| <?xml version='1.0'?> <!--*-nxml-*--> |
| <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?> |
| <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
| "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| |
| <!-- |
| This file is part of systemd. |
| |
| Copyright 2010 Lennart Poettering |
| |
| systemd is free software; you can redistribute it and/or modify it |
| under the terms of the GNU Lesser General Public License as published by |
| the Free Software Foundation; either version 2.1 of the License, or |
| (at your option) any later version. |
| |
| systemd is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public License |
| along with systemd; If not, see <http://www.gnu.org/licenses/>. |
| --> |
| |
| <refentry id="systemd-system.conf"> |
| <refentryinfo> |
| <title>systemd-system.conf</title> |
| <productname>systemd</productname> |
| |
| <authorgroup> |
| <author> |
| <contrib>Developer</contrib> |
| <firstname>Lennart</firstname> |
| <surname>Poettering</surname> |
| <email>lennart@poettering.net</email> |
| </author> |
| </authorgroup> |
| </refentryinfo> |
| |
| <refmeta> |
| <refentrytitle>systemd-system.conf</refentrytitle> |
| <manvolnum>5</manvolnum> |
| </refmeta> |
| |
| <refnamediv> |
| <refname>systemd-system.conf</refname> |
| <refname>systemd-user.conf</refname> |
| <refpurpose>System and session service manager configuration file</refpurpose> |
| </refnamediv> |
| |
| <refsynopsisdiv> |
| <para><filename>/etc/systemd/system.conf</filename></para> |
| <para><filename>/etc/systemd/user.conf</filename></para> |
| </refsynopsisdiv> |
| |
| <refsect1> |
| <title>Description</title> |
| |
| <para>When run as system instance systemd reads the |
| configuration file <filename>system.conf</filename>, |
| otherwise <filename>user.conf</filename>. These |
| configuration files contain a few settings controlling |
| basic manager operations.</para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Options</title> |
| |
| <para>All options are configured in the |
| <literal>[Manager]</literal> section:</para> |
| |
| <variablelist class='systemd-directives'> |
| |
| <varlistentry> |
| <term><varname>LogLevel=</varname></term> |
| <term><varname>LogTarget=</varname></term> |
| <term><varname>LogColor=</varname></term> |
| <term><varname>LogLocation=</varname></term> |
| <term><varname>DumpCore=yes</varname></term> |
| <term><varname>CrashShell=no</varname></term> |
| <term><varname>ShowStatus=yes</varname></term> |
| <term><varname>CrashChVT=1</varname></term> |
| <term><varname>DefaultStandardOutput=journal</varname></term> |
| <term><varname>DefaultStandardError=inherit</varname></term> |
| |
| <listitem><para>Configures various |
| parameters of basic manager |
| operation. These options may be |
| overridden by the respective command |
| line arguments. See |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| for details about these command line |
| arguments.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>CPUAffinity=</varname></term> |
| |
| <listitem><para>Configures the initial |
| CPU affinity for the init |
| process. Takes a space-separated list |
| of CPU indices.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>JoinControllers=cpu,cpuacct net_cls,netprio</varname></term> |
| |
| <listitem><para>Configures controllers |
| that shall be mounted in a single |
| hierarchy. By default, systemd will |
| mount all controllers which are |
| enabled in the kernel in individual |
| hierarchies, with the exception of |
| those listed in this setting. Takes a |
| space-separated list of comma-separated |
| controller names, in order |
| to allow multiple joined |
| hierarchies. Defaults to |
| 'cpu,cpuacct'. Pass an empty string to |
| ensure that systemd mounts all |
| controllers in separate |
| hierarchies.</para> |
| |
| <para>Note that this option is only |
| applied once, at very early boot. If |
| you use an initial RAM disk (initrd) |
| that uses systemd, it might hence be |
| necessary to rebuild the initrd if |
| this option is changed, and make sure |
| the new configuration file is included |
| in it. Otherwise, the initrd might |
| mount the controller hierarchies in a |
| different configuration than intended, |
| and the main system cannot remount |
| them anymore.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>RuntimeWatchdogSec=</varname></term> |
| <term><varname>ShutdownWatchdogSec=</varname></term> |
| |
| <listitem><para>Configure the hardware |
| watchdog at runtime and at |
| reboot. Takes a timeout value in |
| seconds (or in other time units if |
| suffixed with <literal>ms</literal>, |
| <literal>min</literal>, |
| <literal>h</literal>, |
| <literal>d</literal>, |
| <literal>w</literal>). If |
| <varname>RuntimeWatchdogSec=</varname> |
| is set to a non-zero value, the |
| watchdog hardware |
| (<filename>/dev/watchdog</filename>) |
| will be programmed to automatically |
| reboot the system if it is not |
| contacted within the specified timeout |
| interval. The system manager will |
| ensure to contact it at least once in |
| half the specified timeout |
| interval. This feature requires a |
| hardware watchdog device to be |
| present, as it is commonly the case in |
| embedded and server systems. Not all |
| hardware watchdogs allow configuration |
| of the reboot timeout, in which case |
| the closest available timeout is |
| picked. <varname>ShutdownWatchdogSec=</varname> |
| may be used to configure the hardware |
| watchdog when the system is asked to |
| reboot. It works as a safety net to |
| ensure that the reboot takes place |
| even if a clean reboot attempt times |
| out. By default |
| <varname>RuntimeWatchdogSec=</varname> |
| defaults to 0 (off), and |
| <varname>ShutdownWatchdogSec=</varname> |
| to 10min. These settings have no |
| effect if a hardware watchdog is not |
| available.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>CapabilityBoundingSet=</varname></term> |
| |
| <listitem><para>Controls which |
| capabilities to include in the |
| capability bounding set for PID 1 and |
| its children. See |
| <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| for details. Takes a whitespace-separated |
| list of capability names as read by |
| <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>. |
| Capabilities listed will be included |
| in the bounding set, all others are |
| removed. If the list of capabilities |
| is prefixed with ~, all but the listed |
| capabilities will be included, the |
| effect of the assignment |
| inverted. Note that this option also |
| affects the respective capabilities in |
| the effective, permitted and |
| inheritable capability sets. The |
| capability bounding set may also be |
| individually configured for units |
| using the |
| <varname>CapabilityBoundingSet=</varname> |
| directive for units, but note that |
| capabilities dropped for PID 1 cannot |
| be regained in individual units, they |
| are lost for good.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>SystemCallArchitectures=</varname></term> |
| |
| <listitem><para>Takes a |
| space-separated list of architecture |
| identifiers. Selects from which |
| architectures system calls may be |
| invoked on this system. This may be |
| used as an effective way to disable |
| invocation of non-native binaries |
| system-wide, for example to prohibit |
| execution of 32-bit x86 binaries on |
| 64-bit x86-64 systems. This option |
| operates system-wide, and acts |
| similar to the |
| <varname>SystemCallArchitectures=</varname> |
| setting of unit files, see |
| <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details. This setting defaults to |
| the empty list, in which case no |
| filtering of system calls based on |
| architecture is applied. Known |
| architecture identifiers are |
| <literal>x86</literal>, |
| <literal>x86-64</literal>, |
| <literal>x32</literal>, |
| <literal>arm</literal> and the special |
| identifier |
| <literal>native</literal>. The latter |
| implicitly maps to the native |
| architecture of the system (or more |
| specifically, the architecture the |
| system manager was compiled for). Set |
| this setting to |
| <literal>native</literal> to prohibit |
| execution of any non-native |
| binaries. When a binary executes a |
| system call of an architecture that is |
| not listed in this setting, it will be |
| immediately terminated with the SIGSYS |
| signal.</para></listitem> |
| </varlistentry> |
| |
| |
| <varlistentry> |
| <term><varname>TimerSlackNSec=</varname></term> |
| |
| <listitem><para>Sets the timer slack |
| in nanoseconds for PID 1 which is then |
| inherited to all executed processes, |
| unless overridden individually, for |
| example with the |
| <varname>TimerSlackNSec=</varname> |
| setting in service units (for details |
| see |
| <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). The |
| timer slack controls the accuracy of |
| wake-ups triggered by timers. See |
| <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry> |
| for more information. Note that in |
| contrast to most other time span |
| definitions this parameter takes an |
| integer value in nano-seconds if no |
| unit is specified. The usual time |
| units are understood |
| too.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultTimeoutStartSec=</varname></term> |
| <term><varname>DefaultTimeoutStopSec=</varname></term> |
| <term><varname>DefaultRestartSec=</varname></term> |
| |
| <listitem><para>Configures the default |
| timeouts for starting and stopping of |
| units, as well as the default time to |
| sleep between automatic restarts of |
| units, as configured per-unit in |
| <varname>TimeoutStartSec=</varname>, |
| <varname>TimeoutStopSec=</varname> and |
| <varname>RestartSec=</varname> (for |
| service units, see |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details on the per-unit |
| settings). For non-service units, |
| <varname>DefaultTimeoutStartSec=</varname> |
| sets the default |
| <varname>TimeoutSec=</varname> value. |
| </para></listitem> |
| </varlistentry> |
| <varlistentry> |
| <term><varname>DefaultStartLimitInterval=</varname></term> |
| <term><varname>DefaultStartLimitBurst=</varname></term> |
| |
| <listitem><para>Configure the default start rate |
| limiting, as configured per-service by |
| <varname>StartLimitInterval=</varname> and |
| <varname>StartLimitBurst=</varname>. See |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| for details on the per-service |
| settings). |
| </para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultEnvironment=</varname></term> |
| |
| <listitem><para>Sets manager |
| environment variables passed to all |
| executed processes. Takes a |
| space-separated list of variable |
| assignments. See |
| <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| for details about environment |
| variables.</para> |
| |
| <para>Example: |
| |
| <programlisting>DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</programlisting> |
| |
| Sets three variables |
| <literal>VAR1</literal>, |
| <literal>VAR2</literal>, |
| <literal>VAR3</literal>.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>DefaultLimitCPU=</varname></term> |
| <term><varname>DefaultLimitFSIZE=</varname></term> |
| <term><varname>DefaultLimitDATA=</varname></term> |
| <term><varname>DefaultLimitSTACK=</varname></term> |
| <term><varname>DefaultLimitCORE=</varname></term> |
| <term><varname>DefaultLimitRSS=</varname></term> |
| <term><varname>DefaultLimitNOFILE=</varname></term> |
| <term><varname>DefaultLimitAS=</varname></term> |
| <term><varname>DefaultLimitNPROC=</varname></term> |
| <term><varname>DefaultLimitMEMLOCK=</varname></term> |
| <term><varname>DefaultLimitLOCKS=</varname></term> |
| <term><varname>DefaultLimitSIGPENDING=</varname></term> |
| <term><varname>DefaultLimitMSGQUEUE=</varname></term> |
| <term><varname>DefaultLimitNICE=</varname></term> |
| <term><varname>DefaultLimitRTPRIO=</varname></term> |
| <term><varname>DefaultLimitRTTIME=</varname></term> |
| |
| <listitem><para>These settings control |
| various default resource limits for |
| units. See |
| <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> |
| for details. Use the string |
| <varname>infinity</varname> to |
| configure no limit on a specific |
| resource. These settings may be |
| overridden in individual units |
| using the corresponding LimitXXX= |
| directives. Note that these resource |
| limits are only defaults for units, |
| they are not applied to PID 1 |
| itself.</para></listitem> |
| </varlistentry> |
| </variablelist> |
| </refsect1> |
| |
| <refsect1> |
| <title>See Also</title> |
| <para> |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| </para> |
| </refsect1> |
| |
| </refentry> |