diff options
Diffstat (limited to 'upstream/fedora-40/man5/systemd-system.conf.5')
-rw-r--r-- | upstream/fedora-40/man5/systemd-system.conf.5 | 837 |
1 files changed, 837 insertions, 0 deletions
diff --git a/upstream/fedora-40/man5/systemd-system.conf.5 b/upstream/fedora-40/man5/systemd-system.conf.5 new file mode 100644 index 00000000..6d2267c2 --- /dev/null +++ b/upstream/fedora-40/man5/systemd-system.conf.5 @@ -0,0 +1,837 @@ +'\" t +.TH "SYSTEMD\-SYSTEM\&.CONF" "5" "" "systemd 255" "systemd-system.conf" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +systemd-system.conf, system.conf.d, systemd-user.conf, user.conf.d \- System and session service manager configuration files +.SH "SYNOPSIS" +.PP +/etc/systemd/system\&.conf, +/etc/systemd/system\&.conf\&.d/*\&.conf, +/run/systemd/system\&.conf\&.d/*\&.conf, +/usr/lib/systemd/system\&.conf\&.d/*\&.conf +.PP +~/\&.config/systemd/user\&.conf, +/etc/systemd/user\&.conf, +/etc/systemd/user\&.conf\&.d/*\&.conf, +/run/systemd/user\&.conf\&.d/*\&.conf, +/usr/lib/systemd/user\&.conf\&.d/*\&.conf +.SH "DESCRIPTION" +.PP +When run as a system instance, +\fBsystemd\fR +interprets the configuration file +system\&.conf +and the files in +system\&.conf\&.d +directories; when run as a user instance, it interprets the configuration file +user\&.conf +(either in the home directory of the user, or if not found, under +/etc/systemd/) and the files in +user\&.conf\&.d +directories\&. These configuration files contain a few settings controlling basic manager operations\&. +.PP +See +\fBsystemd.syntax\fR(7) +for a general description of the syntax\&. +.SH "CONFIGURATION DIRECTORIES AND PRECEDENCE" +.PP +The default configuration is set during compilation, so configuration is only needed when it is necessary to deviate from those defaults\&. The main configuration file is either in +/usr/lib/systemd/ +or +/etc/systemd/ +and contains commented out entries showing the defaults as a guide to the administrator\&. Local overrides can be created by creating drop\-ins, as described below\&. The main configuration file can also be edited for this purpose (or a copy in +/etc/ +if it\*(Aqs shipped in +/usr/) however using drop\-ins for local configuration is recommended over modifications to the main configuration file\&. +.PP +In addition to the "main" configuration file, drop\-in configuration snippets are read from +/usr/lib/systemd/*\&.conf\&.d/, +/usr/local/lib/systemd/*\&.conf\&.d/, and +/etc/systemd/*\&.conf\&.d/\&. Those drop\-ins have higher precedence and override the main configuration file\&. Files in the +*\&.conf\&.d/ +configuration subdirectories are sorted by their filename in lexicographic order, regardless of in which of the subdirectories they reside\&. When multiple files specify the same option, for options which accept just a single value, the entry in the file sorted last takes precedence, and for options which accept a list of values, entries are collected as they occur in the sorted files\&. +.PP +When packages need to customize the configuration, they can install drop\-ins under +/usr/\&. Files in +/etc/ +are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defined a concept of drop\-in priority to allow distributions to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. +.PP +To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to +/dev/null +in the configuration directory in +/etc/, with the same filename as the vendor configuration file\&. +.SH "OPTIONS" +.PP +All options are configured in the [Manager] section: +.PP +\fILogColor=\fR, \fILogLevel=\fR, \fILogLocation=\fR, \fILogTarget=\fR, \fILogTime=\fR, \fIDumpCore=yes\fR, \fICrashChangeVT=no\fR, \fICrashShell=no\fR, \fICrashReboot=no\fR, \fIShowStatus=yes\fR, \fIDefaultStandardOutput=journal\fR, \fIDefaultStandardError=inherit\fR +.RS 4 +Configures various parameters of basic manager operation\&. These options may be overridden by the respective process and kernel command line arguments\&. See +\fBsystemd\fR(1) +for details\&. +.sp +Added in version 198\&. +.RE +.PP +\fICtrlAltDelBurstAction=\fR +.RS 4 +Defines what action will be performed if user presses Ctrl\-Alt\-Delete more than 7 times in 2s\&. Can be set to +"reboot\-force", +"poweroff\-force", +"reboot\-immediate", +"poweroff\-immediate" +or disabled with +"none"\&. Defaults to +"reboot\-force"\&. +.sp +Added in version 232\&. +.RE +.PP +\fICPUAffinity=\fR +.RS 4 +Configures the CPU affinity for the service manager as well as the default CPU affinity for all forked off processes\&. Takes a list of CPU indices or ranges separated by either whitespace or commas\&. CPU ranges are specified by the lower and upper CPU indices separated by a dash\&. This option may be specified more than once, in which case the specified CPU affinity masks are merged\&. If the empty string is assigned, the mask is reset, all assignments prior to this will have no effect\&. Individual services may override the CPU affinity for their processes with the +\fICPUAffinity=\fR +setting in unit files, see +\fBsystemd.exec\fR(5)\&. +.sp +Added in version 198\&. +.RE +.PP +\fINUMAPolicy=\fR +.RS 4 +Configures the NUMA memory policy for the service manager and the default NUMA memory policy for all forked off processes\&. Individual services may override the default policy with the +\fINUMAPolicy=\fR +setting in unit files, see +\fBsystemd.exec\fR(5)\&. +.sp +Added in version 243\&. +.RE +.PP +\fINUMAMask=\fR +.RS 4 +Configures the NUMA node mask that will be associated with the selected NUMA policy\&. Note that +\fBdefault\fR +and +\fBlocal\fR +NUMA policies don\*(Aqt require explicit NUMA node mask and value of the option can be empty\&. Similarly to +\fINUMAPolicy=\fR, value can be overridden by individual services in unit files, see +\fBsystemd.exec\fR(5)\&. +.sp +Added in version 243\&. +.RE +.PP +\fIRuntimeWatchdogSec=\fR, \fIRebootWatchdogSec=\fR, \fIKExecWatchdogSec=\fR +.RS 4 +Configure the hardware watchdog at runtime and at reboot\&. Takes a timeout value in seconds (or in other time units if suffixed with +"ms", +"min", +"h", +"d", +"w"), or the special strings +"off" +or +"default"\&. If set to +"off" +(alternatively: +"0") the watchdog logic is disabled: no watchdog device is opened, configured, or pinged\&. If set to the special string +"default" +the watchdog is opened and pinged in regular intervals, but the timeout is not changed from the default\&. If set to any other time value the watchdog timeout is configured to the specified value (or a value close to it, depending on hardware capabilities)\&. +.sp +If +\fIRuntimeWatchdogSec=\fR +is set to a non\-zero value, the watchdog hardware (/dev/watchdog0 +or the path specified with +\fIWatchdogDevice=\fR +or the kernel option +\fIsystemd\&.watchdog\-device=\fR) will be programmed to automatically reboot the system if it is not contacted within the specified timeout interval\&. The system manager will ensure to contact it at least once in half the specified timeout interval\&. This feature requires a hardware watchdog device to be present, as it is commonly the case in embedded and server systems\&. Not all hardware watchdogs allow configuration of all possible reboot timeout values, in which case the closest available timeout is picked\&. +.sp +\fIRebootWatchdogSec=\fR +may be used to configure the hardware watchdog when the system is asked to reboot\&. It works as a safety net to ensure that the reboot takes place even if a clean reboot attempt times out\&. Note that the +\fIRebootWatchdogSec=\fR +timeout applies only to the second phase of the reboot, i\&.e\&. after all regular services are already terminated, and after the system and service manager process (PID 1) got replaced by the +systemd\-shutdown +binary, see system +\fBbootup\fR(7) +for details\&. During the first phase of the shutdown operation the system and service manager remains running and hence +\fIRuntimeWatchdogSec=\fR +is still honoured\&. In order to define a timeout on this first phase of system shutdown, configure +\fIJobTimeoutSec=\fR +and +\fIJobTimeoutAction=\fR +in the [Unit] section of the +shutdown\&.target +unit\&. By default +\fIRuntimeWatchdogSec=\fR +defaults to 0 (off), and +\fIRebootWatchdogSec=\fR +to 10min\&. +.sp +\fIKExecWatchdogSec=\fR +may be used to additionally enable the watchdog when kexec is being executed rather than when rebooting\&. Note that if the kernel does not reset the watchdog on kexec (depending on the specific hardware and/or driver), in this case the watchdog might not get disabled after kexec succeeds and thus the system might get rebooted, unless +\fIRuntimeWatchdogSec=\fR +is also enabled at the same time\&. For this reason it is recommended to enable +\fIKExecWatchdogSec=\fR +only if +\fIRuntimeWatchdogSec=\fR +is also enabled\&. +.sp +These settings have no effect if a hardware watchdog is not available\&. +.sp +Added in version 198\&. +.RE +.PP +\fIRuntimeWatchdogPreSec=\fR +.RS 4 +Configure the hardware watchdog device pre\-timeout value\&. Takes a timeout value in seconds (or in other time units similar to +\fIRuntimeWatchdogSec=\fR)\&. A watchdog pre\-timeout is a notification generated by the watchdog before the watchdog reset might occur in the event the watchdog has not been serviced\&. This notification is handled by the kernel and can be configured to take an action (i\&.e\&. generate a kernel panic) using +\fIRuntimeWatchdogPreGovernor=\fR\&. Not all watchdog hardware or drivers support generating a pre\-timeout and depending on the state of the system, the kernel may be unable to take the configured action before the watchdog reboot\&. The watchdog will be configured to generate the pre\-timeout event at the amount of time specified by +\fIRuntimeWatchdogPreSec=\fR +before the runtime watchdog timeout (set by +\fIRuntimeWatchdogSec=\fR)\&. For example, if the we have +\fIRuntimeWatchdogSec=30\fR +and +\fIRuntimeWatchdogPreSec=10\fR, then the pre\-timeout event will occur if the watchdog has not pinged for 20s (10s before the watchdog would fire)\&. By default, +\fIRuntimeWatchdogPreSec=\fR +defaults to 0 (off)\&. The value set for +\fIRuntimeWatchdogPreSec=\fR +must be smaller than the timeout value for +\fIRuntimeWatchdogSec=\fR\&. This setting has no effect if a hardware watchdog is not available or the hardware watchdog does not support a pre\-timeout and will be ignored by the kernel if the setting is greater than the actual watchdog timeout\&. +.sp +Added in version 251\&. +.RE +.PP +\fIRuntimeWatchdogPreGovernor=\fR +.RS 4 +Configure the action taken by the hardware watchdog device when the pre\-timeout expires\&. The default action for the pre\-timeout event depends on the kernel configuration, but it is usually to log a kernel message\&. For a list of valid actions available for a given watchdog device, check the content of the +/sys/class/watchdog/watchdog\fIX\fR/pretimeout_available_governors +file\&. Typically, available governor types are +\fInoop\fR +and +\fIpanic\fR\&. Availability, names and functionality might vary depending on the specific device driver in use\&. If the +pretimeout_available_governors +sysfs file is empty, the governor might be built as a kernel module and might need to be manually loaded (e\&.g\&. +\fIpretimeout_noop\&.ko\fR), or the watchdog device might not support pre\-timeouts\&. +.sp +Added in version 251\&. +.RE +.PP +\fIWatchdogDevice=\fR +.RS 4 +Configure the hardware watchdog device that the runtime and shutdown watchdog timers will open and use\&. Defaults to +/dev/watchdog0\&. This setting has no effect if a hardware watchdog is not available\&. +.sp +Added in version 236\&. +.RE +.PP +\fICapabilityBoundingSet=\fR +.RS 4 +Controls which capabilities to include in the capability bounding set for PID 1 and its children\&. See +\fBcapabilities\fR(7) +for details\&. Takes a whitespace\-separated list of capability names as read by +\fBcap_from_name\fR(3)\&. Capabilities listed will be included in the bounding set, all others are removed\&. If the list of capabilities is prefixed with ~, all but the listed capabilities will be included, the effect of the assignment inverted\&. Note that this option also affects the respective capabilities in the effective, permitted and inheritable capability sets\&. The capability bounding set may also be individually configured for units using the +\fICapabilityBoundingSet=\fR +directive for units, but note that capabilities dropped for PID 1 cannot be regained in individual units, they are lost for good\&. +.sp +Added in version 198\&. +.RE +.PP +\fINoNewPrivileges=\fR +.RS 4 +Takes a boolean argument\&. If true, ensures that PID 1 and all its children can never gain new privileges through +\fBexecve\fR(2) +(e\&.g\&. via setuid or setgid bits, or filesystem capabilities)\&. Defaults to false\&. General purpose distributions commonly rely on executables with setuid or setgid bits and will thus not function properly with this option enabled\&. Individual units cannot disable this option\&. Also see +\m[blue]\fBNo New Privileges Flag\fR\m[]\&\s-2\u[1]\d\s+2\&. +.sp +Added in version 239\&. +.RE +.PP +\fISystemCallArchitectures=\fR +.RS 4 +Takes a space\-separated list of architecture identifiers\&. Selects from which architectures system calls may be invoked on this system\&. This may be used as an effective way to disable invocation of non\-native binaries system\-wide, for example to prohibit execution of 32\-bit x86 binaries on 64\-bit x86\-64 systems\&. This option operates system\-wide, and acts similar to the +\fISystemCallArchitectures=\fR +setting of unit files, see +\fBsystemd.exec\fR(5) +for details\&. This setting defaults to the empty list, in which case no filtering of system calls based on architecture is applied\&. Known architecture identifiers are +"x86", +"x86\-64", +"x32", +"arm" +and the special identifier +"native"\&. The latter implicitly maps to the native architecture of the system (or more specifically, the architecture the system manager was compiled for)\&. Set this setting to +"native" +to prohibit execution of any non\-native binaries\&. When a binary executes a system call of an architecture that is not listed in this setting, it will be immediately terminated with the SIGSYS signal\&. +.sp +Added in version 209\&. +.RE +.PP +\fITimerSlackNSec=\fR +.RS 4 +Sets the timer slack in nanoseconds for PID 1, which is inherited by all executed processes, unless overridden individually, for example with the +\fITimerSlackNSec=\fR +setting in service units (for details see +\fBsystemd.exec\fR(5))\&. The timer slack controls the accuracy of wake\-ups triggered by system timers\&. See +\fBprctl\fR(2) +for more information\&. Note that in contrast to most other time span definitions this parameter takes an integer value in nano\-seconds if no unit is specified\&. The usual time units are understood too\&. +.sp +Added in version 198\&. +.RE +.PP +\fIStatusUnitFormat=\fR +.RS 4 +Takes +\fBname\fR, +\fBdescription\fR +or +\fBcombined\fR +as the value\&. If +\fBname\fR, the system manager will use unit names in status messages (e\&.g\&. +"systemd\-journald\&.service"), instead of the longer and more informative descriptions set with +\fIDescription=\fR +(e\&.g\&. +"Journal Logging Service")\&. If +\fBcombined\fR, the system manager will use both unit names and descriptions in status messages (e\&.g\&. +"systemd\-journald\&.service \- Journal Logging Service")\&. +.sp +See +\fBsystemd.unit\fR(5) +for details about unit names and +\fIDescription=\fR\&. +.sp +Added in version 243\&. +.RE +.PP +\fIDefaultTimerAccuracySec=\fR +.RS 4 +Sets the default accuracy of timer units\&. This controls the global default for the +\fIAccuracySec=\fR +setting of timer units, see +\fBsystemd.timer\fR(5) +for details\&. +\fIAccuracySec=\fR +set in individual units override the global default for the specific unit\&. Defaults to 1min\&. Note that the accuracy of timer units is also affected by the configured timer slack for PID 1, see +\fITimerSlackNSec=\fR +above\&. +.sp +Added in version 212\&. +.RE +.PP +\fIDefaultTimeoutStartSec=\fR, \fIDefaultTimeoutStopSec=\fR, \fIDefaultTimeoutAbortSec=\fR, \fIDefaultRestartSec=\fR +.RS 4 +Configures the default timeouts for starting, stopping and aborting of units, as well as the default time to sleep between automatic restarts of units, as configured per\-unit in +\fITimeoutStartSec=\fR, +\fITimeoutStopSec=\fR, +\fITimeoutAbortSec=\fR +and +\fIRestartSec=\fR +(for services, see +\fBsystemd.service\fR(5) +for details on the per\-unit settings)\&. For non\-service units, +\fIDefaultTimeoutStartSec=\fR +sets the default +\fITimeoutSec=\fR +value\&. +.sp +\fIDefaultTimeoutStartSec=\fR +and +\fIDefaultTimeoutStopSec=\fR +default to 45 s in the system manager and 45 s in the user manager\&. +\fIDefaultTimeoutAbortSec=\fR +is not set by default so that all units fall back to +\fITimeoutStopSec=\fR\&. +\fIDefaultRestartSec=\fR +defaults to 100 ms\&. +.sp +Added in version 209\&. +.RE +.PP +\fIDefaultDeviceTimeoutSec=\fR +.RS 4 +Configures the default timeout for waiting for devices\&. It can be changed per device via the +\fIx\-systemd\&.device\-timeout=\fR +option in +/etc/fstab +and +/etc/crypttab +(see +\fBsystemd.mount\fR(5), +\fBcrypttab\fR(5))\&. Defaults to 45 s in the system manager and 45 s in the user manager\&. +.sp +Added in version 252\&. +.RE +.PP +\fIDefaultStartLimitIntervalSec=\fR, \fIDefaultStartLimitBurst=\fR +.RS 4 +Configure the default unit start rate limiting, as configured per\-service by +\fIStartLimitIntervalSec=\fR +and +\fIStartLimitBurst=\fR\&. See +\fBsystemd.service\fR(5) +for details on the per\-service settings\&. +\fIDefaultStartLimitIntervalSec=\fR +defaults to 10s\&. +\fIDefaultStartLimitBurst=\fR +defaults to 5\&. +.sp +Added in version 209\&. +.RE +.PP +\fIDefaultEnvironment=\fR +.RS 4 +Configures environment variables passed to all executed processes\&. Takes a space\-separated list of variable assignments\&. See +\fBenviron\fR(7) +for details about environment variables\&. +.sp +Simple +"%"\-specifier expansion is supported, see below for a list of supported specifiers\&. +.sp +Example: +.sp +.if n \{\ +.RS 4 +.\} +.nf +DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6" +.fi +.if n \{\ +.RE +.\} +.sp +Sets three variables +"VAR1", +"VAR2", +"VAR3"\&. +.sp +Added in version 205\&. +.RE +.PP +\fIManagerEnvironment=\fR +.RS 4 +Takes the same arguments as +\fIDefaultEnvironment=\fR, see above\&. Sets environment variables just for the manager process itself\&. In contrast to user managers, these variables are not inherited by processes spawned by the system manager, use +\fIDefaultEnvironment=\fR +for that\&. Note that these variables are merged into the existing environment block\&. In particular, in case of the system manager, this includes variables set by the kernel based on the kernel command line\&. +.sp +Setting environment variables for the manager process may be useful to modify its behaviour\&. See +\m[blue]\fBKnown Environment Variables\fR\m[]\&\s-2\u[2]\d\s+2 +for a descriptions of some variables understood by +\fBsystemd\fR\&. +.sp +Simple +"%"\-specifier expansion is supported, see below for a list of supported specifiers\&. +.sp +Added in version 248\&. +.RE +.PP +\fIDefaultCPUAccounting=\fR, \fIDefaultMemoryAccounting=\fR, \fIDefaultTasksAccounting=\fR, \fIDefaultIOAccounting=\fR, \fIDefaultIPAccounting=\fR +.RS 4 +Configure the default resource accounting settings, as configured per\-unit by +\fICPUAccounting=\fR, +\fIMemoryAccounting=\fR, +\fITasksAccounting=\fR, +\fIIOAccounting=\fR +and +\fIIPAccounting=\fR\&. See +\fBsystemd.resource-control\fR(5) +for details on the per\-unit settings\&. +.sp +\fIDefaultCPUAccounting=\fR +defaults to yes when running on kernel ≥4\&.15, and no on older versions\&. +\fIDefaultMemoryAccounting=\fR +defaults to yes\&. +\fIDefaultTasksAccounting=\fR +defaults to yes\&. The other settings default to no\&. +.sp +Added in version 211\&. +.RE +.PP +\fIDefaultTasksMax=\fR +.RS 4 +Configure the default value for the per\-unit +\fITasksMax=\fR +setting\&. See +\fBsystemd.resource-control\fR(5) +for details\&. This setting applies to all unit types that support resource control settings, with the exception of slice units\&. Defaults to 15% of the minimum of +\fIkernel\&.pid_max=\fR, +\fIkernel\&.threads\-max=\fR +and root cgroup +\fIpids\&.max\fR\&. Kernel has a default value for +\fIkernel\&.pid_max=\fR +and an algorithm of counting in case of more than 32 cores\&. For example, with the default +\fIkernel\&.pid_max=\fR, +\fIDefaultTasksMax=\fR +defaults to 4915, but might be greater in other systems or smaller in OS containers\&. +.sp +Added in version 228\&. +.RE +.PP +\fIDefaultLimitCPU=\fR, \fIDefaultLimitFSIZE=\fR, \fIDefaultLimitDATA=\fR, \fIDefaultLimitSTACK=\fR, \fIDefaultLimitCORE=\fR, \fIDefaultLimitRSS=\fR, \fIDefaultLimitNOFILE=\fR, \fIDefaultLimitAS=\fR, \fIDefaultLimitNPROC=\fR, \fIDefaultLimitMEMLOCK=\fR, \fIDefaultLimitLOCKS=\fR, \fIDefaultLimitSIGPENDING=\fR, \fIDefaultLimitMSGQUEUE=\fR, \fIDefaultLimitNICE=\fR, \fIDefaultLimitRTPRIO=\fR, \fIDefaultLimitRTTIME=\fR +.RS 4 +These settings control various default resource limits for processes executed by units\&. See +\fBsetrlimit\fR(2) +for details\&. These settings may be overridden in individual units using the corresponding +\fILimitXXX=\fR +directives and they accept the same parameter syntax, see +\fBsystemd.exec\fR(5) +for details\&. Note that these resource limits are only defaults for units, they are not applied to the service manager process (i\&.e\&. PID 1) itself\&. +.sp +Most of these settings are unset, which means the resource limits are inherited from the kernel or, if invoked in a container, from the container manager\&. However, the following have defaults: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIDefaultLimitNOFILE=\fR +defaults to 1024:524288\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIDefaultLimitMEMLOCK=\fR +defaults to 8M\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIDefaultLimitCORE=\fR +does not have a default but it is worth mentioning that +\fIRLIMIT_CORE\fR +is set to +"infinity" +by PID 1 which is inherited by its children\&. +.RE +.sp +Note that the service manager internally in PID 1 bumps +\fIRLIMIT_NOFILE\fR +and +\fIRLIMIT_MEMLOCK\fR +to higher values, however the limit is reverted to the mentioned defaults for all child processes forked off\&. +.sp +Added in version 198\&. +.RE +.PP +\fIDefaultOOMPolicy=\fR +.RS 4 +Configure the default policy for reacting to processes being killed by the Linux Out\-Of\-Memory (OOM) killer or +\fBsystemd\-oomd\fR\&. This may be used to pick a global default for the per\-unit +\fIOOMPolicy=\fR +setting\&. See +\fBsystemd.service\fR(5) +for details\&. Note that this default is not used for services that have +\fIDelegate=\fR +turned on\&. +.sp +Added in version 243\&. +.RE +.PP +\fIDefaultOOMScoreAdjust=\fR +.RS 4 +Configures the default OOM score adjustments of processes run by the service manager\&. This defaults to unset (meaning the forked off processes inherit the service manager\*(Aqs OOM score adjustment value), except if the service manager is run for an unprivileged user, in which case this defaults to the service manager\*(Aqs OOM adjustment value plus 100 (this makes service processes slightly more likely to be killed under memory pressure than the manager itself)\&. This may be used to pick a global default for the per\-unit +\fIOOMScoreAdjust=\fR +setting\&. See +\fBsystemd.exec\fR(5) +for details\&. Note that this setting has no effect on the OOM score adjustment value of the service manager process itself, it retains the original value set during its invocation\&. +.sp +Added in version 250\&. +.RE +.PP +\fIDefaultSmackProcessLabel=\fR +.RS 4 +Takes a +\fBSMACK64\fR +security label as the argument\&. The process executed by a unit will be started under this label if +\fISmackProcessLabel=\fR +is not set in the unit\&. See +\fBsystemd.exec\fR(5) +for the details\&. +.sp +If the value is +"/", only labels specified with +\fISmackProcessLabel=\fR +are assigned and the compile\-time default is ignored\&. +.sp +Added in version 252\&. +.RE +.PP +\fIReloadLimitIntervalSec=\fR, \fIReloadLimitBurst=\fR +.RS 4 +Rate limiting for daemon\-reload requests\&. Default to unset, and any number of daemon\-reload operations can be requested at any time\&. +\fIReloadLimitIntervalSec=\fR +takes a value in seconds to configure the rate limit window, and +\fIReloadLimitBurst=\fR +takes a positive integer to configure the maximum allowed number of reloads within the configured time window\&. +.sp +Added in version 253\&. +.RE +.PP +\fIDefaultMemoryPressureWatch=\fR, \fIDefaultMemoryPressureThresholdSec=\fR +.RS 4 +Configures the default settings for the per\-unit +\fIMemoryPressureWatch=\fR +and +\fIMemoryPressureThresholdSec=\fR +settings\&. See +\fBsystemd.resource-control\fR(5) +for details\&. Defaults to +"auto" +and +"200ms", respectively\&. This also sets the memory pressure monitoring threshold for the service manager itself\&. +.sp +Added in version 254\&. +.RE +.SH "SPECIFIERS" +.PP +Specifiers may be used in the +\fIDefaultEnvironment=\fR +and +\fIManagerEnvironment=\fR +settings\&. The following expansions are understood: +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.B Table\ \&1.\ \&Specifiers available +.TS +allbox tab(:); +lB lB lB. +T{ +Specifier +T}:T{ +Meaning +T}:T{ +Details +T} +.T& +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l +l l l. +T{ +"%a" +T}:T{ +Architecture +T}:T{ +A short string identifying the architecture of the local system\&. A string such as \fBx86\fR, \fBx86\-64\fR or \fBarm64\fR\&. See the architectures defined for \fIConditionArchitecture=\fR in \fBsystemd.unit\fR(5) for a full list\&. +T} +T{ +"%A" +T}:T{ +Operating system image version +T}:T{ +The operating system image version identifier of the running system, as read from the \fIIMAGE_VERSION=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&. +T} +T{ +"%b" +T}:T{ +Boot ID +T}:T{ +The boot ID of the running system, formatted as string\&. See \fBrandom\fR(4) for more information\&. +T} +T{ +"%B" +T}:T{ +Operating system build ID +T}:T{ +The operating system build identifier of the running system, as read from the \fIBUILD_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&. +T} +T{ +"%H" +T}:T{ +Host name +T}:T{ +The hostname of the running system\&. +T} +T{ +"%l" +T}:T{ +Short host name +T}:T{ +The hostname of the running system, truncated at the first dot to remove any domain component\&. +T} +T{ +"%m" +T}:T{ +Machine ID +T}:T{ +The machine ID of the running system, formatted as string\&. See \fBmachine-id\fR(5) for more information\&. +T} +T{ +"%M" +T}:T{ +Operating system image identifier +T}:T{ +The operating system image identifier of the running system, as read from the \fIIMAGE_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&. +T} +T{ +"%o" +T}:T{ +Operating system ID +T}:T{ +The operating system identifier of the running system, as read from the \fIID=\fR field of /etc/os\-release\&. See \fBos-release\fR(5) for more information\&. +T} +T{ +"%v" +T}:T{ +Kernel release +T}:T{ +Identical to \fBuname \-r\fR output\&. +T} +T{ +"%w" +T}:T{ +Operating system version ID +T}:T{ +The operating system version identifier of the running system, as read from the \fIVERSION_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&. +T} +T{ +"%W" +T}:T{ +Operating system variant ID +T}:T{ +The operating system variant identifier of the running system, as read from the \fIVARIANT_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&. +T} +T{ +"%T" +T}:T{ +Directory for temporary files +T}:T{ +This is either /tmp or the path "$TMPDIR", "$TEMP" or "$TMP" are set to\&. (Note that the directory may be specified without a trailing slash\&.) +T} +T{ +"%V" +T}:T{ +Directory for larger and persistent temporary files +T}:T{ +This is either /var/tmp or the path "$TMPDIR", "$TEMP" or "$TMP" are set to\&. (Note that the directory may be specified without a trailing slash\&.) +T} +T{ +"%h" +T}:T{ +User home directory +T}:T{ +This is the home directory of the \fIuser running the service manager instance\fR\&. +T} +T{ +"%u" +T}:T{ +Username +T}:T{ +This is the username of the \fIuser running the service manager instance\fR\&. +T} +T{ +"%U" +T}:T{ +User id +T}:T{ +This is the user id of the \fIuser running the service manager instance\fR\&. +T} +T{ +"%g" +T}:T{ +Primary group +T}:T{ +This is the primary group of the \fIuser running the service manager instance\fR\&. +T} +T{ +"%G" +T}:T{ +Primary group id +T}:T{ +This is the primary group id of the \fIuser running the service manager instance\fR\&. +T} +T{ +"%s" +T}:T{ +User shell +T}:T{ +This is the shell of the \fIuser running the service manager instance\fR\&. +T} +T{ +"%%" +T}:T{ +Single percent sign +T}:T{ +Use "%%" in place of "%" to specify a single percent sign\&. +T} +.TE +.sp 1 +.SH "HISTORY" +.PP +systemd 252 +.RS 4 +Option +\fIDefaultBlockIOAccounting=\fR +was deprecated\&. Please switch to the unified cgroup hierarchy\&. +.sp +Added in version 252\&. +.RE +.SH "SEE ALSO" +.PP +\fBsystemd\fR(1), +\fBsystemd.directives\fR(7), +\fBsystemd.exec\fR(5), +\fBsystemd.service\fR(5), +\fBenviron\fR(7), +\fBcapabilities\fR(7) +.SH "NOTES" +.IP " 1." 4 +No New Privileges Flag +.RS 4 +\%https://docs.kernel.org/userspace-api/no_new_privs.html +.RE +.IP " 2." 4 +Known Environment Variables +.RS 4 +\%https://systemd.io/ENVIRONMENT +.RE |