diff options
Diffstat (limited to '')
| -rw-r--r-- | templates/man5/systemd.resource-control.5.pot | 3215 |
1 files changed, 3215 insertions, 0 deletions
diff --git a/templates/man5/systemd.resource-control.5.pot b/templates/man5/systemd.resource-control.5.pot new file mode 100644 index 00000000..75776ab7 --- /dev/null +++ b/templates/man5/systemd.resource-control.5.pot @@ -0,0 +1,3215 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2024-03-01 17:11+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: TH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "SYSTEMD\\&.RESOURCE-CONTROL" +msgstr "" + +#. type: TH +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "systemd 255" +msgstr "" + +#. type: TH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "systemd.resource-control" +msgstr "" + +#. ----------------------------------------------------------------- +#. * MAIN CONTENT STARTS HERE * +#. ----------------------------------------------------------------- +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "NAME" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "systemd.resource-control - Resource control unit settings" +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "SYNOPSIS" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<slice>\\&.slice, I<scope>\\&.scope, I<service>\\&.service, I<socket>\\&." +"socket, I<mount>\\&.mount, I<swap>\\&.swap" +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "DESCRIPTION" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Unit configuration files for services, slices, scopes, sockets, mount " +"points, and swap devices share a subset of configuration options for " +"resource control of spawned processes\\&. Internally, this relies on the " +"Linux Control Groups (cgroups) kernel concept for organizing processes in a " +"hierarchical tree of named groups for the purpose of resource management\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This man page lists the configuration options shared by those six unit " +"types\\&. See B<systemd.unit>(5) for the common options of all unit " +"configuration files, and B<systemd.slice>(5), B<systemd.scope>(5), B<systemd." +"service>(5), B<systemd.socket>(5), B<systemd.mount>(5), and B<systemd." +"swap>(5) for more information on the specific unit configuration files\\&. " +"The resource control configuration options are configured in the [Slice], " +"[Scope], [Service], [Socket], [Mount], or [Swap] sections, depending on the " +"unit type\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In addition, options which control resources available to programs " +"I<executed> by systemd are listed in B<systemd.exec>(5)\\&. Those options " +"complement options listed here\\&." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Enabling and disabling controllers" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Controllers in the cgroup hierarchy are hierarchical, and resource control " +"is realized by distributing resource assignments between siblings in " +"branches of the cgroup hierarchy\\&. There is no need to explicitly " +"I<enable> a cgroup controller for a unit\\&. B<systemd> will instruct the " +"kernel to enable a controller for a given unit when this unit has " +"configuration for a given controller\\&. For example, when I<CPUWeight=> is " +"set, the B<cpu> controller will be enabled, and when I<TasksMax=> are set, " +"the B<pids> controller will be enabled\\&. In addition, various controllers " +"may be also be enabled explicitly via the I<MemoryAccounting=>/" +"I<TasksAccounting=>/I<IOAccounting=> settings\\&. Because of how the cgroup " +"hierarchy works, controllers will be automatically enabled for all parent " +"units and for any sibling units starting with the lowest level at which a " +"controller is enabled\\&. Units for which a controller is enabled may be " +"subject to resource control even if they don\\*(Aqt have any explicit " +"configuration\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Setting I<Delegate=> enables any delegated controllers for that unit (see " +"below)\\&. The delegatee may then enable controllers for its children as " +"appropriate\\&. In particular, if the delegatee is B<systemd> (in the " +"user@\\&.service unit), it will repeat the same logic as the system instance " +"and enable controllers for user units which have resource limits configured, " +"and their siblings and parents and parents\\*(Aq siblings\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Controllers may be I<disabled> for parts of the cgroup hierarchy with " +"I<DisableControllers=> (see below)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "B<Example\\ \\&1.\\ \\&Enabling and disabling controllers>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +" -\\&.slice\n" +" / \\e\n" +" /-----/ \\e--------------\\e\n" +" / \\e\n" +" system\\&.slice user\\&.slice\n" +" / \\e / \\e\n" +" / \\e / \\e\n" +" / \\e user@42\\&.service user@1000\\&.service\n" +" / \\e Delegate= Delegate=yes\n" +"a\\&.service b\\&.slice / \\e\n" +"CPUWeight=20 DisableControllers=cpu / \\e\n" +" / \\e app\\&.slice session\\&.slice\n" +" / \\e CPUWeight=100 CPUWeight=100\n" +" / \\e\n" +" b1\\&.service b2\\&.service\n" +" CPUWeight=1000\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In this hierarchy, the B<cpu> controller is enabled for all units shown " +"except b1\\&.service and b2\\&.service\\&. Because there is no explicit " +"configuration for system\\&.slice and user\\&.slice, CPU resources will be " +"split equally between them\\&. Similarly, resources are allocated equally " +"between children of user\\&.slice and between the child slices beneath " +"user@1000\\&.service\\&. Assuming that there is no further configuration of " +"resources or delegation below slices app\\&.slice or session\\&.slice, the " +"B<cpu> controller would not be enabled for units in those slices and CPU " +"resources would be further allocated using other mechanisms, e\\&.g\\&. " +"based on nice levels\\&. The manager for user 42 has delegation enabled " +"without any controllers, i\\&.e\\&. it can manipulate its subtree of the " +"cgroup hierarchy, but without resource control\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In the slice system\\&.slice, CPU resources are split 1:6 for service a\\&." +"service, and 5:6 for slice b\\&.slice, because slice b\\&.slice gets the " +"default value of 100 for cpu\\&.weight when I<CPUWeight=> is not set\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<CPUWeight=> setting in service b2\\&.service is neutralized by " +"I<DisableControllers=> in slice b\\&.slice, so the B<cpu> controller would " +"not be enabled for services b1\\&.service and b2\\&.service, and CPU " +"resources would be further allocated using other mechanisms, e\\&.g\\&. " +"based on nice levels\\&." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Setting resource controls for a group of related units" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"As described in B<systemd.unit>(5), the settings listed here may be set " +"through the main file of a unit and drop-in snippets in *\\&.d/ " +"directories\\&. The list of directories searched for drop-ins includes names " +"formed by repeatedly truncating the unit name after all dashes\\&. This is " +"particularly convenient to set resource limits for a group of units with " +"similar names\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"For example, every user gets their own slice user-I<nnn>\\&.slice\\&. Drop-" +"ins with local configuration that affect user 1000 may be placed in /etc/" +"systemd/system/user-1000\\&.slice, /etc/systemd/system/user-1000\\&.slice\\&." +"d/*\\&.conf, but also /etc/systemd/system/user-\\&.slice\\&.d/*\\&.conf\\&. " +"This last directory applies to all user slices\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"See the \\m[blue]B<New Control Group Interfaces>\\m[]\\&\\s-2\\u[1]\\d\\s+2 " +"for an introduction on how to make use of resource control APIs from " +"programs\\&." +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "IMPLICIT DEPENDENCIES" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "The following dependencies are implicitly added:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Units with the I<Slice=> setting set automatically acquire I<Requires=> and " +"I<After=> dependencies on the specified slice unit\\&." +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "OPTIONS" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Units of the types listed above can have settings for resource control " +"configuration:" +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "CPU Accounting and Control" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<CPUAccounting=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Turn on CPU usage accounting for this unit\\&. Takes a boolean argument\\&. " +"Note that turning on CPU accounting for one unit will also implicitly turn " +"it on for all units contained in the same slice and for all its parent " +"slices and the units contained therein\\&. The system default for this " +"setting may be controlled with I<DefaultCPUAccounting=> in B<systemd-system." +"conf>(5)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Under the unified cgroup hierarchy, CPU accounting is available for all " +"units and this setting has no effect\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 208\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<CPUWeight=>I<weight>, I<StartupCPUWeight=>I<weight>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"These settings control the B<cpu> controller in the unified hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "These options accept an integer value or a the special string \"idle\":" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If set to an integer value, assign the specified CPU time weight to the " +"processes executed, if the unified control group hierarchy is used on the " +"system\\&. These options control the \"cpu\\&.weight\" control group " +"attribute\\&. The allowed range is 1 to 10000\\&. Defaults to unset, but the " +"kernel default is 100\\&. For details about this control group attribute, " +"see \\m[blue]B<Control Groups v2>\\m[]\\&\\s-2\\u[2]\\d\\s+2 and " +"\\m[blue]B<CFS Scheduler>\\m[]\\&\\s-2\\u[3]\\d\\s+2\\&. The available CPU " +"time is split up among all units within one slice relative to their CPU time " +"weight\\&. A higher weight means more CPU time, a lower weight means less\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If set to the special string \"idle\", mark the cgroup for \"idle " +"scheduling\", which means that it will get CPU resources only when there are " +"no processes not marked in this way to execute in this cgroup or its " +"siblings\\&. This setting corresponds to the \"cpu\\&.idle\" cgroup " +"attribute\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that this value only has an effect on cgroup-v2, for cgroup-v1 it is " +"equivalent to the minimum weight\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"While I<StartupCPUWeight=> applies to the startup and shutdown phases of the " +"system, I<CPUWeight=> applies to normal runtime of the system, and if the " +"former is not set also to the startup and shutdown phases\\&. Using " +"I<StartupCPUWeight=> allows prioritizing specific services at boot-up and " +"shutdown differently than during normal runtime\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In addition to the resource allocation performed by the B<cpu> controller, " +"the kernel may automatically divide resources based on session-id grouping, " +"see \"The autogroup feature\" in B<sched>(7)\\&. The effect of this feature " +"is similar to the B<cpu> controller with no explicit configuration, so users " +"should be careful to not mistake one for the other\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 232\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<CPUQuota=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This setting controls the B<cpu> controller in the unified hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Assign the specified CPU time quota to the processes executed\\&. Takes a " +"percentage value, suffixed with \"%\"\\&. The percentage specifies how much " +"CPU time the unit shall get at maximum, relative to the total CPU time " +"available on one CPU\\&. Use values E<gt> 100% for allotting CPU time on " +"more than one CPU\\&. This controls the \"cpu\\&.max\" attribute on the " +"unified control group hierarchy and \"cpu\\&.cfs_quota_us\" on legacy\\&. " +"For details about these control group attributes, see \\m[blue]B<Control " +"Groups v2>\\m[]\\&\\s-2\\u[2]\\d\\s+2 and \\m[blue]B<CFS Bandwidth " +"Control>\\m[]\\&\\s-2\\u[4]\\d\\s+2\\&. Setting I<CPUQuota=> to an empty " +"value unsets the quota\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Example: I<CPUQuota=20%> ensures that the executed processes will never get " +"more than 20% CPU time on one CPU\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 213\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<CPUQuotaPeriodSec=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Assign the duration over which the CPU time quota specified by I<CPUQuota=> " +"is measured\\&. Takes a time duration value in seconds, with an optional " +"suffix such as \"ms\" for milliseconds (or \"s\" for seconds\\&.) The " +"default setting is 100ms\\&. The period is clamped to the range supported by " +"the kernel, which is [1ms, 1000ms]\\&. Additionally, the period is adjusted " +"up so that the quota interval is also at least 1ms\\&. Setting " +"I<CPUQuotaPeriodSec=> to an empty value resets it to the default\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This controls the second field of \"cpu\\&.max\" attribute on the unified " +"control group hierarchy and \"cpu\\&.cfs_period_us\" on legacy\\&. For " +"details about these control group attributes, see \\m[blue]B<Control Groups " +"v2>\\m[]\\&\\s-2\\u[2]\\d\\s+2 and \\m[blue]B<CFS " +"Scheduler>\\m[]\\&\\s-2\\u[3]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Example: I<CPUQuotaPeriodSec=10ms> to request that the CPU quota is measured " +"in periods of 10ms\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 242\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<AllowedCPUs=>, I<StartupAllowedCPUs=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This setting controls the B<cpuset> controller in the unified hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Restrict processes to be executed on specific CPUs\\&. Takes a list of CPU " +"indices or ranges separated by either whitespace or commas\\&. CPU ranges " +"are specified by the lower and upper CPU indices separated by a dash\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Setting I<AllowedCPUs=> or I<StartupAllowedCPUs=> doesn\\*(Aqt guarantee " +"that all of the CPUs will be used by the processes as it may be limited by " +"parent units\\&. The effective configuration is reported as " +"I<EffectiveCPUs=>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"While I<StartupAllowedCPUs=> applies to the startup and shutdown phases of " +"the system, I<AllowedCPUs=> applies to normal runtime of the system, and if " +"the former is not set also to the startup and shutdown phases\\&. Using " +"I<StartupAllowedCPUs=> allows prioritizing specific services at boot-up and " +"shutdown differently than during normal runtime\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This setting is supported only with the unified control group hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 244\\&." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Memory Accounting and Control" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<MemoryAccounting=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This setting controls the B<memory> controller in the unified hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Turn on process and kernel memory accounting for this unit\\&. Takes a " +"boolean argument\\&. Note that turning on memory accounting for one unit " +"will also implicitly turn it on for all units contained in the same slice " +"and for all its parent slices and the units contained therein\\&. The system " +"default for this setting may be controlled with I<DefaultMemoryAccounting=> " +"in B<systemd-system.conf>(5)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<MemoryMin=>I<bytes>, I<MemoryLow=>I<bytes>, I<StartupMemoryLow=>I<bytes>, " +"I<DefaultStartupMemoryLow=>I<bytes>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"These settings control the B<memory> controller in the unified hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Specify the memory usage protection of the executed processes in this " +"unit\\&. When reclaiming memory, the unit is treated as if it was using less " +"memory resulting in memory to be preferentially reclaimed from unprotected " +"units\\&. Using I<MemoryLow=> results in a weaker protection where memory " +"may still be reclaimed to avoid invoking the OOM killer in case there is no " +"other reclaimable memory\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"For a protection to be effective, it is generally required to set a " +"corresponding allocation on all ancestors, which is then distributed between " +"children (with the exception of the root slice)\\&. Any I<MemoryMin=> or " +"I<MemoryLow=> allocation that is not explicitly distributed to specific " +"children is used to create a shared protection for all children\\&. As this " +"is a shared protection, the children will freely compete for the memory\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Takes a memory size in bytes\\&. If the value is suffixed with K, M, G or T, " +"the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or " +"Terabytes (with the base 1024), respectively\\&. Alternatively, a percentage " +"value may be specified, which is taken relative to the installed physical " +"memory on the system\\&. If assigned the special value \"infinity\", all " +"available memory is protected, which may be useful in order to always " +"inherit all of the protection afforded by ancestors\\&. This controls the " +"\"memory\\&.min\" or \"memory\\&.low\" control group attribute\\&. For " +"details about this control group attribute, see \\m[blue]B<Memory Interface " +"Files>\\m[]\\&\\s-2\\u[5]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Units may have their children use a default \"memory\\&.min\" or \"memory\\&." +"low\" value by specifying I<DefaultMemoryMin=> or I<DefaultMemoryLow=>, " +"which has the same semantics as I<MemoryMin=> and I<MemoryLow=>, or " +"I<DefaultStartupMemoryLow=> which has the same semantics as " +"I<StartupMemoryLow=>\\&. This setting does not affect \"memory\\&.min\" or " +"\"memory\\&.low\" in the unit itself\\&. Using it to set a default child " +"allocation is only useful on kernels older than 5\\&.7, which do not support " +"the \"memory_recursiveprot\" cgroup2 mount option\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"While I<StartupMemoryLow=> applies to the startup and shutdown phases of the " +"system, I<MemoryMin=> applies to normal runtime of the system, and if the " +"former is not set also to the startup and shutdown phases\\&. Using " +"I<StartupMemoryLow=> allows prioritizing specific services at boot-up and " +"shutdown differently than during normal runtime\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 240\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<MemoryHigh=>I<bytes>, I<StartupMemoryHigh=>I<bytes>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Specify the throttling limit on memory usage of the executed processes in " +"this unit\\&. Memory usage may go above the limit if unavoidable, but the " +"processes are heavily slowed down and memory is taken away aggressively in " +"such cases\\&. This is the main mechanism to control memory usage of a " +"unit\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 +msgid "" +"Takes a memory size in bytes\\&. If the value is suffixed with K, M, G or T, " +"the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or " +"Terabytes (with the base 1024), respectively\\&. Alternatively, a percentage " +"value may be specified, which is taken relative to the installed physical " +"memory on the system\\&. If assigned the special value \"infinity\", no " +"memory throttling is applied\\&. This controls the \"memory\\&.high\" " +"control group attribute\\&. For details about this control group attribute, " +"see \\m[blue]B<Memory Interface Files>\\m[]\\&\\s-2\\u[5]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"While I<StartupMemoryHigh=> applies to the startup and shutdown phases of " +"the system, I<MemoryHigh=> applies to normal runtime of the system, and if " +"the former is not set also to the startup and shutdown phases\\&. Using " +"I<StartupMemoryHigh=> allows prioritizing specific services at boot-up and " +"shutdown differently than during normal runtime\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 231\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<MemoryMax=>I<bytes>, I<StartupMemoryMax=>I<bytes>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Specify the absolute limit on memory usage of the executed processes in this " +"unit\\&. If memory usage cannot be contained under the limit, out-of-memory " +"killer is invoked inside the unit\\&. It is recommended to use " +"I<MemoryHigh=> as the main control mechanism and use I<MemoryMax=> as the " +"last line of defense\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 +msgid "" +"Takes a memory size in bytes\\&. If the value is suffixed with K, M, G or T, " +"the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or " +"Terabytes (with the base 1024), respectively\\&. Alternatively, a percentage " +"value may be specified, which is taken relative to the installed physical " +"memory on the system\\&. If assigned the special value \"infinity\", no " +"memory limit is applied\\&. This controls the \"memory\\&.max\" control " +"group attribute\\&. For details about this control group attribute, see " +"\\m[blue]B<Memory Interface Files>\\m[]\\&\\s-2\\u[5]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"While I<StartupMemoryMax=> applies to the startup and shutdown phases of the " +"system, I<MemoryMax=> applies to normal runtime of the system, and if the " +"former is not set also to the startup and shutdown phases\\&. Using " +"I<StartupMemoryMax=> allows prioritizing specific services at boot-up and " +"shutdown differently than during normal runtime\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<MemorySwapMax=>I<bytes>, I<StartupMemorySwapMax=>I<bytes>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Specify the absolute limit on swap usage of the executed processes in this " +"unit\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Takes a swap size in bytes\\&. If the value is suffixed with K, M, G or T, " +"the specified swap size is parsed as Kilobytes, Megabytes, Gigabytes, or " +"Terabytes (with the base 1024), respectively\\&. If assigned the special " +"value \"infinity\", no swap limit is applied\\&. These settings control the " +"\"memory\\&.swap\\&.max\" control group attribute\\&. For details about this " +"control group attribute, see \\m[blue]B<Memory Interface " +"Files>\\m[]\\&\\s-2\\u[5]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"While I<StartupMemorySwapMax=> applies to the startup and shutdown phases of " +"the system, I<MemorySwapMax=> applies to normal runtime of the system, and " +"if the former is not set also to the startup and shutdown phases\\&. Using " +"I<StartupMemorySwapMax=> allows prioritizing specific services at boot-up " +"and shutdown differently than during normal runtime\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<MemoryZSwapMax=>I<bytes>, I<StartupMemoryZSwapMax=>I<bytes>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Specify the absolute limit on zswap usage of the processes in this unit\\&. " +"Zswap is a lightweight compressed cache for swap pages\\&. It takes pages " +"that are in the process of being swapped out and attempts to compress them " +"into a dynamically allocated RAM-based memory pool\\&. If the limit " +"specified is hit, no entries from this unit will be stored in the pool until " +"existing entries are faulted back or written out to disk\\&. See the " +"kernel\\*(Aqs \\m[blue]B<Zswap>\\m[]\\&\\s-2\\u[6]\\d\\s+2 documentation for " +"more details\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Takes a size in bytes\\&. If the value is suffixed with K, M, G or T, the " +"specified size is parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes " +"(with the base 1024), respectively\\&. If assigned the special value " +"\"infinity\", no limit is applied\\&. These settings control the \"memory\\&." +"zswap\\&.max\" control group attribute\\&. For details about this control " +"group attribute, see \\m[blue]B<Memory Interface " +"Files>\\m[]\\&\\s-2\\u[5]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"While I<StartupMemoryZSwapMax=> applies to the startup and shutdown phases " +"of the system, I<MemoryZSwapMax=> applies to normal runtime of the system, " +"and if the former is not set also to the startup and shutdown phases\\&. " +"Using I<StartupMemoryZSwapMax=> allows prioritizing specific services at " +"boot-up and shutdown differently than during normal runtime\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 253\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<AllowedMemoryNodes=>, I<StartupAllowedMemoryNodes=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"These settings control the B<cpuset> controller in the unified hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Restrict processes to be executed on specific memory NUMA nodes\\&. Takes a " +"list of memory NUMA nodes indices or ranges separated by either whitespace " +"or commas\\&. Memory NUMA nodes ranges are specified by the lower and upper " +"NUMA nodes indices separated by a dash\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Setting I<AllowedMemoryNodes=> or I<StartupAllowedMemoryNodes=> doesn\\*(Aqt " +"guarantee that all of the memory NUMA nodes will be used by the processes as " +"it may be limited by parent units\\&. The effective configuration is " +"reported as I<EffectiveMemoryNodes=>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"While I<StartupAllowedMemoryNodes=> applies to the startup and shutdown " +"phases of the system, I<AllowedMemoryNodes=> applies to normal runtime of " +"the system, and if the former is not set also to the startup and shutdown " +"phases\\&. Using I<StartupAllowedMemoryNodes=> allows prioritizing specific " +"services at boot-up and shutdown differently than during normal runtime\\&." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Process Accounting and Control" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<TasksAccounting=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This setting controls the B<pids> controller in the unified hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Turn on task accounting for this unit\\&. Takes a boolean argument\\&. If " +"enabled, the kernel will keep track of the total number of tasks in the unit " +"and its children\\&. This number includes both kernel threads and userspace " +"processes, with each thread counted individually\\&. Note that turning on " +"tasks accounting for one unit will also implicitly turn it on for all units " +"contained in the same slice and for all its parent slices and the units " +"contained therein\\&. The system default for this setting may be controlled " +"with I<DefaultTasksAccounting=> in B<systemd-system.conf>(5)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 227\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<TasksMax=>I<N>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 +msgid "" +"Specify the maximum number of tasks that may be created in the unit\\&. This " +"ensures that the number of tasks accounted for the unit (see above) stays " +"below a specific limit\\&. This either takes an absolute number of tasks or " +"a percentage value that is taken relative to the configured maximum number " +"of tasks on the system\\&. If assigned the special value \"infinity\", no " +"tasks limit is applied\\&. This controls the \"pids\\&.max\" control group " +"attribute\\&. For details about this control group attribute, the " +"\\m[blue]B<pids controller>\\m[]\\&\\s-2\\u[7]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The system default for this setting may be controlled with " +"I<DefaultTasksMax=> in B<systemd-system.conf>(5)\\&." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "IO Accounting and Control" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<IOAccounting=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "This setting controls the B<io> controller in the unified hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Turn on Block I/O accounting for this unit, if the unified control group " +"hierarchy is used on the system\\&. Takes a boolean argument\\&. Note that " +"turning on block I/O accounting for one unit will also implicitly turn it on " +"for all units contained in the same slice and all for its parent slices and " +"the units contained therein\\&. The system default for this setting may be " +"controlled with I<DefaultIOAccounting=> in B<systemd-system.conf>(5)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 230\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<IOWeight=>I<weight>, I<StartupIOWeight=>I<weight>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"These settings control the B<io> controller in the unified hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Set the default overall block I/O weight for the executed processes, if the " +"unified control group hierarchy is used on the system\\&. Takes a single " +"weight value (between 1 and 10000) to set the default block I/O weight\\&. " +"This controls the \"io\\&.weight\" control group attribute, which defaults " +"to 100\\&. For details about this control group attribute, see \\m[blue]B<IO " +"Interface Files>\\m[]\\&\\s-2\\u[8]\\d\\s+2\\&. The available I/O bandwidth " +"is split up among all units within one slice relative to their block I/O " +"weight\\&. A higher weight means more I/O bandwidth, a lower weight means " +"less\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"While I<StartupIOWeight=> applies to the startup and shutdown phases of the " +"system, I<IOWeight=> applies to the later runtime of the system, and if the " +"former is not set also to the startup and shutdown phases\\&. This allows " +"prioritizing specific services at boot-up and shutdown differently than " +"during runtime\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<IODeviceWeight=>I<device>I< >I<weight>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Set the per-device overall block I/O weight for the executed processes, if " +"the unified control group hierarchy is used on the system\\&. Takes a space-" +"separated pair of a file path and a weight value to specify the device " +"specific weight value, between 1 and 10000\\&. (Example: \"/dev/sda " +"1000\")\\&. The file path may be specified as path to a block device node or " +"as any other file, in which case the backing block device of the file system " +"of the file is determined\\&. This controls the \"io\\&.weight\" control " +"group attribute, which defaults to 100\\&. Use this option multiple times to " +"set weights for multiple devices\\&. For details about this control group " +"attribute, see \\m[blue]B<IO Interface Files>\\m[]\\&\\s-2\\u[8]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The specified device node should reference a block device that has an I/O " +"scheduler associated, i\\&.e\\&. should not refer to partition or loopback " +"block devices, but to the originating, physical device\\&. When a path to a " +"regular file or directory is specified it is attempted to discover the " +"correct originating device backing the file system of the specified path\\&. " +"This works correctly only for simpler cases, where the file system is " +"directly placed on a partition or physical block device, or where simple 1:1 " +"encryption using dm-crypt/LUKS is used\\&. This discovery does not cover " +"complex storage and in particular RAID and volume management storage " +"devices\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<IOReadBandwidthMax=>I<device>I< >I<bytes>, " +"I<IOWriteBandwidthMax=>I<device>I< >I<bytes>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Set the per-device overall block I/O bandwidth maximum limit for the " +"executed processes, if the unified control group hierarchy is used on the " +"system\\&. This limit is not work-conserving and the executed processes are " +"not allowed to use more even if the device has idle capacity\\&. Takes a " +"space-separated pair of a file path and a bandwidth value (in bytes per " +"second) to specify the device specific bandwidth\\&. The file path may be a " +"path to a block device node, or as any other file in which case the backing " +"block device of the file system of the file is used\\&. If the bandwidth is " +"suffixed with K, M, G, or T, the specified bandwidth is parsed as Kilobytes, " +"Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000\\&. " +"(Example: \"/dev/disk/by-path/pci-0000:00:1f\\&.2-scsi-0:0:0:0 5M\")\\&. " +"This controls the \"io\\&.max\" control group attributes\\&. Use this option " +"multiple times to set bandwidth limits for multiple devices\\&. For details " +"about this control group attribute, see \\m[blue]B<IO Interface " +"Files>\\m[]\\&\\s-2\\u[8]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Similar restrictions on block device discovery as for I<IODeviceWeight=> " +"apply, see above\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<IOReadIOPSMax=>I<device>I< >I<IOPS>, I<IOWriteIOPSMax=>I<device>I< >I<IOPS>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Set the per-device overall block I/O IOs-Per-Second maximum limit for the " +"executed processes, if the unified control group hierarchy is used on the " +"system\\&. This limit is not work-conserving and the executed processes are " +"not allowed to use more even if the device has idle capacity\\&. Takes a " +"space-separated pair of a file path and an IOPS value to specify the device " +"specific IOPS\\&. The file path may be a path to a block device node, or as " +"any other file in which case the backing block device of the file system of " +"the file is used\\&. If the IOPS is suffixed with K, M, G, or T, the " +"specified IOPS is parsed as KiloIOPS, MegaIOPS, GigaIOPS, or TeraIOPS, " +"respectively, to the base of 1000\\&. (Example: \"/dev/disk/by-path/" +"pci-0000:00:1f\\&.2-scsi-0:0:0:0 1K\")\\&. This controls the \"io\\&.max\" " +"control group attributes\\&. Use this option multiple times to set IOPS " +"limits for multiple devices\\&. For details about this control group " +"attribute, see \\m[blue]B<IO Interface Files>\\m[]\\&\\s-2\\u[8]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<IODeviceLatencyTargetSec=>I<device>I< >I<target>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Set the per-device average target I/O latency for the executed processes, if " +"the unified control group hierarchy is used on the system\\&. Takes a file " +"path and a timespan separated by a space to specify the device specific " +"latency target\\&. (Example: \"/dev/sda 25ms\")\\&. The file path may be " +"specified as path to a block device node or as any other file, in which case " +"the backing block device of the file system of the file is determined\\&. " +"This controls the \"io\\&.latency\" control group attribute\\&. Use this " +"option multiple times to set latency target for multiple devices\\&. For " +"details about this control group attribute, see \\m[blue]B<IO Interface " +"Files>\\m[]\\&\\s-2\\u[8]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Implies \"IOAccounting=yes\"\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"These settings are supported only if the unified control group hierarchy is " +"used\\&." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Network Accounting and Control" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<IPAccounting=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Takes a boolean argument\\&. If true, turns on IPv4 and IPv6 network traffic " +"accounting for packets sent or received by the unit\\&. When this option is " +"turned on, all IPv4 and IPv6 sockets created by any process of the unit are " +"accounted for\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When this option is used in socket units, it applies to all IPv4 and IPv6 " +"sockets associated with it (including both listening and connection sockets " +"where this applies)\\&. Note that for socket-activated services, this " +"configuration setting and the accounting data of the service unit and the " +"socket unit are kept separate, and displayed separately\\&. No propagation " +"of the setting and the collected statistics is done, in either direction\\&. " +"Moreover, any traffic sent or received on any of the socket unit\\*(Aqs " +"sockets is accounted to the socket unit \\(em and never to the service unit " +"it might have activated, even if the socket is used by it\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The system default for this setting may be controlled with " +"I<DefaultIPAccounting=> in B<systemd-system.conf>(5)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 235\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<IPAddressAllow=>I<ADDRESS[/PREFIXLENGTH]\\&...>, " +"I<IPAddressDeny=>I<ADDRESS[/PREFIXLENGTH]\\&...>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Turn on network traffic filtering for IP packets sent and received over " +"B<AF_INET> and B<AF_INET6> sockets\\&. Both directives take a space " +"separated list of IPv4 or IPv6 addresses, each optionally suffixed with an " +"address prefix length in bits after a \"/\" character\\&. If the suffix is " +"omitted, the address is considered a host address, i\\&.e\\&. the filter " +"covers the whole address (32 bits for IPv4, 128 bits for IPv6)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The access lists configured with this option are applied to all sockets " +"created by processes of this unit (or in the case of socket units, " +"associated with it)\\&. The lists are implicitly combined with any lists " +"configured for any of the parent slice units this unit might be a member " +"of\\&. By default both access lists are empty\\&. Both ingress and egress " +"traffic is filtered by these settings\\&. In case of ingress traffic the " +"source IP address is checked against these access lists, in case of egress " +"traffic the destination IP address is checked\\&. The following rules are " +"applied in turn:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Access is granted when the checked IP address matches an entry in the " +"I<IPAddressAllow=> list\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Otherwise, access is denied when the checked IP address matches an entry in " +"the I<IPAddressDeny=> list\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Otherwise, access is granted\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In order to implement an allow-listing IP firewall, it is recommended to use " +"a I<IPAddressDeny=>B<any> setting on an upper-level slice unit (such as the " +"root slice -\\&.slice or the slice containing all system services system\\&." +"slice \\(en see B<systemd.special>(7) for details on these slice units), " +"plus individual per-service I<IPAddressAllow=> lines permitting network " +"access to relevant services, and only them\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that for socket-activated services, the IP access list configured on " +"the socket unit applies to all sockets associated with it directly, but not " +"to any sockets created by the ultimately activated services for it\\&. " +"Conversely, the IP access list configured for the service is not applied to " +"any sockets passed into the service via socket activation\\&. Thus, it is " +"usually a good idea to replicate the IP access lists on both the socket and " +"the service unit\\&. Nevertheless, it may make sense to maintain one list " +"more open and the other one more restricted, depending on the use case\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If these settings are used multiple times in the same unit the specified " +"lists are combined\\&. If an empty string is assigned to these settings the " +"specific access list is reset and all previous settings undone\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"In place of explicit IPv4 or IPv6 address and prefix length specifications a " +"small set of symbolic names may be used\\&. The following names are defined:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "B<Table\\ \\&1.\\ \\&Special address/network names>" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Symbolic Name" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Definition" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Meaning" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid ".T&" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "l l l" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "l l l." +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<any>" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "0\\&.0\\&.0\\&.0/0 ::/0" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Any host" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<localhost>" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "127\\&.0\\&.0\\&.0/8 ::1/128" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "All addresses on the local loopback" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<link-local>" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "169\\&.254\\&.0\\&.0/16 fe80::/64" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "All link-local IP addresses" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "B<multicast>" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "224\\&.0\\&.0\\&.0/4 ff00::/8" +msgstr "" + +#. type: tbl table +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "All IP multicasting addresses" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that these settings might not be supported on some systems (for example " +"if eBPF control group support is not enabled in the underlying kernel or " +"container manager)\\&. These settings will have no effect in that case\\&. " +"If compatibility with such systems is desired it is hence recommended to not " +"exclusively rely on them for IP security\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This option cannot be bypassed by prefixing \"+\" to the executable path in " +"the service unit, as it applies to the whole control group\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<SocketBindAllow=>I<bind-rule>, I<SocketBindDeny=>I<bind-rule>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Allow or deny binding a socket address to a socket by matching it with the " +"I<bind-rule> and applying a corresponding action if there is a match\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<bind-rule> describes socket properties such as I<address-family>, " +"I<transport-protocol> and I<ip-ports>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<bind-rule> := { [I<address-family>B<:>][I<transport-protocol>B<:>][I<ip-" +"ports>] | B<any> }" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<address-family> := { B<ipv4> | B<ipv6> }" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<transport-protocol> := { B<tcp> | B<udp> }" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<ip-ports> := { I<ip-port> | I<ip-port-range> }" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"An optional I<address-family> expects B<ipv4> or B<ipv6> values\\&. If not " +"specified, a rule will be matched for both IPv4 and IPv6 addresses and " +"applied depending on other socket fields, e\\&.g\\&. I<transport-protocol>, " +"I<ip-port>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"An optional I<transport-protocol> expects B<tcp> or B<udp> transport " +"protocol names\\&. If not specified, a rule will be matched for any " +"transport protocol\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"An optional I<ip-port> value must lie within 1\\&...65535 interval " +"inclusively, i\\&.e\\&. dynamic port B<0> is not allowed\\&. A range of " +"sequential ports is described by I<ip-port-range> := I<ip-port-low>B<->I<ip-" +"port-high>, where I<ip-port-low> is smaller than or equal to I<ip-port-high> " +"and both are within 1\\&...65535 inclusively\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"A special value B<any> can be used to apply a rule to any address family, " +"transport protocol and any port with a positive value\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"To allow multiple rules assign I<SocketBindAllow=> or I<SocketBindDeny=> " +"multiple times\\&. To clear the existing assignments pass an empty " +"I<SocketBindAllow=> or I<SocketBindDeny=> assignment\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"For each of I<SocketBindAllow=> and I<SocketBindDeny=>, maximum allowed " +"number of assignments is B<128>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Binding to a socket is allowed when a socket address matches an entry in the " +"I<SocketBindAllow=> list\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Otherwise, binding is denied when the socket address matches an entry in the " +"I<SocketBindDeny=> list\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Otherwise, binding is allowed\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The feature is implemented with B<cgroup/bind4> and B<cgroup/bind6> cgroup-" +"bpf hooks\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Examples:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"\\&...\n" +"# Allow binding IPv6 socket addresses with a port greater than or equal to 10000\\&.\n" +"[Service]\n" +"SocketBindAllow=ipv6:10000-65535\n" +"SocketBindDeny=any\n" +"\\&...\n" +"# Allow binding IPv4 and IPv6 socket addresses with 1234 and 4321 ports\\&.\n" +"[Service]\n" +"SocketBindAllow=1234\n" +"SocketBindAllow=4321\n" +"SocketBindDeny=any\n" +"\\&...\n" +"# Deny binding IPv6 socket addresses\\&.\n" +"[Service]\n" +"SocketBindDeny=ipv6\n" +"\\&...\n" +"# Deny binding IPv4 and IPv6 socket addresses\\&.\n" +"[Service]\n" +"SocketBindDeny=any\n" +"\\&...\n" +"# Allow binding only over TCP\n" +"[Service]\n" +"SocketBindAllow=tcp\n" +"SocketBindDeny=any\n" +"\\&...\n" +"# Allow binding only over IPv6/TCP\n" +"[Service]\n" +"SocketBindAllow=ipv6:tcp\n" +"SocketBindDeny=any\n" +"\\&...\n" +"# Allow binding ports within 10000-65535 range over IPv4/UDP\\&.\n" +"[Service]\n" +"SocketBindAllow=ipv4:udp:10000-65535\n" +"SocketBindDeny=any\n" +"\\&...\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 249\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<RestrictNetworkInterfaces=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Takes a list of space-separated network interface names\\&. This option " +"restricts the network interfaces that processes of this unit can use\\&. By " +"default processes can only use the network interfaces listed (allow-" +"list)\\&. If the first character of the rule is \"~\", the effect is " +"inverted: the processes can only use network interfaces not listed (deny-" +"list)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This option can appear multiple times, in which case the network interface " +"names are merged\\&. If the empty string is assigned the set is reset, all " +"prior assignments will have not effect\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If you specify both types of this option (i\\&.e\\&. allow-listing and deny-" +"listing), the first encountered will take precedence and will dictate the " +"default action (allow vs deny)\\&. Then the next occurrences of this option " +"will add or delete the listed network interface names from the set, " +"depending of its type and the default action\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The loopback interface (\"lo\") is not treated in any special way, you have " +"to configure it explicitly in the unit file\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Example 1: allow-list" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"RestrictNetworkInterfaces=eth1\n" +"RestrictNetworkInterfaces=eth2\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Programs in the unit will be only able to use the eth1 and eth2 network " +"interfaces\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Example 2: deny-list" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "RestrictNetworkInterfaces=~eth1 eth2\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Programs in the unit will be able to use any network interface but eth1 and " +"eth2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Example 3: mixed" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"RestrictNetworkInterfaces=eth1 eth2\n" +"RestrictNetworkInterfaces=~eth1\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Programs in the unit will be only able to use the eth2 network interface\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 250\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "I<NFTSet=>I<family>:I<table>:I<set>" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"This setting provides a method for integrating dynamic cgroup, user and " +"group IDs into firewall rules with " +"\\m[blue]B<NFT>\\m[]\\&\\s-2\\u[9]\\d\\s+2 sets\\&. The benefit of using " +"this setting is to be able to use the IDs as selectors in firewall rules " +"easily and this in turn allows more fine grained filtering\\&. NFT rules for " +"cgroup matching use numeric cgroup IDs, which change every time a service is " +"restarted, making them hard to use in systemd environment otherwise\\&. " +"Dynamic and random IDs used by I<DynamicUser=> can be also integrated with " +"this setting\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"This option expects a whitespace separated list of NFT set definitions\\&. " +"Each definition consists of a colon-separated tuple of source type (one of " +"\"cgroup\", \"user\" or \"group\"), NFT address family (one of \"arp\", " +"\"bridge\", \"inet\", \"ip\", \"ip6\", or \"netdev\"), table name and set " +"name\\&. The names of tables and sets must conform to lexical restrictions " +"of NFT table names\\&. The type of the element used in the NFT filter must " +"match the type implied by the directive (\"cgroup\", \"user\" or \"group\") " +"as shown in the table below\\&. When a control group or a unit is realized, " +"the corresponding ID will be appended to the NFT sets and it will be be " +"removed when the control group or unit is removed\\&. B<systemd> only " +"inserts elements to (or removes from) the sets, so the related NFT rules, " +"tables and sets must be prepared elsewhere in advance\\&. Failures to manage " +"the sets will be ignored\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "B<Table\\ \\&2.\\ \\&Defined >I<source type> values" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "Source type" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "Description" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "Corresponding NFT type name" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "cgroup" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "control group ID" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "cgroupsv2" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "user" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "user ID" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "meta skuid" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "group" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "group ID" +msgstr "" + +#. type: tbl table +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "meta skgid" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"If the firewall rules are reinstalled so that the contents of NFT sets are " +"destroyed, command B<systemctl daemon-reload> can be used to refill the " +"sets\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Example:" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "" +"[Unit]\n" +"NFTSet=cgroup:inet:filter:my_service user:inet:filter:serviceuser\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Corresponding NFT rules:" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "" +"table inet filter {\n" +" set my_service {\n" +" type cgroupsv2\n" +" }\n" +" set serviceuser {\n" +" typeof meta skuid\n" +" }\n" +" chain x {\n" +" socket cgroupv2 level 2 @my_service accept\n" +" drop\n" +" }\n" +" chain y {\n" +" meta skuid @serviceuser accept\n" +" drop\n" +" }\n" +"}\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 255\\&." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "BPF Programs" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<IPIngressFilterPath=>I<BPF_FS_PROGRAM_PATH>, " +"I<IPEgressFilterPath=>I<BPF_FS_PROGRAM_PATH>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Add custom network traffic filters implemented as BPF programs, applying to " +"all IP packets sent and received over B<AF_INET> and B<AF_INET6> sockets\\&. " +"Takes an absolute path to a pinned BPF program in the BPF virtual filesystem " +"(/sys/fs/bpf/)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The filters configured with this option are applied to all sockets created " +"by processes of this unit (or in the case of socket units, associated with " +"it)\\&. The filters are loaded in addition to filters any of the parent " +"slice units this unit might be a member of as well as any I<IPAddressAllow=> " +"and I<IPAddressDeny=> filters in any of these units\\&. By default there are " +"no filters specified\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If these settings are used multiple times in the same unit all the specified " +"programs are attached\\&. If an empty string is assigned to these settings " +"the program list is reset and all previous specified programs ignored\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If the path I<BPF_FS_PROGRAM_PATH> in I<IPIngressFilterPath=> assignment is " +"already being handled by I<BPFProgram=> ingress hook, e\\&.g\\&. " +"I<BPFProgram=>B<ingress>:I<BPF_FS_PROGRAM_PATH>, the assignment will be " +"still considered valid and the program will be attached to a cgroup\\&. Same " +"for I<IPEgressFilterPath=> path and B<egress> hook\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that for socket-activated services, the IP filter programs configured " +"on the socket unit apply to all sockets associated with it directly, but not " +"to any sockets created by the ultimately activated services for it\\&. " +"Conversely, the IP filter programs configured for the service are not " +"applied to any sockets passed into the service via socket activation\\&. " +"Thus, it is usually a good idea, to replicate the IP filter programs on both " +"the socket and the service unit, however it often makes sense to maintain " +"one configuration more open and the other one more restricted, depending on " +"the use case\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that these settings might not be supported on some systems (for example " +"if eBPF control group support is not enabled in the underlying kernel or " +"container manager)\\&. These settings will fail the service in that case\\&. " +"If compatibility with such systems is desired it is hence recommended to " +"attach your filter manually (requires I<Delegate=>B<yes>) instead of using " +"this setting\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 243\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<BPFProgram=>I<type>I<:>I<program-path>" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"I<BPFProgram=> allows attaching custom BPF programs to the cgroup of a " +"unit\\&. (This generalizes the functionality exposed via " +"I<IPEgressFilterPath=> and I<IPIngressFilterPath=> for other hooks\\&.) " +"Cgroup-bpf hooks in the form of BPF programs loaded to the BPF filesystem " +"are attached with cgroup-bpf attach flags determined by the unit\\&. For " +"details about attachment types and flags see \\m[blue]B<bpf\\&." +"h>\\m[]\\&\\s-2\\u[10]\\d\\s+2\\&. Also refer to the general \\m[blue]B<BPF " +"documentation>\\m[]\\&\\s-2\\u[11]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The specification of BPF program consists of a pair of BPF program type and " +"program path in the file system, with \":\" as the separator: I<type>:" +"I<program-path>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"The BPF program type is equivalent to the BPF attach type used in " +"B<bpftool>(8) It may be one of B<egress>, B<ingress>, B<sock_create>, " +"B<sock_ops>, B<device>, B<bind4>, B<bind6>, B<connect4>, B<connect6>, " +"B<post_bind4>, B<post_bind6>, B<sendmsg4>, B<sendmsg6>, B<sysctl>, " +"B<recvmsg4>, B<recvmsg6>, B<getsockopt>, or B<setsockopt>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The specified program path must be an absolute path referencing a BPF " +"program inode in the bpffs file system (which generally means it must begin " +"with /sys/fs/bpf/)\\&. If a specified program does not exist (i\\&.e\\&. has " +"not been uploaded to the BPF subsystem of the kernel yet), it will not be " +"installed but unit activation will continue (a warning will be printed to " +"the logs)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Setting I<BPFProgram=> to an empty value makes previous assignments " +"ineffective\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Multiple assignments of the same program type/path pair have the same effect " +"as a single assignment: the program will be attached just once\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If BPF B<egress> pinned to I<program-path> path is already being handled by " +"I<IPEgressFilterPath=>, I<BPFProgram=> assignment will be considered valid " +"and I<BPFProgram=> will be attached to a cgroup\\&. Similarly for B<ingress> " +"hook and I<IPIngressFilterPath=> assignment\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"BPF programs passed with I<BPFProgram=> are attached to the cgroup of a unit " +"with BPF attach flag B<multi>, that allows further attachments of the same " +"I<type> within cgroup hierarchy topped by the unit cgroup\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"BPFProgram=egress:/sys/fs/bpf/egress-hook\n" +"BPFProgram=bind6:/sys/fs/bpf/sock-addr-hook\n" +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Device Access" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<DeviceAllow=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Control access to specific device nodes by the executed processes\\&. Takes " +"two space-separated strings: a device node specifier followed by a " +"combination of B<r>, B<w>, B<m> to control I<r>eading, I<w>riting, or " +"creation of the specific device nodes by the unit (I<m>knod), " +"respectively\\&. This functionality is implemented using eBPF filtering\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When access to I<all> physical devices should be disallowed, " +"I<PrivateDevices=> may be used instead\\&. See B<systemd.exec>(5)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The device node specifier is either a path to a device node in the file " +"system, starting with /dev/, or a string starting with either \"char-\" or " +"\"block-\" followed by a device group name, as listed in /proc/devices\\&. " +"The latter is useful to allow-list all current and future devices belonging " +"to a specific device group at once\\&. The device group is matched according " +"to filename globbing rules, you may hence use the \"*\" and \"?\" " +"wildcards\\&. (Note that such globbing wildcards are not available for " +"device node path specifications!) In order to match device nodes by numeric " +"major/minor, use device node paths in the /dev/char/ and /dev/block/ " +"directories\\&. However, matching devices by major/minor is generally not " +"recommended as assignments are neither stable nor portable between systems " +"or different kernel versions\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Examples: /dev/sda5 is a path to a device node, referring to an ATA or SCSI " +"block device\\&. \"char-pts\" and \"char-alsa\" are specifiers for all " +"pseudo TTYs and all ALSA sound devices, respectively\\&. \"char-cpu/*\" is " +"a specifier matching all CPU related device groups\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that allow lists defined this way should only reference device groups " +"which are resolvable at the time the unit is started\\&. Any device groups " +"not resolvable then are not added to the device allow list\\&. In order to " +"work around this limitation, consider extending service units with a pair of " +"B<After=modprobe@xyz\\&.service> and B<Wants=modprobe@xyz\\&.service> lines " +"that load the necessary kernel module implementing the device group if " +"missing\\&. Example:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"\\&...\n" +"[Unit]\n" +"Wants=modprobe@loop\\&.service\n" +"After=modprobe@loop\\&.service\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "" +"[Service]\n" +"DeviceAllow=block-loop\n" +"DeviceAllow=/dev/loop-control\n" +"\\&...\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<DevicePolicy=auto|closed|strict>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Control the policy for allowing device access:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "B<strict>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "means to only allow types of access that are explicitly specified\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "B<closed>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"in addition, allows access to standard pseudo devices including /dev/null, /" +"dev/zero, /dev/full, /dev/random, and /dev/urandom\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "B<auto>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"in addition, allows access to all devices if no explicit I<DeviceAllow=> is " +"present\\&. This is the default\\&." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Control Group Management" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<Slice=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The name of the slice unit to place the unit in\\&. Defaults to system\\&." +"slice for all non-instantiated units of all unit types (except for slice " +"units themselves see below)\\&. Instance units are by default placed in a " +"subslice of system\\&.slice that is named after the template name\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This option may be used to arrange systemd units in a hierarchy of slices " +"each of which might have resource settings applied\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"For units of type slice, the only accepted value for this setting is the " +"parent slice\\&. Since the name of a slice unit implies the parent slice, it " +"is hence redundant to ever set this parameter directly for slice units\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Special care should be taken when relying on the default slice assignment in " +"templated service units that have I<DefaultDependencies=no> set, see " +"B<systemd.service>(5), section \"Default Dependencies\" for details\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<Delegate=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Turns on delegation of further resource control partitioning to processes of " +"the unit\\&. Units where this is enabled may create and manage their own " +"private subhierarchy of control groups below the control group of the unit " +"itself\\&. For unprivileged services (i\\&.e\\&. those using the I<User=> " +"setting) the unit\\*(Aqs control group will be made accessible to the " +"relevant user\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When enabled the service manager will refrain from manipulating control " +"groups or moving processes below the unit\\*(Aqs control group, so that a " +"clear concept of ownership is established: the control group tree at the " +"level of the unit\\*(Aqs control group and above (i\\&.e\\&. towards the " +"root control group) is owned and managed by the service manager of the host, " +"while the control group tree below the unit\\*(Aqs control group is owned " +"and managed by the unit itself\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Takes either a boolean argument or a (possibly empty) list of control group " +"controller names\\&. If true, delegation is turned on, and all supported " +"controllers are enabled for the unit, making them available to the " +"unit\\*(Aqs processes for management\\&. If false, delegation is turned off " +"entirely (and no additional controllers are enabled)\\&. If set to a list of " +"controllers, delegation is turned on, and the specified controllers are " +"enabled for the unit\\&. Assigning the empty string will enable delegation, " +"but reset the list of controllers, and all assignments prior to this will " +"have no effect\\&. Note that additional controllers other than the ones " +"specified might be made available as well, depending on configuration of the " +"containing slice unit or other units contained in it\\&. Defaults to " +"false\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that controller delegation to less privileged code is only safe on the " +"unified control group hierarchy\\&. Accordingly, access to the specified " +"controllers will not be granted to unprivileged services on the legacy " +"hierarchy, even when requested\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The following controller names may be specified: B<cpu>, B<cpuacct>, " +"B<cpuset>, B<io>, B<blkio>, B<memory>, B<devices>, B<pids>, B<bpf-firewall>, " +"and B<bpf-devices>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Not all of these controllers are available on all kernels however, and some " +"are specific to the unified hierarchy while others are specific to the " +"legacy hierarchy\\&. Also note that the kernel might support further " +"controllers, which aren\\*(Aqt covered here yet as delegation is either not " +"supported at all for them or not defined cleanly\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that because of the hierarchical nature of cgroup hierarchy, any " +"controllers that are delegated will be enabled for the parent and sibling " +"units of the unit with delegation\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"For further details on the delegation model consult \\m[blue]B<Control Group " +"APIs and Delegation>\\m[]\\&\\s-2\\u[12]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 218\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<DelegateSubgroup=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Place unit processes in the specified subgroup of the unit\\*(Aqs control " +"group\\&. Takes a valid control group name (not a path!) as parameter, or an " +"empty string to turn this feature off\\&. Defaults to off\\&. The control " +"group name must be usable as filename and avoid conflicts with the " +"kernel\\*(Aqs control group attribute files (i\\&.e\\&. cgroup\\&.procs is " +"not an acceptable name, since the kernel exposes a native control group " +"attribute file by that name)\\&. This option has no effect unless control " +"group delegation is turned on via I<Delegate=>, see above\\&. Note that this " +"setting only applies to \"main\" processes of a unit, i\\&.e\\&. for " +"services to I<ExecStart=>, but not for I<ExecReload=> and similar\\&. If " +"delegation is enabled, the latter are always placed inside a subgroup named " +"\\&.control\\&. The specified subgroup is automatically created (and " +"potentially ownership is passed to the unit\\*(Aqs configured user/group) " +"when a process is started in it\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"This option is useful to avoid manually moving the invoked process into a " +"subgroup after it has been started\\&. Since no processes should live in " +"inner nodes of the control group tree it\\*(Aqs almost always necessary to " +"run the main (\"supervising\") process of a unit that has delegation turned " +"on in a subgroup\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 254\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<DisableControllers=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Disables controllers from being enabled for a unit\\*(Aqs children\\&. If a " +"controller listed is already in use in its subtree, the controller will be " +"removed from the subtree\\&. This can be used to avoid configuration in " +"child units from being able to implicitly or explicitly enable a " +"controller\\&. Defaults to empty\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Multiple controllers may be specified, separated by spaces\\&. You may also " +"pass I<DisableControllers=> multiple times, in which case each new instance " +"adds another controller to disable\\&. Passing I<DisableControllers=> by " +"itself with no controller name present resets the disabled controller " +"list\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"It may not be possible to disable a controller after units have been " +"started, if the unit or any child of the unit in question delegates " +"controllers to its children, as any delegated subtree of the cgroup " +"hierarchy is unmanaged by systemd\\&." +msgstr "" + +#. type: SS +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "Memory Pressure Control" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<ManagedOOMSwap=auto|kill>, I<ManagedOOMMemoryPressure=auto|kill>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Specifies how B<systemd-oomd.service>(8) will act on this unit\\*(Aqs " +"cgroups\\&. Defaults to B<auto>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When set to B<kill>, the unit becomes a candidate for monitoring by " +"B<systemd-oomd>\\&. If the cgroup passes the limits set by B<oomd.conf>(5) " +"or the unit configuration, B<systemd-oomd> will select a descendant cgroup " +"and send B<SIGKILL> to all of the processes under it\\&. You can find more " +"details on candidates and kill behavior at B<systemd-oomd.service>(8) and " +"B<oomd.conf>(5)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Setting either of these properties to B<kill> will also result in I<After=> " +"and I<Wants=> dependencies on systemd-oomd\\&.service unless " +"I<DefaultDependencies=no>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When set to B<auto>, B<systemd-oomd> will not actively use this " +"cgroup\\*(Aqs data for monitoring and detection\\&. However, if an ancestor " +"cgroup has one of these properties set to B<kill>, a unit with B<auto> can " +"still be a candidate for B<systemd-oomd> to terminate\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 247\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<ManagedOOMMemoryPressureLimit=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Overrides the default memory pressure limit set by B<oomd.conf>(5) for this " +"unit (cgroup)\\&. Takes a percentage value between 0% and 100%, " +"inclusive\\&. This property is ignored unless " +"I<ManagedOOMMemoryPressure=>B<kill>\\&. Defaults to 0%, which means to use " +"the default set by B<oomd.conf>(5)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<ManagedOOMPreference=none|avoid|omit>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Allows deprioritizing or omitting this unit\\*(Aqs cgroup as a candidate " +"when B<systemd-oomd> needs to act\\&. Requires support for extended " +"attributes (see B<xattr>(7)) in order to use B<avoid> or B<omit>\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When calculating candidates to relieve swap usage, B<systemd-oomd> will only " +"respect these extended attributes if the unit\\*(Aqs cgroup is owned by " +"root\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"When calculating candidates to relieve memory pressure, B<systemd-oomd> will " +"only respect these extended attributes if the unit\\*(Aqs cgroup is owned by " +"root, or if the unit\\*(Aqs cgroup owner, and the owner of the monitored " +"ancestor cgroup are the same\\&. For example, if B<systemd-oomd> is " +"calculating candidates for -\\&.slice, then extended attributes set on " +"descendants of /user\\&.slice/user-1000\\&.slice/user@1000\\&.service/ will " +"be ignored because the descendants are owned by UID 1000, and -\\&.slice is " +"owned by UID 0\\&. But, if calculating candidates for /user\\&.slice/" +"user-1000\\&.slice/user@1000\\&.service/, then extended attributes set on " +"the descendants would be respected\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If this property is set to B<avoid>, the service manager will convey this to " +"B<systemd-oomd>, which will only select this cgroup if there are no other " +"viable candidates\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If this property is set to B<omit>, the service manager will convey this to " +"B<systemd-oomd>, which will ignore this cgroup as a candidate and will not " +"perform any actions on it\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"It is recommended to use B<avoid> and B<omit> sparingly, as it can adversely " +"affect B<systemd-oomd>\\*(Aqs kill behavior\\&. Also note that these " +"extended attributes are not applied recursively to cgroups under this " +"unit\\*(Aqs cgroup\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Defaults to B<none> which means B<systemd-oomd> will rank this unit\\*(Aqs " +"cgroup as defined in B<systemd-oomd.service>(8) and B<oomd.conf>(5)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 248\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<MemoryPressureWatch=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Controls memory pressure monitoring for invoked processes\\&. Takes one of " +"\"off\", \"on\", \"auto\" or \"skip\"\\&. If \"off\" tells the service not " +"to watch for memory pressure events, by setting the " +"I<$MEMORY_PRESSURE_WATCH> environment variable to the literal string /dev/" +"null\\&. If \"on\" tells the service to watch for memory pressure events\\&. " +"This enables memory accounting for the service, and ensures the memory\\&." +"pressure cgroup attribute file is accessible for reading and writing by the " +"service\\*(Aqs user\\&. It then sets the I<$MEMORY_PRESSURE_WATCH> " +"environment variable for processes invoked by the unit to the file system " +"path to this file\\&. The threshold information configured with " +"I<MemoryPressureThresholdSec=> is encoded in the I<$MEMORY_PRESSURE_WRITE> " +"environment variable\\&. If the \"auto\" value is set the protocol is " +"enabled if memory accounting is anyway enabled for the unit, and disabled " +"otherwise\\&. If set to \"skip\" the logic is neither enabled, nor disabled " +"and the two environment variables are not set\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Note that services are free to use the two environment variables, but " +"it\\*(Aqs unproblematic if they ignore them\\&. Memory pressure handling " +"must be implemented individually in each service, and usually means " +"different things for different software\\&. For further details on memory " +"pressure handling see \\m[blue]B<Memory Pressure Handling in " +"systemd>\\m[]\\&\\s-2\\u[13]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Services implemented using B<sd-event>(3) may use " +"B<sd_event_add_memory_pressure>(3) to watch for and handle memory pressure " +"events\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"If not explicit set, defaults to the I<DefaultMemoryPressureWatch=> setting " +"in B<systemd-system.conf>(5)\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "I<MemoryPressureThresholdSec=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Sets the memory pressure threshold time for memory pressure monitor as " +"configured via I<MemoryPressureWatch=>\\&. Specifies the maximum allocation " +"latency before a memory pressure event is signalled to the service, per 2s " +"window\\&. If not specified defaults to the " +"I<DefaultMemoryPressureThresholdSec=> setting in B<systemd-system.conf>(5) " +"(which in turn defaults to 200ms)\\&. The specified value expects a time " +"unit such as \"ms\" or \"μs\", see B<systemd.time>(7) for details on the " +"permitted syntax\\&." +msgstr "" + +#. type: SS +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "Coredump Control" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "I<CoredumpReceive=>" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Takes a boolean argument\\&. This setting is used to enable coredump " +"forwarding for containers that belong to this unit\\*(Aqs cgroup\\&. Units " +"with I<CoredumpReceive=yes> must also be configured with I<Delegate=yes>\\&. " +"Defaults to false\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"When B<systemd-coredump> is handling a coredump for a process from a " +"container, if the container\\*(Aqs leader process is a descendant of a " +"cgroup with I<CoredumpReceive=yes> and I<Delegate=yes>, then B<systemd-" +"coredump> will attempt to forward the coredump to B<systemd-coredump> within " +"the container\\&." +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "HISTORY" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "systemd 252" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Options for controlling the Legacy Control Group Hierarchy " +"(\\m[blue]B<Control Groups version 1>\\m[]\\&\\s-2\\u[14]\\d\\s+2) are now " +"fully deprecated: I<CPUShares=>I<weight>, I<StartupCPUShares=>I<weight>, " +"I<MemoryLimit=>I<bytes>, I<BlockIOAccounting=>, I<BlockIOWeight=>I<weight>, " +"I<StartupBlockIOWeight=>I<weight>, I<BlockIODeviceWeight=>I<device>I< " +">I<weight>, I<BlockIOReadBandwidth=>I<device>I< >I<bytes>, " +"I<BlockIOWriteBandwidth=>I<device>I< >I<bytes>\\&. Please switch to the " +"unified cgroup hierarchy\\&." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "Added in version 252\\&." +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "SEE ALSO" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"B<systemd>(1), B<systemd-system.conf>(5), B<systemd.unit>(5), B<systemd." +"service>(5), B<systemd.slice>(5), B<systemd.scope>(5), B<systemd.socket>(5), " +"B<systemd.mount>(5), B<systemd.swap>(5), B<systemd.exec>(5), B<systemd." +"directives>(7), B<systemd.special>(7), B<systemd-oomd.service>(8), The " +"documentation for control groups and specific controllers in the Linux " +"kernel: \\m[blue]B<Control Groups v2>\\m[]\\&\\s-2\\u[2]\\d\\s+2\\&." +msgstr "" + +#. type: SH +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "NOTES" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid " 1." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "New Control Group Interfaces" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"\\%https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid " 2." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Control Groups v2" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "\\%https://docs.kernel.org/admin-guide/cgroup-v2.html" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid " 3." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "CFS Scheduler" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "\\%https://docs.kernel.org/scheduler/sched-design-CFS.html" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid " 4." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "CFS Bandwidth Control" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "\\%https://docs.kernel.org/scheduler/sched-bwc.html" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid " 5." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Memory Interface Files" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"\\%https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid " 6." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Zswap" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "\\%https://www.kernel.org/doc/html/latest/admin-guide/mm/zswap.html" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid " 7." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "pids controller" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"\\%https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#pid" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid " 8." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "IO Interface Files" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"\\%https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid " 9." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "NFT" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "\\%https://netfilter.org/projects/nftables/index.html" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "10." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "bpf.h" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"\\%https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/" +"include/uapi/linux/bpf.h" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "11." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "BPF documentation" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "\\%https://docs.kernel.org/bpf/" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "12." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Control Group APIs and Delegation" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "\\%https://systemd.io/CGROUP_DELEGATION" +msgstr "" + +#. type: IP +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "13." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Memory Pressure Handling in systemd" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "\\%https://systemd.io/MEMORY_PRESSURE" +msgstr "" + +#. type: IP +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "14." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "Control Groups version 1" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed +msgid "\\%https://docs.kernel.org/admin-guide/cgroup-v1/index.html" +msgstr "" + +#. type: TH +#: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed +#, no-wrap +msgid "systemd 254" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"I<BPFProgram=> allows attaching custom BPF programs to the cgroup of a " +"unit\\&. (This generalizes the functionality exposed via " +"I<IPEgressFilterPath=> and and I<IPIngressFilterPath=> for other hooks\\&.) " +"Cgroup-bpf hooks in the form of BPF programs loaded to the BPF filesystem " +"are attached with cgroup-bpf attach flags determined by the unit\\&. For " +"details about attachment types and flags see \\m[blue]B<bpf\\&." +"h>\\m[]\\&\\s-2\\u[9]\\d\\s+2\\&. Also refer to the general \\m[blue]B<BPF " +"documentation>\\m[]\\&\\s-2\\u[10]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"The BPF program type is equivalent to the BPF attach type used in " +"B<bpftool>\\&. It may be one of B<egress>, B<ingress>, B<sock_create>, " +"B<sock_ops>, B<device>, B<bind4>, B<bind6>, B<connect4>, B<connect6>, " +"B<post_bind4>, B<post_bind6>, B<sendmsg4>, B<sendmsg6>, B<sysctl>, " +"B<recvmsg4>, B<recvmsg6>, B<getsockopt>, B<setsockopt>\\&." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"For further details on the delegation model consult \\m[blue]B<Control Group " +"APIs and Delegation>\\m[]\\&\\s-2\\u[11]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Controls memory pressure monitoring for invoked processes\\&. Takes one of " +"\"off\", \"on\", \"auto\" or \"skip\"\\&. If \"off\" tells the service not " +"to watch for memory pressure events, by setting the " +"I<$MEMORY_PRESSURE_WATCH> environment variable to the literal string /dev/" +"null\\&. If \"on\" tells the service to watch for memory pressure events\\&. " +"This enables memory accounting for the service, and ensures the memory\\&." +"pressure cgroup attribute files is accessible for read and write to the " +"service\\*(Aqs user\\&. It then sets the I<$MEMORY_PRESSURE_WATCH> " +"environment variable for processes invoked by the unit to the file system " +"path to this file\\&. The threshold information configured with " +"I<MemoryPressureThresholdSec=> is encoded in the I<$MEMORY_PRESSURE_WRITE> " +"environment variable\\&. If the \"auto\" value is set the protocol is " +"enabled if memory accounting is anyway enabled for the unit, and disabled " +"otherwise\\&. If set to \"skip\" the logic is neither enabled, nor disabled " +"and the two environment variables are not set\\&." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Note that services are free to use the two environment variables, but " +"it\\*(Aqs unproblematic if they ignore them\\&. Memory pressure handling " +"must be implemented individually in each service, and usually means " +"different things for different software\\&. For further details on memory " +"pressure handling see \\m[blue]B<Memory Pressure Handling in " +"systemd>\\m[]\\&\\s-2\\u[12]\\d\\s+2\\&." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Options for controlling the Legacy Control Group Hierarchy " +"(\\m[blue]B<Control Groups version 1>\\m[]\\&\\s-2\\u[13]\\d\\s+2) are now " +"fully deprecated: I<CPUShares=>I<weight>, I<StartupCPUShares=>I<weight>, " +"I<MemoryLimit=>I<bytes>, I<BlockIOAccounting=>, I<BlockIOWeight=>I<weight>, " +"I<StartupBlockIOWeight=>I<weight>, I<BlockIODeviceWeight=>I<device>I< " +">I<weight>, I<BlockIOReadBandwidth=>I<device>I< >I<bytes>, " +"I<BlockIOWriteBandwidth=>I<device>I< >I<bytes>\\&. Please switch to the " +"unified cgroup hierarchy\\&." +msgstr "" + +#. type: Plain text +#: opensuse-tumbleweed +msgid "" +"Takes a memory size in bytes\\&. If the value is suffixed with K, M, G or T, " +"the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or " +"Terabytes (with the base 1024), respectively\\&. Alternatively, a percentage " +"value may be specified, which is taken relative to the installed physical " +"memory on the system\\&. If assigned the special value \"infinity\", no " +"memory throttling is applied\\&. This controls the \"memory\\&.high\" " +"control group attribute\\&. For details about this control group attribute, " +"see \\m[blue]B<Memory Interface Files>\\m[]\\&\\s-2\\u[5]\\d\\s+2\\&. The " +"effective configuration is reported as I<EffectiveMemoryHigh=> (see also " +"I<EffectiveMemoryMax=>)\\&." +msgstr "" + +#. type: Plain text +#: opensuse-tumbleweed +msgid "" +"Takes a memory size in bytes\\&. If the value is suffixed with K, M, G or T, " +"the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or " +"Terabytes (with the base 1024), respectively\\&. Alternatively, a percentage " +"value may be specified, which is taken relative to the installed physical " +"memory on the system\\&. If assigned the special value \"infinity\", no " +"memory limit is applied\\&. This controls the \"memory\\&.max\" control " +"group attribute\\&. For details about this control group attribute, see " +"\\m[blue]B<Memory Interface Files>\\m[]\\&\\s-2\\u[5]\\d\\s+2\\&. The " +"effective configuration is reported as I<EffectiveMemoryMax=> (the value is " +"the most stringent limit of the unit and parent slices and it is capped by " +"physical memory)\\&." +msgstr "" + +#. type: Plain text +#: opensuse-tumbleweed +msgid "" +"Specify the maximum number of tasks that may be created in the unit\\&. This " +"ensures that the number of tasks accounted for the unit (see above) stays " +"below a specific limit\\&. This either takes an absolute number of tasks or " +"a percentage value that is taken relative to the configured maximum number " +"of tasks on the system\\&. If assigned the special value \"infinity\", no " +"tasks limit is applied\\&. This controls the \"pids\\&.max\" control group " +"attribute\\&. For details about this control group attribute, the " +"\\m[blue]B<pids controller>\\m[]\\&\\s-2\\u[7]\\d\\s+2\\&. The effective " +"configuration is reported as I<EffectiveTasksMax=>\\&." +msgstr "" |