mirror of
https://github.com/systemd/systemd.git
synced 2024-12-25 01:34:28 +03:00
430 lines
24 KiB
XML
430 lines
24 KiB
XML
<?xml version='1.0'?> <!--*-nxml-*-->
|
|
<?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
|
|
<!--
|
|
This file is part of systemd.
|
|
|
|
Copyright 2010 Lennart Poettering
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
-->
|
|
|
|
<refentry id="systemd-system.conf">
|
|
<refentryinfo>
|
|
<title>systemd-system.conf</title>
|
|
<productname>systemd</productname>
|
|
|
|
<authorgroup>
|
|
<author>
|
|
<contrib>Developer</contrib>
|
|
<firstname>Lennart</firstname>
|
|
<surname>Poettering</surname>
|
|
<email>lennart@poettering.net</email>
|
|
</author>
|
|
</authorgroup>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>systemd-system.conf</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>systemd-system.conf</refname>
|
|
<refname>systemd-user.conf</refname>
|
|
<refpurpose>System and session service manager configuration file</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<para><filename>/etc/systemd/system.conf</filename></para>
|
|
<para><filename>/etc/systemd/user.conf</filename></para>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>When run as system instance systemd reads the
|
|
configuration file <filename>system.conf</filename>,
|
|
otherwise <filename>user.conf</filename>. These
|
|
configuration files contain a few settings controlling
|
|
basic manager operations.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Options</title>
|
|
|
|
<para>All options are configured in the
|
|
<literal>[Manager]</literal> section:</para>
|
|
|
|
<variablelist class='systemd-directives'>
|
|
|
|
<varlistentry>
|
|
<term><varname>LogLevel=</varname></term>
|
|
<term><varname>LogTarget=</varname></term>
|
|
<term><varname>LogColor=</varname></term>
|
|
<term><varname>LogLocation=</varname></term>
|
|
<term><varname>DumpCore=yes</varname></term>
|
|
<term><varname>CrashShell=no</varname></term>
|
|
<term><varname>ShowStatus=yes</varname></term>
|
|
<term><varname>CrashChVT=1</varname></term>
|
|
<term><varname>DefaultStandardOutput=journal</varname></term>
|
|
<term><varname>DefaultStandardError=inherit</varname></term>
|
|
|
|
<listitem><para>Configures various
|
|
parameters of basic manager
|
|
operation. These options may be
|
|
overridden by the respective command
|
|
line arguments. See
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
for details about these command line
|
|
arguments.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>CPUAffinity=</varname></term>
|
|
|
|
<listitem><para>Configures the initial
|
|
CPU affinity for the init
|
|
process. Takes a space-separated list
|
|
of CPU indices.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term>
|
|
|
|
<listitem><para>Configures controllers
|
|
that shall be mounted in a single
|
|
hierarchy. By default, systemd will
|
|
mount all controllers which are
|
|
enabled in the kernel in individual
|
|
hierarchies, with the exception of
|
|
those listed in this setting. Takes a
|
|
space-separated list of comma-separated
|
|
controller names, in order
|
|
to allow multiple joined
|
|
hierarchies. Defaults to
|
|
'cpu,cpuacct'. Pass an empty string to
|
|
ensure that systemd mounts all
|
|
controllers in separate
|
|
hierarchies.</para>
|
|
|
|
<para>Note that this option is only
|
|
applied once, at very early boot. If
|
|
you use an initial RAM disk (initrd)
|
|
that uses systemd, it might hence be
|
|
necessary to rebuild the initrd if
|
|
this option is changed, and make sure
|
|
the new configuration file is included
|
|
in it. Otherwise, the initrd might
|
|
mount the controller hierarchies in a
|
|
different configuration than intended,
|
|
and the main system cannot remount
|
|
them anymore.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>RuntimeWatchdogSec=</varname></term>
|
|
<term><varname>ShutdownWatchdogSec=</varname></term>
|
|
|
|
<listitem><para>Configure the hardware
|
|
watchdog at runtime and at
|
|
reboot. Takes a timeout value in
|
|
seconds (or in other time units if
|
|
suffixed with <literal>ms</literal>,
|
|
<literal>min</literal>,
|
|
<literal>h</literal>,
|
|
<literal>d</literal>,
|
|
<literal>w</literal>). If
|
|
<varname>RuntimeWatchdogSec=</varname>
|
|
is set to a non-zero value, the
|
|
watchdog hardware
|
|
(<filename>/dev/watchdog</filename>)
|
|
will be programmed to automatically
|
|
reboot the system if it is not
|
|
contacted within the specified timeout
|
|
interval. The system manager will
|
|
ensure to contact it at least once in
|
|
half the specified timeout
|
|
interval. This feature requires a
|
|
hardware watchdog device to be
|
|
present, as it is commonly the case in
|
|
embedded and server systems. Not all
|
|
hardware watchdogs allow configuration
|
|
of the reboot timeout, in which case
|
|
the closest available timeout is
|
|
picked. <varname>ShutdownWatchdogSec=</varname>
|
|
may be used to configure the hardware
|
|
watchdog when the system is asked to
|
|
reboot. It works as a safety net to
|
|
ensure that the reboot takes place
|
|
even if a clean reboot attempt times
|
|
out. By default
|
|
<varname>RuntimeWatchdogSec=</varname>
|
|
defaults to 0 (off), and
|
|
<varname>ShutdownWatchdogSec=</varname>
|
|
to 10min. These settings have no
|
|
effect if a hardware watchdog is not
|
|
available.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>CapabilityBoundingSet=</varname></term>
|
|
|
|
<listitem><para>Controls which
|
|
capabilities to include in the
|
|
capability bounding set for PID 1 and
|
|
its children. See
|
|
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
|
for details. Takes a whitespace-separated
|
|
list of capability names as read by
|
|
<citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
|
Capabilities listed will be included
|
|
in the bounding set, all others are
|
|
removed. If the list of capabilities
|
|
is prefixed with ~, all but the listed
|
|
capabilities will be included, the
|
|
effect of the assignment
|
|
inverted. Note that this option also
|
|
affects the respective capabilities in
|
|
the effective, permitted and
|
|
inheritable capability sets. The
|
|
capability bounding set may also be
|
|
individually configured for units
|
|
using the
|
|
<varname>CapabilityBoundingSet=</varname>
|
|
directive for units, but note that
|
|
capabilities dropped for PID 1 cannot
|
|
be regained in individual units, they
|
|
are lost for good.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>SystemCallArchitectures=</varname></term>
|
|
|
|
<listitem><para>Takes a
|
|
space-separated list of architecture
|
|
identifiers. Selects from which
|
|
architectures system calls may be
|
|
invoked on this system. This may be
|
|
used as an effective way to disable
|
|
invocation of non-native binaries
|
|
system-wide, for example to prohibit
|
|
execution of 32-bit x86 binaries on
|
|
64-bit x86-64 systems. This option
|
|
operates system-wide, and acts
|
|
similar to the
|
|
<varname>SystemCallArchitectures=</varname>
|
|
setting of unit files, see
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for details. This setting defaults to
|
|
the empty list, in which case no
|
|
filtering of system calls based on
|
|
architecture is applied. Known
|
|
architecture identifiers are
|
|
<literal>x86</literal>,
|
|
<literal>x86-64</literal>,
|
|
<literal>x32</literal>,
|
|
<literal>arm</literal> and the special
|
|
identifier
|
|
<literal>native</literal>. The latter
|
|
implicitly maps to the native
|
|
architecture of the system (or more
|
|
specifically, the architecture the
|
|
system manager was compiled for). Set
|
|
this setting to
|
|
<literal>native</literal> to prohibit
|
|
execution of any non-native
|
|
binaries. When a binary executes a
|
|
system call of an architecture that is
|
|
not listed in this setting, it will be
|
|
immediately terminated with the SIGSYS
|
|
signal.</para></listitem>
|
|
</varlistentry>
|
|
|
|
|
|
<varlistentry>
|
|
<term><varname>TimerSlackNSec=</varname></term>
|
|
|
|
<listitem><para>Sets the timer slack
|
|
in nanoseconds for PID 1, which is
|
|
inherited by all executed processes,
|
|
unless overridden individually, for
|
|
example with the
|
|
<varname>TimerSlackNSec=</varname>
|
|
setting in service units (for details
|
|
see
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The
|
|
timer slack controls the accuracy of
|
|
wake-ups triggered by system
|
|
timers. See
|
|
<citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
|
|
for more information. Note that in
|
|
contrast to most other time span
|
|
definitions this parameter takes an
|
|
integer value in nano-seconds if no
|
|
unit is specified. The usual time
|
|
units are understood
|
|
too.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>DefaultTimerAccuracySec=</varname></term>
|
|
|
|
<listitem><para>Sets the default
|
|
accuracy of timer units. This controls
|
|
the global default for the
|
|
<varname>AccuracySec=</varname>
|
|
setting of timer units, see
|
|
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for
|
|
details. <varname>AccuracySec=</varname>
|
|
set in individual units override the
|
|
global default for the specific
|
|
unit. Defaults to 1min. Note that the
|
|
accuracy of timer units is also
|
|
affected by the configured timer slack
|
|
for PID 1, see
|
|
<varname>TimerSlackNSec=</varname>
|
|
above.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>DefaultTimeoutStartSec=</varname></term>
|
|
<term><varname>DefaultTimeoutStopSec=</varname></term>
|
|
<term><varname>DefaultRestartSec=</varname></term>
|
|
|
|
<listitem><para>Configures the default
|
|
timeouts for starting and stopping of
|
|
units, as well as the default time to
|
|
sleep between automatic restarts of
|
|
units, as configured per-unit in
|
|
<varname>TimeoutStartSec=</varname>,
|
|
<varname>TimeoutStopSec=</varname> and
|
|
<varname>RestartSec=</varname> (for
|
|
services, see
|
|
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for details on the per-unit
|
|
settings). For non-service units,
|
|
<varname>DefaultTimeoutStartSec=</varname>
|
|
sets the default
|
|
<varname>TimeoutSec=</varname> value.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>DefaultStartLimitInterval=</varname></term>
|
|
<term><varname>DefaultStartLimitBurst=</varname></term>
|
|
|
|
<listitem><para>Configure the default
|
|
unit start rate limiting, as
|
|
configured per-service by
|
|
<varname>StartLimitInterval=</varname>
|
|
and
|
|
<varname>StartLimitBurst=</varname>. See
|
|
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for details on the per-service
|
|
settings.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>DefaultEnvironment=</varname></term>
|
|
|
|
<listitem><para>Sets manager
|
|
environment variables passed to all
|
|
executed processes. Takes a
|
|
space-separated list of variable
|
|
assignments. See
|
|
<citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
|
for details about environment
|
|
variables.</para>
|
|
|
|
<para>Example:
|
|
|
|
<programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting>
|
|
|
|
Sets three variables
|
|
<literal>VAR1</literal>,
|
|
<literal>VAR2</literal>,
|
|
<literal>VAR3</literal>.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>DefaultCPUAccounting=</varname></term>
|
|
<term><varname>DefaultBlockIOAccounting=</varname></term>
|
|
<term><varname>DefaultMemoryAccounting=</varname></term>
|
|
|
|
<listitem><para>Configure the default
|
|
resource accounting settings, as
|
|
configured per-unit by
|
|
<varname>CPUAccounting=</varname>,
|
|
<varname>BlockIOAccounting=</varname>
|
|
and
|
|
<varname>MemoryAccounting=</varname>. See
|
|
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for details on the per-unit
|
|
settings.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>DefaultLimitCPU=</varname></term>
|
|
<term><varname>DefaultLimitFSIZE=</varname></term>
|
|
<term><varname>DefaultLimitDATA=</varname></term>
|
|
<term><varname>DefaultLimitSTACK=</varname></term>
|
|
<term><varname>DefaultLimitCORE=</varname></term>
|
|
<term><varname>DefaultLimitRSS=</varname></term>
|
|
<term><varname>DefaultLimitNOFILE=</varname></term>
|
|
<term><varname>DefaultLimitAS=</varname></term>
|
|
<term><varname>DefaultLimitNPROC=</varname></term>
|
|
<term><varname>DefaultLimitMEMLOCK=</varname></term>
|
|
<term><varname>DefaultLimitLOCKS=</varname></term>
|
|
<term><varname>DefaultLimitSIGPENDING=</varname></term>
|
|
<term><varname>DefaultLimitMSGQUEUE=</varname></term>
|
|
<term><varname>DefaultLimitNICE=</varname></term>
|
|
<term><varname>DefaultLimitRTPRIO=</varname></term>
|
|
<term><varname>DefaultLimitRTTIME=</varname></term>
|
|
|
|
<listitem><para>These settings control
|
|
various default resource limits for
|
|
units. See
|
|
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
|
|
for details. Use the string
|
|
<varname>infinity</varname> to
|
|
configure no limit on a specific
|
|
resource. These settings may be
|
|
overridden in individual units
|
|
using the corresponding LimitXXX=
|
|
directives. Note that these resource
|
|
limits are only defaults for units,
|
|
they are not applied to PID 1
|
|
itself.</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|