summaryrefslogtreecommitdiffstats
path: root/upstream/fedora-40/man5/systemd-system.conf.5
diff options
context:
space:
mode:
Diffstat (limited to 'upstream/fedora-40/man5/systemd-system.conf.5')
-rw-r--r--upstream/fedora-40/man5/systemd-system.conf.5837
1 files changed, 837 insertions, 0 deletions
diff --git a/upstream/fedora-40/man5/systemd-system.conf.5 b/upstream/fedora-40/man5/systemd-system.conf.5
new file mode 100644
index 00000000..6d2267c2
--- /dev/null
+++ b/upstream/fedora-40/man5/systemd-system.conf.5
@@ -0,0 +1,837 @@
+'\" t
+.TH "SYSTEMD\-SYSTEM\&.CONF" "5" "" "systemd 255" "systemd-system.conf"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+systemd-system.conf, system.conf.d, systemd-user.conf, user.conf.d \- System and session service manager configuration files
+.SH "SYNOPSIS"
+.PP
+/etc/systemd/system\&.conf,
+/etc/systemd/system\&.conf\&.d/*\&.conf,
+/run/systemd/system\&.conf\&.d/*\&.conf,
+/usr/lib/systemd/system\&.conf\&.d/*\&.conf
+.PP
+~/\&.config/systemd/user\&.conf,
+/etc/systemd/user\&.conf,
+/etc/systemd/user\&.conf\&.d/*\&.conf,
+/run/systemd/user\&.conf\&.d/*\&.conf,
+/usr/lib/systemd/user\&.conf\&.d/*\&.conf
+.SH "DESCRIPTION"
+.PP
+When run as a system instance,
+\fBsystemd\fR
+interprets the configuration file
+system\&.conf
+and the files in
+system\&.conf\&.d
+directories; when run as a user instance, it interprets the configuration file
+user\&.conf
+(either in the home directory of the user, or if not found, under
+/etc/systemd/) and the files in
+user\&.conf\&.d
+directories\&. These configuration files contain a few settings controlling basic manager operations\&.
+.PP
+See
+\fBsystemd.syntax\fR(7)
+for a general description of the syntax\&.
+.SH "CONFIGURATION DIRECTORIES AND PRECEDENCE"
+.PP
+The default configuration is set during compilation, so configuration is only needed when it is necessary to deviate from those defaults\&. The main configuration file is either in
+/usr/lib/systemd/
+or
+/etc/systemd/
+and contains commented out entries showing the defaults as a guide to the administrator\&. Local overrides can be created by creating drop\-ins, as described below\&. The main configuration file can also be edited for this purpose (or a copy in
+/etc/
+if it\*(Aqs shipped in
+/usr/) however using drop\-ins for local configuration is recommended over modifications to the main configuration file\&.
+.PP
+In addition to the "main" configuration file, drop\-in configuration snippets are read from
+/usr/lib/systemd/*\&.conf\&.d/,
+/usr/local/lib/systemd/*\&.conf\&.d/, and
+/etc/systemd/*\&.conf\&.d/\&. Those drop\-ins have higher precedence and override the main configuration file\&. Files in the
+*\&.conf\&.d/
+configuration subdirectories are sorted by their filename in lexicographic order, regardless of in which of the subdirectories they reside\&. When multiple files specify the same option, for options which accept just a single value, the entry in the file sorted last takes precedence, and for options which accept a list of values, entries are collected as they occur in the sorted files\&.
+.PP
+When packages need to customize the configuration, they can install drop\-ins under
+/usr/\&. Files in
+/etc/
+are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defined a concept of drop\-in priority to allow distributions to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&.
+.PP
+To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to
+/dev/null
+in the configuration directory in
+/etc/, with the same filename as the vendor configuration file\&.
+.SH "OPTIONS"
+.PP
+All options are configured in the [Manager] section:
+.PP
+\fILogColor=\fR, \fILogLevel=\fR, \fILogLocation=\fR, \fILogTarget=\fR, \fILogTime=\fR, \fIDumpCore=yes\fR, \fICrashChangeVT=no\fR, \fICrashShell=no\fR, \fICrashReboot=no\fR, \fIShowStatus=yes\fR, \fIDefaultStandardOutput=journal\fR, \fIDefaultStandardError=inherit\fR
+.RS 4
+Configures various parameters of basic manager operation\&. These options may be overridden by the respective process and kernel command line arguments\&. See
+\fBsystemd\fR(1)
+for details\&.
+.sp
+Added in version 198\&.
+.RE
+.PP
+\fICtrlAltDelBurstAction=\fR
+.RS 4
+Defines what action will be performed if user presses Ctrl\-Alt\-Delete more than 7 times in 2s\&. Can be set to
+"reboot\-force",
+"poweroff\-force",
+"reboot\-immediate",
+"poweroff\-immediate"
+or disabled with
+"none"\&. Defaults to
+"reboot\-force"\&.
+.sp
+Added in version 232\&.
+.RE
+.PP
+\fICPUAffinity=\fR
+.RS 4
+Configures the CPU affinity for the service manager as well as the default CPU affinity for all forked off processes\&. Takes a list of CPU indices or ranges separated by either whitespace or commas\&. CPU ranges are specified by the lower and upper CPU indices separated by a dash\&. This option may be specified more than once, in which case the specified CPU affinity masks are merged\&. If the empty string is assigned, the mask is reset, all assignments prior to this will have no effect\&. Individual services may override the CPU affinity for their processes with the
+\fICPUAffinity=\fR
+setting in unit files, see
+\fBsystemd.exec\fR(5)\&.
+.sp
+Added in version 198\&.
+.RE
+.PP
+\fINUMAPolicy=\fR
+.RS 4
+Configures the NUMA memory policy for the service manager and the default NUMA memory policy for all forked off processes\&. Individual services may override the default policy with the
+\fINUMAPolicy=\fR
+setting in unit files, see
+\fBsystemd.exec\fR(5)\&.
+.sp
+Added in version 243\&.
+.RE
+.PP
+\fINUMAMask=\fR
+.RS 4
+Configures the NUMA node mask that will be associated with the selected NUMA policy\&. Note that
+\fBdefault\fR
+and
+\fBlocal\fR
+NUMA policies don\*(Aqt require explicit NUMA node mask and value of the option can be empty\&. Similarly to
+\fINUMAPolicy=\fR, value can be overridden by individual services in unit files, see
+\fBsystemd.exec\fR(5)\&.
+.sp
+Added in version 243\&.
+.RE
+.PP
+\fIRuntimeWatchdogSec=\fR, \fIRebootWatchdogSec=\fR, \fIKExecWatchdogSec=\fR
+.RS 4
+Configure the hardware watchdog at runtime and at reboot\&. Takes a timeout value in seconds (or in other time units if suffixed with
+"ms",
+"min",
+"h",
+"d",
+"w"), or the special strings
+"off"
+or
+"default"\&. If set to
+"off"
+(alternatively:
+"0") the watchdog logic is disabled: no watchdog device is opened, configured, or pinged\&. If set to the special string
+"default"
+the watchdog is opened and pinged in regular intervals, but the timeout is not changed from the default\&. If set to any other time value the watchdog timeout is configured to the specified value (or a value close to it, depending on hardware capabilities)\&.
+.sp
+If
+\fIRuntimeWatchdogSec=\fR
+is set to a non\-zero value, the watchdog hardware (/dev/watchdog0
+or the path specified with
+\fIWatchdogDevice=\fR
+or the kernel option
+\fIsystemd\&.watchdog\-device=\fR) will be programmed to automatically reboot the system if it is not contacted within the specified timeout interval\&. The system manager will ensure to contact it at least once in half the specified timeout interval\&. This feature requires a hardware watchdog device to be present, as it is commonly the case in embedded and server systems\&. Not all hardware watchdogs allow configuration of all possible reboot timeout values, in which case the closest available timeout is picked\&.
+.sp
+\fIRebootWatchdogSec=\fR
+may be used to configure the hardware watchdog when the system is asked to reboot\&. It works as a safety net to ensure that the reboot takes place even if a clean reboot attempt times out\&. Note that the
+\fIRebootWatchdogSec=\fR
+timeout applies only to the second phase of the reboot, i\&.e\&. after all regular services are already terminated, and after the system and service manager process (PID 1) got replaced by the
+systemd\-shutdown
+binary, see system
+\fBbootup\fR(7)
+for details\&. During the first phase of the shutdown operation the system and service manager remains running and hence
+\fIRuntimeWatchdogSec=\fR
+is still honoured\&. In order to define a timeout on this first phase of system shutdown, configure
+\fIJobTimeoutSec=\fR
+and
+\fIJobTimeoutAction=\fR
+in the [Unit] section of the
+shutdown\&.target
+unit\&. By default
+\fIRuntimeWatchdogSec=\fR
+defaults to 0 (off), and
+\fIRebootWatchdogSec=\fR
+to 10min\&.
+.sp
+\fIKExecWatchdogSec=\fR
+may be used to additionally enable the watchdog when kexec is being executed rather than when rebooting\&. Note that if the kernel does not reset the watchdog on kexec (depending on the specific hardware and/or driver), in this case the watchdog might not get disabled after kexec succeeds and thus the system might get rebooted, unless
+\fIRuntimeWatchdogSec=\fR
+is also enabled at the same time\&. For this reason it is recommended to enable
+\fIKExecWatchdogSec=\fR
+only if
+\fIRuntimeWatchdogSec=\fR
+is also enabled\&.
+.sp
+These settings have no effect if a hardware watchdog is not available\&.
+.sp
+Added in version 198\&.
+.RE
+.PP
+\fIRuntimeWatchdogPreSec=\fR
+.RS 4
+Configure the hardware watchdog device pre\-timeout value\&. Takes a timeout value in seconds (or in other time units similar to
+\fIRuntimeWatchdogSec=\fR)\&. A watchdog pre\-timeout is a notification generated by the watchdog before the watchdog reset might occur in the event the watchdog has not been serviced\&. This notification is handled by the kernel and can be configured to take an action (i\&.e\&. generate a kernel panic) using
+\fIRuntimeWatchdogPreGovernor=\fR\&. Not all watchdog hardware or drivers support generating a pre\-timeout and depending on the state of the system, the kernel may be unable to take the configured action before the watchdog reboot\&. The watchdog will be configured to generate the pre\-timeout event at the amount of time specified by
+\fIRuntimeWatchdogPreSec=\fR
+before the runtime watchdog timeout (set by
+\fIRuntimeWatchdogSec=\fR)\&. For example, if the we have
+\fIRuntimeWatchdogSec=30\fR
+and
+\fIRuntimeWatchdogPreSec=10\fR, then the pre\-timeout event will occur if the watchdog has not pinged for 20s (10s before the watchdog would fire)\&. By default,
+\fIRuntimeWatchdogPreSec=\fR
+defaults to 0 (off)\&. The value set for
+\fIRuntimeWatchdogPreSec=\fR
+must be smaller than the timeout value for
+\fIRuntimeWatchdogSec=\fR\&. This setting has no effect if a hardware watchdog is not available or the hardware watchdog does not support a pre\-timeout and will be ignored by the kernel if the setting is greater than the actual watchdog timeout\&.
+.sp
+Added in version 251\&.
+.RE
+.PP
+\fIRuntimeWatchdogPreGovernor=\fR
+.RS 4
+Configure the action taken by the hardware watchdog device when the pre\-timeout expires\&. The default action for the pre\-timeout event depends on the kernel configuration, but it is usually to log a kernel message\&. For a list of valid actions available for a given watchdog device, check the content of the
+/sys/class/watchdog/watchdog\fIX\fR/pretimeout_available_governors
+file\&. Typically, available governor types are
+\fInoop\fR
+and
+\fIpanic\fR\&. Availability, names and functionality might vary depending on the specific device driver in use\&. If the
+pretimeout_available_governors
+sysfs file is empty, the governor might be built as a kernel module and might need to be manually loaded (e\&.g\&.
+\fIpretimeout_noop\&.ko\fR), or the watchdog device might not support pre\-timeouts\&.
+.sp
+Added in version 251\&.
+.RE
+.PP
+\fIWatchdogDevice=\fR
+.RS 4
+Configure the hardware watchdog device that the runtime and shutdown watchdog timers will open and use\&. Defaults to
+/dev/watchdog0\&. This setting has no effect if a hardware watchdog is not available\&.
+.sp
+Added in version 236\&.
+.RE
+.PP
+\fICapabilityBoundingSet=\fR
+.RS 4
+Controls which capabilities to include in the capability bounding set for PID 1 and its children\&. See
+\fBcapabilities\fR(7)
+for details\&. Takes a whitespace\-separated list of capability names as read by
+\fBcap_from_name\fR(3)\&. Capabilities listed will be included in the bounding set, all others are removed\&. If the list of capabilities is prefixed with ~, all but the listed capabilities will be included, the effect of the assignment inverted\&. Note that this option also affects the respective capabilities in the effective, permitted and inheritable capability sets\&. The capability bounding set may also be individually configured for units using the
+\fICapabilityBoundingSet=\fR
+directive for units, but note that capabilities dropped for PID 1 cannot be regained in individual units, they are lost for good\&.
+.sp
+Added in version 198\&.
+.RE
+.PP
+\fINoNewPrivileges=\fR
+.RS 4
+Takes a boolean argument\&. If true, ensures that PID 1 and all its children can never gain new privileges through
+\fBexecve\fR(2)
+(e\&.g\&. via setuid or setgid bits, or filesystem capabilities)\&. Defaults to false\&. General purpose distributions commonly rely on executables with setuid or setgid bits and will thus not function properly with this option enabled\&. Individual units cannot disable this option\&. Also see
+\m[blue]\fBNo New Privileges Flag\fR\m[]\&\s-2\u[1]\d\s+2\&.
+.sp
+Added in version 239\&.
+.RE
+.PP
+\fISystemCallArchitectures=\fR
+.RS 4
+Takes a space\-separated list of architecture identifiers\&. Selects from which architectures system calls may be invoked on this system\&. This may be used as an effective way to disable invocation of non\-native binaries system\-wide, for example to prohibit execution of 32\-bit x86 binaries on 64\-bit x86\-64 systems\&. This option operates system\-wide, and acts similar to the
+\fISystemCallArchitectures=\fR
+setting of unit files, see
+\fBsystemd.exec\fR(5)
+for details\&. This setting defaults to the empty list, in which case no filtering of system calls based on architecture is applied\&. Known architecture identifiers are
+"x86",
+"x86\-64",
+"x32",
+"arm"
+and the special identifier
+"native"\&. The latter implicitly maps to the native architecture of the system (or more specifically, the architecture the system manager was compiled for)\&. Set this setting to
+"native"
+to prohibit execution of any non\-native binaries\&. When a binary executes a system call of an architecture that is not listed in this setting, it will be immediately terminated with the SIGSYS signal\&.
+.sp
+Added in version 209\&.
+.RE
+.PP
+\fITimerSlackNSec=\fR
+.RS 4
+Sets the timer slack in nanoseconds for PID 1, which is inherited by all executed processes, unless overridden individually, for example with the
+\fITimerSlackNSec=\fR
+setting in service units (for details see
+\fBsystemd.exec\fR(5))\&. The timer slack controls the accuracy of wake\-ups triggered by system timers\&. See
+\fBprctl\fR(2)
+for more information\&. Note that in contrast to most other time span definitions this parameter takes an integer value in nano\-seconds if no unit is specified\&. The usual time units are understood too\&.
+.sp
+Added in version 198\&.
+.RE
+.PP
+\fIStatusUnitFormat=\fR
+.RS 4
+Takes
+\fBname\fR,
+\fBdescription\fR
+or
+\fBcombined\fR
+as the value\&. If
+\fBname\fR, the system manager will use unit names in status messages (e\&.g\&.
+"systemd\-journald\&.service"), instead of the longer and more informative descriptions set with
+\fIDescription=\fR
+(e\&.g\&.
+"Journal Logging Service")\&. If
+\fBcombined\fR, the system manager will use both unit names and descriptions in status messages (e\&.g\&.
+"systemd\-journald\&.service \- Journal Logging Service")\&.
+.sp
+See
+\fBsystemd.unit\fR(5)
+for details about unit names and
+\fIDescription=\fR\&.
+.sp
+Added in version 243\&.
+.RE
+.PP
+\fIDefaultTimerAccuracySec=\fR
+.RS 4
+Sets the default accuracy of timer units\&. This controls the global default for the
+\fIAccuracySec=\fR
+setting of timer units, see
+\fBsystemd.timer\fR(5)
+for details\&.
+\fIAccuracySec=\fR
+set in individual units override the global default for the specific unit\&. Defaults to 1min\&. Note that the accuracy of timer units is also affected by the configured timer slack for PID 1, see
+\fITimerSlackNSec=\fR
+above\&.
+.sp
+Added in version 212\&.
+.RE
+.PP
+\fIDefaultTimeoutStartSec=\fR, \fIDefaultTimeoutStopSec=\fR, \fIDefaultTimeoutAbortSec=\fR, \fIDefaultRestartSec=\fR
+.RS 4
+Configures the default timeouts for starting, stopping and aborting of units, as well as the default time to sleep between automatic restarts of units, as configured per\-unit in
+\fITimeoutStartSec=\fR,
+\fITimeoutStopSec=\fR,
+\fITimeoutAbortSec=\fR
+and
+\fIRestartSec=\fR
+(for services, see
+\fBsystemd.service\fR(5)
+for details on the per\-unit settings)\&. For non\-service units,
+\fIDefaultTimeoutStartSec=\fR
+sets the default
+\fITimeoutSec=\fR
+value\&.
+.sp
+\fIDefaultTimeoutStartSec=\fR
+and
+\fIDefaultTimeoutStopSec=\fR
+default to 45 s in the system manager and 45 s in the user manager\&.
+\fIDefaultTimeoutAbortSec=\fR
+is not set by default so that all units fall back to
+\fITimeoutStopSec=\fR\&.
+\fIDefaultRestartSec=\fR
+defaults to 100 ms\&.
+.sp
+Added in version 209\&.
+.RE
+.PP
+\fIDefaultDeviceTimeoutSec=\fR
+.RS 4
+Configures the default timeout for waiting for devices\&. It can be changed per device via the
+\fIx\-systemd\&.device\-timeout=\fR
+option in
+/etc/fstab
+and
+/etc/crypttab
+(see
+\fBsystemd.mount\fR(5),
+\fBcrypttab\fR(5))\&. Defaults to 45 s in the system manager and 45 s in the user manager\&.
+.sp
+Added in version 252\&.
+.RE
+.PP
+\fIDefaultStartLimitIntervalSec=\fR, \fIDefaultStartLimitBurst=\fR
+.RS 4
+Configure the default unit start rate limiting, as configured per\-service by
+\fIStartLimitIntervalSec=\fR
+and
+\fIStartLimitBurst=\fR\&. See
+\fBsystemd.service\fR(5)
+for details on the per\-service settings\&.
+\fIDefaultStartLimitIntervalSec=\fR
+defaults to 10s\&.
+\fIDefaultStartLimitBurst=\fR
+defaults to 5\&.
+.sp
+Added in version 209\&.
+.RE
+.PP
+\fIDefaultEnvironment=\fR
+.RS 4
+Configures environment variables passed to all executed processes\&. Takes a space\-separated list of variable assignments\&. See
+\fBenviron\fR(7)
+for details about environment variables\&.
+.sp
+Simple
+"%"\-specifier expansion is supported, see below for a list of supported specifiers\&.
+.sp
+Example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Sets three variables
+"VAR1",
+"VAR2",
+"VAR3"\&.
+.sp
+Added in version 205\&.
+.RE
+.PP
+\fIManagerEnvironment=\fR
+.RS 4
+Takes the same arguments as
+\fIDefaultEnvironment=\fR, see above\&. Sets environment variables just for the manager process itself\&. In contrast to user managers, these variables are not inherited by processes spawned by the system manager, use
+\fIDefaultEnvironment=\fR
+for that\&. Note that these variables are merged into the existing environment block\&. In particular, in case of the system manager, this includes variables set by the kernel based on the kernel command line\&.
+.sp
+Setting environment variables for the manager process may be useful to modify its behaviour\&. See
+\m[blue]\fBKnown Environment Variables\fR\m[]\&\s-2\u[2]\d\s+2
+for a descriptions of some variables understood by
+\fBsystemd\fR\&.
+.sp
+Simple
+"%"\-specifier expansion is supported, see below for a list of supported specifiers\&.
+.sp
+Added in version 248\&.
+.RE
+.PP
+\fIDefaultCPUAccounting=\fR, \fIDefaultMemoryAccounting=\fR, \fIDefaultTasksAccounting=\fR, \fIDefaultIOAccounting=\fR, \fIDefaultIPAccounting=\fR
+.RS 4
+Configure the default resource accounting settings, as configured per\-unit by
+\fICPUAccounting=\fR,
+\fIMemoryAccounting=\fR,
+\fITasksAccounting=\fR,
+\fIIOAccounting=\fR
+and
+\fIIPAccounting=\fR\&. See
+\fBsystemd.resource-control\fR(5)
+for details on the per\-unit settings\&.
+.sp
+\fIDefaultCPUAccounting=\fR
+defaults to yes when running on kernel ≥4\&.15, and no on older versions\&.
+\fIDefaultMemoryAccounting=\fR
+defaults to yes\&.
+\fIDefaultTasksAccounting=\fR
+defaults to yes\&. The other settings default to no\&.
+.sp
+Added in version 211\&.
+.RE
+.PP
+\fIDefaultTasksMax=\fR
+.RS 4
+Configure the default value for the per\-unit
+\fITasksMax=\fR
+setting\&. See
+\fBsystemd.resource-control\fR(5)
+for details\&. This setting applies to all unit types that support resource control settings, with the exception of slice units\&. Defaults to 15% of the minimum of
+\fIkernel\&.pid_max=\fR,
+\fIkernel\&.threads\-max=\fR
+and root cgroup
+\fIpids\&.max\fR\&. Kernel has a default value for
+\fIkernel\&.pid_max=\fR
+and an algorithm of counting in case of more than 32 cores\&. For example, with the default
+\fIkernel\&.pid_max=\fR,
+\fIDefaultTasksMax=\fR
+defaults to 4915, but might be greater in other systems or smaller in OS containers\&.
+.sp
+Added in version 228\&.
+.RE
+.PP
+\fIDefaultLimitCPU=\fR, \fIDefaultLimitFSIZE=\fR, \fIDefaultLimitDATA=\fR, \fIDefaultLimitSTACK=\fR, \fIDefaultLimitCORE=\fR, \fIDefaultLimitRSS=\fR, \fIDefaultLimitNOFILE=\fR, \fIDefaultLimitAS=\fR, \fIDefaultLimitNPROC=\fR, \fIDefaultLimitMEMLOCK=\fR, \fIDefaultLimitLOCKS=\fR, \fIDefaultLimitSIGPENDING=\fR, \fIDefaultLimitMSGQUEUE=\fR, \fIDefaultLimitNICE=\fR, \fIDefaultLimitRTPRIO=\fR, \fIDefaultLimitRTTIME=\fR
+.RS 4
+These settings control various default resource limits for processes executed by units\&. See
+\fBsetrlimit\fR(2)
+for details\&. These settings may be overridden in individual units using the corresponding
+\fILimitXXX=\fR
+directives and they accept the same parameter syntax, see
+\fBsystemd.exec\fR(5)
+for details\&. Note that these resource limits are only defaults for units, they are not applied to the service manager process (i\&.e\&. PID 1) itself\&.
+.sp
+Most of these settings are unset, which means the resource limits are inherited from the kernel or, if invoked in a container, from the container manager\&. However, the following have defaults:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fIDefaultLimitNOFILE=\fR
+defaults to 1024:524288\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fIDefaultLimitMEMLOCK=\fR
+defaults to 8M\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fIDefaultLimitCORE=\fR
+does not have a default but it is worth mentioning that
+\fIRLIMIT_CORE\fR
+is set to
+"infinity"
+by PID 1 which is inherited by its children\&.
+.RE
+.sp
+Note that the service manager internally in PID 1 bumps
+\fIRLIMIT_NOFILE\fR
+and
+\fIRLIMIT_MEMLOCK\fR
+to higher values, however the limit is reverted to the mentioned defaults for all child processes forked off\&.
+.sp
+Added in version 198\&.
+.RE
+.PP
+\fIDefaultOOMPolicy=\fR
+.RS 4
+Configure the default policy for reacting to processes being killed by the Linux Out\-Of\-Memory (OOM) killer or
+\fBsystemd\-oomd\fR\&. This may be used to pick a global default for the per\-unit
+\fIOOMPolicy=\fR
+setting\&. See
+\fBsystemd.service\fR(5)
+for details\&. Note that this default is not used for services that have
+\fIDelegate=\fR
+turned on\&.
+.sp
+Added in version 243\&.
+.RE
+.PP
+\fIDefaultOOMScoreAdjust=\fR
+.RS 4
+Configures the default OOM score adjustments of processes run by the service manager\&. This defaults to unset (meaning the forked off processes inherit the service manager\*(Aqs OOM score adjustment value), except if the service manager is run for an unprivileged user, in which case this defaults to the service manager\*(Aqs OOM adjustment value plus 100 (this makes service processes slightly more likely to be killed under memory pressure than the manager itself)\&. This may be used to pick a global default for the per\-unit
+\fIOOMScoreAdjust=\fR
+setting\&. See
+\fBsystemd.exec\fR(5)
+for details\&. Note that this setting has no effect on the OOM score adjustment value of the service manager process itself, it retains the original value set during its invocation\&.
+.sp
+Added in version 250\&.
+.RE
+.PP
+\fIDefaultSmackProcessLabel=\fR
+.RS 4
+Takes a
+\fBSMACK64\fR
+security label as the argument\&. The process executed by a unit will be started under this label if
+\fISmackProcessLabel=\fR
+is not set in the unit\&. See
+\fBsystemd.exec\fR(5)
+for the details\&.
+.sp
+If the value is
+"/", only labels specified with
+\fISmackProcessLabel=\fR
+are assigned and the compile\-time default is ignored\&.
+.sp
+Added in version 252\&.
+.RE
+.PP
+\fIReloadLimitIntervalSec=\fR, \fIReloadLimitBurst=\fR
+.RS 4
+Rate limiting for daemon\-reload requests\&. Default to unset, and any number of daemon\-reload operations can be requested at any time\&.
+\fIReloadLimitIntervalSec=\fR
+takes a value in seconds to configure the rate limit window, and
+\fIReloadLimitBurst=\fR
+takes a positive integer to configure the maximum allowed number of reloads within the configured time window\&.
+.sp
+Added in version 253\&.
+.RE
+.PP
+\fIDefaultMemoryPressureWatch=\fR, \fIDefaultMemoryPressureThresholdSec=\fR
+.RS 4
+Configures the default settings for the per\-unit
+\fIMemoryPressureWatch=\fR
+and
+\fIMemoryPressureThresholdSec=\fR
+settings\&. See
+\fBsystemd.resource-control\fR(5)
+for details\&. Defaults to
+"auto"
+and
+"200ms", respectively\&. This also sets the memory pressure monitoring threshold for the service manager itself\&.
+.sp
+Added in version 254\&.
+.RE
+.SH "SPECIFIERS"
+.PP
+Specifiers may be used in the
+\fIDefaultEnvironment=\fR
+and
+\fIManagerEnvironment=\fR
+settings\&. The following expansions are understood:
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&1.\ \&Specifiers available
+.TS
+allbox tab(:);
+lB lB lB.
+T{
+Specifier
+T}:T{
+Meaning
+T}:T{
+Details
+T}
+.T&
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l
+l l l.
+T{
+"%a"
+T}:T{
+Architecture
+T}:T{
+A short string identifying the architecture of the local system\&. A string such as \fBx86\fR, \fBx86\-64\fR or \fBarm64\fR\&. See the architectures defined for \fIConditionArchitecture=\fR in \fBsystemd.unit\fR(5) for a full list\&.
+T}
+T{
+"%A"
+T}:T{
+Operating system image version
+T}:T{
+The operating system image version identifier of the running system, as read from the \fIIMAGE_VERSION=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&.
+T}
+T{
+"%b"
+T}:T{
+Boot ID
+T}:T{
+The boot ID of the running system, formatted as string\&. See \fBrandom\fR(4) for more information\&.
+T}
+T{
+"%B"
+T}:T{
+Operating system build ID
+T}:T{
+The operating system build identifier of the running system, as read from the \fIBUILD_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&.
+T}
+T{
+"%H"
+T}:T{
+Host name
+T}:T{
+The hostname of the running system\&.
+T}
+T{
+"%l"
+T}:T{
+Short host name
+T}:T{
+The hostname of the running system, truncated at the first dot to remove any domain component\&.
+T}
+T{
+"%m"
+T}:T{
+Machine ID
+T}:T{
+The machine ID of the running system, formatted as string\&. See \fBmachine-id\fR(5) for more information\&.
+T}
+T{
+"%M"
+T}:T{
+Operating system image identifier
+T}:T{
+The operating system image identifier of the running system, as read from the \fIIMAGE_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&.
+T}
+T{
+"%o"
+T}:T{
+Operating system ID
+T}:T{
+The operating system identifier of the running system, as read from the \fIID=\fR field of /etc/os\-release\&. See \fBos-release\fR(5) for more information\&.
+T}
+T{
+"%v"
+T}:T{
+Kernel release
+T}:T{
+Identical to \fBuname \-r\fR output\&.
+T}
+T{
+"%w"
+T}:T{
+Operating system version ID
+T}:T{
+The operating system version identifier of the running system, as read from the \fIVERSION_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&.
+T}
+T{
+"%W"
+T}:T{
+Operating system variant ID
+T}:T{
+The operating system variant identifier of the running system, as read from the \fIVARIANT_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&.
+T}
+T{
+"%T"
+T}:T{
+Directory for temporary files
+T}:T{
+This is either /tmp or the path "$TMPDIR", "$TEMP" or "$TMP" are set to\&. (Note that the directory may be specified without a trailing slash\&.)
+T}
+T{
+"%V"
+T}:T{
+Directory for larger and persistent temporary files
+T}:T{
+This is either /var/tmp or the path "$TMPDIR", "$TEMP" or "$TMP" are set to\&. (Note that the directory may be specified without a trailing slash\&.)
+T}
+T{
+"%h"
+T}:T{
+User home directory
+T}:T{
+This is the home directory of the \fIuser running the service manager instance\fR\&.
+T}
+T{
+"%u"
+T}:T{
+Username
+T}:T{
+This is the username of the \fIuser running the service manager instance\fR\&.
+T}
+T{
+"%U"
+T}:T{
+User id
+T}:T{
+This is the user id of the \fIuser running the service manager instance\fR\&.
+T}
+T{
+"%g"
+T}:T{
+Primary group
+T}:T{
+This is the primary group of the \fIuser running the service manager instance\fR\&.
+T}
+T{
+"%G"
+T}:T{
+Primary group id
+T}:T{
+This is the primary group id of the \fIuser running the service manager instance\fR\&.
+T}
+T{
+"%s"
+T}:T{
+User shell
+T}:T{
+This is the shell of the \fIuser running the service manager instance\fR\&.
+T}
+T{
+"%%"
+T}:T{
+Single percent sign
+T}:T{
+Use "%%" in place of "%" to specify a single percent sign\&.
+T}
+.TE
+.sp 1
+.SH "HISTORY"
+.PP
+systemd 252
+.RS 4
+Option
+\fIDefaultBlockIOAccounting=\fR
+was deprecated\&. Please switch to the unified cgroup hierarchy\&.
+.sp
+Added in version 252\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBsystemd\fR(1),
+\fBsystemd.directives\fR(7),
+\fBsystemd.exec\fR(5),
+\fBsystemd.service\fR(5),
+\fBenviron\fR(7),
+\fBcapabilities\fR(7)
+.SH "NOTES"
+.IP " 1." 4
+No New Privileges Flag
+.RS 4
+\%https://docs.kernel.org/userspace-api/no_new_privs.html
+.RE
+.IP " 2." 4
+Known Environment Variables
+.RS 4
+\%https://systemd.io/ENVIRONMENT
+.RE