| <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> |
| <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
| "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| |
| <!-- |
| SPDX-License-Identifier: LGPL-2.1+ |
| |
| This file is part of systemd. |
| |
| Copyright 2010 Lennart Poettering |
| |
| systemd is free software; you can redistribute it and/or modify it |
| under the terms of the GNU Lesser General Public License as published by |
| the Free Software Foundation; either version 2.1 of the License, or |
| (at your option) any later version. |
| |
| systemd is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public License |
| along with systemd; If not, see <http://www.gnu.org/licenses/>. |
| --> |
| |
| <refentry id="systemd-system.conf" |
| xmlns:xi="http://www.w3.org/2001/XInclude"> |
| <refentryinfo> |
| <title>systemd-system.conf</title> |
| <productname>systemd</productname> |
| |
| <authorgroup> |
| <author> |
| <contrib>Developer</contrib> |
| <firstname>Lennart</firstname> |
| <surname>Poettering</surname> |
| <email>lennart@poettering.net</email> |
| </author> |
| </authorgroup> |
| </refentryinfo> |
| |
| <refmeta> |
| <refentrytitle>systemd-system.conf</refentrytitle> |
| <manvolnum>5</manvolnum> |
| </refmeta> |
| |
| <refnamediv> |
| <refname>systemd-system.conf</refname> |
| <refname>system.conf.d</refname> |
| <refname>systemd-user.conf</refname> |
| <refname>user.conf.d</refname> |
| <refpurpose>System and session service manager configuration files</refpurpose> |
| </refnamediv> |
| |
| <refsynopsisdiv> |
| <para><filename>/etc/systemd/system.conf</filename>, |
| <filename>/etc/systemd/system.conf.d/*.conf</filename>, |
| <filename>/run/systemd/system.conf.d/*.conf</filename>, |
| <filename>/usr/lib/systemd/system.conf.d/*.conf</filename></para> |
| <para><filename>/etc/systemd/user.conf</filename>, |
| <filename>/etc/systemd/user.conf.d/*.conf</filename>, |
| <filename>/run/systemd/user.conf.d/*.conf</filename>, |
| <filename>/usr/lib/systemd/user.conf.d/*.conf</filename></para> |
| </refsynopsisdiv> |
| |
| <refsect1> |
| <title>Description</title> |
| |
| <para>When run as a system instance, systemd interprets the |
| configuration file <filename>system.conf</filename> and the files |
| in <filename>system.conf.d</filename> directories; when run as a |
| user instance, systemd interprets the configuration file |
| <filename>user.conf</filename> and the files in |
| <filename>user.conf.d</filename> directories. These configuration |
| files contain a few settings controlling basic manager |
| operations.</para> |
| </refsect1> |
| |
| <xi:include href="standard-conf.xml" xpointer="main-conf" /> |
| |
| <refsect1> |
| <title>Options</title> |
| |
| <para>All options are configured in the |
| <literal>[Manager]</literal> section:</para> |
| |
| <variablelist class='systemd-directives'> |
| |
| <varlistentry> |
| <term><varname>LogLevel=</varname></term> |
| <term><varname>LogTarget=</varname></term> |
| <term><varname>LogColor=</varname></term> |
| <term><varname>LogLocation=</varname></term> |
| <term><varname>DumpCore=yes</varname></term> |
| <term><varname>CrashChangeVT=no</varname></term> |
| <term><varname>CrashShell=no</varname></term> |
| <term><varname>CrashReboot=no</varname></term> |
| <term><varname>ShowStatus=yes</varname></term> |
| <term><varname>DefaultStandardOutput=journal</varname></term> |
| <term><varname>DefaultStandardError=inherit</varname></term> |
| |
| <listitem><para>Configures various parameters of basic manager operation. These options may be overridden by |
| the respective process and kernel command line arguments. See |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for |
| details.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>CtrlAltDelBurstAction=</varname></term> |
| |
| <listitem><para>Defines what action will be performed |
| if user presses Ctrl-Alt-Delete more than 7 times in 2s. |
| Can be set to <literal>reboot-force</literal>, <literal>poweroff-force</literal>, |
| <literal>reboot-immediate</literal>, <literal>poweroff-immediate</literal> |
| or disabled with <literal>none</literal>. Defaults to |
| <literal>reboot-force</literal>. |
| </para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>CPUAffinity=</varname></term> |
| |
| <listitem><para>Configures the initial CPU affinity for the |
| init process. Takes a list of CPU indices or ranges separated |
| by either whitespace or commas. CPU ranges are specified by |
| the lower and upper CPU indices separated by a |
| dash.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term> |
| |
| <listitem><para>Configures controllers that shall be mounted |
| in a single hierarchy. By default, systemd will mount all |
| controllers which are enabled in the kernel in individual |
| hierarchies, with the exception of those listed in this |
| setting. Takes a space-separated list of comma-separated |
| controller names, in order to allow multiple joined |
| hierarchies. Defaults to 'cpu,cpuacct'. Pass an empty string |
| to ensure that systemd mounts all controllers in separate |
| hierarchies.</para> |
| |
| <para>Note that this option is only applied once, at very |
| early boot. If you use an initial RAM disk (initrd) that uses |
| systemd, it might hence be necessary to rebuild the initrd if |
| this option is changed, and make sure the new configuration |
| file is included in it. Otherwise, the initrd might mount the |
| controller hierarchies in a different configuration than |
| intended, and the main system cannot remount them |
| anymore.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>RuntimeWatchdogSec=</varname></term> |
| <term><varname>ShutdownWatchdogSec=</varname></term> |
| |
| <listitem><para>Configure the hardware watchdog at runtime and |
| at reboot. Takes a timeout value in seconds (or in other time |
| units if suffixed with <literal>ms</literal>, |
| <literal>min</literal>, <literal>h</literal>, |
| <literal>d</literal>, <literal>w</literal>). If |
| <varname>RuntimeWatchdogSec=</varname> is set to a non-zero |
| value, the watchdog hardware |
| (<filename>/dev/watchdog</filename> or the path specified with |
| <varname>WatchdogDevice=</varname> or the kernel option |
| <varname>systemd.watchdog-device=</varname>) will be programmed |
| to automatically reboot the system if it is not contacted within |
| the specified timeout interval. The system manager will ensure |
| to contact it at least once in half the specified timeout |
| interval. This feature requires a hardware watchdog device to |
| be present, as it is commonly the case in embedded and server |
| systems. Not all hardware watchdogs allow configuration of the |
| reboot timeout, in which case the closest available timeout is |
| picked. <varname>ShutdownWatchdogSec=</varname> may be used to |
| configure the hardware watchdog when the system is asked to |
| reboot. It works as a safety net to ensure that the reboot |
| takes place even if a clean reboot attempt times out. By |
| default <varname>RuntimeWatchdogSec=</varname> defaults to 0 |
| (off), and <varname>ShutdownWatchdogSec=</varname> to 10min. |
| These settings have no effect if a hardware watchdog is not |
| available.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>WatchdogDevice=</varname></term> |
| |
| <listitem><para>Configure the hardware watchdog device that the |
| runtime and shutdown watchdog timers will open and use. Defaults |
| to <filename>/dev/watchdog</filename>. This setting has no |
| effect if a hardware watchdog is not available.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>CapabilityBoundingSet=</varname></term> |
| |
| <listitem><para>Controls which capabilities to include in the |
| capability bounding set for PID 1 and its children. See |
| <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| for details. Takes a whitespace-separated list of capability |
| names as read by |
| <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>. |
| Capabilities listed will be included in the bounding set, all |
| others are removed. If the list of capabilities is prefixed |
| with ~, all but the listed capabilities will be included, the |
| effect of the assignment inverted. Note that this option also |
| affects the respective capabilities in the effective, |
| permitted and inheritable capability sets. The capability |
| bounding set may also be individually configured for units |
| using the <varname>CapabilityBoundingSet=</varname> directive |
| for units, but note that capabilities dropped for PID 1 cannot |
| be regained in individual units, they are lost for |
| good.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>SystemCallArchitectures=</varname></term> |
| |
| <listitem><para>Takes a space-separated list of architecture |
| identifiers. Selects from which architectures system calls may |
| be invoked on this system. This may be used as an effective |
| way to disable invocation of non-native binaries system-wide, |
| for example to prohibit execution of 32-bit x86 binaries on |
| 64-bit x86-64 systems. This option operates system-wide, and |
| acts similar to the |
| <varname>SystemCallArchitectures=</varname> setting of unit |
| files, see |
| <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details. This setting defaults to the empty list, in which |
| case no filtering of system calls based on architecture is |
| applied. Known architecture identifiers are |
| <literal>x86</literal>, <literal>x86-64</literal>, |
| <literal>x32</literal>, <literal>arm</literal> and the special |
| identifier <literal>native</literal>. The latter implicitly |
| maps to the native architecture of the system (or more |
| specifically, the architecture the system manager was compiled |
| for). Set this setting to <literal>native</literal> to |
| prohibit execution of any non-native binaries. When a binary |
| executes a system call of an architecture that is not listed |
| in this setting, it will be immediately terminated with the |
| SIGSYS signal.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>TimerSlackNSec=</varname></term> |
| |
| <listitem><para>Sets the timer slack in nanoseconds for PID 1, |
| which is inherited by all executed processes, unless |
| overridden individually, for example with the |
| <varname>TimerSlackNSec=</varname> setting in service units |
| (for details see |
| <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). |
| The timer slack controls the accuracy of wake-ups triggered by |
| system timers. See |
| <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry> |
| for more information. Note that in contrast to most other time |
| span definitions this parameter takes an integer value in |
| nano-seconds if no unit is specified. The usual time units are |
| understood too.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultTimerAccuracySec=</varname></term> |
| |
| <listitem><para>Sets the default accuracy of timer units. This |
| controls the global default for the |
| <varname>AccuracySec=</varname> setting of timer units, see |
| <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details. <varname>AccuracySec=</varname> set in individual |
| units override the global default for the specific unit. |
| Defaults to 1min. Note that the accuracy of timer units is |
| also affected by the configured timer slack for PID 1, see |
| <varname>TimerSlackNSec=</varname> above.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultTimeoutStartSec=</varname></term> |
| <term><varname>DefaultTimeoutStopSec=</varname></term> |
| <term><varname>DefaultRestartSec=</varname></term> |
| |
| <listitem><para>Configures the default timeouts for starting |
| and stopping of units, as well as the default time to sleep |
| between automatic restarts of units, as configured per-unit in |
| <varname>TimeoutStartSec=</varname>, |
| <varname>TimeoutStopSec=</varname> and |
| <varname>RestartSec=</varname> (for services, see |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details on the per-unit settings). For non-service units, |
| <varname>DefaultTimeoutStartSec=</varname> sets the default |
| <varname>TimeoutSec=</varname> |
| value. <varname>DefaultTimeoutStartSec=</varname> and |
| <varname>DefaultTimeoutStopSec=</varname> default to |
| 90s. <varname>DefaultRestartSec=</varname> defaults to |
| 100ms.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultStartLimitIntervalSec=</varname></term> |
| <term><varname>DefaultStartLimitBurst=</varname></term> |
| |
| <listitem><para>Configure the default unit start rate |
| limiting, as configured per-service by |
| <varname>StartLimitIntervalSec=</varname> and |
| <varname>StartLimitBurst=</varname>. See |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details on the per-service settings. |
| <varname>DefaultStartLimitIntervalSec=</varname> defaults to |
| 10s. <varname>DefaultStartLimitBurst=</varname> defaults to |
| 5.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultEnvironment=</varname></term> |
| |
| <listitem><para>Sets manager environment variables passed to |
| all executed processes. Takes a space-separated list of |
| variable assignments. See |
| <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| for details about environment variables.</para> |
| |
| <para>Example: |
| |
| <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting> |
| |
| Sets three variables |
| <literal>VAR1</literal>, |
| <literal>VAR2</literal>, |
| <literal>VAR3</literal>.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultCPUAccounting=</varname></term> |
| <term><varname>DefaultBlockIOAccounting=</varname></term> |
| <term><varname>DefaultMemoryAccounting=</varname></term> |
| <term><varname>DefaultTasksAccounting=</varname></term> |
| <term><varname>DefaultIPAccounting=</varname></term> |
| |
| <listitem><para>Configure the default resource accounting settings, as configured per-unit by |
| <varname>CPUAccounting=</varname>, <varname>BlockIOAccounting=</varname>, <varname>MemoryAccounting=</varname>, |
| <varname>TasksAccounting=</varname> and <varname>IPAccounting=</varname>. See |
| <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details on the per-unit settings. <varname>DefaultTasksAccounting=</varname> defaults to on, the other |
| four settings to off.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultTasksMax=</varname></term> |
| |
| <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See |
| <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details. This setting applies to all unit types that support resource control settings, with the exception |
| of slice units. Defaults to 15%, which equals 4915 with the kernel's defaults on the host, but might be smaller |
| in OS containers.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultLimitCPU=</varname></term> |
| <term><varname>DefaultLimitFSIZE=</varname></term> |
| <term><varname>DefaultLimitDATA=</varname></term> |
| <term><varname>DefaultLimitSTACK=</varname></term> |
| <term><varname>DefaultLimitCORE=</varname></term> |
| <term><varname>DefaultLimitRSS=</varname></term> |
| <term><varname>DefaultLimitNOFILE=</varname></term> |
| <term><varname>DefaultLimitAS=</varname></term> |
| <term><varname>DefaultLimitNPROC=</varname></term> |
| <term><varname>DefaultLimitMEMLOCK=</varname></term> |
| <term><varname>DefaultLimitLOCKS=</varname></term> |
| <term><varname>DefaultLimitSIGPENDING=</varname></term> |
| <term><varname>DefaultLimitMSGQUEUE=</varname></term> |
| <term><varname>DefaultLimitNICE=</varname></term> |
| <term><varname>DefaultLimitRTPRIO=</varname></term> |
| <term><varname>DefaultLimitRTTIME=</varname></term> |
| |
| <listitem><para>These settings control various default |
| resource limits for units. See |
| <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> |
| for details. The resource limit is possible to specify in two formats, |
| <option>value</option> to set soft and hard limits to the same value, |
| or <option>soft:hard</option> to set both limits individually (e.g. DefaultLimitAS=4G:16G). |
| Use the string <varname>infinity</varname> to |
| configure no limit on a specific resource. The multiplicative |
| suffixes K (=1024), M (=1024*1024) and so on for G, T, P and E |
| may be used for resource limits measured in bytes |
| (e.g. DefaultLimitAS=16G). For the limits referring to time values, |
| the usual time units ms, s, min, h and so on may be used (see |
| <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| for details). Note that if no time unit is specified for |
| <varname>DefaultLimitCPU=</varname> the default unit of seconds is |
| implied, while for <varname>DefaultLimitRTTIME=</varname> the default |
| unit of microseconds is implied. Also, note that the effective |
| granularity of the limits might influence their |
| enforcement. For example, time limits specified for |
| <varname>DefaultLimitCPU=</varname> will be rounded up implicitly to |
| multiples of 1s. These settings may be overridden in individual units |
| using the corresponding LimitXXX= directives. Note that these resource |
| limits are only defaults for units, they are not applied to PID 1 |
| itself.</para></listitem> |
| </varlistentry> |
| </variablelist> |
| </refsect1> |
| |
| <refsect1> |
| <title>See Also</title> |
| <para> |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| </para> |
| </refsect1> |
| |
| </refentry> |