path: root/man/systemd.xml

<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="systemd"
    xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd</refentrytitle>
    <manvolnum>1</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd</refname>
    <refname>init</refname>
    <refpurpose>systemd system and service manager</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>/usr/lib/systemd/systemd</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>init</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="req">COMMAND</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>systemd is a system and service manager for Linux operating systems. When run as first process on
    boot (as PID 1), it acts as init system that brings up and maintains userspace services. Separate
    instances are started for logged-in users to start their services.</para>

    <para><command>systemd</command> is usually not invoked directly by the user, but is installed as the
    <filename>/sbin/init</filename> symlink and started during early boot. The user manager instances are
    started automatically through the
    <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    service.</para>

    <para>For compatibility with SysV, if the binary is called as <command>init</command> and is not the
    first process on the machine (PID is not 1), it will execute <command>telinit</command> and pass all
    command line arguments unmodified. That means <command>init</command> and <command>telinit</command> are
    mostly equivalent when invoked from normal login sessions. See
    <citerefentry><refentrytitle>telinit</refentrytitle><manvolnum>8</manvolnum></citerefentry> for more
    information.</para>

    <para>When run as a system instance, systemd interprets the
    configuration file <filename>system.conf</filename> and the files
    in <filename>system.conf.d</filename> directories; when run as a
    user instance, systemd interprets the configuration file
    <filename>user.conf</filename> and the files in
    <filename>user.conf.d</filename> directories. See
    <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for more information.</para>

    <para><command>systemd</command> contains native implementations of various tasks that need to be
    executed as part of the boot process. For example, it sets the hostname or configures the loopback
    network device. It also sets up and mounts various API file systems, such as <filename>/sys/</filename>,
    <filename>/proc/</filename>, and <filename>/dev/</filename>.</para>

    <para>Note that some but not all interfaces provided by systemd are covered by the
    <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability Promise</ulink>.</para>

    <para>The D-Bus API of <command>systemd</command> is described in
    <citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    and
    <citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
    </para>

    <para>Systems which invoke systemd in a container or initrd environment should implement the <ulink
    url="https://systemd.io/CONTAINER_INTERFACE">Container Interface</ulink> or
    <ulink url="https://systemd.io/INITRD_INTERFACE/">initrd Interface</ulink>
    specifications, respectively.</para>
  </refsect1>

  <refsect1>
    <title>Units</title>

    <para>systemd provides a dependency system between various
    entities called "units" of 11 different types. Units encapsulate
    various objects that are relevant for system boot-up and
    maintenance. The majority of units are configured in unit
    configuration files, whose syntax and basic set of options is
    described in
    <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
    however some are created automatically from other configuration
    files, dynamically from system state or programmatically at runtime.
    Units may be "active" (meaning started, bound, plugged in, …,
    depending on the unit type, see below), or "inactive" (meaning
    stopped, unbound, unplugged, …), as well as in the process of
    being activated or deactivated, i.e. between the two states (these
    states are called "activating", "deactivating"). A special
    "failed" state is available as well, which is very similar to
    "inactive" and is entered when the service failed in some way
    (process returned error code on exit, or crashed, an operation
    timed out, or after too many restarts). If this state is entered,
    the cause will be logged, for later reference. Note that the
    various unit types may have a number of additional substates,
    which are mapped to the five generalized unit states described
    here.</para>

    <para>The following unit types are available:</para>

    <orderedlist>
      <listitem><para>Service units, which start and control daemons
      and the processes they consist of. For details, see
      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>Socket units, which encapsulate local IPC or
      network sockets in the system, useful for socket-based
      activation. For details about socket units, see
      <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      for details on socket-based activation and other forms of
      activation, see
      <citerefentry><refentrytitle>daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>Target units are useful to group units, or
      provide well-known synchronization points during boot-up, see
      <citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>Device units expose kernel devices in systemd
      and may be used to implement device-based activation. For
      details, see
      <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>Mount units control mount points in the file
      system, for details see
      <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>Automount units provide automount capabilities,
      for on-demand mounting of file systems as well as parallelized
      boot-up. See
      <citerefentry><refentrytitle>systemd.automount</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>Timer units are useful for triggering activation
      of other units based on timers. You may find details in
      <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>Swap units are very similar to mount units and
      encapsulate memory swap partitions or files of the operating
      system. They are described in
      <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>Path units may be used to activate other
      services when file system objects change or are modified. See
      <citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>Slice units may be used to group units which
      manage system processes (such as service and scope units) in a
      hierarchical tree for resource management purposes. See
      <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>Scope units are similar to service units, but
      manage foreign processes instead of starting them as well. See
      <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>

    </orderedlist>

    <para>Units are named as their configuration files. Some units
    have special semantics. A detailed list is available in
    <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>

    <para>systemd knows various kinds of dependencies, including
    positive and negative requirement dependencies (i.e.
    <varname>Requires=</varname> and <varname>Conflicts=</varname>) as
    well as ordering dependencies (<varname>After=</varname> and
    <varname>Before=</varname>). NB: ordering and requirement
    dependencies are orthogonal. If only a requirement dependency
    exists between two units (e.g. <filename>foo.service</filename>
    requires <filename>bar.service</filename>), but no ordering
    dependency (e.g. <filename>foo.service</filename> after
    <filename>bar.service</filename>) and both are requested to start,
    they will be started in parallel. It is a common pattern that both
    requirement and ordering dependencies are placed between two
    units. Also note that the majority of dependencies are implicitly
    created and maintained by systemd. In most cases, it should be
    unnecessary to declare additional dependencies manually, however
    it is possible to do this.</para>

    <para>Application programs and units (via dependencies) may
    request state changes of units. In systemd, these requests are
    encapsulated as 'jobs' and maintained in a job queue. Jobs may
    succeed or can fail, their execution is ordered based on the
    ordering dependencies of the units they have been scheduled
    for.</para>

    <para>On boot systemd activates the target unit
    <filename>default.target</filename> whose job is to activate
    on-boot services and other on-boot units by pulling them in via
    dependencies. Usually, the unit name is just an alias (symlink) for
    either <filename>graphical.target</filename> (for fully-featured
    boots into the UI) or <filename>multi-user.target</filename> (for
    limited console-only boots for use in embedded or server
    environments, or similar; a subset of graphical.target). However,
    it is at the discretion of the administrator to configure it as an
    alias to any other target unit. See
    <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>
    for details about these target units.</para>

    <para>On first boot, <command>systemd</command> will enable or disable units according to preset policy.
    See <citerefentry><refentrytitle>systemd.preset</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    and "First Boot Semantics" in
    <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>

    <para>systemd only keeps a minimal set of units loaded into memory. Specifically, the only units that are
    kept loaded into memory are those for which at least one of the following conditions is true:</para>

    <orderedlist>
      <listitem><para>It is in an active, activating, deactivating or failed state (i.e. in any unit state except for <literal>inactive</literal>)</para></listitem>
      <listitem><para>It has a job queued for it</para></listitem>
      <listitem><para>It is a dependency of at least one other unit that is loaded into memory</para></listitem>
      <listitem><para>It has some form of resource still allocated (e.g. a service unit that is inactive but for which
      a process is still lingering that ignored the request to be terminated)</para></listitem>
      <listitem><para>It has been pinned into memory programmatically by a D-Bus call</para></listitem>
    </orderedlist>

    <para>systemd will automatically and implicitly load units from disk — if they are not loaded yet — as soon as
    operations are requested for them. Thus, in many respects, the fact whether a unit is loaded or not is invisible to
    clients. Use <command>systemctl list-units --all</command> to comprehensively list all units currently loaded. Any
    unit for which none of the conditions above applies is promptly unloaded. Note that when a unit is unloaded from
    memory its accounting data is flushed out too. However, this data is generally not lost, as a journal log record
    is generated declaring the consumed resources whenever a unit shuts down.</para>

    <para>Processes systemd spawns are placed in individual Linux control groups named after the unit which
    they belong to in the private systemd hierarchy. (see <ulink
    url="https://docs.kernel.org/admin-guide/cgroup-v2.html">Control Groups v2</ulink> for more information
    about control groups, or short "cgroups").  systemd uses this to effectively keep track of
    processes. Control group information is maintained in the kernel, and is accessible via the file system
    hierarchy (beneath <filename>/sys/fs/cgroup/</filename>), or in tools such as <citerefentry
    project='man-pages'><refentrytitle>systemd-cgls</refentrytitle><manvolnum>1</manvolnum></citerefentry> or
    <citerefentry
    project='man-pages'><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry> (<command>ps
    xawf -eo pid,user,cgroup,args</command> is particularly useful to list all processes and the systemd
    units they belong to.).</para>

    <para>systemd is compatible with the SysV init system to a large
    degree: SysV init scripts are supported and simply read as an
    alternative (though limited) configuration file format. The SysV
    <filename>/dev/initctl</filename> interface is provided, and
    compatibility implementations of the various SysV client tools are
    available. In addition to that, various established Unix
    functionality such as <filename>/etc/fstab</filename> or the
    <filename>utmp</filename> database are supported.</para>

    <para>systemd has a minimal transaction system: if a unit is
    requested to start up or shut down it will add it and all its
    dependencies to a temporary transaction. Then, it will verify if
    the transaction is consistent (i.e. whether the ordering of all
    units is cycle-free). If it is not, systemd will try to fix it up,
    and removes non-essential jobs from the transaction that might
    remove the loop. Also, systemd tries to suppress non-essential
    jobs in the transaction that would stop a running service. Finally
    it is checked whether the jobs of the transaction contradict jobs
    that have already been queued, and optionally the transaction is
    aborted then. If all worked out and the transaction is consistent
    and minimized in its impact it is merged with all already
    outstanding jobs and added to the run queue. Effectively this
    means that before executing a requested operation, systemd will
    verify that it makes sense, fixing it if possible, and only
    failing if it really cannot work.</para>

    <para>Note that transactions are generated independently of a unit's
    state at runtime, hence, for example, if a start job is requested on an
    already started unit, it will still generate a transaction and wake up any
    inactive dependencies (and cause propagation of other jobs as per the
    defined relationships). This is because the enqueued job is at the time of
    execution compared to the target unit's state and is marked successful and
    complete when both satisfy. However, this job also pulls in other
    dependencies due to the defined relationships and thus leads to, in our
    example, start jobs for any of those inactive units getting queued as
    well.</para>

    <para>Units may be generated dynamically at boot and system
    manager reload time, for example based on other configuration
    files or parameters passed on the kernel command line. For details, see
    <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
  </refsect1>

  <refsect1>
    <title>Directories</title>

    <variablelist>
      <varlistentry>
        <term>System unit directories</term>

        <listitem><para>The systemd system manager reads unit
        configuration from various directories. Packages that want to
        install unit files shall place them in the directory returned
        by <command>pkg-config systemd
        --variable=systemdsystemunitdir</command>. Other directories
        checked are <filename>/usr/local/lib/systemd/system</filename>
        and <filename>/usr/lib/systemd/system</filename>. User
        configuration always takes precedence. <command>pkg-config
        systemd --variable=systemdsystemconfdir</command> returns the
        path of the system configuration directory. Packages should
        alter the content of these directories only with the
        <command>enable</command> and <command>disable</command>
        commands of the
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        tool. Full list of directories is provided in
        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>
    </variablelist>

    <variablelist>
      <varlistentry>
        <term>User unit directories</term>

        <listitem><para>Similar rules apply for the user unit
        directories. However, here the
        <ulink url="https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG
        Base Directory specification</ulink> is followed to find
        units. Applications should place their unit files in the
        directory returned by <command>pkg-config systemd
        --variable=systemduserunitdir</command>. Global configuration
        is done in the directory reported by <command>pkg-config
        systemd --variable=systemduserconfdir</command>. The
        <command>enable</command> and <command>disable</command>
        commands of the
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        tool can handle both global (i.e. for all users) and private
        (for one user) enabling/disabling of units. Full list of
        directories is provided in
        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>
    </variablelist>

    <variablelist>
      <varlistentry>
        <term>SysV init scripts directory</term>

        <listitem><para>The location of the SysV init script directory
        varies between distributions. If systemd cannot find a native
        unit file for a requested service, it will look for a SysV
        init script of the same name (with the
        <filename>.service</filename> suffix
        removed).</para></listitem>
      </varlistentry>
    </variablelist>

    <variablelist>
      <varlistentry>
        <term>SysV runlevel link farm directory</term>

        <listitem><para>The location of the SysV runlevel link farm
        directory varies between distributions. systemd will take the
        link farm into account when figuring out whether a service
        shall be enabled. Note that a service unit with a native unit
        configuration file cannot be started by activating it in the
        SysV runlevel link farm.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Signals</title>

    <para>The service listens to various UNIX process signals that can be used to request various actions
    asynchronously. The signal handling is enabled very early during boot, before any further processes are
    invoked. However, a supervising container manager or similar that intends to request these operations via
    this mechanism must take into consideration that this functionality is not available during the earliest
    initialization phase. An <function>sd_notify()</function> notification message carrying the
    <varname>X_SYSTEMD_SIGNALS_LEVEL=2</varname> field is emitted once the signal handlers are enabled, see
    below. This may be used to schedule submission of these signals correctly.</para>

    <variablelist>
      <varlistentry>
        <term><constant>SIGTERM</constant></term>

        <listitem><para>Upon receiving this signal the systemd system
        manager serializes its state, reexecutes itself and
        deserializes the saved state again. This is mostly equivalent
        to <command>systemctl daemon-reexec</command>.</para>

        <para>systemd user managers will start the
        <filename>exit.target</filename> unit when this signal is
        received. This is mostly equivalent to <command>systemctl
        --user start exit.target
        --job-mode=replace-irreversibly</command>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGINT</constant></term>

        <listitem><para>Upon receiving this signal the systemd system manager will start the
        <filename>ctrl-alt-del.target</filename> unit. This is mostly equivalent to
        <command>systemctl start ctrl-alt-del.target --job-mode=replace-irreversibly</command>. If
        this signal is received more than 7 times per 2s, an immediate reboot is triggered. Note
        that pressing
        <keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Del</keycap></keycombo> on the
        console will trigger this signal. Hence, if a reboot is hanging, pressing
        <keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Del</keycap></keycombo> more than
        7 times in 2 seconds is a relatively safe way to trigger an immediate reboot.</para>

        <para>systemd user managers treat this signal the same way as
        <constant>SIGTERM</constant>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGWINCH</constant></term>

        <listitem><para>When this signal is received the systemd
        system manager will start the
        <filename>kbrequest.target</filename> unit. This is mostly
        equivalent to <command>systemctl start
        kbrequest.target</command>.</para>

        <para>This signal is ignored by systemd user
        managers.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGPWR</constant></term>

        <listitem><para>When this signal is received the systemd
        manager will start the <filename>sigpwr.target</filename>
        unit. This is mostly equivalent to <command>systemctl start
        sigpwr.target</command>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGUSR1</constant></term>

        <listitem><para>When this signal is received the systemd
        manager will try to reconnect to the D-Bus
        bus.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGUSR2</constant></term>

        <listitem><para>When this signal is received the systemd
        manager will log its complete state in human-readable form.
        The data logged is the same as printed by
        <command>systemd-analyze dump</command>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGHUP</constant></term>

        <listitem><para>Reloads the complete daemon configuration.
        This is mostly equivalent to <command>systemctl
        daemon-reload</command>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+0</constant></term>

        <listitem><para>Enters default mode, starts the
        <filename>default.target</filename> unit. This is mostly
        equivalent to <command>systemctl isolate
        default.target</command>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+1</constant></term>

        <listitem><para>Enters rescue mode, starts the
        <filename>rescue.target</filename> unit. This is mostly
        equivalent to <command>systemctl isolate
        rescue.target</command>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+2</constant></term>

        <listitem><para>Enters emergency mode, starts the
        <filename>emergency.service</filename> unit. This is mostly
        equivalent to <command>systemctl isolate
        emergency.service</command>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+3</constant></term>

        <listitem><para>Halts the machine, starts the
        <filename>halt.target</filename> unit. This is mostly
        equivalent to <command>systemctl start halt.target
        --job-mode=replace-irreversibly</command>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+4</constant></term>

        <listitem><para>Powers off the machine, starts the
        <filename>poweroff.target</filename> unit. This is mostly
        equivalent to <command>systemctl start poweroff.target
        --job-mode=replace-irreversibly</command>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+5</constant></term>

        <listitem><para>Reboots the machine, starts the
        <filename>reboot.target</filename> unit. This is mostly
        equivalent to <command>systemctl start reboot.target
        --job-mode=replace-irreversibly</command>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+6</constant></term>

        <listitem><para>Reboots the machine via kexec, starts the
        <filename>kexec.target</filename> unit. This is mostly
        equivalent to <command>systemctl start kexec.target
        --job-mode=replace-irreversibly</command>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+7</constant></term>

        <listitem><para>Reboots userspace, starts the <filename>soft-reboot.target</filename> unit. This is
        mostly equivalent to <command>systemctl start soft-reboot.target
        --job-mode=replace-irreversibly</command>.</para>

        <xi:include href="version-info.xml" xpointer="v254"/>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+13</constant></term>

        <listitem><para>Immediately halts the machine.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+14</constant></term>

        <listitem><para>Immediately powers off the machine.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+15</constant></term>

        <listitem><para>Immediately reboots the machine.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+16</constant></term>

        <listitem><para>Immediately reboots the machine with kexec.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+17</constant></term>

        <listitem><para>Immediately reboots the userspace.</para>

        <xi:include href="version-info.xml" xpointer="v254"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+20</constant></term>

        <listitem><para>Enables display of status messages on the
        console, as controlled via
        <varname>systemd.show_status=1</varname> on the kernel command
        line.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+21</constant></term>

        <listitem><para>Disables display of
        status messages on the console, as
        controlled via
        <varname>systemd.show_status=0</varname>
        on the kernel command
        line.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+22</constant></term>

        <listitem><para>Sets the service manager's log level to <literal>debug</literal>, in a fashion equivalent to
        <varname>systemd.log_level=debug</varname> on the kernel command line.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+23</constant></term>

        <listitem><para>Restores the log level to its configured value. The configured value is derived from – in order
        of priority – the value specified with <varname>systemd.log-level=</varname> on the kernel command line, or the
        value specified with <option>LogLevel=</option> in the configuration file, or the built-in default of
        <literal>info</literal>.</para>

        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+24</constant></term>

        <listitem><para>Immediately exits the manager (only available
        for --user instances).</para>

        <xi:include href="version-info.xml" xpointer="v195"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+25</constant></term>

        <listitem><para>Upon receiving this signal the systemd manager will reexecute itself. This
        is mostly equivalent to <command>systemctl daemon-reexec</command> except that it will be
        done asynchronously.</para>

        <para>The systemd system manager treats this signal the same way as
        <constant>SIGTERM</constant>.</para>

        <xi:include href="version-info.xml" xpointer="v250"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+26</constant></term>

        <listitem><para>Restores the log target to its configured value. The configured value is derived from – in
        order of priority – the value specified with <varname>systemd.log-target=</varname> on the kernel command line,
        or the value specified with <option>LogTarget=</option> in the configuration file, or the built-in
        default.</para>

        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+27</constant></term>
        <term><constant>SIGRTMIN+28</constant></term>

        <listitem><para>Sets the log target to <literal>console</literal> on <constant>SIGRTMIN+27</constant> (or
        <literal>kmsg</literal> on <constant>SIGRTMIN+28</constant>), in a fashion equivalent to
        <varname>systemd.log_target=console</varname> (or <varname>systemd.log_target=kmsg</varname> on
        <constant>SIGRTMIN+28</constant>) on the kernel command line.</para>

        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Environment</title>

    <para>The environment block for the system manager is initially set by the kernel. (In particular,
    <literal>key=value</literal> assignments on the kernel command line are turned into environment
    variables for PID 1). For the user manager, the system manager sets the environment as described in the
    "Environment Variables in Spawned Processes" section of
    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
    <varname>DefaultEnvironment=</varname> setting in the system manager applies to all services including
    <filename>user@.service</filename>. Additional entries may be configured (as for any other service)
    through the <varname>Environment=</varname> and <varname>EnvironmentFile=</varname> settings for
    <filename>user@.service</filename> (see
    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). Also,
    additional environment variables may be set through the <varname>ManagerEnvironment=</varname> setting in
    <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    and
    <citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
    </para>

    <para>Some of the variables understood by <command>systemd</command>:</para>

    <variablelist class='environment-variables'>
      <varlistentry>
        <term><varname>$SYSTEMD_LOG_LEVEL</varname></term>
        <listitem><xi:include href="common-variables.xml" xpointer="log-level-body" />

        <para>This can be overridden with <option>--log-level=</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>$SYSTEMD_LOG_COLOR</varname></term>
        <listitem><xi:include href="common-variables.xml" xpointer="log-color-body" />

        <para>This can be overridden with <option>--log-color=</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>$SYSTEMD_LOG_TIME</varname></term>
        <listitem><xi:include href="common-variables.xml" xpointer="log-time-body" />

        <para>This can be overridden with <option>--log-time=</option>.</para>

        <xi:include href="version-info.xml" xpointer="v246"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>$SYSTEMD_LOG_LOCATION</varname></term>
        <listitem><xi:include href="common-variables.xml" xpointer="log-location-body" />

        <para>This can be overridden with <option>--log-location=</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>$SYSTEMD_LOG_TID</varname></term>
        <listitem><xi:include href="common-variables.xml" xpointer="log-tid-body" />

        <xi:include href="version-info.xml" xpointer="v247"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>$SYSTEMD_LOG_TARGET</varname></term>
        <listitem><xi:include href="common-variables.xml" xpointer="log-target-body" />

        <para>This can be overridden with <option>--log-target=</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>$SYSTEMD_LOG_RATELIMIT_KMSG</varname></term>
        <listitem><xi:include href="common-variables.xml" xpointer="log-ratelimit-kmsg-body" />

        <xi:include href="version-info.xml" xpointer="v254"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>$XDG_CONFIG_HOME</varname></term>
        <term><varname>$XDG_CONFIG_DIRS</varname></term>
        <term><varname>$XDG_DATA_HOME</varname></term>
        <term><varname>$XDG_DATA_DIRS</varname></term>

        <listitem><para>The systemd user manager uses these variables
        in accordance to the <ulink
        url="https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG
        Base Directory specification</ulink> to find its
        configuration.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>$SYSTEMD_UNIT_PATH</varname></term>
        <term><varname>$SYSTEMD_GENERATOR_PATH</varname></term>
        <term><varname>$SYSTEMD_ENVIRONMENT_GENERATOR_PATH</varname></term>

        <listitem><para>Controls where systemd looks for unit files and
        generators.</para>
        <para>These variables may contain a list of paths, separated by colons
        (<literal>:</literal>). When set, if the list ends with an empty
        component (<literal>...:</literal>), this list is prepended to the
        usual set of paths. Otherwise, the specified list replaces the usual
        set of paths.
        </para></listitem>
      </varlistentry>

      <xi:include href="common-variables.xml" xpointer="pager"/>
      <xi:include href="common-variables.xml" xpointer="less"/>
      <xi:include href="common-variables.xml" xpointer="lesscharset"/>
      <xi:include href="common-variables.xml" xpointer="lesssecure"/>
      <xi:include href="common-variables.xml" xpointer="colors"/>
      <xi:include href="common-variables.xml" xpointer="urlify"/>

      <varlistentry>
        <term><varname>$LISTEN_PID</varname></term>
        <term><varname>$LISTEN_FDS</varname></term>
        <term><varname>$LISTEN_FDNAMES</varname></term>

        <listitem><para>Set by systemd for supervised processes during
        socket-based activation. See
        <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
        for more information.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>$NOTIFY_SOCKET</varname></term>

        <listitem><para>Set by service manager for its services for status and readiness notifications. Also
        consumed by service manager for notifying supervising container managers or service managers up the
        stack about its own progress. See
        <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry> and the
        relevant section below for more information.</para></listitem>
      </varlistentry>
    </variablelist>

    <para>For further environment variables understood by systemd and its various components, see <ulink
    url="https://systemd.io/ENVIRONMENT">Known Environment Variables</ulink>.</para>
  </refsect1>

  <refsect1>
    <title>Kernel Command Line</title>

    <para>When run as the system instance, systemd parses a number of options listed below. They can be
    specified as kernel command line arguments which are parsed from a number of sources depending on the
    environment in which systemd is executed. If run inside a Linux container, these options are parsed from
    the command line arguments passed to systemd itself, next to any of the command line options listed in
    the Options section above. If run outside of Linux containers, these arguments are parsed from
    <filename>/proc/cmdline</filename> and from the <literal>SystemdOptions</literal> EFI variable
    (on EFI systems) instead. Options from <filename>/proc/cmdline</filename> have higher priority.</para>

    <para>Note: use of <literal>SystemdOptions</literal> is deprecated.</para>

    <para>The following variables are understood:</para>

    <variablelist class='kernel-commandline-options'>
      <varlistentry>
        <term><varname>systemd.unit=</varname></term>
        <term><varname>rd.systemd.unit=</varname></term>

        <listitem><para>Overrides the unit to activate on boot.  Defaults to
        <filename>default.target</filename>. This may be used to temporarily boot into a different boot unit,
        for example <filename>rescue.target</filename> or <filename>emergency.service</filename>. See
        <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>
        for details about these units. The option prefixed with <literal>rd.</literal> is honored only in the
        initrd, while the one that is not prefixed only in the main system.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.dump_core</varname></term>

        <listitem><para>Takes a boolean argument or enables the option if specified
        without an argument. If enabled, the systemd manager (PID 1) dumps core when
        it crashes. Otherwise, no core dump is created. Defaults to enabled.</para>

        <xi:include href="version-info.xml" xpointer="v233"/>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.crash_chvt</varname></term>

        <listitem><para>Takes a positive integer, or a boolean argument. Can be also specified without an
        argument, with the same effect as a positive boolean. If a positive integer (in the range 1–63) is
        specified, the system manager (PID 1) will activate the specified virtual terminal when it crashes.
        Defaults to disabled, meaning that no such switch is attempted. If set to enabled, the virtual
        terminal the kernel messages are written to is used instead.</para>

        <xi:include href="version-info.xml" xpointer="v233"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.crash_shell</varname></term>

        <listitem><para>Takes a boolean argument or enables the option if specified
        without an argument. If enabled, the system manager (PID 1) spawns a shell
        when it crashes, after a 10s delay. Otherwise, no shell is spawned. Defaults
        to disabled, for security reasons, as the shell is not protected by password
        authentication.</para>

        <xi:include href="version-info.xml" xpointer="v233"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.crash_action=</varname></term>

        <listitem><para>Takes one of <literal>freeze</literal>, <literal>reboot</literal> or
        <literal>poweroff</literal>. Defaults to <literal>freeze</literal>. If set to
        <literal>freeze</literal>, the system will hang indefinitely when the system manager (PID 1) crashes.
        If set to <literal>reboot</literal>, the system manager (PID 1) will reboot the machine automatically
        when it crashes, after a 10s delay. If set to <literal>poweroff</literal>, the system manager (PID 1)
        will power off the machine immediately when it crashes. If combined with
        <varname>systemd.crash_shell</varname>, the configured crash action is executed after the shell
        exits.</para>

        <xi:include href="version-info.xml" xpointer="v256"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.confirm_spawn</varname></term>

        <listitem><para>Takes a boolean argument or a path to the virtual console
        where the confirmation messages should be emitted. Can be also specified
        without an argument, with the same effect as a positive boolean. If enabled,
        the system manager (PID 1) asks for confirmation when spawning processes
        using <option>/dev/console</option>. If a path or a console name (such as
        <literal>ttyS0</literal>) is provided, the virtual console pointed to by this
        path or described by the give name will be used instead. Defaults to disabled.
        </para>

        <xi:include href="version-info.xml" xpointer="v233"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.service_watchdogs=</varname></term>

        <listitem><para>Takes a boolean argument. If disabled, all service runtime
        watchdogs (<option>WatchdogSec=</option>) and emergency actions (e.g.
        <option>OnFailure=</option> or <option>StartLimitAction=</option>) are
        ignored by the system manager (PID 1); see
        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
        Defaults to enabled, i.e. watchdogs and failure actions are processed
        normally. The hardware watchdog is not affected by this
        option.</para>

        <xi:include href="version-info.xml" xpointer="v237"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.show_status</varname></term>

        <listitem><para>Takes a boolean argument or the constants <constant>error</constant> and
        <constant>auto</constant>. Can be also specified without an argument, with the same effect as a
        positive boolean. If enabled, the systemd manager (PID 1) shows terse service status updates on the
        console during bootup. With <constant>error</constant>, only messages about failures are shown, but
        boot is otherwise quiet. <constant>auto</constant> behaves like <option>false</option> until there is
        a significant delay in boot. Defaults to enabled, unless <option>quiet</option> is passed as kernel
        command line option, in which case it defaults to <constant>error</constant>. If specified overrides
        the system manager configuration file option <option>ShowStatus=</option>, see
        <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
        </para>

        <xi:include href="version-info.xml" xpointer="v233"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.status_unit_format=</varname></term>

        <listitem><para>Takes <option>name</option>, <option>description</option> or
        <option>combined</option> as the value. If <option>name</option>, the system manager will use unit
        names in status messages. If <option>combined</option>, the system manager will use unit names and
        description in status messages. When specified, overrides the system manager configuration file
        option <option>StatusUnitFormat=</option>, see
        <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
        </para>

        <xi:include href="version-info.xml" xpointer="v243"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.log_color</varname></term>
        <term><varname>systemd.log_level=</varname></term>
        <term><varname>systemd.log_location</varname></term>
        <term><varname>systemd.log_target=</varname></term>
        <term><varname>systemd.log_time</varname></term>
        <term><varname>systemd.log_tid</varname></term>
        <term><varname>systemd.log_ratelimit_kmsg</varname></term>

        <listitem><para>Controls log output, with the same effect as the
        <varname>$SYSTEMD_LOG_COLOR</varname>, <varname>$SYSTEMD_LOG_LEVEL</varname>,
        <varname>$SYSTEMD_LOG_LOCATION</varname>, <varname>$SYSTEMD_LOG_TARGET</varname>,
        <varname>$SYSTEMD_LOG_TIME</varname>, <varname>$SYSTEMD_LOG_TID</varname> and
        <varname>$SYSTEMD_LOG_RATELIMIT_KMSG</varname> environment variables described above.
        <varname>systemd.log_color</varname>, <varname>systemd.log_location</varname>,
        <varname>systemd.log_time</varname>, <varname>systemd.log_tid</varname> and
        <varname>systemd.log_ratelimit_kmsg</varname> can be specified without
        an argument, with the same effect as a positive boolean.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.default_standard_output=</varname></term>
        <term><varname>systemd.default_standard_error=</varname></term>

        <listitem><para>Controls default standard output and error output for services and sockets. That is,
        controls the default for <option>StandardOutput=</option> and <option>StandardError=</option> (see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
        details). Takes one of <option>inherit</option>, <option>null</option>, <option>tty</option>,
        <option>journal</option>, <option>journal+console</option>, <option>kmsg</option>,
        <option>kmsg+console</option>. If the argument is omitted
        <varname>systemd.default-standard-output=</varname> defaults to <option>journal</option> and
        <varname>systemd.default-standard-error=</varname> to <option>inherit</option>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.setenv=</varname></term>

        <listitem><para>Takes a string argument in the form
        VARIABLE=VALUE. May be used to set default environment
        variables to add to forked child processes. May be used more
        than once to set multiple variables.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.machine_id=</varname></term>

        <listitem><para>Takes a 32 character hex value to be
        used for setting the machine-id. Intended mostly for
        network booting where the same machine-id is desired
        for every boot.</para>

        <xi:include href="version-info.xml" xpointer="v229"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.set_credential=</varname></term>
        <term><varname>systemd.set_credential_binary=</varname></term>

        <listitem><para>Sets a system credential, which can then be propagated to system services using the
        <varname>ImportCredential=</varname> or <varname>LoadCredential=</varname> setting, see
        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
        details. Takes a pair of credential name and value, separated by a colon. The
        <varname>systemd.set_credential=</varname> parameter expects the credential value in literal text
        form, the <varname>systemd.set_credential_binary=</varname> parameter takes binary data encoded in
        Base64. Note that the kernel command line is typically accessible by unprivileged programs in
        <filename>/proc/cmdline</filename>. Thus, this mechanism is not suitable for transferring sensitive
        data. Use it only for data that is not sensitive (e.g. public keys/certificates, rather than private
        keys), or in testing/debugging environments.</para>

        <para>For further information see <ulink url="https://systemd.io/CREDENTIALS">System and Service
        Credentials</ulink> documentation.</para>

        <xi:include href="version-info.xml" xpointer="v251"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>systemd.import_credentials=</varname></term>

        <listitem><para>Takes a boolean argument. If false disables importing credentials from the kernel
        command line, the DMI/SMBIOS OEM string table, the qemu_fw_cfg subsystem or the EFI kernel
        stub.</para>

        <xi:include href="version-info.xml" xpointer="v251"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>quiet</varname></term>

        <listitem><para>Turn off status output at boot, much like
        <varname>systemd.show_status=no</varname> would. Note that
        this option is also read by the kernel itself and disables
        kernel log output. Passing this option hence turns off the
        usual output from both the system manager and the kernel.
        </para>

        <xi:include href="version-info.xml" xpointer="v186"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>debug</varname></term>

        <listitem><para>Turn on debugging output. This is equivalent
        to <varname>systemd.log_level=debug</varname>. Note that this
        option is also read by the kernel itself and enables kernel
        debug output. Passing this option hence turns on the debug
        output from both the system manager and the
        kernel.</para>

        <xi:include href="version-info.xml" xpointer="v205"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>emergency</varname></term>
        <term><varname>rd.emergency</varname></term>
        <term><varname>-b</varname></term>

        <listitem><para>Boot into emergency mode. This is equivalent
        to <varname>systemd.unit=emergency.target</varname> or
        <varname>rd.systemd.unit=emergency.target</varname>, respectively, and
        provided for compatibility reasons and to be easier to type.</para>

        <xi:include href="version-info.xml" xpointer="v186"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>rescue</varname></term>
        <term><varname>rd.rescue</varname></term>
        <term><varname>single</varname></term>
        <term><varname>s</varname></term>
        <term><varname>S</varname></term>
        <term><varname>1</varname></term>

        <listitem><para>Boot into rescue mode. This is equivalent to
        <varname>systemd.unit=rescue.target</varname> or
        <varname>rd.systemd.unit=rescue.target</varname>, respectively, and
        provided for compatibility reasons and to be easier to type.</para>

        <xi:include href="version-info.xml" xpointer="v186"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>2</varname></term>
        <term><varname>3</varname></term>
        <term><varname>4</varname></term>
        <term><varname>5</varname></term>

        <listitem><para>Boot into the specified legacy SysV runlevel.
        These are equivalent to
        <varname>systemd.unit=runlevel2.target</varname>,
        <varname>systemd.unit=runlevel3.target</varname>,
        <varname>systemd.unit=runlevel4.target</varname>, and
        <varname>systemd.unit=runlevel5.target</varname>,
        respectively, and provided for compatibility reasons and to be
        easier to type.</para>

        <xi:include href="version-info.xml" xpointer="v186"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>locale.LANG=</varname></term>
        <term><varname>locale.LANGUAGE=</varname></term>
        <term><varname>locale.LC_CTYPE=</varname></term>
        <term><varname>locale.LC_NUMERIC=</varname></term>
        <term><varname>locale.LC_TIME=</varname></term>
        <term><varname>locale.LC_COLLATE=</varname></term>
        <term><varname>locale.LC_MONETARY=</varname></term>
        <term><varname>locale.LC_MESSAGES=</varname></term>
        <term><varname>locale.LC_PAPER=</varname></term>
        <term><varname>locale.LC_NAME=</varname></term>
        <term><varname>locale.LC_ADDRESS=</varname></term>
        <term><varname>locale.LC_TELEPHONE=</varname></term>
        <term><varname>locale.LC_MEASUREMENT=</varname></term>
        <term><varname>locale.LC_IDENTIFICATION=</varname></term>

        <listitem><para>Set the system locale to use. This overrides
        the settings in <filename>/etc/locale.conf</filename>. For
        more information, see
        <citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        and
        <citerefentry project='man-pages'><refentrytitle>locale</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
        </para>

        <xi:include href="version-info.xml" xpointer="v186"/></listitem>
      </varlistentry>
    </variablelist>

    <para>For other kernel command line parameters understood by
    components of the core OS, please refer to
    <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
  </refsect1>

  <refsect1>
    <title>System Credentials</title>

    <para>During initialization the service manager will import credentials from various sources into the
    system's set of credentials, which can then be propagated into services and consumed by
    generators:</para>

    <itemizedlist>
      <listitem><para>When the service manager first initializes it will read system credentials from SMBIOS
      Type 11 vendor strings
      <varname>io.systemd.credential:<replaceable>name</replaceable>=<replaceable>value</replaceable></varname>,
      and
      <varname>io.systemd.credential.binary:<replaceable>name</replaceable>=<replaceable>value</replaceable></varname>.</para></listitem>

      <listitem><para>At the same time it will import credentials from QEMU <literal>fw_cfg</literal>. (Note
      that the SMBIOS mechanism is generally preferred, because it is faster and generic.)</para></listitem>

      <listitem><para>Credentials may be passed via the kernel command line, using the
      <varname>systemd.set-credential=</varname> parameter, see above.</para></listitem>

      <listitem><para>Credentials may be passed from the UEFI environment via
      <citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para></listitem>

      <listitem><para>When the service manager is invoked during the initrd → host transition it will import
      all files in <filename>/run/credentials/@initrd/</filename> as system credentials.</para></listitem>
    </itemizedlist>

    <para>Invoke
    <citerefentry><refentrytitle>systemd-creds</refentrytitle><manvolnum>1</manvolnum></citerefentry> as
    follows to see the list of credentials passed into the system:</para>

    <programlisting># systemd-creds --system list</programlisting>

    <para>For further information see <ulink url="https://systemd.io/CREDENTIALS">System and Service
    Credentials</ulink> documentation.</para>

    <para>The service manager when run as PID 1 consumes the following system credentials:</para>

    <variablelist class='system-credentials'>
      <varlistentry>
        <term><varname>vmm.notify_socket</varname></term>
        <listitem>
          <para>Contains a <constant>AF_VSOCK</constant> or <constant>AF_UNIX</constant> address where to
          send a <constant>READY=1</constant> notification message when the service manager has completed
          booting. See
          <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry> and
          the next section for more information. Note that in case the hypervisor does not support
          <constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
          <constant>SOCK_SEQPACKET</constant> will be tried instead. The credential payload for
          <constant>AF_VSOCK</constant> should be a string in the form
          <literal>vsock:CID:PORT</literal>. <literal>vsock-stream</literal>, <literal>vsock-dgram</literal>
          and <literal>vsock-seqpacket</literal> can be used instead of <literal>vsock</literal> to force
          usage of the corresponding socket type.</para>

          <para>This feature is useful for machine managers or other processes on the host to receive a
          notification via VSOCK when a virtual machine has finished booting.</para>

          <xi:include href="version-info.xml" xpointer="v254"/>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>system.machine_id</varname></term>
        <listitem>
          <para>Takes a 128bit hexadecimal ID to initialize <filename>/etc/machine-id</filename> from, if the
          file is not set up yet. See
          <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
          details.</para>

        <xi:include href="version-info.xml" xpointer="v254"/>
        </listitem>
      </varlistentry>
    </variablelist>

    <para>For a list of system credentials various other components of systemd consume, see
    <citerefentry><refentrytitle>systemd.system-credentials</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
  </refsect1>

  <refsect1>
    <title>Readiness Protocol</title>

    <para>The service manager implements a readiness notification protocol both between the manager and its
    services (i.e. down the stack), and between the manager and a potential supervisor further up the stack
    (the latter could be a machine or container manager, or in case of a per-user service manager the system
    service manager instance). The basic protocol (and the suggested API for it) is described in
    <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>

    <para>The notification socket the service manager (including PID 1) uses for reporting readiness to its
    own supervisor is set via the usual <varname>$NOTIFY_SOCKET</varname> environment variable (see
    above). Since this is directly settable only for container managers and for the per-user instance of the
    service manager, an additional mechanism to configure this is available, in particular intended for use
    in VM environments: the <varname>vmm.notify_socket</varname> system credential (see above) may be set to
    a suitable socket (typically an <constant>AF_VSOCK</constant> one) via SMBIOS Type 11 vendor strings. For
    details see above.</para>

    <para>The notification protocol from the service manager up the stack towards a supervisor supports a
    number of extension fields that allow a supervisor to learn about specific properties of the system and
    track its boot progress. Specifically the following fields are sent:</para>

    <itemizedlist>
      <listitem><para>An <varname>X_SYSTEMD_HOSTNAME=…</varname> message will be sent out once the initial
      hostname for the system has been determined. Note that during later runtime the hostname might be
      changed again programmatically, and (currently) no further notifications are sent out in that case.</para>

      <xi:include href="version-info.xml" xpointer="v256"/></listitem>

      <listitem><para>An <varname>X_SYSTEMD_MACHINE_ID=…</varname> message will be sent out once the machine
      ID of the system has been determined. See
      <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
      details.</para>

      <xi:include href="version-info.xml" xpointer="v256"/></listitem>

      <listitem><para>An <varname>X_SYSTEMD_SIGNALS_LEVEL=…</varname> message will be sent out once the
      service manager installed the various UNIX process signal handlers described above. The field's value
      is an unsigned integer formatted as decimal string, and indicates the supported UNIX process signal
      feature level of the service manager. Currently, only a single feature level is defined:</para>

      <itemizedlist>
        <listitem><para><varname>X_SYSTEMD_SIGNALS_LEVEL=2</varname> covers the various UNIX process signals
        documented above – which are a superset of those supported by the historical SysV init
        system.</para></listitem>
      </itemizedlist>

      <para>Signals sent to PID 1 before this message is sent might not be handled correctly yet. A consumer
      of these messages should parse the value as an unsigned integer indication the level of support. For
      now only the mentioned level 2 is defined, but later on additional levels might be defined with higher
      integers, that will implement a superset of the currently defined behaviour.</para>

      <xi:include href="version-info.xml" xpointer="v256"/></listitem>

      <listitem><para><varname>X_SYSTEMD_UNIT_ACTIVE=…</varname> and
      <varname>X_SYSTEMD_UNIT_INACTIVE=…</varname> messages will be sent out for each target unit as it
      becomes active or stops being active. This is useful to track boot progress and functionality. For
      example, once the <filename>ssh-access.target</filename> unit is reported started SSH access is
      typically available, see
      <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
      details.</para>

      <xi:include href="version-info.xml" xpointer="v256"/></listitem>

      <listitem><para>An <varname>X_SYSTEMD_SHUTDOWN=…</varname> message will be sent out very shortly before
      the system shuts down. The value is one of the strings <literal>reboot</literal>,
      <literal>halt</literal>, <literal>poweroff</literal>, <literal>kexec</literal> and indicates which kind
      of shutdown is being executed.</para>

      <xi:include href="version-info.xml" xpointer="v256"/></listitem>

      <listitem><para>An <varname>X_SYSTEMD_REBOOT_PARAMETER=…</varname> message will also be sent out very
      shortly before the system shuts down. Its value is the reboot argument as configured with
      <command>systemctl --reboot-argument=…</command>.</para>

      <xi:include href="version-info.xml" xpointer="v256"/></listitem>
    </itemizedlist>

    <para>Note that these extension fields are sent in addition to the regular <literal>READY=1</literal> and
    <literal>RELOADING=1</literal> notifications.</para>
  </refsect1>

  <refsect1>
    <title>Options</title>

    <para><command>systemd</command> is only very rarely invoked directly, since it is started early and is
    already running by the time users may interact with it. Normally, tools like
    <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> are used to
    give commands to the manager. Since <command>systemd</command> is usually not invoked directly, the
    options listed below are mostly useful for debugging and special purposes.</para>

    <refsect2>
      <title>Introspection and debugging options</title>

      <para>Those options are used for testing and introspection, and <command>systemd</command> may
      be invoked with them at any time:</para>

      <variablelist>
        <varlistentry>
          <term><option>--dump-configuration-items</option></term>

          <listitem><para>Dump understood unit configuration items. This outputs a terse but complete list of
          configuration items understood in unit definition files.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--dump-bus-properties</option></term>

          <listitem><para>Dump exposed bus properties. This outputs a terse but complete list of properties
          exposed on D-Bus.</para>

          <xi:include href="version-info.xml" xpointer="v239"/></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--test</option></term>

          <listitem><para>Determine the initial start-up transaction (i.e. the list of jobs enqueued at
          start-up), dump it and exit — without actually executing any of the determined jobs. This option is
          useful for debugging only. Note that during regular service manager start-up additional units not
          shown by this operation may be started, because hardware, socket, bus or other kinds of activation
          might add additional jobs as the transaction is executed. Use <option>--system</option> to request
          the initial transaction of the system service manager (this is also the implied default), combine
          with <option>--user</option> to request the initial transaction of the per-user service manager
          instead.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--system</option></term>
          <term><option>--user</option></term>

          <listitem><para>When used in conjunction with <option>--test</option>, selects whether to calculate
          the initial transaction for the system instance or for a per-user instance. These options have no
          effect when invoked without <option>--test</option>, as during regular
          (i.e. non-<option>--test</option>) invocations the service manager will automatically detect
          whether it shall operate in system or per-user mode, by checking whether the PID it is run as is 1
          or not. Note that it is not supported booting and maintaining a system with the service manager
          running in <option>--system</option> mode but with a PID other than 1.</para></listitem>
        </varlistentry>

        <xi:include href="standard-options.xml" xpointer="help" />
        <xi:include href="standard-options.xml" xpointer="version" />
      </variablelist>
    </refsect2>

    <refsect2>
      <title>Options that duplicate kernel command line settings</title>

      <para>Those options correspond directly to options listed above in "Kernel Command Line". Both forms
      may be used equivalently for the system manager, but it is recommended to use the forms listed above in
      this context, because they are properly namespaced. When an option is specified both on the kernel
      command line and as a normal command line argument, the latter has higher precedence.</para>

      <para>When <command>systemd</command> is used as a user manager, the kernel command line is ignored and
      only the options described below are understood. Nevertheless, <command>systemd</command> is usually
      started in this mode through the
      <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      service, which is shared between all users. It may be more convenient to use configuration files to
      modify settings (see
      <citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
      or environment variables. See the "Environment" section above for a discussion of how the environment
      block is set.</para>

      <variablelist>
        <varlistentry>
          <term><option>--unit=</option></term>

          <listitem><para>Set default unit to activate on startup. If not specified, defaults to
          <filename>default.target</filename>. See <varname>systemd.unit=</varname> above.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--dump-core</option></term>

          <listitem><para>Enable core dumping on crash. This switch has no effect when running as user
          instance. Same as <varname>systemd.dump_core=</varname> above.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--crash-vt=<replaceable>VT</replaceable></option></term>

          <listitem><para>Switch to a specific virtual console (VT) on crash. This switch has no effect when
          running as user instance. Same as <varname>systemd.crash_chvt=</varname> above (but not the
          different spelling!).</para>

          <xi:include href="version-info.xml" xpointer="v227"/></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--crash-shell</option></term>

          <listitem><para>Run a shell on crash. This switch has no effect when running as user instance. See
          <varname>systemd.crash_shell=</varname> above.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--crash-action=</option></term>

          <listitem><para>Specify what to do when the system manager (PID 1) crashes. This switch has no
          effect when systemd is running as user instance. See <varname>systemd.crash_action=</varname>
          above.</para>

          <xi:include href="version-info.xml" xpointer="v256"/></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--confirm-spawn</option></term>

          <listitem><para>Ask for confirmation when spawning processes. This switch has no effect when run as
          user instance. See <varname>systemd.confirm_spawn</varname> above.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--show-status</option></term>

          <listitem><para>Show terse unit status information on the console during boot-up and shutdown. See
          <varname>systemd.show_status</varname> above.</para>

          <xi:include href="version-info.xml" xpointer="v244"/></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--log-color</option></term>

          <listitem><para>Highlight important log messages. See <varname>systemd.log_color</varname> above.
          </para>

          <xi:include href="version-info.xml" xpointer="v244"/></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--log-level=</option></term>

          <listitem><para>Set log level. See <varname>systemd.log_level</varname> above.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--log-location</option></term>

          <listitem><para>Include code location in log messages. See <varname>systemd.log_location</varname>
          above.</para>

          <xi:include href="version-info.xml" xpointer="v244"/></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--log-target=</option></term>

          <listitem><para>Set log target. See <varname>systemd.log_target</varname> above.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--log-time=</option></term>

          <listitem><para>Prefix console messages with timestamp. See <varname>systemd.log_time</varname> above.
          </para>

          <xi:include href="version-info.xml" xpointer="v246"/></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--machine-id=</option></term>

          <listitem><para>Override the machine-id set on the hard drive. See
          <varname>systemd.machine_id=</varname> above.</para>

          <xi:include href="version-info.xml" xpointer="v229"/></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--service-watchdogs</option></term>

          <listitem><para>Globally enable/disable all service watchdog timeouts and emergency actions. See
          <varname>systemd.service_watchdogs</varname> above.</para>

          <xi:include href="version-info.xml" xpointer="v237"/></listitem>
        </varlistentry>

        <varlistentry>
          <term><option>--default-standard-output=</option></term>
          <term><option>--default-standard-error=</option></term>

          <listitem><para>Sets the default output or error output for all services and sockets,
          respectively. See <varname>systemd.default_standard_output=</varname> and
          <varname>systemd.default_standard_error=</varname> above.</para></listitem>
        </varlistentry>
      </variablelist>
    </refsect2>
  </refsect1>

  <refsect1>
    <title>Sockets and FIFOs</title>

    <variablelist>
      <varlistentry>
        <term><filename>/run/systemd/notify</filename></term>

        <listitem><para>Daemon status notification socket. This is an
        <constant>AF_UNIX</constant> datagram socket and is used to
        implement the daemon notification logic as implemented by
        <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para></listitem>

      </varlistentry>

      <varlistentry>
        <term><filename>/run/systemd/private</filename></term>

        <listitem><para>Used internally as communication channel
        between
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        and the systemd process. This is an
        <constant>AF_UNIX</constant> stream socket. This interface is
        private to systemd and should not be used in external
        projects.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><filename>/dev/initctl</filename></term>

        <listitem><para>Limited compatibility support for the SysV
        client interface, as implemented by the
        <filename>systemd-initctl.service</filename> unit. This is a
        named pipe in the file system. This interface is obsolete and
        should not be used in new applications.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
      <title>History</title>

      <variablelist>
        <varlistentry>
          <term>systemd 252</term>
          <listitem><para>Kernel command-line arguments <varname>systemd.unified_cgroup_hierarchy</varname>
          and <varname>systemd.legacy_systemd_cgroup_controller</varname> were deprecated. Please switch to
          the unified cgroup hierarchy.</para>

          <xi:include href="version-info.xml" xpointer="v252"/></listitem>
        </varlistentry>
      </variablelist>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para><simplelist type="inline">
      <member>The <ulink url="https://systemd.io/">systemd Homepage</ulink></member>
      <member><citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
      <member><citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemd-notify</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
      <member><citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
      <member><citerefentry project='man-pages'><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
    </simplelist></para>

    <para>For more information about the concepts and
    ideas behind systemd, please refer to the
    <ulink url="https://0pointer.de/blog/projects/systemd.html">Original Design Document</ulink>.</para>
  </refsect1>

</refentry>