
<!--property TasksMax is not documented!-->
<!--property IPAccounting is not documented!-->
<!--property IPAddressAllow is not documented!-->
<!--property IPAddressDeny is not documented!-->
<!--property IPIngressFilterPath is not documented!-->
<!--property IPEgressFilterPath is not documented!-->
<!--property DisableControllers is not documented!-->
<!--property ManagedOOMSwap is not documented!-->
<!--property ManagedOOMMemoryPressure is not documented!-->
<!--property ManagedOOMMemoryPressureLimit is not documented!-->
2021-01-29 04:35:17 +03:00
<!--property ManagedOOMPreference is not documented!-->
<!--property BPFProgram is not documented!-->
<!--property SocketBindAllow is not documented!-->
<!--property SocketBindDeny is not documented!-->
<!--property RestrictNetworkInterfaces is not documented!-->
<!--property MemoryPressureWatch is not documented!-->
<!--property MemoryPressureThresholdUSec is not documented!-->
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<!--property NFTSet is not documented!-->
2023-10-11 17:46:42 +03:00
<!--property CoredumpReceive is not documented!-->
<!--property EnvironmentFiles is not documented!-->
<!--property PassEnvironment is not documented!-->
<!--property UnsetEnvironment is not documented!-->
<!--property UMask is not documented!-->
<!--property LimitCPUSoft is not documented!-->
<!--property LimitFSIZE is not documented!-->
<!--property LimitFSIZESoft is not documented!-->
<!--property LimitDATA is not documented!-->
<!--property LimitDATASoft is not documented!-->
<!--property LimitSTACK is not documented!-->
<!--property LimitSTACKSoft is not documented!-->
<!--property LimitCORE is not documented!-->
<!--property LimitCORESoft is not documented!-->
<!--property LimitRSS is not documented!-->
<!--property LimitRSSSoft is not documented!-->
<!--property LimitNOFILE is not documented!-->
<!--property LimitNOFILESoft is not documented!-->
<!--property LimitAS is not documented!-->
<!--property LimitASSoft is not documented!-->
<!--property LimitNPROC is not documented!-->
<!--property LimitNPROCSoft is not documented!-->
<!--property LimitMEMLOCK is not documented!-->
<!--property LimitMEMLOCKSoft is not documented!-->
<!--property LimitLOCKS is not documented!-->
<!--property LimitLOCKSSoft is not documented!-->
<!--property LimitSIGPENDING is not documented!-->
<!--property LimitSIGPENDINGSoft is not documented!-->
<!--property LimitMSGQUEUE is not documented!-->
<!--property LimitMSGQUEUESoft is not documented!-->
<!--property LimitNICE is not documented!-->
<!--property LimitNICESoft is not documented!-->
<!--property LimitRTPRIO is not documented!-->
<!--property LimitRTPRIOSoft is not documented!-->
<!--property LimitRTTIME is not documented!-->
<!--property LimitRTTIMESoft is not documented!-->
<!--property WorkingDirectory is not documented!-->
<!--property RootHashPath is not documented!-->
<!--property RootHashSignaturePath is not documented!-->
<!--property RootEphemeral is not documented!-->
<!--property OOMScoreAdjust is not documented!-->
<!--property CoredumpFilter is not documented!-->
<!--property Nice is not documented!-->
<!--property IOSchedulingClass is not documented!-->
<!--property IOSchedulingPriority is not documented!-->
<!--property CPUSchedulingPolicy is not documented!-->
<!--property CPUSchedulingPriority is not documented!-->
<!--property CPUAffinity is not documented!-->
<!--property CPUAffinityFromNUMA is not documented!-->
<!--property NUMAPolicy is not documented!-->
<!--property NUMAMask is not documented!-->
<!--property TimerSlackNSec is not documented!-->
<!--property CPUSchedulingResetOnFork is not documented!-->
<!--property NonBlocking is not documented!-->
<!--property StandardInput is not documented!-->
<!--property StandardInputFileDescriptorName is not documented!-->
<!--property StandardInputData is not documented!-->
<!--property StandardOutput is not documented!-->
<!--property StandardOutputFileDescriptorName is not documented!-->
<!--property StandardError is not documented!-->
<!--property StandardErrorFileDescriptorName is not documented!-->
<!--property TTYPath is not documented!-->
<!--property TTYReset is not documented!-->
<!--property TTYVHangup is not documented!-->
<!--property TTYVTDisallocate is not documented!-->
<!--property TTYRows is not documented!-->
<!--property TTYColumns is not documented!-->
<!--property SyslogPriority is not documented!-->
<!--property SyslogIdentifier is not documented!-->
<!--property SyslogLevelPrefix is not documented!-->
<!--property SyslogLevel is not documented!-->
<!--property SyslogFacility is not documented!-->
<!--property LogLevelMax is not documented!-->
<!--property LogRateLimitIntervalUSec is not documented!-->
<!--property LogRateLimitBurst is not documented!-->
<!--property LogExtraFields is not documented!-->
<!--property LogFilterPatterns is not documented!-->
<!--property LogNamespace is not documented!-->
<!--property AmbientCapabilities is not documented!-->
<!--property User is not documented!-->
<!--property Group is not documented!-->
<!--property DynamicUser is not documented!-->
<!--property SetLoginEnvironment is not documented!-->
<!--property RemoveIPC is not documented!-->
<!--property SetCredential is not documented!-->
<!--property SetCredentialEncrypted is not documented!-->
<!--property LoadCredential is not documented!-->
<!--property LoadCredentialEncrypted is not documented!-->
<!--property ImportCredential is not documented!-->
<!--property SupplementaryGroups is not documented!-->
<!--property PAMName is not documented!-->
<!--property ReadWritePaths is not documented!-->
<!--property ReadOnlyPaths is not documented!-->
<!--property InaccessiblePaths is not documented!-->
<!--property ExecPaths is not documented!-->
<!--property NoExecPaths is not documented!-->
<!--property ExecSearchPath is not documented!-->
<!--property PrivateTmp is not documented!-->
<!--property PrivateDevices is not documented!-->
<!--property ProtectClock is not documented!-->
<!--property ProtectKernelTunables is not documented!-->
<!--property ProtectKernelModules is not documented!-->
<!--property ProtectKernelLogs is not documented!-->
<!--property ProtectControlGroups is not documented!-->
<!--property PrivateNetwork is not documented!-->
<!--property PrivateUsers is not documented!-->
<!--property PrivateMounts is not documented!-->
<!--property PrivateIPC is not documented!-->
<!--property ProtectHome is not documented!-->
<!--property ProtectSystem is not documented!-->
<!--property SameProcessGroup is not documented!-->
<!--property UtmpIdentifier is not documented!-->
<!--property UtmpMode is not documented!-->
<!--property SELinuxContext is not documented!-->
<!--property AppArmorProfile is not documented!-->
<!--property SmackProcessLabel is not documented!-->
<!--property IgnoreSIGPIPE is not documented!-->
<!--property NoNewPrivileges is not documented!-->
<!--property SystemCallFilter is not documented!-->
<!--property SystemCallArchitectures is not documented!-->
<!--property SystemCallErrorNumber is not documented!-->
<!--property SystemCallLog is not documented!-->
<!--property Personality is not documented!-->
<!--property LockPersonality is not documented!-->
<!--property RestrictAddressFamilies is not documented!-->
<!--property RuntimeDirectoryPreserve is not documented!-->
<!--property RuntimeDirectoryMode is not documented!-->
<!--property StateDirectoryMode is not documented!-->
<!--property CacheDirectoryMode is not documented!-->
<!--property LogsDirectoryMode is not documented!-->
<!--property ConfigurationDirectoryMode is not documented!-->
<!--property ConfigurationDirectory is not documented!-->
<!--property TimeoutCleanUSec is not documented!-->
<!--property MemoryDenyWriteExecute is not documented!-->
<!--property RestrictRealtime is not documented!-->
<!--property RestrictSUIDSGID is not documented!-->
<!--property RestrictNamespaces is not documented!-->
<!--property RestrictFileSystems is not documented!-->
<!--property BindPaths is not documented!-->
<!--property BindReadOnlyPaths is not documented!-->
<!--property TemporaryFileSystem is not documented!-->
<!--property MountAPIVFS is not documented!-->
<!--property KeyringMode is not documented!-->
<!--property ProtectProc is not documented!-->
<!--property ProcSubset is not documented!-->
<!--property ProtectHostname is not documented!-->
<!--property MemoryKSM is not documented!-->
<!--property NetworkNamespacePath is not documented!-->
<!--property IPCNamespacePath is not documented!-->
<!--property RootImagePolicy is not documented!-->
<!--property MountImagePolicy is not documented!-->
<!--property ExtensionImagePolicy is not documented!-->
<!--property KillMode is not documented!-->
<!--property KillSignal is not documented!-->
<!--property RestartKillSignal is not documented!-->
<!--property FinalKillSignal is not documented!-->
<!--property SendSIGKILL is not documented!-->
<!--property SendSIGHUP is not documented!-->
<!--property WatchdogSignal is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Socket"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Socket"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetProcesses()"/>
<variablelist class="dbus-method" generated="True" extra-ref="AttachProcesses()"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindIPv6Only"/>
<variablelist class="dbus-property" generated="True" extra-ref="Backlog"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindToDevice"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketUser"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="DirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="Accept"/>
<variablelist class="dbus-property" generated="True" extra-ref="FlushPending"/>
<variablelist class="dbus-property" generated="True" extra-ref="Writable"/>
<variablelist class="dbus-property" generated="True" extra-ref="KeepAlive"/>
<variablelist class="dbus-property" generated="True" extra-ref="KeepAliveTimeUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="KeepAliveIntervalUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="KeepAliveProbes"/>
<variablelist class="dbus-property" generated="True" extra-ref="DeferAcceptUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="NoDelay"/>
<variablelist class="dbus-property" generated="True" extra-ref="Priority"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReceiveBuffer"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendBuffer"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPTOS"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPTTL"/>
<variablelist class="dbus-property" generated="True" extra-ref="PipeSize"/>
<variablelist class="dbus-property" generated="True" extra-ref="FreeBind"/>
<variablelist class="dbus-property" generated="True" extra-ref="Transparent"/>
<variablelist class="dbus-property" generated="True" extra-ref="Broadcast"/>
<variablelist class="dbus-property" generated="True" extra-ref="PassCredentials"/>
<variablelist class="dbus-property" generated="True" extra-ref="PassSecurity"/>
<variablelist class="dbus-property" generated="True" extra-ref="PassPacketInfo"/>
<variablelist class="dbus-property" generated="True" extra-ref="Timestamping"/>
<variablelist class="dbus-property" generated="True" extra-ref="RemoveOnStop"/>
<variablelist class="dbus-property" generated="True" extra-ref="Listen"/>
<variablelist class="dbus-property" generated="True" extra-ref="Symlinks"/>
<variablelist class="dbus-property" generated="True" extra-ref="Mark"/>
<variablelist class="dbus-property" generated="True" extra-ref="MaxConnections"/>
<variablelist class="dbus-property" generated="True" extra-ref="MaxConnectionsPerSource"/>
<variablelist class="dbus-property" generated="True" extra-ref="MessageQueueMaxMessages"/>
<variablelist class="dbus-property" generated="True" extra-ref="MessageQueueMessageSize"/>
<variablelist class="dbus-property" generated="True" extra-ref="TCPCongestion"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReusePort"/>
<variablelist class="dbus-property" generated="True" extra-ref="SmackLabel"/>
<variablelist class="dbus-property" generated="True" extra-ref="SmackLabelIPIn"/>
<variablelist class="dbus-property" generated="True" extra-ref="SmackLabelIPOut"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlPID"/>
<variablelist class="dbus-property" generated="True" extra-ref="Result"/>
<variablelist class="dbus-property" generated="True" extra-ref="NConnections"/>
<variablelist class="dbus-property" generated="True" extra-ref="NAccepted"/>
<variablelist class="dbus-property" generated="True" extra-ref="NRefused"/>
<variablelist class="dbus-property" generated="True" extra-ref="FileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketProtocol"/>
<variablelist class="dbus-property" generated="True" extra-ref="TriggerLimitIntervalUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="TriggerLimitBurst"/>
<variablelist class="dbus-property" generated="True" extra-ref="PollLimitIntervalUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="PollLimitBurst"/>
<variablelist class="dbus-property" generated="True" extra-ref="UID"/>
<variablelist class="dbus-property" generated="True" extra-ref="GID"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStartPre"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStartPost"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStopPre"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecStopPost"/>
<variablelist class="dbus-property" generated="True" extra-ref="Slice"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroupId"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="Delegate"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateSubgroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultStartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="DisableControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMSwap"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimit"/>
2021-01-29 04:35:17 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMPreference"/>
<variablelist class="dbus-property" generated="True" extra-ref="BPFProgram"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictNetworkInterfaces"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureWatch"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureThresholdUSec"/>
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="NFTSet"/>
2023-10-11 17:46:42 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="CoredumpReceive"/>
<variablelist class="dbus-property" generated="True" extra-ref="Environment"/>
<variablelist class="dbus-property" generated="True" extra-ref="EnvironmentFiles"/>
<variablelist class="dbus-property" generated="True" extra-ref="PassEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnsetEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="UMask"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCPU"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCPUSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitFSIZE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitFSIZESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitDATA"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitDATASoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSTACK"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSTACKSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCORE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCORESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRSS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRSSSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNOFILE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNOFILESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitAS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitASSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNPROC"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNPROCSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMEMLOCK"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMEMLOCKSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitLOCKS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitLOCKSSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSIGPENDING"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSIGPENDINGSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMSGQUEUE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMSGQUEUESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNICE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNICESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTPRIO"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTPRIOSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTTIME"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTTIMESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="WorkingDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImage"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImageOptions"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHash"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashSignature"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashSignaturePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootVerity"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootEphemeral"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionDirectories"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionImages"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountImages"/>
<variablelist class="dbus-property" generated="True" extra-ref="OOMScoreAdjust"/>
<variablelist class="dbus-property" generated="True" extra-ref="CoredumpFilter"/>
<variablelist class="dbus-property" generated="True" extra-ref="Nice"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOSchedulingClass"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOSchedulingPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingPolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAffinity"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAffinityFromNUMA"/>
<variablelist class="dbus-property" generated="True" extra-ref="NUMAPolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="NUMAMask"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimerSlackNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingResetOnFork"/>
<variablelist class="dbus-property" generated="True" extra-ref="NonBlocking"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInput"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInputFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInputData"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardOutput"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardOutputFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardError"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardErrorFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYReset"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYVHangup"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYVTDisallocate"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYRows"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYColumns"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogIdentifier"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogLevelPrefix"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogLevel"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogFacility"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogLevelMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogRateLimitIntervalUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogRateLimitBurst"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogExtraFields"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogFilterPatterns"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogNamespace"/>
<variablelist class="dbus-property" generated="True" extra-ref="SecureBits"/>
<variablelist class="dbus-property" generated="True" extra-ref="CapabilityBoundingSet"/>
<variablelist class="dbus-property" generated="True" extra-ref="AmbientCapabilities"/>
<variablelist class="dbus-property" generated="True" extra-ref="User"/>
<variablelist class="dbus-property" generated="True" extra-ref="Group"/>
<variablelist class="dbus-property" generated="True" extra-ref="DynamicUser"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetLoginEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="RemoveIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetCredentialEncrypted"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoadCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoadCredentialEncrypted"/>
<variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PAMName"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReadWritePaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReadOnlyPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="InaccessiblePaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="NoExecPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecSearchPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountFlags"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateTmp"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateDevices"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectClock"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelTunables"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelModules"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelLogs"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectControlGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateNetwork"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateUsers"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateMounts"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHome"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectSystem"/>
<variablelist class="dbus-property" generated="True" extra-ref="SameProcessGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="UtmpIdentifier"/>
<variablelist class="dbus-property" generated="True" extra-ref="UtmpMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="SELinuxContext"/>
<variablelist class="dbus-property" generated="True" extra-ref="AppArmorProfile"/>
<variablelist class="dbus-property" generated="True" extra-ref="SmackProcessLabel"/>
<variablelist class="dbus-property" generated="True" extra-ref="IgnoreSIGPIPE"/>
<variablelist class="dbus-property" generated="True" extra-ref="NoNewPrivileges"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallFilter"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallArchitectures"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallErrorNumber"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallLog"/>
<variablelist class="dbus-property" generated="True" extra-ref="Personality"/>
<variablelist class="dbus-property" generated="True" extra-ref="LockPersonality"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictAddressFamilies"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectoryPreserve"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConfigurationDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConfigurationDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutCleanUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryDenyWriteExecute"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictRealtime"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictSUIDSGID"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictNamespaces"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictFileSystems"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindReadOnlyPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="TemporaryFileSystem"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountAPIVFS"/>
<variablelist class="dbus-property" generated="True" extra-ref="KeyringMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectProc"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProcSubset"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHostname"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryKSM"/>
<variablelist class="dbus-property" generated="True" extra-ref="NetworkNamespacePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPCNamespacePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="KillMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="KillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="FinalKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendSIGKILL"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendSIGHUP"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogSignal"/>
<!--End of Autogenerated section-->
<para><varname>PollLimitIntervalUSec</varname>/<varname>PollLimitBurst</varname> properties configure the
polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to
zero the limiting feature is turned off.</para>
<refsect2>
<title>Properties</title>
<para>Most of the properties map directly to the corresponding settings in socket unit files. As socket
units can include <varname>ExecStartPre</varname> (and similar) fields which contain information about
processes to execute. They also share most of the fields related to the execution context that Service
objects expose (see above).</para>
<para>In addition to these properties there are the following:</para>
<para><varname>NAccepted</varname> contains the accumulated number of connections ever accepted on this
socket. This only applies to sockets with <varname>Accept</varname> set to <literal>yes</literal>,
i.e. those where systemd is responsible for accepted connections. </para>
<para>Similarly <varname>NConnections</varname> contains the number of currently open connections on
this socket. It only applies only to socket units with <varname>Accept</varname> set to
<literal>yes</literal>.</para>
<para><varname>Result</varname> encodes the reason why a socket unit failed if it is in the
<literal>failed</literal> state (see <varname>ActiveState</varname> above). The values
<literal>success</literal>, <literal>resources</literal>, <literal>timeout</literal>,
<literal>exit-code</literal>, <literal>signal</literal> and <literal>core-dump</literal> have the same
meaning as they have for the corresponding field of service units (see above). In addition to that,
the value <literal>service-failed-permanent</literal> indicates that the service of this socket failed
continuously.</para>
<para><varname>FlushPending</varname> specifies whether to flush the socket
just before entering the listening state. This setting only applies to sockets with
<varname>Accept=</varname> set to <literal>no</literal>.</para>
</refsect2>
</refsect1>
<refsect1>
<title>Target Unit Objects</title>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/basic_2etarget" interface="org.freedesktop.systemd1.Target">
node /org/freedesktop/systemd1/unit/basic_2etarget {
interface org.freedesktop.systemd1.Target {
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<para>Target units have neither type-specific methods nor properties.</para>
</refsect1>
<refsect1>
<title>Device Unit Objects</title>
<para>All device unit objects implement the <interfacename>org.freedesktop.systemd1.Device</interfacename> interface (described here)
in addition to the generic <interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/dev_2dttyS0_2edevice" interface="org.freedesktop.systemd1.Device">
node /org/freedesktop/systemd1/unit/dev_2dttyS0_2edevice {
interface org.freedesktop.systemd1.Device {
properties:
readonly s SysFSPath = '...';
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Device"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Device"/>
<variablelist class="dbus-property" generated="True" extra-ref="SysFSPath"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Properties</title>
<para>Device units only expose a single type-specific property:</para>
<para><varname>SysFSPath</varname> contains the sysfs path of the kernel device this object corresponds
to.</para>
</refsect2>
</refsect1>
<refsect1>
<title>Mount Unit Objects</title>
<para>All mount unit objects implement the <interfacename>org.freedesktop.systemd1.Mount</interfacename>
interface (described here) in addition to the generic
<interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/home_2emount" interface="org.freedesktop.systemd1.Mount">
node /org/freedesktop/systemd1/unit/home_2emount {
interface org.freedesktop.systemd1.Mount {
methods:
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Where = '...';
readonly s What = '...';
readonly s Options = '...';
readonly s Type = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutUSec = ...;
readonly u ControlPID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u DirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SloppyOptions = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b LazyUnmount = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ForceUnmount = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ReadWriteOnly = ...;
readonly s Result = '...';
readonly u UID = ...;
readonly u GID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecMount = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecUnmount = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecRemount = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveTasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Environment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sb) EnvironmentFiles = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PassEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UnsetEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u UMask = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPU = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPUSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATASoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitAS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitASSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROCSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDING = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDINGSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIO = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIOSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIME = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIMESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s WorkingDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImage = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) RootImageOptions = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHash = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHashSignature = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashSignaturePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootVerity = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RootEphemeral = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExtensionDirectories = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sba(ss)) ExtensionImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssba(ss)) MountImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i OOMScoreAdjust = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CoredumpFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Nice = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingClass = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay CPUAffinity = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUAffinityFromNUMA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i NUMAPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay NUMAMask = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimerSlackNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUSchedulingResetOnFork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NonBlocking = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay StandardInputData = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardError = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardErrorFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TTYPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYReset = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVHangup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVTDisallocate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYRows = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYColumns = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SyslogIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SyslogLevelPrefix = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogLevel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogFacility = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i LogLevelMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LogRateLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogRateLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly aay LogExtraFields = [[...], ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(bs) LogFilterPatterns = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s LogNamespace = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SecureBits = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CapabilityBoundingSet = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t AmbientCapabilities = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s User = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Group = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DynamicUser = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SetLoginEnvironment = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RemoveIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(say) SetCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(say) SetCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) LoadCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) LoadCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadWritePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadOnlyPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as InaccessiblePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as NoExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExecSearchPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t MountFlags = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateTmp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateDevices = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectClock = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelTunables = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelModules = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelLogs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectControlGroups = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateNetwork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateUsers = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateMounts = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SameProcessGroup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SELinuxContext = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) AppArmorProfile = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SmackProcessLabel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b IgnoreSIGPIPE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NoNewPrivileges = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SystemCallArchitectures = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SystemCallErrorNumber = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallLog = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Personality = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b LockPersonality = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictAddressFamilies = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) RuntimeDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RuntimeDirectoryPreserve = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u RuntimeDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RuntimeDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) StateDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u StateDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as StateDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) CacheDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u CacheDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as CacheDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) LogsDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogsDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as LogsDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u ConfigurationDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConfigurationDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutCleanUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryDenyWriteExecute = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictRealtime = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictSUIDSGID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestrictNamespaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictFileSystems = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindReadOnlyPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) TemporaryFileSystem = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MountAPIVFS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KeyringMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectProc = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProcSubset = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectHostname = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryKSM = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s NetworkNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s IPCNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s MountImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ExtensionImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KillMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i KillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i RestartKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGKILL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGHUP = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i WatchdogSignal = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!--method GetProcesses is not documented!-->
<!--method AttachProcesses is not documented!-->
<!--property Where is not documented!-->
<!--property What is not documented!-->
<!--property Options is not documented!-->
<!--property Type is not documented!-->
<!--property TimeoutUSec is not documented!-->
<!--property DirectoryMode is not documented!-->
<!--property SloppyOptions is not documented!-->
<!--property LazyUnmount is not documented!-->
<!--property ForceUnmount is not documented!-->
<!--property ReadWriteOnly is not documented!-->
<!--property UID is not documented!-->
<!--property GID is not documented!-->
<!--property ExecUnmount is not documented!-->
<!--property ExecRemount is not documented!-->
<!--property Slice is not documented!-->
<!--property ControlGroupId is not documented!-->
<!--property MemoryCurrent is not documented!-->
<!--property MemoryPeak is not documented!-->
<!--property MemorySwapCurrent is not documented!-->
<!--property MemorySwapPeak is not documented!-->
<!--property MemoryZSwapCurrent is not documented!-->
<!--property EffectiveMemoryMax is not documented!-->
<!--property EffectiveMemoryHigh is not documented!-->
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
<!--property EffectiveMemoryNodes is not documented!-->
<!--property TasksCurrent is not documented!-->
<!--property EffectiveTasksMax is not documented!-->
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
<!--property IPEgressBytes is not documented!-->
<!--property IPEgressPackets is not documented!-->
<!--property IOReadBytes is not documented!-->
<!--property IOReadOperations is not documented!-->
<!--property IOWriteBytes is not documented!-->
<!--property IOWriteOperations is not documented!-->
<!--property Delegate is not documented!-->
<!--property DelegateControllers is not documented!-->
<!--property CPUAccounting is not documented!-->
<!--property CPUWeight is not documented!-->
<!--property StartupCPUWeight is not documented!-->
<!--property CPUShares is not documented!-->
<!--property StartupCPUShares is not documented!-->
<!--property CPUQuotaPerSecUSec is not documented!-->
<!--property CPUQuotaPeriodUSec is not documented!-->
<!--property AllowedCPUs is not documented!-->
<!--property StartupAllowedCPUs is not documented!-->
<!--property AllowedMemoryNodes is not documented!-->
<!--property StartupAllowedMemoryNodes is not documented!-->
<!--property IOAccounting is not documented!-->
<!--property IOWeight is not documented!-->
<!--property StartupIOWeight is not documented!-->
<!--property IODeviceWeight is not documented!-->
<!--property IOReadBandwidthMax is not documented!-->
<!--property IOWriteBandwidthMax is not documented!-->
<!--property IOReadIOPSMax is not documented!-->
<!--property IOWriteIOPSMax is not documented!-->
<!--property IODeviceLatencyTargetUSec is not documented!-->
<!--property BlockIOAccounting is not documented!-->
<!--property BlockIOWeight is not documented!-->
<!--property StartupBlockIOWeight is not documented!-->
<!--property BlockIODeviceWeight is not documented!-->
<!--property BlockIOReadBandwidth is not documented!-->
<!--property BlockIOWriteBandwidth is not documented!-->
<!--property MemoryAccounting is not documented!-->
<!--property DefaultMemoryLow is not documented!-->
<!--property DefaultStartupMemoryLow is not documented!-->
<!--property DefaultMemoryMin is not documented!-->
<!--property MemoryMin is not documented!-->
<!--property MemoryLow is not documented!-->
<!--property StartupMemoryLow is not documented!-->
<!--property MemoryHigh is not documented!-->
<!--property StartupMemoryHigh is not documented!-->
<!--property MemoryMax is not documented!-->
<!--property StartupMemoryMax is not documented!-->
<!--property MemorySwapMax is not documented!-->
<!--property StartupMemorySwapMax is not documented!-->
<!--property MemoryZSwapMax is not documented!-->
<!--property StartupMemoryZSwapMax is not documented!-->
<!--property MemoryLimit is not documented!-->
<!--property DevicePolicy is not documented!-->
<!--property DeviceAllow is not documented!-->
<!--property TasksAccounting is not documented!-->
<!--property TasksMax is not documented!-->
<!--property IPAccounting is not documented!-->
<!--property IPAddressAllow is not documented!-->
<!--property IPAddressDeny is not documented!-->
<!--property IPIngressFilterPath is not documented!-->
<!--property IPEgressFilterPath is not documented!-->
<!--property DisableControllers is not documented!-->
<!--property ManagedOOMSwap is not documented!-->
<!--property ManagedOOMMemoryPressure is not documented!-->
<!--property ManagedOOMMemoryPressureLimit is not documented!-->
2021-01-29 04:35:17 +03:00
<!--property ManagedOOMPreference is not documented!-->
<!--property BPFProgram is not documented!-->
<!--property SocketBindAllow is not documented!-->
<!--property SocketBindDeny is not documented!-->
<!--property RestrictNetworkInterfaces is not documented!-->
<!--property MemoryPressureWatch is not documented!-->
<!--property MemoryPressureThresholdUSec is not documented!-->
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<!--property NFTSet is not documented!-->
2023-10-11 17:46:42 +03:00
<!--property CoredumpReceive is not documented!-->
<!--property EnvironmentFiles is not documented!-->
<!--property PassEnvironment is not documented!-->
<!--property UnsetEnvironment is not documented!-->
<!--property UMask is not documented!-->
<!--property LimitCPUSoft is not documented!-->
<!--property LimitFSIZE is not documented!-->
<!--property LimitFSIZESoft is not documented!-->
<!--property LimitDATA is not documented!-->
<!--property LimitDATASoft is not documented!-->
<!--property LimitSTACK is not documented!-->
<!--property LimitSTACKSoft is not documented!-->
<!--property LimitCORE is not documented!-->
<!--property LimitCORESoft is not documented!-->
<!--property LimitRSS is not documented!-->
<!--property LimitRSSSoft is not documented!-->
<!--property LimitNOFILE is not documented!-->
<!--property LimitNOFILESoft is not documented!-->
<!--property LimitAS is not documented!-->
<!--property LimitASSoft is not documented!-->
<!--property LimitNPROC is not documented!-->
<!--property LimitNPROCSoft is not documented!-->
<!--property LimitMEMLOCK is not documented!-->
<!--property LimitMEMLOCKSoft is not documented!-->
<!--property LimitLOCKS is not documented!-->
<!--property LimitLOCKSSoft is not documented!-->
<!--property LimitSIGPENDING is not documented!-->
<!--property LimitSIGPENDINGSoft is not documented!-->
<!--property LimitMSGQUEUE is not documented!-->
<!--property LimitMSGQUEUESoft is not documented!-->
<!--property LimitNICE is not documented!-->
<!--property LimitNICESoft is not documented!-->
<!--property LimitRTPRIO is not documented!-->
<!--property LimitRTPRIOSoft is not documented!-->
<!--property LimitRTTIME is not documented!-->
<!--property LimitRTTIMESoft is not documented!-->
<!--property WorkingDirectory is not documented!-->
<!--property RootHashPath is not documented!-->
<!--property RootHashSignaturePath is not documented!-->
<!--property RootEphemeral is not documented!-->
<!--property OOMScoreAdjust is not documented!-->
<!--property CoredumpFilter is not documented!-->
<!--property Nice is not documented!-->
<!--property IOSchedulingClass is not documented!-->
<!--property IOSchedulingPriority is not documented!-->
<!--property CPUSchedulingPolicy is not documented!-->
<!--property CPUSchedulingPriority is not documented!-->
<!--property CPUAffinity is not documented!-->
<!--property CPUAffinityFromNUMA is not documented!-->
<!--property NUMAPolicy is not documented!-->
<!--property NUMAMask is not documented!-->
<!--property TimerSlackNSec is not documented!-->
<!--property CPUSchedulingResetOnFork is not documented!-->
<!--property NonBlocking is not documented!-->
<!--property StandardInput is not documented!-->
<!--property StandardInputFileDescriptorName is not documented!-->
<!--property StandardInputData is not documented!-->
<!--property StandardOutput is not documented!-->
<!--property StandardOutputFileDescriptorName is not documented!-->
<!--property StandardError is not documented!-->
<!--property StandardErrorFileDescriptorName is not documented!-->
<!--property TTYPath is not documented!-->
<!--property TTYReset is not documented!-->
<!--property TTYVHangup is not documented!-->
<!--property TTYVTDisallocate is not documented!-->
<!--property TTYRows is not documented!-->
<!--property TTYColumns is not documented!-->
<!--property SyslogPriority is not documented!-->
<!--property SyslogIdentifier is not documented!-->
<!--property SyslogLevelPrefix is not documented!-->
<!--property SyslogLevel is not documented!-->
<!--property SyslogFacility is not documented!-->
<!--property LogLevelMax is not documented!-->
<!--property LogRateLimitIntervalUSec is not documented!-->
<!--property LogRateLimitBurst is not documented!-->
<!--property LogExtraFields is not documented!-->
<!--property LogFilterPatterns is not documented!-->
<!--property LogNamespace is not documented!-->
<!--property AmbientCapabilities is not documented!-->
<!--property User is not documented!-->
<!--property Group is not documented!-->
<!--property DynamicUser is not documented!-->
<!--property SetLoginEnvironment is not documented!-->
<!--property RemoveIPC is not documented!-->
<!--property SetCredential is not documented!-->
<!--property SetCredentialEncrypted is not documented!-->
<!--property LoadCredential is not documented!-->
<!--property LoadCredentialEncrypted is not documented!-->
<!--property ImportCredential is not documented!-->
<!--property SupplementaryGroups is not documented!-->
<!--property PAMName is not documented!-->
<!--property ReadWritePaths is not documented!-->
<!--property ReadOnlyPaths is not documented!-->
<!--property InaccessiblePaths is not documented!-->
<!--property ExecPaths is not documented!-->
<!--property NoExecPaths is not documented!-->
<!--property ExecSearchPath is not documented!-->
<!--property PrivateTmp is not documented!-->
<!--property PrivateDevices is not documented!-->
<!--property ProtectClock is not documented!-->
<!--property ProtectKernelTunables is not documented!-->
<!--property ProtectKernelModules is not documented!-->
<!--property ProtectKernelLogs is not documented!-->
<!--property ProtectControlGroups is not documented!-->
<!--property PrivateNetwork is not documented!-->
<!--property PrivateUsers is not documented!-->
<!--property PrivateMounts is not documented!-->
<!--property PrivateIPC is not documented!-->
<!--property ProtectHome is not documented!-->
<!--property ProtectSystem is not documented!-->
<!--property SameProcessGroup is not documented!-->
<!--property UtmpIdentifier is not documented!-->
<!--property UtmpMode is not documented!-->
<!--property SELinuxContext is not documented!-->
<!--property AppArmorProfile is not documented!-->
<!--property SmackProcessLabel is not documented!-->
<!--property IgnoreSIGPIPE is not documented!-->
<!--property NoNewPrivileges is not documented!-->
<!--property SystemCallFilter is not documented!-->
<!--property SystemCallArchitectures is not documented!-->
<!--property SystemCallErrorNumber is not documented!-->
<!--property SystemCallLog is not documented!-->
<!--property Personality is not documented!-->
<!--property LockPersonality is not documented!-->
<!--property RestrictAddressFamilies is not documented!-->
<!--property RuntimeDirectoryPreserve is not documented!-->
<!--property RuntimeDirectoryMode is not documented!-->
<!--property StateDirectoryMode is not documented!-->
<!--property CacheDirectoryMode is not documented!-->
<!--property LogsDirectoryMode is not documented!-->
<!--property ConfigurationDirectoryMode is not documented!-->
<!--property ConfigurationDirectory is not documented!-->
<!--property TimeoutCleanUSec is not documented!-->
<!--property MemoryDenyWriteExecute is not documented!-->
<!--property RestrictRealtime is not documented!-->
<!--property RestrictSUIDSGID is not documented!-->
<!--property RestrictNamespaces is not documented!-->
<!--property RestrictFileSystems is not documented!-->
<!--property BindPaths is not documented!-->
<!--property BindReadOnlyPaths is not documented!-->
<!--property TemporaryFileSystem is not documented!-->
<!--property MountAPIVFS is not documented!-->
<!--property KeyringMode is not documented!-->
<!--property ProtectProc is not documented!-->
<!--property ProcSubset is not documented!-->
<!--property ProtectHostname is not documented!-->
<!--property MemoryKSM is not documented!-->
<!--property NetworkNamespacePath is not documented!-->
<!--property IPCNamespacePath is not documented!-->
<!--property RootImagePolicy is not documented!-->
<!--property MountImagePolicy is not documented!-->
<!--property ExtensionImagePolicy is not documented!-->
<!--property KillMode is not documented!-->
<!--property KillSignal is not documented!-->
<!--property RestartKillSignal is not documented!-->
<!--property FinalKillSignal is not documented!-->
<!--property SendSIGKILL is not documented!-->
<!--property SendSIGHUP is not documented!-->
<!--property WatchdogSignal is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Mount"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Mount"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetProcesses()"/>
<variablelist class="dbus-method" generated="True" extra-ref="AttachProcesses()"/>
<variablelist class="dbus-property" generated="True" extra-ref="Where"/>
<variablelist class="dbus-property" generated="True" extra-ref="What"/>
<variablelist class="dbus-property" generated="True" extra-ref="Options"/>
<variablelist class="dbus-property" generated="True" extra-ref="Type"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlPID"/>
<variablelist class="dbus-property" generated="True" extra-ref="DirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="SloppyOptions"/>
<variablelist class="dbus-property" generated="True" extra-ref="LazyUnmount"/>
<variablelist class="dbus-property" generated="True" extra-ref="ForceUnmount"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReadWriteOnly"/>
<variablelist class="dbus-property" generated="True" extra-ref="Result"/>
<variablelist class="dbus-property" generated="True" extra-ref="UID"/>
<variablelist class="dbus-property" generated="True" extra-ref="GID"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecMount"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecUnmount"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecRemount"/>
<variablelist class="dbus-property" generated="True" extra-ref="Slice"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroupId"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="Delegate"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateSubgroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultStartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="DisableControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMSwap"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimit"/>
2021-01-29 04:35:17 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMPreference"/>
<variablelist class="dbus-property" generated="True" extra-ref="BPFProgram"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictNetworkInterfaces"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureWatch"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureThresholdUSec"/>
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="NFTSet"/>
2023-10-11 17:46:42 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="CoredumpReceive"/>
<variablelist class="dbus-property" generated="True" extra-ref="Environment"/>
<variablelist class="dbus-property" generated="True" extra-ref="EnvironmentFiles"/>
<variablelist class="dbus-property" generated="True" extra-ref="PassEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnsetEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="UMask"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCPU"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCPUSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitFSIZE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitFSIZESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitDATA"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitDATASoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSTACK"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSTACKSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCORE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCORESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRSS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRSSSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNOFILE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNOFILESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitAS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitASSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNPROC"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNPROCSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMEMLOCK"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMEMLOCKSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitLOCKS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitLOCKSSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSIGPENDING"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSIGPENDINGSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMSGQUEUE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMSGQUEUESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNICE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNICESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTPRIO"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTPRIOSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTTIME"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTTIMESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="WorkingDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImage"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImageOptions"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHash"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashSignature"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashSignaturePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootVerity"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootEphemeral"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionDirectories"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionImages"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountImages"/>
<variablelist class="dbus-property" generated="True" extra-ref="OOMScoreAdjust"/>
<variablelist class="dbus-property" generated="True" extra-ref="CoredumpFilter"/>
<variablelist class="dbus-property" generated="True" extra-ref="Nice"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOSchedulingClass"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOSchedulingPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingPolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAffinity"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAffinityFromNUMA"/>
<variablelist class="dbus-property" generated="True" extra-ref="NUMAPolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="NUMAMask"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimerSlackNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingResetOnFork"/>
<variablelist class="dbus-property" generated="True" extra-ref="NonBlocking"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInput"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInputFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInputData"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardOutput"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardOutputFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardError"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardErrorFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYReset"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYVHangup"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYVTDisallocate"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYRows"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYColumns"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogIdentifier"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogLevelPrefix"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogLevel"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogFacility"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogLevelMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogRateLimitIntervalUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogRateLimitBurst"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogExtraFields"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogFilterPatterns"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogNamespace"/>
<variablelist class="dbus-property" generated="True" extra-ref="SecureBits"/>
<variablelist class="dbus-property" generated="True" extra-ref="CapabilityBoundingSet"/>
<variablelist class="dbus-property" generated="True" extra-ref="AmbientCapabilities"/>
<variablelist class="dbus-property" generated="True" extra-ref="User"/>
<variablelist class="dbus-property" generated="True" extra-ref="Group"/>
<variablelist class="dbus-property" generated="True" extra-ref="DynamicUser"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetLoginEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="RemoveIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetCredentialEncrypted"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoadCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoadCredentialEncrypted"/>
<variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PAMName"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReadWritePaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReadOnlyPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="InaccessiblePaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="NoExecPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecSearchPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountFlags"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateTmp"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateDevices"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectClock"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelTunables"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelModules"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelLogs"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectControlGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateNetwork"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateUsers"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateMounts"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHome"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectSystem"/>
<variablelist class="dbus-property" generated="True" extra-ref="SameProcessGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="UtmpIdentifier"/>
<variablelist class="dbus-property" generated="True" extra-ref="UtmpMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="SELinuxContext"/>
<variablelist class="dbus-property" generated="True" extra-ref="AppArmorProfile"/>
<variablelist class="dbus-property" generated="True" extra-ref="SmackProcessLabel"/>
<variablelist class="dbus-property" generated="True" extra-ref="IgnoreSIGPIPE"/>
<variablelist class="dbus-property" generated="True" extra-ref="NoNewPrivileges"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallFilter"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallArchitectures"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallErrorNumber"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallLog"/>
<variablelist class="dbus-property" generated="True" extra-ref="Personality"/>
<variablelist class="dbus-property" generated="True" extra-ref="LockPersonality"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictAddressFamilies"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectoryPreserve"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConfigurationDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConfigurationDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutCleanUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryDenyWriteExecute"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictRealtime"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictSUIDSGID"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictNamespaces"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictFileSystems"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindReadOnlyPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="TemporaryFileSystem"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountAPIVFS"/>
<variablelist class="dbus-property" generated="True" extra-ref="KeyringMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectProc"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProcSubset"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHostname"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryKSM"/>
<variablelist class="dbus-property" generated="True" extra-ref="NetworkNamespacePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPCNamespacePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="KillMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="KillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="FinalKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendSIGKILL"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendSIGHUP"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogSignal"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Properties</title>
<para>Most of the properties map directly to the corresponding settings in mount unit files. As mount
units invoke the <filename>/usr/bin/mount</filename> command, their bus objects include implicit
<varname>ExecMount</varname> (and similar) fields which contain information about processes to
execute. They also share most of the fields related to the execution context that Service objects
expose (see above). In addition to these properties there are the following:</para>
<para><varname>ControlPID</varname> contains the PID of the currently running
<filename>/usr/bin/mount</filename> or <filename>/usr/bin/umount</filename> command if there is one
running, otherwise 0.</para>
<para><varname>Result</varname> contains a value explaining why a mount unit failed if it failed. It
can take the values <literal>success</literal>, <literal>resources</literal>,
<literal>timeout</literal>, <literal>exit-code</literal>, <literal>signal</literal>, or
<literal>core-dump</literal> which have the identical meaning as the corresponding values of the
corresponding field of service unit objects (see above).</para>
</refsect2>
</refsect1>
<refsect1>
<title>Automount Unit Objects</title>
<para>All automount unit objects implement the
<interfacename>org.freedesktop.systemd1.Automount</interfacename> interface (described here) in addition
to the generic <interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/proc_2dsys_2dfs_2dbinfmt_5fmisc_2eautomount" interface="org.freedesktop.systemd1.Automount">
node /org/freedesktop/systemd1/unit/proc_2dsys_2dfs_2dbinfmt_5fmisc_2eautomount {
interface org.freedesktop.systemd1.Automount {
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Where = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
2021-11-12 00:45:47 +03:00
readonly s ExtraOptions = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u DirectoryMode = ...;
readonly s Result = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutIdleUSec = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!--property Where is not documented!-->
2021-11-12 00:45:47 +03:00
<!--property ExtraOptions is not documented!-->
<!--property DirectoryMode is not documented!-->
<!--property TimeoutIdleUSec is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Automount"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Automount"/>
<variablelist class="dbus-property" generated="True" extra-ref="Where"/>
2021-11-12 00:45:47 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="ExtraOptions"/>
<variablelist class="dbus-property" generated="True" extra-ref="DirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="Result"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutIdleUSec"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Properties</title>
<para>Most of the properties map directly to the corresponding settings in the automount unit
files.</para>
<para><varname>Result</varname> knows the values <literal>success</literal> and
<literal>resources</literal> at this time. They have the same meanings as the corresponding values of
the corresponding field of the Service object.</para>
</refsect2>
</refsect1>
<refsect1>
<title>Timer Unit Objects</title>
<para>All timer unit objects implement the <interfacename>org.freedesktop.systemd1.Timer</interfacename>
interface (described here) in addition to the generic
<interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/systemd_2dtmpfiles_2dclean_2etimer" interface="org.freedesktop.systemd1.Timer">
node /org/freedesktop/systemd1/unit/systemd_2dtmpfiles_2dclean_2etimer {
interface org.freedesktop.systemd1.Timer {
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Unit = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(stt) TimersMonotonic = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sst) TimersCalendar = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b OnClockChange = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b OnTimezoneChange = ...;
readonly t NextElapseUSecRealtime = ...;
readonly t NextElapseUSecMonotonic = ...;
readonly t LastTriggerUSec = ...;
readonly t LastTriggerUSecMonotonic = ...;
readonly s Result = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t AccuracyUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RandomizedDelayUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b FixedRandomDelay = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b Persistent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b WakeSystem = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RemainAfterElapse = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!--property OnClockChange is not documented!-->
<!--property OnTimezoneChange is not documented!-->
<!--property LastTriggerUSec is not documented!-->
<!--property LastTriggerUSecMonotonic is not documented!-->
<!--property AccuracyUSec is not documented!-->
<!--property RandomizedDelayUSec is not documented!-->
<!--property FixedRandomDelay is not documented!-->
<!--property Persistent is not documented!-->
<!--property WakeSystem is not documented!-->
<!--property RemainAfterElapse is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Timer"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Timer"/>
<variablelist class="dbus-property" generated="True" extra-ref="Unit"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimersMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimersCalendar"/>
<variablelist class="dbus-property" generated="True" extra-ref="OnClockChange"/>
<variablelist class="dbus-property" generated="True" extra-ref="OnTimezoneChange"/>
<variablelist class="dbus-property" generated="True" extra-ref="NextElapseUSecRealtime"/>
<variablelist class="dbus-property" generated="True" extra-ref="NextElapseUSecMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="LastTriggerUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="LastTriggerUSecMonotonic"/>
<variablelist class="dbus-property" generated="True" extra-ref="Result"/>
<variablelist class="dbus-property" generated="True" extra-ref="AccuracyUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="RandomizedDelayUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="FixedRandomDelay"/>
<variablelist class="dbus-property" generated="True" extra-ref="Persistent"/>
<variablelist class="dbus-property" generated="True" extra-ref="WakeSystem"/>
<variablelist class="dbus-property" generated="True" extra-ref="RemainAfterElapse"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Properties</title>
<para><varname>Unit</varname> contains the name of the unit to activate when the timer elapses.</para>
<para><varname>TimersMonotonic</varname> contains an array of structs that contain information about
all monotonic timers of this timer unit. The structs contain a string identifying the timer base, which
is one of <literal>OnActiveUSec</literal>, <literal>OnBootUSec</literal>,
<literal>OnStartupUSec</literal>, <literal>OnUnitActiveUSec</literal>, or
<literal>OnUnitInactiveUSec</literal> which correspond to the settings of the same names in the timer
unit files; the microsecond offset from this timer base in monotonic time; the next elapsation point on
the <constant>CLOCK_MONOTONIC</constant> clock, relative to its epoch.</para>
<para><varname>TimersCalendar</varname> contains an array of structs that contain information about all
realtime/calendar timers of this timer unit. The structs contain a string identifying the timer base,
which may only be <literal>OnCalendar</literal> for now; the calendar specification string; the next
elapsation point on the <constant>CLOCK_REALTIME</constant> clock, relative to its epoch.</para>
<para><varname>NextElapseUSecRealtime</varname> contains the next elapsation point on the
<constant>CLOCK_REALTIME</constant> clock in miscroseconds since the epoch, or 0 if this timer event
does not include at least one calendar event.</para>
<para>Similarly, <varname>NextElapseUSecMonotonic</varname> contains the next elapsation point on the
<constant>CLOCK_MONOTONIC</constant> clock in microseconds since the epoch, or 0 if this timer event
does not include at least one monotonic event.</para>
<para><varname>Result</varname> knows the values <literal>success</literal> and
<literal>resources</literal> with the same meanings as the matching values of the corresponding
property of the service interface.</para>
</refsect2>
</refsect1>
<refsect1>
<title>Swap Unit Objects</title>
<para>All swap unit objects implement the <interfacename>org.freedesktop.systemd1.Swap</interfacename>
interface (described here) in addition to the generic
<interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/dev_2dsda3_2eswap" interface="org.freedesktop.systemd1.Swap">
node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
interface org.freedesktop.systemd1.Swap {
methods:
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
properties:
readonly s What = '...';
readonly i Priority = ...;
readonly s Options = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutUSec = ...;
readonly u ControlPID = ...;
readonly s Result = '...';
readonly u UID = ...;
readonly u GID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecActivate = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates")
readonly a(sasbttttuii) ExecDeactivate = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveTasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as Environment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sb) EnvironmentFiles = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as PassEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as UnsetEnvironment = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u UMask = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPU = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCPUSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitFSIZESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitDATASoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSTACKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitCORESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRSSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNOFILESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitAS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitASSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNPROCSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCK = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMEMLOCKSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitLOCKSSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDING = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitSIGPENDINGSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitMSGQUEUESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitNICESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIO = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTPRIOSoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIME = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LimitRTTIMESoft = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s WorkingDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootDirectory = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImage = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) RootImageOptions = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHash = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay RootHashSignature = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootHashSignaturePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootVerity = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RootEphemeral = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExtensionDirectories = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sba(ss)) ExtensionImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssba(ss)) MountImages = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i OOMScoreAdjust = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CoredumpFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i Nice = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingClass = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i IOSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i CPUSchedulingPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay CPUAffinity = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUAffinityFromNUMA = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i NUMAPolicy = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay NUMAMask = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimerSlackNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b CPUSchedulingResetOnFork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NonBlocking = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardInputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly ay StandardInputData = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutput = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardOutputFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardError = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s StandardErrorFileDescriptorName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s TTYPath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYReset = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVHangup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b TTYVTDisallocate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYRows = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly q TTYColumns = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogPriority = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s SyslogIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SyslogLevelPrefix = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogLevel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SyslogFacility = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i LogLevelMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t LogRateLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogRateLimitBurst = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly aay LogExtraFields = [[...], ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(bs) LogFilterPatterns = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s LogNamespace = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SecureBits = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t CapabilityBoundingSet = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t AmbientCapabilities = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s User = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Group = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b DynamicUser = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SetLoginEnvironment = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RemoveIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(say) SetCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(say) SetCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) LoadCredential = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) LoadCredentialEncrypted = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadWritePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ReadOnlyPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as InaccessiblePaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as NoExecPaths = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ExecSearchPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t MountFlags = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateTmp = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateDevices = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectClock = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelTunables = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelModules = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectKernelLogs = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectControlGroups = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateNetwork = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateUsers = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateMounts = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SameProcessGroup = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpIdentifier = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s UtmpMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SELinuxContext = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) AppArmorProfile = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bs) SmackProcessLabel = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b IgnoreSIGPIPE = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b NoNewPrivileges = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallFilter = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SystemCallArchitectures = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i SystemCallErrorNumber = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) SystemCallLog = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Personality = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b LockPersonality = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictAddressFamilies = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) RuntimeDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RuntimeDirectoryPreserve = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u RuntimeDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as RuntimeDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) StateDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u StateDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as StateDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) CacheDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u CacheDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as CacheDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(sst) LogsDirectorySymlink = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u LogsDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as LogsDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u ConfigurationDirectoryMode = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ConfigurationDirectory = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutCleanUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryDenyWriteExecute = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictRealtime = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RestrictSUIDSGID = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RestrictNamespaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (bas) RestrictFileSystems = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ssbt) BindReadOnlyPaths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) TemporaryFileSystem = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MountAPIVFS = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KeyringMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectProc = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProcSubset = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b ProtectHostname = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MemoryKSM = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s NetworkNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s IPCNamespacePath = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s RootImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s MountImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ExtensionImagePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KillMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i KillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i RestartKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGKILL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGHUP = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i WatchdogSignal = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!--method GetProcesses is not documented!-->
<!--method AttachProcesses is not documented!-->
<!--property What is not documented!-->
<!--property Priority is not documented!-->
<!--property Options is not documented!-->
<!--property TimeoutUSec is not documented!-->
<!--property UID is not documented!-->
<!--property GID is not documented!-->
<!--property ExecDeactivate is not documented!-->
<!--property Slice is not documented!-->
<!--property ControlGroupId is not documented!-->
<!--property MemoryCurrent is not documented!-->
<!--property MemoryPeak is not documented!-->
<!--property MemorySwapCurrent is not documented!-->
<!--property MemorySwapPeak is not documented!-->
<!--property MemoryZSwapCurrent is not documented!-->
<!--property EffectiveMemoryMax is not documented!-->
<!--property EffectiveMemoryHigh is not documented!-->
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
<!--property EffectiveMemoryNodes is not documented!-->
<!--property TasksCurrent is not documented!-->
<!--property EffectiveTasksMax is not documented!-->
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
<!--property IPEgressBytes is not documented!-->
<!--property IPEgressPackets is not documented!-->
<!--property IOReadBytes is not documented!-->
<!--property IOReadOperations is not documented!-->
<!--property IOWriteBytes is not documented!-->
<!--property IOWriteOperations is not documented!-->
<!--property Delegate is not documented!-->
<!--property DelegateControllers is not documented!-->
<!--property CPUAccounting is not documented!-->
<!--property CPUWeight is not documented!-->
<!--property StartupCPUWeight is not documented!-->
<!--property CPUShares is not documented!-->
<!--property StartupCPUShares is not documented!-->
<!--property CPUQuotaPerSecUSec is not documented!-->
<!--property CPUQuotaPeriodUSec is not documented!-->
<!--property AllowedCPUs is not documented!-->
<!--property StartupAllowedCPUs is not documented!-->
<!--property AllowedMemoryNodes is not documented!-->
<!--property StartupAllowedMemoryNodes is not documented!-->
<!--property IOAccounting is not documented!-->
<!--property IOWeight is not documented!-->
<!--property StartupIOWeight is not documented!-->
<!--property IODeviceWeight is not documented!-->
<!--property IOReadBandwidthMax is not documented!-->
<!--property IOWriteBandwidthMax is not documented!-->
<!--property IOReadIOPSMax is not documented!-->
<!--property IOWriteIOPSMax is not documented!-->
<!--property IODeviceLatencyTargetUSec is not documented!-->
<!--property BlockIOAccounting is not documented!-->
<!--property BlockIOWeight is not documented!-->
<!--property StartupBlockIOWeight is not documented!-->
<!--property BlockIODeviceWeight is not documented!-->
<!--property BlockIOReadBandwidth is not documented!-->
<!--property BlockIOWriteBandwidth is not documented!-->
<!--property MemoryAccounting is not documented!-->
<!--property DefaultMemoryLow is not documented!-->
<!--property DefaultStartupMemoryLow is not documented!-->
<!--property DefaultMemoryMin is not documented!-->
<!--property MemoryMin is not documented!-->
<!--property MemoryLow is not documented!-->
<!--property StartupMemoryLow is not documented!-->
<!--property MemoryHigh is not documented!-->
<!--property StartupMemoryHigh is not documented!-->
<!--property MemoryMax is not documented!-->
<!--property StartupMemoryMax is not documented!-->
<!--property MemorySwapMax is not documented!-->
<!--property StartupMemorySwapMax is not documented!-->
<!--property MemoryZSwapMax is not documented!-->
<!--property StartupMemoryZSwapMax is not documented!-->
<!--property MemoryLimit is not documented!-->
<!--property DevicePolicy is not documented!-->
<!--property DeviceAllow is not documented!-->
<!--property TasksAccounting is not documented!-->
<!--property TasksMax is not documented!-->
<!--property IPAccounting is not documented!-->
<!--property IPAddressAllow is not documented!-->
<!--property IPAddressDeny is not documented!-->
<!--property IPIngressFilterPath is not documented!-->
<!--property IPEgressFilterPath is not documented!-->
<!--property DisableControllers is not documented!-->
<!--property ManagedOOMSwap is not documented!-->
<!--property ManagedOOMMemoryPressure is not documented!-->
<!--property ManagedOOMMemoryPressureLimit is not documented!-->
2021-01-29 04:35:17 +03:00
<!--property ManagedOOMPreference is not documented!-->
<!--property BPFProgram is not documented!-->
<!--property SocketBindAllow is not documented!-->
<!--property SocketBindDeny is not documented!-->
<!--property RestrictNetworkInterfaces is not documented!-->
<!--property MemoryPressureWatch is not documented!-->
<!--property MemoryPressureThresholdUSec is not documented!-->
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<!--property NFTSet is not documented!-->
2023-10-11 17:46:42 +03:00
<!--property CoredumpReceive is not documented!-->
<!--property EnvironmentFiles is not documented!-->
<!--property PassEnvironment is not documented!-->
<!--property UnsetEnvironment is not documented!-->
<!--property UMask is not documented!-->
<!--property LimitCPUSoft is not documented!-->
<!--property LimitFSIZE is not documented!-->
<!--property LimitFSIZESoft is not documented!-->
<!--property LimitDATA is not documented!-->
<!--property LimitDATASoft is not documented!-->
<!--property LimitSTACK is not documented!-->
<!--property LimitSTACKSoft is not documented!-->
<!--property LimitCORE is not documented!-->
<!--property LimitCORESoft is not documented!-->
<!--property LimitRSS is not documented!-->
<!--property LimitRSSSoft is not documented!-->
<!--property LimitNOFILE is not documented!-->
<!--property LimitNOFILESoft is not documented!-->
<!--property LimitAS is not documented!-->
<!--property LimitASSoft is not documented!-->
<!--property LimitNPROC is not documented!-->
<!--property LimitNPROCSoft is not documented!-->
<!--property LimitMEMLOCK is not documented!-->
<!--property LimitMEMLOCKSoft is not documented!-->
<!--property LimitLOCKS is not documented!-->
<!--property LimitLOCKSSoft is not documented!-->
<!--property LimitSIGPENDING is not documented!-->
<!--property LimitSIGPENDINGSoft is not documented!-->
<!--property LimitMSGQUEUE is not documented!-->
<!--property LimitMSGQUEUESoft is not documented!-->
<!--property LimitNICE is not documented!-->
<!--property LimitNICESoft is not documented!-->
<!--property LimitRTPRIO is not documented!-->
<!--property LimitRTPRIOSoft is not documented!-->
<!--property LimitRTTIME is not documented!-->
<!--property LimitRTTIMESoft is not documented!-->
<!--property WorkingDirectory is not documented!-->
<!--property RootHashPath is not documented!-->
<!--property RootHashSignaturePath is not documented!-->
<!--property RootEphemeral is not documented!-->
<!--property OOMScoreAdjust is not documented!-->
<!--property CoredumpFilter is not documented!-->
<!--property Nice is not documented!-->
<!--property IOSchedulingClass is not documented!-->
<!--property IOSchedulingPriority is not documented!-->
<!--property CPUSchedulingPolicy is not documented!-->
<!--property CPUSchedulingPriority is not documented!-->
<!--property CPUAffinity is not documented!-->
<!--property CPUAffinityFromNUMA is not documented!-->
<!--property NUMAPolicy is not documented!-->
<!--property NUMAMask is not documented!-->
<!--property TimerSlackNSec is not documented!-->
<!--property CPUSchedulingResetOnFork is not documented!-->
<!--property NonBlocking is not documented!-->
<!--property StandardInput is not documented!-->
<!--property StandardInputFileDescriptorName is not documented!-->
<!--property StandardInputData is not documented!-->
<!--property StandardOutput is not documented!-->
<!--property StandardOutputFileDescriptorName is not documented!-->
<!--property StandardError is not documented!-->
<!--property StandardErrorFileDescriptorName is not documented!-->
<!--property TTYPath is not documented!-->
<!--property TTYReset is not documented!-->
<!--property TTYVHangup is not documented!-->
<!--property TTYVTDisallocate is not documented!-->
<!--property TTYRows is not documented!-->
<!--property TTYColumns is not documented!-->
<!--property SyslogPriority is not documented!-->
<!--property SyslogIdentifier is not documented!-->
<!--property SyslogLevelPrefix is not documented!-->
<!--property SyslogLevel is not documented!-->
<!--property SyslogFacility is not documented!-->
<!--property LogLevelMax is not documented!-->
<!--property LogRateLimitIntervalUSec is not documented!-->
<!--property LogRateLimitBurst is not documented!-->
<!--property LogExtraFields is not documented!-->
<!--property LogFilterPatterns is not documented!-->
<!--property LogNamespace is not documented!-->
<!--property AmbientCapabilities is not documented!-->
<!--property User is not documented!-->
<!--property Group is not documented!-->
<!--property DynamicUser is not documented!-->
<!--property SetLoginEnvironment is not documented!-->
<!--property RemoveIPC is not documented!-->
<!--property SetCredential is not documented!-->
<!--property SetCredentialEncrypted is not documented!-->
<!--property LoadCredential is not documented!-->
<!--property LoadCredentialEncrypted is not documented!-->
<!--property ImportCredential is not documented!-->
<!--property SupplementaryGroups is not documented!-->
<!--property PAMName is not documented!-->
<!--property ReadWritePaths is not documented!-->
<!--property ReadOnlyPaths is not documented!-->
<!--property InaccessiblePaths is not documented!-->
<!--property ExecPaths is not documented!-->
<!--property NoExecPaths is not documented!-->
<!--property ExecSearchPath is not documented!-->
<!--property PrivateTmp is not documented!-->
<!--property PrivateDevices is not documented!-->
<!--property ProtectClock is not documented!-->
<!--property ProtectKernelTunables is not documented!-->
<!--property ProtectKernelModules is not documented!-->
<!--property ProtectKernelLogs is not documented!-->
<!--property ProtectControlGroups is not documented!-->
<!--property PrivateNetwork is not documented!-->
<!--property PrivateUsers is not documented!-->
<!--property PrivateMounts is not documented!-->
<!--property PrivateIPC is not documented!-->
<!--property ProtectHome is not documented!-->
<!--property ProtectSystem is not documented!-->
<!--property SameProcessGroup is not documented!-->
<!--property UtmpIdentifier is not documented!-->
<!--property UtmpMode is not documented!-->
<!--property SELinuxContext is not documented!-->
<!--property AppArmorProfile is not documented!-->
<!--property SmackProcessLabel is not documented!-->
<!--property IgnoreSIGPIPE is not documented!-->
<!--property NoNewPrivileges is not documented!-->
<!--property SystemCallFilter is not documented!-->
<!--property SystemCallArchitectures is not documented!-->
<!--property SystemCallErrorNumber is not documented!-->
<!--property SystemCallLog is not documented!-->
<!--property Personality is not documented!-->
<!--property LockPersonality is not documented!-->
<!--property RestrictAddressFamilies is not documented!-->
<!--property RuntimeDirectoryPreserve is not documented!-->
<!--property RuntimeDirectoryMode is not documented!-->
<!--property StateDirectoryMode is not documented!-->
<!--property CacheDirectoryMode is not documented!-->
<!--property LogsDirectoryMode is not documented!-->
<!--property ConfigurationDirectoryMode is not documented!-->
<!--property ConfigurationDirectory is not documented!-->
<!--property TimeoutCleanUSec is not documented!-->
<!--property MemoryDenyWriteExecute is not documented!-->
<!--property RestrictRealtime is not documented!-->
<!--property RestrictSUIDSGID is not documented!-->
<!--property RestrictNamespaces is not documented!-->
<!--property RestrictFileSystems is not documented!-->
<!--property BindPaths is not documented!-->
<!--property BindReadOnlyPaths is not documented!-->
<!--property TemporaryFileSystem is not documented!-->
<!--property MountAPIVFS is not documented!-->
<!--property KeyringMode is not documented!-->
<!--property ProtectProc is not documented!-->
<!--property ProcSubset is not documented!-->
<!--property ProtectHostname is not documented!-->
<!--property MemoryKSM is not documented!-->
<!--property NetworkNamespacePath is not documented!-->
<!--property IPCNamespacePath is not documented!-->
<!--property RootImagePolicy is not documented!-->
<!--property MountImagePolicy is not documented!-->
<!--property ExtensionImagePolicy is not documented!-->
<!--property KillMode is not documented!-->
<!--property KillSignal is not documented!-->
<!--property RestartKillSignal is not documented!-->
<!--property FinalKillSignal is not documented!-->
<!--property SendSIGKILL is not documented!-->
<!--property SendSIGHUP is not documented!-->
<!--property WatchdogSignal is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Swap"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Swap"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetProcesses()"/>
<variablelist class="dbus-method" generated="True" extra-ref="AttachProcesses()"/>
<variablelist class="dbus-property" generated="True" extra-ref="What"/>
<variablelist class="dbus-property" generated="True" extra-ref="Priority"/>
<variablelist class="dbus-property" generated="True" extra-ref="Options"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlPID"/>
<variablelist class="dbus-property" generated="True" extra-ref="Result"/>
<variablelist class="dbus-property" generated="True" extra-ref="UID"/>
<variablelist class="dbus-property" generated="True" extra-ref="GID"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecActivate"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecDeactivate"/>
<variablelist class="dbus-property" generated="True" extra-ref="Slice"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroupId"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="Delegate"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateSubgroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultStartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="DisableControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMSwap"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimit"/>
2021-01-29 04:35:17 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMPreference"/>
<variablelist class="dbus-property" generated="True" extra-ref="BPFProgram"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictNetworkInterfaces"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureWatch"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureThresholdUSec"/>
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="NFTSet"/>
2023-10-11 17:46:42 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="CoredumpReceive"/>
<variablelist class="dbus-property" generated="True" extra-ref="Environment"/>
<variablelist class="dbus-property" generated="True" extra-ref="EnvironmentFiles"/>
<variablelist class="dbus-property" generated="True" extra-ref="PassEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="UnsetEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="UMask"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCPU"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCPUSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitFSIZE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitFSIZESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitDATA"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitDATASoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSTACK"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSTACKSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCORE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitCORESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRSS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRSSSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNOFILE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNOFILESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitAS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitASSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNPROC"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNPROCSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMEMLOCK"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMEMLOCKSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitLOCKS"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitLOCKSSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSIGPENDING"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitSIGPENDINGSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMSGQUEUE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitMSGQUEUESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNICE"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitNICESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTPRIO"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTPRIOSoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTTIME"/>
<variablelist class="dbus-property" generated="True" extra-ref="LimitRTTIMESoft"/>
<variablelist class="dbus-property" generated="True" extra-ref="WorkingDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImage"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImageOptions"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHash"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashSignature"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootHashSignaturePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootVerity"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootEphemeral"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionDirectories"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionImages"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountImages"/>
<variablelist class="dbus-property" generated="True" extra-ref="OOMScoreAdjust"/>
<variablelist class="dbus-property" generated="True" extra-ref="CoredumpFilter"/>
<variablelist class="dbus-property" generated="True" extra-ref="Nice"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOSchedulingClass"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOSchedulingPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingPolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAffinity"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAffinityFromNUMA"/>
<variablelist class="dbus-property" generated="True" extra-ref="NUMAPolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="NUMAMask"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimerSlackNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUSchedulingResetOnFork"/>
<variablelist class="dbus-property" generated="True" extra-ref="NonBlocking"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInput"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInputFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardInputData"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardOutput"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardOutputFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardError"/>
<variablelist class="dbus-property" generated="True" extra-ref="StandardErrorFileDescriptorName"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYReset"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYVHangup"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYVTDisallocate"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYRows"/>
<variablelist class="dbus-property" generated="True" extra-ref="TTYColumns"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogPriority"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogIdentifier"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogLevelPrefix"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogLevel"/>
<variablelist class="dbus-property" generated="True" extra-ref="SyslogFacility"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogLevelMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogRateLimitIntervalUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogRateLimitBurst"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogExtraFields"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogFilterPatterns"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogNamespace"/>
<variablelist class="dbus-property" generated="True" extra-ref="SecureBits"/>
<variablelist class="dbus-property" generated="True" extra-ref="CapabilityBoundingSet"/>
<variablelist class="dbus-property" generated="True" extra-ref="AmbientCapabilities"/>
<variablelist class="dbus-property" generated="True" extra-ref="User"/>
<variablelist class="dbus-property" generated="True" extra-ref="Group"/>
<variablelist class="dbus-property" generated="True" extra-ref="DynamicUser"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetLoginEnvironment"/>
<variablelist class="dbus-property" generated="True" extra-ref="RemoveIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="SetCredentialEncrypted"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoadCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="LoadCredentialEncrypted"/>
<variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/>
<variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PAMName"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReadWritePaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ReadOnlyPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="InaccessiblePaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="NoExecPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExecSearchPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountFlags"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateTmp"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateDevices"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectClock"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelTunables"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelModules"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectKernelLogs"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectControlGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateNetwork"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateUsers"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateMounts"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivateIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHome"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectSystem"/>
<variablelist class="dbus-property" generated="True" extra-ref="SameProcessGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="UtmpIdentifier"/>
<variablelist class="dbus-property" generated="True" extra-ref="UtmpMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="SELinuxContext"/>
<variablelist class="dbus-property" generated="True" extra-ref="AppArmorProfile"/>
<variablelist class="dbus-property" generated="True" extra-ref="SmackProcessLabel"/>
<variablelist class="dbus-property" generated="True" extra-ref="IgnoreSIGPIPE"/>
<variablelist class="dbus-property" generated="True" extra-ref="NoNewPrivileges"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallFilter"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallArchitectures"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallErrorNumber"/>
<variablelist class="dbus-property" generated="True" extra-ref="SystemCallLog"/>
<variablelist class="dbus-property" generated="True" extra-ref="Personality"/>
<variablelist class="dbus-property" generated="True" extra-ref="LockPersonality"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictAddressFamilies"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectoryPreserve"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="StateDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="CacheDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectorySymlink"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="LogsDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConfigurationDirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="ConfigurationDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutCleanUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryDenyWriteExecute"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictRealtime"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictSUIDSGID"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictNamespaces"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictFileSystems"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="BindReadOnlyPaths"/>
<variablelist class="dbus-property" generated="True" extra-ref="TemporaryFileSystem"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountAPIVFS"/>
<variablelist class="dbus-property" generated="True" extra-ref="KeyringMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectProc"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProcSubset"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHostname"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryKSM"/>
<variablelist class="dbus-property" generated="True" extra-ref="NetworkNamespacePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPCNamespacePath"/>
<variablelist class="dbus-property" generated="True" extra-ref="RootImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="MountImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="ExtensionImagePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="KillMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="KillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="FinalKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendSIGKILL"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendSIGHUP"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogSignal"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Properties</title>
<para>Most of the properties map directly to the corresponding settings in swap unit files. As mount
units invoke the
<citerefentry project="man-pages"><refentrytitle>swapon</refentrytitle><manvolnum>8</manvolnum></citerefentry> command,
their bus objects include implicit <varname>ExecActivate</varname> (and similar) fields which contain
information about processes to execute. They also share most of the fields related to the execution
context that Service objects expose (see above). In addition to these properties there are the
following:</para>
<para><varname>ControlPID</varname> contains the PID of the currently running
<citerefentry project="man-pages"><refentrytitle>swapon</refentrytitle><manvolnum>8</manvolnum></citerefentry> or
<citerefentry project="man-pages"><refentrytitle>swapoff</refentrytitle><manvolnum>8</manvolnum></citerefentry>
command if there is one running, otherwise 0.</para>
<para><varname>Result</varname> contains a value explaining why a mount unit failed if it failed. It
can take the values <literal>success</literal>, <literal>resources</literal>,
2020-04-19 14:05:44 +03:00
<literal>timeout</literal>, <literal>exit-code</literal>, <literal>signal</literal>, or
<literal>core-dump</literal> which have the identical meanings as the corresponding values of the
corresponding field of service unit objects (see above).</para>
</refsect2>
</refsect1>
<refsect1>
<title>Path Unit Objects</title>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/cups_2epath" interface="org.freedesktop.systemd1.Path">
node /org/freedesktop/systemd1/unit/cups_2epath {
interface org.freedesktop.systemd1.Path {
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Unit = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) Paths = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b MakeDirectory = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u DirectoryMode = ...;
readonly s Result = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TriggerLimitIntervalUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u TriggerLimitBurst = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!--property MakeDirectory is not documented!-->
<!--property DirectoryMode is not documented!-->
<!--property TriggerLimitIntervalUSec is not documented!-->
<!--property TriggerLimitBurst is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Path"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Path"/>
<variablelist class="dbus-property" generated="True" extra-ref="Unit"/>
<variablelist class="dbus-property" generated="True" extra-ref="Paths"/>
<variablelist class="dbus-property" generated="True" extra-ref="MakeDirectory"/>
<variablelist class="dbus-property" generated="True" extra-ref="DirectoryMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="Result"/>
<variablelist class="dbus-property" generated="True" extra-ref="TriggerLimitIntervalUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="TriggerLimitBurst"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Properties</title>
<para>Most properties correspond directly with the matching settings in path unit files.</para>
<para>The others:</para>
<para><varname>Paths</varname> contains an array of structs. Each struct contains the condition to
watch, which can be one of <literal>PathExists</literal>, <literal>PathExistsGlob</literal>,
2020-04-19 14:05:44 +03:00
<literal>PathChanged</literal>, <literal>PathModified</literal>, or <literal>DirectoryNotEmpty</literal>
which correspond directly to the matching settings in the path unit files; and the path to watch,
possibly including glob expressions.</para>
<para><varname>Result</varname> contains a result value which can be <literal>success</literal> or
2020-04-19 14:05:44 +03:00
<literal>resources</literal> which have the same meaning as the corresponding field of the Service
interface.</para>
</refsect2>
</refsect1>
<refsect1>
<title>Slice Unit Objects</title>
<para>All slice unit objects implement the <interfacename>org.freedesktop.systemd1.Slice</interfacename>
interface (described here) in addition to the generic
<interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/system_2eslice" interface="org.freedesktop.systemd1.Slice">
node /org/freedesktop/systemd1/unit/system_2eslice {
interface org.freedesktop.systemd1.Slice {
methods:
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveTasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!--method GetProcesses is not documented!-->
<!--method AttachProcesses is not documented!-->
<!--property Slice is not documented!-->
<!--property ControlGroupId is not documented!-->
<!--property MemoryCurrent is not documented!-->
<!--property MemoryPeak is not documented!-->
<!--property MemorySwapCurrent is not documented!-->
<!--property MemorySwapPeak is not documented!-->
<!--property MemoryZSwapCurrent is not documented!-->
<!--property EffectiveMemoryMax is not documented!-->
<!--property EffectiveMemoryHigh is not documented!-->
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
<!--property EffectiveMemoryNodes is not documented!-->
<!--property TasksCurrent is not documented!-->
<!--property EffectiveTasksMax is not documented!-->
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
<!--property IPEgressBytes is not documented!-->
<!--property IPEgressPackets is not documented!-->
<!--property IOReadBytes is not documented!-->
<!--property IOReadOperations is not documented!-->
<!--property IOWriteBytes is not documented!-->
<!--property IOWriteOperations is not documented!-->
<!--property Delegate is not documented!-->
<!--property DelegateControllers is not documented!-->
<!--property CPUAccounting is not documented!-->
<!--property CPUWeight is not documented!-->
<!--property StartupCPUWeight is not documented!-->
<!--property CPUShares is not documented!-->
<!--property StartupCPUShares is not documented!-->
<!--property CPUQuotaPerSecUSec is not documented!-->
<!--property CPUQuotaPeriodUSec is not documented!-->
<!--property AllowedCPUs is not documented!-->
<!--property StartupAllowedCPUs is not documented!-->
<!--property AllowedMemoryNodes is not documented!-->
<!--property StartupAllowedMemoryNodes is not documented!-->
<!--property IOAccounting is not documented!-->
<!--property IOWeight is not documented!-->
<!--property StartupIOWeight is not documented!-->
<!--property IODeviceWeight is not documented!-->
<!--property IOReadBandwidthMax is not documented!-->
<!--property IOWriteBandwidthMax is not documented!-->
<!--property IOReadIOPSMax is not documented!-->
<!--property IOWriteIOPSMax is not documented!-->
<!--property IODeviceLatencyTargetUSec is not documented!-->
<!--property BlockIOAccounting is not documented!-->
<!--property BlockIOWeight is not documented!-->
<!--property StartupBlockIOWeight is not documented!-->
<!--property BlockIODeviceWeight is not documented!-->
<!--property BlockIOReadBandwidth is not documented!-->
<!--property BlockIOWriteBandwidth is not documented!-->
<!--property MemoryAccounting is not documented!-->
<!--property DefaultMemoryLow is not documented!-->
<!--property DefaultStartupMemoryLow is not documented!-->
<!--property DefaultMemoryMin is not documented!-->
<!--property MemoryMin is not documented!-->
<!--property MemoryLow is not documented!-->
<!--property StartupMemoryLow is not documented!-->
<!--property MemoryHigh is not documented!-->
<!--property StartupMemoryHigh is not documented!-->
<!--property MemoryMax is not documented!-->
<!--property StartupMemoryMax is not documented!-->
<!--property MemorySwapMax is not documented!-->
<!--property StartupMemorySwapMax is not documented!-->
<!--property MemoryZSwapMax is not documented!-->
<!--property StartupMemoryZSwapMax is not documented!-->
<!--property MemoryLimit is not documented!-->
<!--property DevicePolicy is not documented!-->
<!--property DeviceAllow is not documented!-->
<!--property TasksAccounting is not documented!-->
<!--property TasksMax is not documented!-->
<!--property IPAccounting is not documented!-->
<!--property IPAddressAllow is not documented!-->
<!--property IPAddressDeny is not documented!-->
<!--property IPIngressFilterPath is not documented!-->
<!--property IPEgressFilterPath is not documented!-->
<!--property DisableControllers is not documented!-->
<!--property ManagedOOMSwap is not documented!-->
<!--property ManagedOOMMemoryPressure is not documented!-->
<!--property ManagedOOMMemoryPressureLimit is not documented!-->
2021-01-29 04:35:17 +03:00
<!--property ManagedOOMPreference is not documented!-->
<!--property BPFProgram is not documented!-->
<!--property SocketBindAllow is not documented!-->
<!--property SocketBindDeny is not documented!-->
<!--property RestrictNetworkInterfaces is not documented!-->
<!--property MemoryPressureWatch is not documented!-->
<!--property MemoryPressureThresholdUSec is not documented!-->
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<!--property NFTSet is not documented!-->
2023-10-11 17:46:42 +03:00
<!--property CoredumpReceive is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Slice"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Slice"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetProcesses()"/>
<variablelist class="dbus-method" generated="True" extra-ref="AttachProcesses()"/>
<variablelist class="dbus-property" generated="True" extra-ref="Slice"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroupId"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="Delegate"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateSubgroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultStartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="DisableControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMSwap"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimit"/>
2021-01-29 04:35:17 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMPreference"/>
<variablelist class="dbus-property" generated="True" extra-ref="BPFProgram"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictNetworkInterfaces"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureWatch"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureThresholdUSec"/>
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="NFTSet"/>
2023-10-11 17:46:42 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="CoredumpReceive"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Properties</title>
<para>Most properties correspond directly with the matching settings in slice unit files.</para>
</refsect2>
</refsect1>
<refsect1>
<title>Scope Unit Objects</title>
2020-08-05 20:44:53 +03:00
<para>All scope unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename>
interface (described here) in addition to the generic
<interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/unit/session_2d1_2escope" interface="org.freedesktop.systemd1.Scope">
node /org/freedesktop/systemd1/unit/session_2d1_2escope {
interface org.freedesktop.systemd1.Scope {
methods:
Abandon();
GetProcesses(out a(sus) processes);
AttachProcesses(in s subcgroup,
in au pids);
signals:
RequestStop();
properties:
readonly s Controller = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t TimeoutStopUSec = ...;
readonly s Result = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RuntimeMaxUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RuntimeRandomizedExtraUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s OOMPolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ControlGroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t ControlGroupId = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapPeak = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryAvailable = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUUsageNSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay EffectiveMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksCurrent = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t EffectiveTasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPIngressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IPEgressPackets = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOReadOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteBytes = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWriteOperations = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b Delegate = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DelegateControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DelegateSubgroup = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CPUAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupCPUShares = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPerSecUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t CPUQuotaPeriodUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedCPUs = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay AllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly ay StartupAllowedMemoryNodes = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t IOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteBandwidthMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOReadIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IOWriteIOPSMax = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) IODeviceLatencyTargetUSec = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b BlockIOAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t BlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupBlockIOWeight = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIODeviceWeight = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOReadBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(st) BlockIOWriteBandwidth = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b MemoryAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultStartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t DefaultMemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMin = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryLow = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryHigh = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemorySwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t StartupMemoryZSwapMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryLimit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s DevicePolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) DeviceAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b TasksAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t TasksMax = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b IPAccounting = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iayu) IPAddressDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPIngressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as IPEgressFilterPath = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly as DisableControllers = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMSwap = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMMemoryPressure = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly u ManagedOOMMemoryPressureLimit = ...;
2021-01-29 04:35:17 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s ManagedOOMPreference = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(ss) BPFProgram = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindAllow = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiqq) SocketBindDeny = [...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly (bas) RestrictNetworkInterfaces = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s MemoryPressureWatch = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly t MemoryPressureThresholdUSec = ...;
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly a(iiss) NFTSet = [...];
2023-10-11 17:46:42 +03:00
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly b CoredumpReceive = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s KillMode = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i KillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i RestartKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i FinalKillSignal = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGKILL = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b SendSIGHUP = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly i WatchdogSignal = ...;
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
interface org.freedesktop.systemd1.Unit { ... };
};
</programlisting>
<!--method GetProcesses is not documented!-->
<!--method AttachProcesses is not documented!-->
<!--property RuntimeMaxUSec is not documented!-->
<!--property RuntimeRandomizedExtraUSec is not documented!-->
<!--property OOMPolicy is not documented!-->
<!--property Slice is not documented!-->
<!--property ControlGroupId is not documented!-->
<!--property MemoryCurrent is not documented!-->
<!--property MemoryPeak is not documented!-->
<!--property MemorySwapCurrent is not documented!-->
<!--property MemorySwapPeak is not documented!-->
<!--property MemoryZSwapCurrent is not documented!-->
<!--property EffectiveMemoryMax is not documented!-->
<!--property EffectiveMemoryHigh is not documented!-->
<!--property CPUUsageNSec is not documented!-->
<!--property EffectiveCPUs is not documented!-->
<!--property EffectiveMemoryNodes is not documented!-->
<!--property TasksCurrent is not documented!-->
<!--property EffectiveTasksMax is not documented!-->
<!--property IPIngressBytes is not documented!-->
<!--property IPIngressPackets is not documented!-->
<!--property IPEgressBytes is not documented!-->
<!--property IPEgressPackets is not documented!-->
<!--property IOReadBytes is not documented!-->
<!--property IOReadOperations is not documented!-->
<!--property IOWriteBytes is not documented!-->
<!--property IOWriteOperations is not documented!-->
<!--property Delegate is not documented!-->
<!--property DelegateControllers is not documented!-->
<!--property CPUAccounting is not documented!-->
<!--property CPUWeight is not documented!-->
<!--property StartupCPUWeight is not documented!-->
<!--property CPUShares is not documented!-->
<!--property StartupCPUShares is not documented!-->
<!--property CPUQuotaPerSecUSec is not documented!-->
<!--property CPUQuotaPeriodUSec is not documented!-->
<!--property AllowedCPUs is not documented!-->
<!--property StartupAllowedCPUs is not documented!-->
<!--property AllowedMemoryNodes is not documented!-->
<!--property StartupAllowedMemoryNodes is not documented!-->
<!--property IOAccounting is not documented!-->
<!--property IOWeight is not documented!-->
<!--property StartupIOWeight is not documented!-->
<!--property IODeviceWeight is not documented!-->
<!--property IOReadBandwidthMax is not documented!-->
<!--property IOWriteBandwidthMax is not documented!-->
<!--property IOReadIOPSMax is not documented!-->
<!--property IOWriteIOPSMax is not documented!-->
<!--property IODeviceLatencyTargetUSec is not documented!-->
<!--property BlockIOAccounting is not documented!-->
<!--property BlockIOWeight is not documented!-->
<!--property StartupBlockIOWeight is not documented!-->
<!--property BlockIODeviceWeight is not documented!-->
<!--property BlockIOReadBandwidth is not documented!-->
<!--property BlockIOWriteBandwidth is not documented!-->
<!--property MemoryAccounting is not documented!-->
<!--property DefaultMemoryLow is not documented!-->
<!--property DefaultStartupMemoryLow is not documented!-->
<!--property DefaultMemoryMin is not documented!-->
<!--property MemoryMin is not documented!-->
<!--property MemoryLow is not documented!-->
<!--property StartupMemoryLow is not documented!-->
<!--property MemoryHigh is not documented!-->
<!--property StartupMemoryHigh is not documented!-->
<!--property MemoryMax is not documented!-->
<!--property StartupMemoryMax is not documented!-->
<!--property MemorySwapMax is not documented!-->
<!--property StartupMemorySwapMax is not documented!-->
<!--property MemoryZSwapMax is not documented!-->
<!--property StartupMemoryZSwapMax is not documented!-->
<!--property MemoryLimit is not documented!-->
<!--property DevicePolicy is not documented!-->
<!--property DeviceAllow is not documented!-->
<!--property TasksAccounting is not documented!-->
<!--property TasksMax is not documented!-->
<!--property IPAccounting is not documented!-->
<!--property IPAddressAllow is not documented!-->
<!--property IPAddressDeny is not documented!-->
<!--property IPIngressFilterPath is not documented!-->
<!--property IPEgressFilterPath is not documented!-->
<!--property DisableControllers is not documented!-->
<!--property ManagedOOMSwap is not documented!-->
<!--property ManagedOOMMemoryPressure is not documented!-->
<!--property ManagedOOMMemoryPressureLimit is not documented!-->
2021-01-29 04:35:17 +03:00
<!--property ManagedOOMPreference is not documented!-->
<!--property BPFProgram is not documented!-->
<!--property SocketBindAllow is not documented!-->
<!--property SocketBindDeny is not documented!-->
<!--property RestrictNetworkInterfaces is not documented!-->
<!--property MemoryPressureWatch is not documented!-->
<!--property MemoryPressureThresholdUSec is not documented!-->
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<!--property NFTSet is not documented!-->
2023-10-11 17:46:42 +03:00
<!--property CoredumpReceive is not documented!-->
<!--property KillMode is not documented!-->
<!--property KillSignal is not documented!-->
<!--property RestartKillSignal is not documented!-->
<!--property FinalKillSignal is not documented!-->
<!--property SendSIGKILL is not documented!-->
<!--property SendSIGHUP is not documented!-->
<!--property WatchdogSignal is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Scope"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Unit"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Scope"/>
<variablelist class="dbus-method" generated="True" extra-ref="Abandon()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetProcesses()"/>
<variablelist class="dbus-method" generated="True" extra-ref="AttachProcesses()"/>
<variablelist class="dbus-signal" generated="True" extra-ref="RequestStop()"/>
<variablelist class="dbus-property" generated="True" extra-ref="Controller"/>
<variablelist class="dbus-property" generated="True" extra-ref="TimeoutStopUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="Result"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeMaxUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeRandomizedExtraUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="OOMPolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="Slice"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroupId"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapPeak"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAvailable"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUUsageNSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksCurrent"/>
<variablelist class="dbus-property" generated="True" extra-ref="EffectiveTasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressPackets"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBytes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteOperations"/>
<variablelist class="dbus-property" generated="True" extra-ref="Delegate"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="DelegateSubgroup"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedCPUs"/>
<variablelist class="dbus-property" generated="True" extra-ref="AllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupAllowedMemoryNodes"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteBandwidthMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOReadIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IOWriteIOPSMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultStartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMin"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryLow"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryHigh"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemorySwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="StartupMemoryZSwapMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
<variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
<variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="TasksMax"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAccounting"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPAddressDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPIngressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="IPEgressFilterPath"/>
<variablelist class="dbus-property" generated="True" extra-ref="DisableControllers"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMSwap"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/>
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimit"/>
2021-01-29 04:35:17 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMPreference"/>
<variablelist class="dbus-property" generated="True" extra-ref="BPFProgram"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindAllow"/>
<variablelist class="dbus-property" generated="True" extra-ref="SocketBindDeny"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestrictNetworkInterfaces"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureWatch"/>
<variablelist class="dbus-property" generated="True" extra-ref="MemoryPressureThresholdUSec"/>
core: firewall integration of cgroups with NFTSet= New directive `NFTSet=` provides a method for integrating dynamic cgroup IDs into firewall rules with NFT sets. The benefit of using this setting is to be able to use control group as a selector in firewall rules easily and this in turn allows more fine grained filtering. Also, NFT rules for cgroup matching use numeric cgroup IDs, which change every time a service is restarted, making them hard to use in systemd environment. This option expects a whitespace separated list of NFT set definitions. Each definition consists of a colon-separated tuple of source type (only "cgroup"), NFT address family (one of "arp", "bridge", "inet", "ip", "ip6", or "netdev"), table name and set name. The names of tables and sets must conform to lexical restrictions of NFT table names. The type of the element used in the NFT filter must be "cgroupsv2". When a control group for a unit is realized, the cgroup ID will be appended to the NFT sets and it will be be removed when the control group is removed. systemd only inserts elements to (or removes from) the sets, so the related NFT rules, tables and sets must be prepared elsewhere in advance. Failures to manage the sets will be ignored. If the firewall rules are reinstalled so that the contents of NFT sets are destroyed, command systemctl daemon-reload can be used to refill the sets. Example: ``` table inet filter { ... set timesyncd { type cgroupsv2 } chain ntp_output { socket cgroupv2 != @timesyncd counter drop accept } ... } ``` /etc/systemd/system/systemd-timesyncd.service.d/override.conf ``` [Service] NFTSet=cgroup:inet:filter:timesyncd ``` ``` $ sudo nft list set inet filter timesyncd table inet filter { set timesyncd { type cgroupsv2 elements = { "system.slice/systemd-timesyncd.service" } } } ```
2023-09-02 21:55:36 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="NFTSet"/>
2023-10-11 17:46:42 +03:00
<variablelist class="dbus-property" generated="True" extra-ref="CoredumpReceive"/>
<variablelist class="dbus-property" generated="True" extra-ref="KillMode"/>
<variablelist class="dbus-property" generated="True" extra-ref="KillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="RestartKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="FinalKillSignal"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendSIGKILL"/>
<variablelist class="dbus-property" generated="True" extra-ref="SendSIGHUP"/>
<variablelist class="dbus-property" generated="True" extra-ref="WatchdogSignal"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Methods</title>
<para><function>Abandon()</function> may be used to place a scope unit in the "abandoned" state. This
may be used to inform the system manager that the manager that created the scope lost interest in the
2020-04-19 14:05:44 +03:00
scope (for example, because it is terminating), without wanting to shut down the scope entirely.</para>
</refsect2>
<refsect2>
<title>Signals</title>
<para><function>RequestStop()</function> is sent to the peer that is configured in the
<varname>Controller</varname> property when systemd is requested to terminate the scope unit. A program
2020-04-19 14:05:44 +03:00
registering a scope can use this to cleanly shut down the processes it added to the scope instead of
letting systemd do it with the usual <constant>SIGTERM</constant> logic.</para>
</refsect2>
<refsect2>
<title>Properties</title>
2020-04-19 14:05:44 +03:00
<para>All properties correspond directly with the matching properties of service units.</para>
<para><varname>Controller</varname> contains the bus name (unique or well-known) that is notified when
the scope unit is to be shut down via a <function>RequestStop()</function> signal (see below). This is
2020-04-19 14:05:44 +03:00
set when the scope is created. If not set, the scope's processes will terminated with
<constant>SIGTERM</constant> directly.</para>
</refsect2>
</refsect1>
<refsect1>
<title>Job Objects</title>
<para>Job objects encapsulate scheduled or running jobs. Each unit can have none or one jobs in the
execution queue. Each job is attached to exactly one unit.</para>
<programlisting executable="systemd" node="/org/freedesktop/systemd1/job/666" interface="org.freedesktop.systemd1.Job">
node /org/freedesktop/systemd1/job/666 {
interface org.freedesktop.systemd1.Job {
methods:
Cancel();
GetAfter(out a(usssoo) jobs);
GetBefore(out a(usssoo) jobs);
properties:
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly u Id = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly (so) Unit = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s JobType = '...';
readonly s State = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly a(ss) ActivationDetails = [...];
};
interface org.freedesktop.DBus.Peer { ... };
interface org.freedesktop.DBus.Introspectable { ... };
interface org.freedesktop.DBus.Properties { ... };
};
</programlisting>
<!--method GetAfter is not documented!-->
<!--method GetBefore is not documented!-->
<!--Autogenerated cross-references for systemd.directives, do not edit-->
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Job"/>
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.systemd1.Job"/>
<variablelist class="dbus-method" generated="True" extra-ref="Cancel()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetAfter()"/>
<variablelist class="dbus-method" generated="True" extra-ref="GetBefore()"/>
<variablelist class="dbus-property" generated="True" extra-ref="Id"/>
<variablelist class="dbus-property" generated="True" extra-ref="Unit"/>
<variablelist class="dbus-property" generated="True" extra-ref="JobType"/>
<variablelist class="dbus-property" generated="True" extra-ref="State"/>
<variablelist class="dbus-property" generated="True" extra-ref="ActivationDetails"/>
<!--End of Autogenerated section-->
<refsect2>
<title>Methods</title>
<para><function>Cancel()</function> cancels the job. Note that this will remove a job from the queue if
it is not yet executed but generally will not cause a job that is already in the process of being
executed to be aborted. This operation may also be requested via the <function>CancelJob()</function>
method of the Manager object (see above), which is sometimes useful to reduce roundtrips.</para>
</refsect2>
<refsect2>
<title>Properties</title>
<para><varname>Id</varname> is the numeric Id of the job. During the runtime of a systemd instance each
numeric ID is only assigned once.</para>
2020-04-19 14:05:44 +03:00
<para><varname>Unit</varname> refers to the unit this job belongs to. It is a structure consisting of
the name of the unit and a bus path to the unit's object.</para>
<para><varname>JobType</varname> refers to the job's type and is one of <literal>start</literal>,
<literal>verify-active</literal>, <literal>stop</literal>, <literal>reload</literal>,
2020-04-19 14:05:44 +03:00
<literal>restart</literal>, <literal>try-restart</literal>, or <literal>reload-or-start</literal>. Note
that later versions might define additional values.</para>
<para><varname>State</varname> refers to the job's state and is one of <literal>waiting</literal> and
<literal>running</literal>. The former indicates that a job is currently queued but has not begun to
2020-04-19 14:05:44 +03:00
execute yet. The latter indicates that a job is currently being executed.</para>
<para><varname>ActivationDetails</varname> has the same content as the property of the same name under
the <varname>org.freedesktop.systemd1.Unit</varname> interface.</para>
</refsect2>
</refsect1>
<refsect1>
<title>Examples</title>
<example>
<title>Introspect <interfacename>org.freedesktop.systemd1.Manager</interfacename> on the bus</title>
<programlisting>
$ gdbus introspect --system \
--dest org.freedesktop.systemd1 \
--object-path /org/freedesktop/systemd1
</programlisting>
</example>
<example>
<title>Introspect a unit on the bus</title>
<programlisting>
$ busctl introspect org.freedesktop.systemd1 \
$(busctl call org.freedesktop.systemd1 \
/org/freedesktop/systemd1 \
org.freedesktop.systemd1.Manager \
GetUnit s systemd-resolved.service | cut -d'"' -f2)
</programlisting>
</example>
<example>
<title>Introspect <interfacename>org.freedesktop.systemd1.Job</interfacename> on the bus</title>
<programlisting>
$ gdbus introspect --system --dest org.freedesktop.systemd1 \
--object-path /org/freedesktop/systemd1/job/1292
</programlisting>
</example>
</refsect1>
2022-05-05 11:53:29 +03:00
<xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
<refsect1>
<title>History</title>
<refsect2>
<title>The Manager Object</title>
<para><varname>RuntimeWatchdogPreUSec</varname> and
<varname>RuntimeWatchdogPreGovernor</varname> were added in version 251.</para>
<para><varname>WatchdogDevice</varname>,
<varname>WatchdogLastPingTimestamp</varname>,
<varname>WatchdogLastPingTimestampMonotonic</varname>,
<varname>DefaultDeviceTimeoutUSec</varname>,
<function>DumpUnitsMatchingPatterns()</function>, and
<function>DumpUnitsMatchingPatternsByFileDescriptor()</function> were added in version 252.</para>
<para><function>GetUnitByPIDFD()</function> and
<function>DisableUnitFilesWithFlagsAndInstallInfo()</function> were added in version 253.</para>
<para><varname>ConfidentialVirtualization</varname>,
<varname>DefaultIOAccounting</varname>,
<varname>DefaultIPAccounting</varname>,
<varname>DefaultMemoryPressureThresholdUSec</varname>,
<varname>DefaultMemoryPressureWatch</varname>,
<function>QueueSignalUnit()</function>,
<function>SoftReboot()</function>, and
<function>DumpUnitFileDescriptorStore()</function> were added in version 254.</para>
<para><function>StartAuxiliaryScope()</function> was added in version 256.</para>
</refsect2>
<refsect2>
<title>Unit Objects</title>
<para><varname>Upholds</varname> and
<varname>UpheldBy</varname> were added in version 251.</para>
<para><varname>AccessSELinuxContext</varname> and
<varname>ActivationDetails</varname> were added in version 252.</para>
<para><function>QueueSignal()</function> was added in version 254.</para>
<para><varname>SurviveFinalKillSignal</varname> was added in version 255.</para>
<para><varname>WantsMountsFor</varname> was added in version 256.</para>
</refsect2>
<refsect2>
<title>Service Unit Objects</title>
<para><varname>ControlGroupId</varname> and
<varname>ExtensionDirectories</varname> were added in version 251.</para>
<para><varname>OpenFile</varname>,
<varname>ReloadSignal</varname>,
<varname>MemoryZSwapMax</varname>, and
<varname>LogFilterPatterns</varname> were added in version 253.</para>
<para><varname>RestartMode</varname>,
<varname>RestartSteps</varname>,
<varname>RestartMaxDelayUSec</varname>,
<varname>RestartUSecNext</varname>,
<varname>FileDescriptorStorePreserve</varname>,
<function>DumpFileDescriptorStore()</function>,
<varname>DelegateSubgroup</varname>,
<varname>DefaultStartupMemoryLow</varname>,
<varname>StartupMemoryLow</varname>,
<varname>StartupMemoryHigh</varname>,
<varname>StartupMemoryMax</varname>,
<varname>StartupMemorySwapMax</varname>,
<varname>StartupMemoryZSwapMax</varname>,
<varname>MemoryPressureWatch</varname>,
<varname>MemoryPressureThresholdUSec</varname>,
<varname>RootEphemeral</varname>,
<varname>ImportCredential</varname>,
<varname>MemoryKSM</varname>,
<varname>RootImagePolicy</varname>,
<varname>MountImagePolicy</varname>, and
<varname>ExtensionImagePolicy</varname> were added in version 254.</para>
2023-10-11 17:46:42 +03:00
<para><varname>NFTSet</varname>,
<varname>SetLoginEnvironment</varname>,
<varname>CoredumpReceive</varname>,
<varname>MemoryPeak</varname>,
<varname>MemorySwapCurrent</varname>,
<varname>MemorySwapPeak</varname>, and
<varname>MemoryZSwapCurrent</varname> were added in version 255.</para>
<para><varname>EffectiveMemoryHigh</varname>,
<varname>EffectiveMemoryMax</varname>,
<varname>EffectiveTasksMax</varname> were added in version 256.</para>
</refsect2>
<refsect2>
<title>Socket Unit Objects</title>
<para><varname>ControlGroupId</varname> and
<varname>ExtensionDirectories</varname> were added in version 251.</para>
<para><varname>MemoryZSwapMax</varname> and
<varname>LogFilterPatterns</varname> were added in version 253.</para>
<para><varname>DelegateSubgroup</varname>,
<varname>DefaultStartupMemoryLow</varname>,
<varname>StartupMemoryLow</varname>,
<varname>StartupMemoryHigh</varname>,
<varname>StartupMemoryMax</varname>,
<varname>StartupMemorySwapMax</varname>,
<varname>StartupMemoryZSwapMax</varname>,
<varname>MemoryPressureWatch</varname>,
<varname>MemoryPressureThresholdUSec</varname>,
<varname>RootEphemeral</varname>,
<varname>ImportCredential</varname>,
<varname>MemoryKSM</varname>,
<varname>RootImagePolicy</varname>,
<varname>MountImagePolicy</varname>, and
<varname>ExtensionImagePolicy</varname> were added in version 254.</para>
<para><varname>PollLimitIntervalUSec</varname>,
<varname>PollLimitBurst</varname>,
2023-10-11 17:46:42 +03:00
<varname>NFTSet</varname>,
<varname>SetLoginEnvironment</varname>,
<varname>CoredumpReceive</varname>,
<varname>MemoryPeak</varname>,
<varname>MemorySwapCurrent</varname>,
<varname>MemorySwapPeak</varname>, and
<varname>MemoryZSwapCurrent</varname> were added in version 255.</para>
<para><varname>EffectiveMemoryHigh</varname>,
<varname>EffectiveMemoryMax</varname>,
<varname>EffectiveTasksMax</varname> were added in version 256.</para>
</refsect2>
<refsect2>
<title>Mount Unit Objects</title>
<para><varname>ControlGroupId</varname> and
<varname>ExtensionDirectories</varname> were added in version 251.</para>
<para><varname>MemoryZSwapMax</varname> and
<varname>LogFilterPatterns</varname> were added in version 253.</para>
<para><varname>DelegateSubgroup</varname>,
<varname>DefaultStartupMemoryLow</varname>,
<varname>StartupMemoryLow</varname>,
<varname>StartupMemoryHigh</varname>,
<varname>StartupMemoryMax</varname>,
<varname>StartupMemorySwapMax</varname>,
<varname>StartupMemoryZSwapMax</varname>,
<varname>MemoryPressureWatch</varname>,
<varname>MemoryPressureThresholdUSec</varname>,
<varname>RootEphemeral</varname>,
<varname>ImportCredential</varname>,
<varname>MemoryKSM</varname>,
<varname>RootImagePolicy</varname>,
<varname>MountImagePolicy</varname>, and
<varname>ExtensionImagePolicy</varname> were added in version 254.</para>
2023-10-11 17:46:42 +03:00
<para><varname>NFTSet</varname>,
<varname>SetLoginEnvironment</varname>,
<varname>CoredumpReceive</varname>,
<varname>MemoryPeak</varname>,
<varname>MemorySwapCurrent</varname>,
<varname>MemorySwapPeak</varname>, and
<varname>MemoryZSwapCurrent</varname> were added in version 255.</para>
<para><varname>EffectiveMemoryHigh</varname>,
<varname>EffectiveMemoryMax</varname>,
<varname>EffectiveTasksMax</varname> were added in version 256.</para>
</refsect2>
<refsect2>
<title>Swap Unit Objects</title>
<para><varname>ControlGroupId</varname> and
<varname>ExtensionDirectories</varname> were added in version 251.</para>
<para><varname>MemoryZSwapMax</varname> and
<varname>LogFilterPatterns</varname> were added in version 253.</para>
<para><varname>DelegateSubgroup</varname>,
<varname>DefaultStartupMemoryLow</varname>,
<varname>StartupMemoryLow</varname>,
<varname>StartupMemoryHigh</varname>,
<varname>StartupMemoryMax</varname>,
<varname>StartupMemorySwapMax</varname>,
<varname>StartupMemoryZSwapMax</varname>,
<varname>MemoryPressureWatch</varname>,
<varname>MemoryPressureThresholdUSec</varname>,
<varname>RootEphemeral</varname>,
<varname>ImportCredential</varname>,
<varname>MemoryKSM</varname>,
<varname>RootImagePolicy</varname>,
<varname>MountImagePolicy</varname>, and
<varname>ExtensionImagePolicy</varname> were added in version 254.</para>
2023-10-11 17:46:42 +03:00
<para><varname>NFTSet</varname>,
<varname>SetLoginEnvironment</varname>,
<varname>CoredumpReceive</varname>,
<varname>MemoryPeak</varname>,
<varname>MemorySwapCurrent</varname>,
<varname>MemorySwapPeak</varname>, and
<varname>MemoryZSwapCurrent</varname> were added in version 255.</para>
<para><varname>EffectiveMemoryHigh</varname>,
<varname>EffectiveMemoryMax</varname>,
<varname>EffectiveTasksMax</varname> were added in version 256.</para>
</refsect2>
<refsect2>
<title>Slice Unit Objects</title>
<para><varname>ControlGroupId</varname> was added in version 251.</para>
<para><varname>MemoryZSwapMax</varname> was added in version 253.</para>
<para><varname>DelegateSubgroup</varname>,
<varname>DefaultStartupMemoryLow</varname>,
<varname>StartupMemoryLow</varname>,
<varname>StartupMemoryHigh</varname>,
<varname>StartupMemoryMax</varname>,
<varname>StartupMemorySwapMax</varname>,
<varname>StartupMemoryZSwapMax</varname>,
<varname>MemoryPressureWatch</varname>, and
<varname>MemoryPressureThresholdUSec</varname> were added in version 254.</para>
<para><varname>NFTSet</varname>,
<varname>CoredumpReceive</varname>,
<varname>MemoryPeak</varname>,
<varname>MemorySwapCurrent</varname>,
<varname>MemorySwapPeak</varname>, and
<varname>MemoryZSwapCurrent</varname> were added in version 255.</para>
<para><varname>EffectiveMemoryHigh</varname>,
<varname>EffectiveMemoryMax</varname>,
<varname>EffectiveTasksMax</varname> were added in version 256.</para>
</refsect2>
<refsect2>
<title>Scope Unit Objects</title>
<para><varname>ControlGroupId</varname> was added in version 251.</para>
<para><varname>OOMPolicy</varname> and
<varname>MemoryZSwapMax</varname> were added in version 253.</para>
<para><varname>DelegateSubgroup</varname>,
<varname>DefaultStartupMemoryLow</varname>,
<varname>StartupMemoryLow</varname>,
<varname>StartupMemoryHigh</varname>,
<varname>StartupMemoryMax</varname>,
<varname>StartupMemorySwapMax</varname>,
<varname>StartupMemoryZSwapMax</varname>,
<varname>MemoryPressureWatch</varname>, and
<varname>MemoryPressureThresholdUSec</varname> were added in version 254.</para>
<para><varname>NFTSet</varname>,
<varname>CoredumpReceive</varname>,
<varname>MemoryPeak</varname>,
<varname>MemorySwapCurrent</varname>,
<varname>MemorySwapPeak</varname>, and
<varname>MemoryZSwapCurrent</varname> were added in version 255.</para>
<para><varname>EffectiveMemoryHigh</varname>,
<varname>EffectiveMemoryMax</varname>,
<varname>EffectiveTasksMax</varname> were added in version 256.</para>
</refsect2>
<refsect2>
<title>Job Objects</title>
<para><varname>ActivationDetails</varname> was added in version 252.</para>
</refsect2>
</refsect1>
</refentry>