'\" t .TH "SYSTEMD\-SYSTEM\&.CONF" "5" "" "systemd 256~rc3" "systemd-system.conf" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" systemd-system.conf, system.conf.d, systemd-user.conf, user.conf.d \- System and session service manager configuration files .SH "SYNOPSIS" .PP /etc/systemd/system\&.conf, /run/systemd/system\&.conf, /usr/lib/systemd/system\&.conf, /etc/systemd/system\&.conf\&.d/*\&.conf, /run/systemd/system\&.conf\&.d/*\&.conf, /usr/lib/systemd/system\&.conf\&.d/*\&.conf .PP ~/\&.config/systemd/user\&.conf, /etc/systemd/user\&.conf, /run/systemd/user\&.conf, /usr/lib/systemd/user\&.conf, /etc/systemd/user\&.conf\&.d/*\&.conf, /run/systemd/user\&.conf\&.d/*\&.conf, /usr/lib/systemd/user\&.conf\&.d/*\&.conf .SH "DESCRIPTION" .PP When run as a system instance, \fBsystemd\fR interprets the configuration file system\&.conf and the files in system\&.conf\&.d directories; when run as a user instance, it interprets the configuration file user\&.conf (in order of priority, in the home directory of the user and under /etc/systemd/, /run/systemd/, and /usr/lib/systemd/) and the files in user\&.conf\&.d directories\&. These configuration files contain a few settings controlling basic manager operations\&. .PP See \fBsystemd.syntax\fR(7) for a general description of the syntax\&. .SH "CONFIGURATION DIRECTORIES AND PRECEDENCE" .PP The default configuration is set during compilation, so configuration is only needed when it is necessary to deviate from those defaults\&. The main configuration file is loaded from one of the listed directories in order of priority, only the first file found is used: /etc/systemd/, /run/systemd/, /usr/local/lib/systemd/, /usr/lib/systemd/\&. The vendor version of the file contains commented out entries showing the defaults as a guide to the administrator\&. Local overrides can also be created by creating drop\-ins, as described below\&. The main configuration file can also be edited for this purpose (or a copy in /etc/ if it\*(Aqs shipped under /usr/), however using drop\-ins for local configuration is recommended over modifications to the main configuration file\&. .PP In addition to the main configuration file, drop\-in configuration snippets are read from /usr/lib/systemd/*\&.conf\&.d/, /usr/local/lib/systemd/*\&.conf\&.d/, and /etc/systemd/*\&.conf\&.d/\&. Those drop\-ins have higher precedence and override the main configuration file\&. Files in the *\&.conf\&.d/ configuration subdirectories are sorted by their filename in lexicographic order, regardless of in which of the subdirectories they reside\&. When multiple files specify the same option, for options which accept just a single value, the entry in the file sorted last takes precedence, and for options which accept a list of values, entries are collected as they occur in the sorted files\&. .PP When packages need to customize the configuration, they can install drop\-ins under /usr/\&. Files in /etc/ are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering of the files\&. This also defines a concept of drop\-in priorities to allow OS vendors to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. It is recommended to use the range 10\-40 for drop\-ins in /usr/ and the range 60\-90 for drop\-ins in /etc/ and /run/, to make sure that local and transient drop\-ins take priority over drop\-ins shipped by the OS vendor\&. .PP To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to /dev/null in the configuration directory in /etc/, with the same filename as the vendor configuration file\&. .SH "OPTIONS" .PP All options are configured in the [Manager] section: .PP \fILogColor=\fR, \fILogLevel=\fR, \fILogLocation=\fR, \fILogTarget=\fR, \fILogTime=\fR, \fIDumpCore=yes\fR, \fICrashChangeVT=no\fR, \fICrashShell=no\fR, \fICrashAction=freeze\fR, \fIShowStatus=yes\fR, \fIDefaultStandardOutput=journal\fR, \fIDefaultStandardError=inherit\fR .RS 4 Configures various parameters of basic manager operation\&. These options may be overridden by the respective process and kernel command line arguments\&. See \fBsystemd\fR(1) for details\&. .sp Added in version 198\&. .RE .PP \fICtrlAltDelBurstAction=\fR .RS 4 Defines what action will be performed if user presses Ctrl\-Alt\-Delete more than 7 times in 2s\&. Can be set to "reboot\-force", "poweroff\-force", "reboot\-immediate", "poweroff\-immediate" or disabled with "none"\&. Defaults to "reboot\-force"\&. .sp Added in version 232\&. .RE .PP \fICPUAffinity=\fR .RS 4 Configures the CPU affinity for the service manager as well as the default CPU affinity for all forked off processes\&. Takes a list of CPU indices or ranges separated by either whitespace or commas\&. CPU ranges are specified by the lower and upper CPU indices separated by a dash\&. This option may be specified more than once, in which case the specified CPU affinity masks are merged\&. If the empty string is assigned, the mask is reset, all assignments prior to this will have no effect\&. Individual services may override the CPU affinity for their processes with the \fICPUAffinity=\fR setting in unit files, see \fBsystemd.exec\fR(5)\&. .sp Added in version 198\&. .RE .PP \fINUMAPolicy=\fR .RS 4 Configures the NUMA memory policy for the service manager and the default NUMA memory policy for all forked off processes\&. Individual services may override the default policy with the \fINUMAPolicy=\fR setting in unit files, see \fBsystemd.exec\fR(5)\&. .sp Added in version 243\&. .RE .PP \fINUMAMask=\fR .RS 4 Configures the NUMA node mask that will be associated with the selected NUMA policy\&. Note that \fBdefault\fR and \fBlocal\fR NUMA policies don\*(Aqt require explicit NUMA node mask and value of the option can be empty\&. Similarly to \fINUMAPolicy=\fR, value can be overridden by individual services in unit files, see \fBsystemd.exec\fR(5)\&. .sp Added in version 243\&. .RE .PP \fIRuntimeWatchdogSec=\fR, \fIRebootWatchdogSec=\fR, \fIKExecWatchdogSec=\fR .RS 4 Configure the hardware watchdog at runtime and at reboot\&. Takes a timeout value in seconds (or in other time units if suffixed with "ms", "min", "h", "d", "w"), or the special strings "off" or "default"\&. If set to "off" (alternatively: "0") the watchdog logic is disabled: no watchdog device is opened, configured, or pinged\&. If set to the special string "default" the watchdog is opened and pinged in regular intervals, but the timeout is not changed from the default\&. If set to any other time value the watchdog timeout is configured to the specified value (or a value close to it, depending on hardware capabilities)\&. .sp If \fIRuntimeWatchdogSec=\fR is set to a non\-zero value, the watchdog hardware (/dev/watchdog0 or the path specified with \fIWatchdogDevice=\fR or the kernel option \fIsystemd\&.watchdog\-device=\fR) will be programmed to automatically reboot the system if it is not contacted within the specified timeout interval\&. The system manager will ensure to contact it at least once in half the specified timeout interval\&. This feature requires a hardware watchdog device to be present, as it is commonly the case in embedded and server systems\&. Not all hardware watchdogs allow configuration of all possible reboot timeout values, in which case the closest available timeout is picked\&. .sp \fIRebootWatchdogSec=\fR may be used to configure the hardware watchdog when the system is asked to reboot\&. It works as a safety net to ensure that the reboot takes place even if a clean reboot attempt times out\&. Note that the \fIRebootWatchdogSec=\fR timeout applies only to the second phase of the reboot, i\&.e\&. after all regular services are already terminated, and after the system and service manager process (PID 1) got replaced by the systemd\-shutdown binary, see system \fBbootup\fR(7) for details\&. During the first phase of the shutdown operation the system and service manager remains running and hence \fIRuntimeWatchdogSec=\fR is still honoured\&. In order to define a timeout on this first phase of system shutdown, configure \fIJobTimeoutSec=\fR and \fIJobTimeoutAction=\fR in the [Unit] section of the shutdown\&.target unit\&. By default \fIRuntimeWatchdogSec=\fR defaults to 0 (off), and \fIRebootWatchdogSec=\fR to 10min\&. .sp \fIKExecWatchdogSec=\fR may be used to additionally enable the watchdog when kexec is being executed rather than when rebooting\&. Note that if the kernel does not reset the watchdog on kexec (depending on the specific hardware and/or driver), in this case the watchdog might not get disabled after kexec succeeds and thus the system might get rebooted, unless \fIRuntimeWatchdogSec=\fR is also enabled at the same time\&. For this reason it is recommended to enable \fIKExecWatchdogSec=\fR only if \fIRuntimeWatchdogSec=\fR is also enabled\&. .sp These settings have no effect if a hardware watchdog is not available\&. .sp Added in version 198\&. .RE .PP \fIRuntimeWatchdogPreSec=\fR .RS 4 Configure the hardware watchdog device pre\-timeout value\&. Takes a timeout value in seconds (or in other time units similar to \fIRuntimeWatchdogSec=\fR)\&. A watchdog pre\-timeout is a notification generated by the watchdog before the watchdog reset might occur in the event the watchdog has not been serviced\&. This notification is handled by the kernel and can be configured to take an action (i\&.e\&. generate a kernel panic) using \fIRuntimeWatchdogPreGovernor=\fR\&. Not all watchdog hardware or drivers support generating a pre\-timeout and depending on the state of the system, the kernel may be unable to take the configured action before the watchdog reboot\&. The watchdog will be configured to generate the pre\-timeout event at the amount of time specified by \fIRuntimeWatchdogPreSec=\fR before the runtime watchdog timeout (set by \fIRuntimeWatchdogSec=\fR)\&. For example, if the we have \fIRuntimeWatchdogSec=30\fR and \fIRuntimeWatchdogPreSec=10\fR, then the pre\-timeout event will occur if the watchdog has not pinged for 20s (10s before the watchdog would fire)\&. By default, \fIRuntimeWatchdogPreSec=\fR defaults to 0 (off)\&. The value set for \fIRuntimeWatchdogPreSec=\fR must be smaller than the timeout value for \fIRuntimeWatchdogSec=\fR\&. This setting has no effect if a hardware watchdog is not available or the hardware watchdog does not support a pre\-timeout and will be ignored by the kernel if the setting is greater than the actual watchdog timeout\&. .sp Added in version 251\&. .RE .PP \fIRuntimeWatchdogPreGovernor=\fR .RS 4 Configure the action taken by the hardware watchdog device when the pre\-timeout expires\&. The default action for the pre\-timeout event depends on the kernel configuration, but it is usually to log a kernel message\&. For a list of valid actions available for a given watchdog device, check the content of the /sys/class/watchdog/watchdog\fIX\fR/pretimeout_available_governors file\&. Typically, available governor types are \fInoop\fR and \fIpanic\fR\&. Availability, names and functionality might vary depending on the specific device driver in use\&. If the pretimeout_available_governors sysfs file is empty, the governor might be built as a kernel module and might need to be manually loaded (e\&.g\&. \fIpretimeout_noop\&.ko\fR), or the watchdog device might not support pre\-timeouts\&. .sp Added in version 251\&. .RE .PP \fIWatchdogDevice=\fR .RS 4 Configure the hardware watchdog device that the runtime and shutdown watchdog timers will open and use\&. Defaults to /dev/watchdog0\&. This setting has no effect if a hardware watchdog is not available\&. .sp Added in version 236\&. .RE .PP \fICapabilityBoundingSet=\fR .RS 4 Controls which capabilities to include in the capability bounding set for PID 1 and its children\&. See \fBcapabilities\fR(7) for details\&. Takes a whitespace\-separated list of capability names as read by \fBcap_from_name\fR(3)\&. Capabilities listed will be included in the bounding set, all others are removed\&. If the list of capabilities is prefixed with ~, all but the listed capabilities will be included, the effect of the assignment inverted\&. Note that this option also affects the respective capabilities in the effective, permitted and inheritable capability sets\&. The capability bounding set may also be individually configured for units using the \fICapabilityBoundingSet=\fR directive for units, but note that capabilities dropped for PID 1 cannot be regained in individual units, they are lost for good\&. .sp Added in version 198\&. .RE .PP \fINoNewPrivileges=\fR .RS 4 Takes a boolean argument\&. If true, ensures that PID 1 and all its children can never gain new privileges through \fBexecve\fR(2) (e\&.g\&. via setuid or setgid bits, or filesystem capabilities)\&. Defaults to false\&. General purpose distributions commonly rely on executables with setuid or setgid bits and will thus not function properly with this option enabled\&. Individual units cannot disable this option\&. Also see \m[blue]\fBNo New Privileges Flag\fR\m[]\&\s-2\u[1]\d\s+2\&. .sp Added in version 239\&. .RE .PP \fIProtectSystem=\fR .RS 4 Takes a boolean argument or the string "auto"\&. If set to true this will remount /usr/ read\-only\&. If set to "auto" (the default) and running in an initrd equivalent to true, otherwise false\&. This implements a restricted subset of the per\-unit setting of the same name, see \fBsystemd.exec\fR(5) for details: currently, the "full" or "struct" values are not supported\&. .sp Added in version 256\&. .RE .PP \fISystemCallArchitectures=\fR .RS 4 Takes a space\-separated list of architecture identifiers\&. Selects from which architectures system calls may be invoked on this system\&. This may be used as an effective way to disable invocation of non\-native binaries system\-wide, for example to prohibit execution of 32\-bit x86 binaries on 64\-bit x86\-64 systems\&. This option operates system\-wide, and acts similar to the \fISystemCallArchitectures=\fR setting of unit files, see \fBsystemd.exec\fR(5) for details\&. This setting defaults to the empty list, in which case no filtering of system calls based on architecture is applied\&. Known architecture identifiers are "x86", "x86\-64", "x32", "arm" and the special identifier "native"\&. The latter implicitly maps to the native architecture of the system (or more specifically, the architecture the system manager was compiled for)\&. Set this setting to "native" to prohibit execution of any non\-native binaries\&. When a binary executes a system call of an architecture that is not listed in this setting, it will be immediately terminated with the SIGSYS signal\&. .sp Added in version 209\&. .RE .PP \fITimerSlackNSec=\fR .RS 4 Sets the timer slack in nanoseconds for PID 1, which is inherited by all executed processes, unless overridden individually, for example with the \fITimerSlackNSec=\fR setting in service units (for details see \fBsystemd.exec\fR(5))\&. The timer slack controls the accuracy of wake\-ups triggered by system timers\&. See \fBprctl\fR(2) for more information\&. Note that in contrast to most other time span definitions this parameter takes an integer value in nano\-seconds if no unit is specified\&. The usual time units are understood too\&. .sp Added in version 198\&. .RE .PP \fIStatusUnitFormat=\fR .RS 4 Takes \fBname\fR, \fBdescription\fR or \fBcombined\fR as the value\&. If \fBname\fR, the system manager will use unit names in status messages (e\&.g\&. "systemd\-journald\&.service"), instead of the longer and more informative descriptions set with \fIDescription=\fR (e\&.g\&. "Journal Logging Service")\&. If \fBcombined\fR, the system manager will use both unit names and descriptions in status messages (e\&.g\&. "systemd\-journald\&.service \- Journal Logging Service")\&. .sp See \fBsystemd.unit\fR(5) for details about unit names and \fIDescription=\fR\&. .sp Added in version 243\&. .RE .PP \fIDefaultTimerAccuracySec=\fR .RS 4 Sets the default accuracy of timer units\&. This controls the global default for the \fIAccuracySec=\fR setting of timer units, see \fBsystemd.timer\fR(5) for details\&. \fIAccuracySec=\fR set in individual units override the global default for the specific unit\&. Defaults to 1min\&. Note that the accuracy of timer units is also affected by the configured timer slack for PID 1, see \fITimerSlackNSec=\fR above\&. .sp Added in version 212\&. .RE .PP \fIDefaultTimeoutStartSec=\fR, \fIDefaultTimeoutStopSec=\fR, \fIDefaultTimeoutAbortSec=\fR, \fIDefaultRestartSec=\fR .RS 4 Configures the default timeouts for starting, stopping and aborting of units, as well as the default time to sleep between automatic restarts of units, as configured per\-unit in \fITimeoutStartSec=\fR, \fITimeoutStopSec=\fR, \fITimeoutAbortSec=\fR and \fIRestartSec=\fR (for services, see \fBsystemd.service\fR(5) for details on the per\-unit settings)\&. For non\-service units, \fIDefaultTimeoutStartSec=\fR sets the default \fITimeoutSec=\fR value\&. .sp \fIDefaultTimeoutStartSec=\fR and \fIDefaultTimeoutStopSec=\fR default to 45 s in the system manager and 45 s in the user manager\&. \fIDefaultTimeoutAbortSec=\fR is not set by default so that all units fall back to \fITimeoutStopSec=\fR\&. \fIDefaultRestartSec=\fR defaults to 100 ms\&. .sp Added in version 209\&. .RE .PP \fIDefaultDeviceTimeoutSec=\fR .RS 4 Configures the default timeout for waiting for devices\&. It can be changed per device via the \fIx\-systemd\&.device\-timeout=\fR option in /etc/fstab and /etc/crypttab (see \fBsystemd.mount\fR(5), \fBcrypttab\fR(5))\&. Defaults to 45 s in the system manager and 45 s in the user manager\&. .sp Added in version 252\&. .RE .PP \fIDefaultStartLimitIntervalSec=\fR, \fIDefaultStartLimitBurst=\fR .RS 4 Configure the default unit start rate limiting, as configured per\-service by \fIStartLimitIntervalSec=\fR and \fIStartLimitBurst=\fR\&. See \fBsystemd.service\fR(5) for details on the per\-service settings\&. \fIDefaultStartLimitIntervalSec=\fR defaults to 10s\&. \fIDefaultStartLimitBurst=\fR defaults to 5\&. .sp Added in version 209\&. .RE .PP \fIDefaultEnvironment=\fR .RS 4 Configures environment variables passed to all executed processes\&. Takes a space\-separated list of variable assignments\&. See \fBenviron\fR(7) for details about environment variables\&. .sp Simple "%"\-specifier expansion is supported, see below for a list of supported specifiers\&. .sp Example: .sp .if n \{\ .RS 4 .\} .nf DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6" .fi .if n \{\ .RE .\} .sp Sets three variables "VAR1", "VAR2", "VAR3"\&. .sp Added in version 205\&. .RE .PP \fIManagerEnvironment=\fR .RS 4 Takes the same arguments as \fIDefaultEnvironment=\fR, see above\&. Sets environment variables just for the manager process itself\&. In contrast to user managers, these variables are not inherited by processes spawned by the system manager, use \fIDefaultEnvironment=\fR for that\&. Note that these variables are merged into the existing environment block\&. In particular, in case of the system manager, this includes variables set by the kernel based on the kernel command line\&. .sp Setting environment variables for the manager process may be useful to modify its behaviour\&. See \m[blue]\fBKnown Environment Variables\fR\m[]\&\s-2\u[2]\d\s+2 for a descriptions of some variables understood by \fBsystemd\fR\&. .sp Simple "%"\-specifier expansion is supported, see below for a list of supported specifiers\&. .sp Added in version 248\&. .RE .PP \fIDefaultCPUAccounting=\fR, \fIDefaultMemoryAccounting=\fR, \fIDefaultTasksAccounting=\fR, \fIDefaultIOAccounting=\fR, \fIDefaultIPAccounting=\fR .RS 4 Configure the default resource accounting settings, as configured per\-unit by \fICPUAccounting=\fR, \fIMemoryAccounting=\fR, \fITasksAccounting=\fR, \fIIOAccounting=\fR and \fIIPAccounting=\fR\&. See \fBsystemd.resource-control\fR(5) for details on the per\-unit settings\&. .sp \fIDefaultCPUAccounting=\fR defaults to yes when running on kernel ≥4\&.15, and no on older versions\&. \fIDefaultMemoryAccounting=\fR defaults to yes\&. \fIDefaultTasksAccounting=\fR defaults to yes\&. The other settings default to no\&. .sp Added in version 211\&. .RE .PP \fIDefaultTasksMax=\fR .RS 4 Configure the default value for the per\-unit \fITasksMax=\fR setting\&. See \fBsystemd.resource-control\fR(5) for details\&. This setting applies to all unit types that support resource control settings, with the exception of slice units\&. Defaults to 15% of the minimum of \fIkernel\&.pid_max=\fR, \fIkernel\&.threads\-max=\fR and root cgroup \fIpids\&.max\fR\&. Kernel has a default value for \fIkernel\&.pid_max=\fR and an algorithm of counting in case of more than 32 cores\&. For example, with the default \fIkernel\&.pid_max=\fR, \fIDefaultTasksMax=\fR defaults to 4915, but might be greater in other systems or smaller in OS containers\&. .sp Added in version 228\&. .RE .PP \fIDefaultLimitCPU=\fR, \fIDefaultLimitFSIZE=\fR, \fIDefaultLimitDATA=\fR, \fIDefaultLimitSTACK=\fR, \fIDefaultLimitCORE=\fR, \fIDefaultLimitRSS=\fR, \fIDefaultLimitNOFILE=\fR, \fIDefaultLimitAS=\fR, \fIDefaultLimitNPROC=\fR, \fIDefaultLimitMEMLOCK=\fR, \fIDefaultLimitLOCKS=\fR, \fIDefaultLimitSIGPENDING=\fR, \fIDefaultLimitMSGQUEUE=\fR, \fIDefaultLimitNICE=\fR, \fIDefaultLimitRTPRIO=\fR, \fIDefaultLimitRTTIME=\fR .RS 4 These settings control various default resource limits for processes executed by units\&. See \fBsetrlimit\fR(2) for details\&. These settings may be overridden in individual units using the corresponding \fILimitXXX=\fR directives and they accept the same parameter syntax, see \fBsystemd.exec\fR(5) for details\&. Note that these resource limits are only defaults for units, they are not applied to the service manager process (i\&.e\&. PID 1) itself\&. .sp Most of these settings are unset, which means the resource limits are inherited from the kernel or, if invoked in a container, from the container manager\&. However, the following have defaults: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fIDefaultLimitNOFILE=\fR defaults to 1024:524288\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fIDefaultLimitMEMLOCK=\fR defaults to 8M\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fIDefaultLimitCORE=\fR does not have a default but it is worth mentioning that \fIRLIMIT_CORE\fR is set to "infinity" by PID 1 which is inherited by its children\&. .RE .sp Note that the service manager internally in PID 1 bumps \fIRLIMIT_NOFILE\fR and \fIRLIMIT_MEMLOCK\fR to higher values, however the limit is reverted to the mentioned defaults for all child processes forked off\&. .sp Added in version 198\&. .RE .PP \fIDefaultOOMPolicy=\fR .RS 4 Configure the default policy for reacting to processes being killed by the Linux Out\-Of\-Memory (OOM) killer or \fBsystemd\-oomd\fR\&. This may be used to pick a global default for the per\-unit \fIOOMPolicy=\fR setting\&. See \fBsystemd.service\fR(5) for details\&. Note that this default is not used for services that have \fIDelegate=\fR turned on\&. .sp Added in version 243\&. .RE .PP \fIDefaultOOMScoreAdjust=\fR .RS 4 Configures the default OOM score adjustments of processes run by the service manager\&. This defaults to unset (meaning the forked off processes inherit the service manager\*(Aqs OOM score adjustment value), except if the service manager is run for an unprivileged user, in which case this defaults to the service manager\*(Aqs OOM adjustment value plus 100 (this makes service processes slightly more likely to be killed under memory pressure than the manager itself)\&. This may be used to pick a global default for the per\-unit \fIOOMScoreAdjust=\fR setting\&. See \fBsystemd.exec\fR(5) for details\&. Note that this setting has no effect on the OOM score adjustment value of the service manager process itself, it retains the original value set during its invocation\&. .sp Added in version 250\&. .RE .PP \fIDefaultSmackProcessLabel=\fR .RS 4 Takes a \fBSMACK64\fR security label as the argument\&. The process executed by a unit will be started under this label if \fISmackProcessLabel=\fR is not set in the unit\&. See \fBsystemd.exec\fR(5) for the details\&. .sp If the value is "/", only labels specified with \fISmackProcessLabel=\fR are assigned and the compile\-time default is ignored\&. .sp Added in version 252\&. .RE .PP \fIReloadLimitIntervalSec=\fR, \fIReloadLimitBurst=\fR .RS 4 Rate limiting for daemon\-reload and (since v256) daemon\-reexec requests\&. The setting applies to both operations, but the rate limits are tracked separately\&. Defaults to unset, and any number of operations can be requested at any time\&. \fIReloadLimitIntervalSec=\fR takes a value in seconds to configure the rate limit window, and \fIReloadLimitBurst=\fR takes a positive integer to configure the maximum allowed number of operations within the configured time window\&. .sp Added in version 253\&. .RE .PP \fIDefaultMemoryPressureWatch=\fR, \fIDefaultMemoryPressureThresholdSec=\fR .RS 4 Configures the default settings for the per\-unit \fIMemoryPressureWatch=\fR and \fIMemoryPressureThresholdSec=\fR settings\&. See \fBsystemd.resource-control\fR(5) for details\&. Defaults to "auto" and "200ms", respectively\&. This also sets the memory pressure monitoring threshold for the service manager itself\&. .sp Added in version 254\&. .RE .SH "SPECIFIERS" .PP Specifiers may be used in the \fIDefaultEnvironment=\fR and \fIManagerEnvironment=\fR settings\&. The following expansions are understood: .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .B Table\ \&1.\ \&Specifiers available .TS allbox tab(:); lB lB lB. T{ Specifier T}:T{ Meaning T}:T{ Details T} .T& l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l. T{ "%a" T}:T{ Architecture T}:T{ A short string identifying the architecture of the local system\&. A string such as \fBx86\fR, \fBx86\-64\fR or \fBarm64\fR\&. See the architectures defined for \fIConditionArchitecture=\fR in \fBsystemd.unit\fR(5) for a full list\&. T} T{ "%A" T}:T{ Operating system image version T}:T{ The operating system image version identifier of the running system, as read from the \fIIMAGE_VERSION=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&. T} T{ "%b" T}:T{ Boot ID T}:T{ The boot ID of the running system, formatted as string\&. See \fBrandom\fR(4) for more information\&. T} T{ "%B" T}:T{ Operating system build ID T}:T{ The operating system build identifier of the running system, as read from the \fIBUILD_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&. T} T{ "%H" T}:T{ Host name T}:T{ The hostname of the running system\&. T} T{ "%l" T}:T{ Short host name T}:T{ The hostname of the running system, truncated at the first dot to remove any domain component\&. T} T{ "%m" T}:T{ Machine ID T}:T{ The machine ID of the running system, formatted as string\&. See \fBmachine-id\fR(5) for more information\&. T} T{ "%M" T}:T{ Operating system image identifier T}:T{ The operating system image identifier of the running system, as read from the \fIIMAGE_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&. T} T{ "%o" T}:T{ Operating system ID T}:T{ The operating system identifier of the running system, as read from the \fIID=\fR field of /etc/os\-release\&. See \fBos-release\fR(5) for more information\&. T} T{ "%v" T}:T{ Kernel release T}:T{ Identical to \fBuname \-r\fR output\&. T} T{ "%w" T}:T{ Operating system version ID T}:T{ The operating system version identifier of the running system, as read from the \fIVERSION_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&. T} T{ "%W" T}:T{ Operating system variant ID T}:T{ The operating system variant identifier of the running system, as read from the \fIVARIANT_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&. T} T{ "%T" T}:T{ Directory for temporary files T}:T{ This is either /tmp or the path "$TMPDIR", "$TEMP" or "$TMP" are set to\&. (Note that the directory may be specified without a trailing slash\&.) T} T{ "%V" T}:T{ Directory for larger and persistent temporary files T}:T{ This is either /var/tmp or the path "$TMPDIR", "$TEMP" or "$TMP" are set to\&. (Note that the directory may be specified without a trailing slash\&.) T} T{ "%h" T}:T{ User home directory T}:T{ This is the home directory of the \fIuser running the service manager instance\fR\&. T} T{ "%u" T}:T{ Username T}:T{ This is the username of the \fIuser running the service manager instance\fR\&. T} T{ "%U" T}:T{ User id T}:T{ This is the user id of the \fIuser running the service manager instance\fR\&. T} T{ "%g" T}:T{ Primary group T}:T{ This is the primary group of the \fIuser running the service manager instance\fR\&. T} T{ "%G" T}:T{ Primary group id T}:T{ This is the primary group id of the \fIuser running the service manager instance\fR\&. T} T{ "%s" T}:T{ User shell T}:T{ This is the shell of the \fIuser running the service manager instance\fR\&. T} T{ "%%" T}:T{ Single percent sign T}:T{ Use "%%" in place of "%" to specify a single percent sign\&. T} .TE .sp 1 .SH "HISTORY" .PP systemd 252 .RS 4 Option \fIDefaultBlockIOAccounting=\fR was deprecated\&. Please switch to the unified cgroup hierarchy\&. .sp Added in version 252\&. .RE .SH "SEE ALSO" .PP \fBsystemd\fR(1), \fBsystemd.directives\fR(7), \fBsystemd.exec\fR(5), \fBsystemd.service\fR(5), \fBenviron\fR(7), \fBcapabilities\fR(7) .SH "NOTES" .IP " 1." 4 No New Privileges Flag .RS 4 \%https://docs.kernel.org/userspace-api/no_new_privs.html .RE .IP " 2." 4 Known Environment Variables .RS 4 \%https://systemd.io/ENVIRONMENT .RE