mirror of
https://git.proxmox.com/git/systemd
synced 2026-01-21 12:36:02 +00:00
263 lines
24 KiB
HTML
263 lines
24 KiB
HTML
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>systemd-system.conf</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
|
|
a.headerlink {
|
|
color: #c60f0f;
|
|
font-size: 0.8em;
|
|
padding: 0 4px 0 4px;
|
|
text-decoration: none;
|
|
visibility: hidden;
|
|
}
|
|
|
|
a.headerlink:hover {
|
|
background-color: #c60f0f;
|
|
color: white;
|
|
}
|
|
|
|
h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
|
|
visibility: visible;
|
|
}
|
|
</style><a href="index.html">Index </a>·
|
|
<a href="systemd.directives.html">Directives </a>·
|
|
<a href="../python-systemd/index.html">Python </a>·
|
|
<a href="../libudev/index.html">libudev </a>·
|
|
<a href="../libudev/index.html">gudev </a><span style="float:right">systemd 214</span><hr><div class="refentry"><a name="systemd-system.conf"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>systemd-system.conf, systemd-user.conf — System and session service manager configuration file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">/etc/systemd/system.conf</code></p><p><code class="filename">/etc/systemd/user.conf</code></p></div><div class="refsect1"><a name="idm214192577744"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description">¶</a></h2><p>When run as system instance systemd reads the
|
|
configuration file <code class="filename">system.conf</code>,
|
|
otherwise <code class="filename">user.conf</code>. These
|
|
configuration files contain a few settings controlling
|
|
basic manager operations.</p></div><div class="refsect1"><a name="idm214192574992"></a><h2 id="Options">Options<a class="headerlink" title="Permalink to this headline" href="#Options">¶</a></h2><p>All options are configured in the
|
|
"<code class="literal">[Manager]</code>" section:</p><div class="variablelist"><dl class="variablelist"><dt id="LogLevel="><span class="term"><code class="varname">LogLevel=</code>, </span><span class="term"><code class="varname">LogTarget=</code>, </span><span class="term"><code class="varname">LogColor=</code>, </span><span class="term"><code class="varname">LogLocation=</code>, </span><span class="term"><code class="varname">DumpCore=yes</code>, </span><span class="term"><code class="varname">CrashShell=no</code>, </span><span class="term"><code class="varname">ShowStatus=yes</code>, </span><span class="term"><code class="varname">CrashChVT=1</code>, </span><span class="term"><code class="varname">DefaultStandardOutput=journal</code>, </span><span class="term"><code class="varname">DefaultStandardError=inherit</code></span><a class="headerlink" title="Permalink to this term" href="#LogLevel=">¶</a></dt><dd><p>Configures various
|
|
parameters of basic manager
|
|
operation. These options may be
|
|
overridden by the respective command
|
|
line arguments. See
|
|
<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>
|
|
for details about these command line
|
|
arguments.</p></dd><dt id="CPUAffinity="><span class="term"><code class="varname">CPUAffinity=</code></span><a class="headerlink" title="Permalink to this term" href="#CPUAffinity=">¶</a></dt><dd><p>Configures the initial
|
|
CPU affinity for the init
|
|
process. Takes a space-separated list
|
|
of CPU indices.</p></dd><dt id="JoinControllers=cpu,cpuacct net_cls,netprio"><span class="term"><code class="varname">JoinControllers=cpu,cpuacct net_cls,netprio</code></span><a class="headerlink" title="Permalink to this term" href="#JoinControllers=cpu,cpuacct%20net_cls,netprio">¶</a></dt><dd><p>Configures controllers
|
|
that shall be mounted in a single
|
|
hierarchy. By default, systemd will
|
|
mount all controllers which are
|
|
enabled in the kernel in individual
|
|
hierarchies, with the exception of
|
|
those listed in this setting. Takes a
|
|
space-separated list of comma-separated
|
|
controller names, in order
|
|
to allow multiple joined
|
|
hierarchies. Defaults to
|
|
'cpu,cpuacct'. Pass an empty string to
|
|
ensure that systemd mounts all
|
|
controllers in separate
|
|
hierarchies.</p><p>Note that this option is only
|
|
applied once, at very early boot. If
|
|
you use an initial RAM disk (initrd)
|
|
that uses systemd, it might hence be
|
|
necessary to rebuild the initrd if
|
|
this option is changed, and make sure
|
|
the new configuration file is included
|
|
in it. Otherwise, the initrd might
|
|
mount the controller hierarchies in a
|
|
different configuration than intended,
|
|
and the main system cannot remount
|
|
them anymore.</p></dd><dt id="RuntimeWatchdogSec="><span class="term"><code class="varname">RuntimeWatchdogSec=</code>, </span><span class="term"><code class="varname">ShutdownWatchdogSec=</code></span><a class="headerlink" title="Permalink to this term" href="#RuntimeWatchdogSec=">¶</a></dt><dd><p>Configure the hardware
|
|
watchdog at runtime and at
|
|
reboot. Takes a timeout value in
|
|
seconds (or in other time units if
|
|
suffixed with "<code class="literal">ms</code>",
|
|
"<code class="literal">min</code>",
|
|
"<code class="literal">h</code>",
|
|
"<code class="literal">d</code>",
|
|
"<code class="literal">w</code>"). If
|
|
<code class="varname">RuntimeWatchdogSec=</code>
|
|
is set to a non-zero value, the
|
|
watchdog hardware
|
|
(<code class="filename">/dev/watchdog</code>)
|
|
will be programmed to automatically
|
|
reboot the system if it is not
|
|
contacted within the specified timeout
|
|
interval. The system manager will
|
|
ensure to contact it at least once in
|
|
half the specified timeout
|
|
interval. This feature requires a
|
|
hardware watchdog device to be
|
|
present, as it is commonly the case in
|
|
embedded and server systems. Not all
|
|
hardware watchdogs allow configuration
|
|
of the reboot timeout, in which case
|
|
the closest available timeout is
|
|
picked. <code class="varname">ShutdownWatchdogSec=</code>
|
|
may be used to configure the hardware
|
|
watchdog when the system is asked to
|
|
reboot. It works as a safety net to
|
|
ensure that the reboot takes place
|
|
even if a clean reboot attempt times
|
|
out. By default
|
|
<code class="varname">RuntimeWatchdogSec=</code>
|
|
defaults to 0 (off), and
|
|
<code class="varname">ShutdownWatchdogSec=</code>
|
|
to 10min. These settings have no
|
|
effect if a hardware watchdog is not
|
|
available.</p></dd><dt id="CapabilityBoundingSet="><span class="term"><code class="varname">CapabilityBoundingSet=</code></span><a class="headerlink" title="Permalink to this term" href="#CapabilityBoundingSet=">¶</a></dt><dd><p>Controls which
|
|
capabilities to include in the
|
|
capability bounding set for PID 1 and
|
|
its children. See
|
|
<a href="capabilities.html"><span class="citerefentry"><span class="refentrytitle">capabilities</span>(7)</span></a>
|
|
for details. Takes a whitespace-separated
|
|
list of capability names as read by
|
|
<a href="cap_from_name.html"><span class="citerefentry"><span class="refentrytitle">cap_from_name</span>(3)</span></a>.
|
|
Capabilities listed will be included
|
|
in the bounding set, all others are
|
|
removed. If the list of capabilities
|
|
is prefixed with ~, all but the listed
|
|
capabilities will be included, the
|
|
effect of the assignment
|
|
inverted. Note that this option also
|
|
affects the respective capabilities in
|
|
the effective, permitted and
|
|
inheritable capability sets. The
|
|
capability bounding set may also be
|
|
individually configured for units
|
|
using the
|
|
<code class="varname">CapabilityBoundingSet=</code>
|
|
directive for units, but note that
|
|
capabilities dropped for PID 1 cannot
|
|
be regained in individual units, they
|
|
are lost for good.</p></dd><dt id="SystemCallArchitectures="><span class="term"><code class="varname">SystemCallArchitectures=</code></span><a class="headerlink" title="Permalink to this term" href="#SystemCallArchitectures=">¶</a></dt><dd><p>Takes a
|
|
space-separated list of architecture
|
|
identifiers. Selects from which
|
|
architectures system calls may be
|
|
invoked on this system. This may be
|
|
used as an effective way to disable
|
|
invocation of non-native binaries
|
|
system-wide, for example to prohibit
|
|
execution of 32-bit x86 binaries on
|
|
64-bit x86-64 systems. This option
|
|
operates system-wide, and acts
|
|
similar to the
|
|
<code class="varname">SystemCallArchitectures=</code>
|
|
setting of unit files, see
|
|
<a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>
|
|
for details. This setting defaults to
|
|
the empty list, in which case no
|
|
filtering of system calls based on
|
|
architecture is applied. Known
|
|
architecture identifiers are
|
|
"<code class="literal">x86</code>",
|
|
"<code class="literal">x86-64</code>",
|
|
"<code class="literal">x32</code>",
|
|
"<code class="literal">arm</code>" and the special
|
|
identifier
|
|
"<code class="literal">native</code>". The latter
|
|
implicitly maps to the native
|
|
architecture of the system (or more
|
|
specifically, the architecture the
|
|
system manager was compiled for). Set
|
|
this setting to
|
|
"<code class="literal">native</code>" to prohibit
|
|
execution of any non-native
|
|
binaries. When a binary executes a
|
|
system call of an architecture that is
|
|
not listed in this setting, it will be
|
|
immediately terminated with the SIGSYS
|
|
signal.</p></dd><dt id="TimerSlackNSec="><span class="term"><code class="varname">TimerSlackNSec=</code></span><a class="headerlink" title="Permalink to this term" href="#TimerSlackNSec=">¶</a></dt><dd><p>Sets the timer slack
|
|
in nanoseconds for PID 1, which is
|
|
inherited by all executed processes,
|
|
unless overridden individually, for
|
|
example with the
|
|
<code class="varname">TimerSlackNSec=</code>
|
|
setting in service units (for details
|
|
see
|
|
<a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>). The
|
|
timer slack controls the accuracy of
|
|
wake-ups triggered by system
|
|
timers. See
|
|
<a href="prctl.html"><span class="citerefentry"><span class="refentrytitle">prctl</span>(2)</span></a>
|
|
for more information. Note that in
|
|
contrast to most other time span
|
|
definitions this parameter takes an
|
|
integer value in nano-seconds if no
|
|
unit is specified. The usual time
|
|
units are understood
|
|
too.</p></dd><dt id="DefaultTimerAccuracySec="><span class="term"><code class="varname">DefaultTimerAccuracySec=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultTimerAccuracySec=">¶</a></dt><dd><p>Sets the default
|
|
accuracy of timer units. This controls
|
|
the global default for the
|
|
<code class="varname">AccuracySec=</code>
|
|
setting of timer units, see
|
|
<a href="systemd.timer.html"><span class="citerefentry"><span class="refentrytitle">systemd.timer</span>(5)</span></a>
|
|
for
|
|
details. <code class="varname">AccuracySec=</code>
|
|
set in individual units override the
|
|
global default for the specific
|
|
unit. Defaults to 1min. Note that the
|
|
accuracy of timer units is also
|
|
affected by the configured timer slack
|
|
for PID 1, see
|
|
<code class="varname">TimerSlackNSec=</code>
|
|
above.</p></dd><dt id="DefaultTimeoutStartSec="><span class="term"><code class="varname">DefaultTimeoutStartSec=</code>, </span><span class="term"><code class="varname">DefaultTimeoutStopSec=</code>, </span><span class="term"><code class="varname">DefaultRestartSec=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultTimeoutStartSec=">¶</a></dt><dd><p>Configures the default
|
|
timeouts for starting and stopping of
|
|
units, as well as the default time to
|
|
sleep between automatic restarts of
|
|
units, as configured per-unit in
|
|
<code class="varname">TimeoutStartSec=</code>,
|
|
<code class="varname">TimeoutStopSec=</code> and
|
|
<code class="varname">RestartSec=</code> (for
|
|
services, see
|
|
<a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>
|
|
for details on the per-unit
|
|
settings). For non-service units,
|
|
<code class="varname">DefaultTimeoutStartSec=</code>
|
|
sets the default
|
|
<code class="varname">TimeoutSec=</code> value.
|
|
</p></dd><dt id="DefaultStartLimitInterval="><span class="term"><code class="varname">DefaultStartLimitInterval=</code>, </span><span class="term"><code class="varname">DefaultStartLimitBurst=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultStartLimitInterval=">¶</a></dt><dd><p>Configure the default
|
|
unit start rate limiting, as
|
|
configured per-service by
|
|
<code class="varname">StartLimitInterval=</code>
|
|
and
|
|
<code class="varname">StartLimitBurst=</code>. See
|
|
<a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>
|
|
for details on the per-service
|
|
settings.</p></dd><dt id="DefaultEnvironment="><span class="term"><code class="varname">DefaultEnvironment=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultEnvironment=">¶</a></dt><dd><p>Sets manager
|
|
environment variables passed to all
|
|
executed processes. Takes a
|
|
space-separated list of variable
|
|
assignments. See
|
|
<a href="environ.html"><span class="citerefentry"><span class="refentrytitle">environ</span>(7)</span></a>
|
|
for details about environment
|
|
variables.</p><p>Example:
|
|
|
|
</p><pre class="programlisting">DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"</pre><p>
|
|
|
|
Sets three variables
|
|
"<code class="literal">VAR1</code>",
|
|
"<code class="literal">VAR2</code>",
|
|
"<code class="literal">VAR3</code>".</p></dd><dt id="DefaultCPUAccounting="><span class="term"><code class="varname">DefaultCPUAccounting=</code>, </span><span class="term"><code class="varname">DefaultBlockIOAccounting=</code>, </span><span class="term"><code class="varname">DefaultMemoryAccounting=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultCPUAccounting=">¶</a></dt><dd><p>Configure the default
|
|
resource accounting settings, as
|
|
configured per-unit by
|
|
<code class="varname">CPUAccounting=</code>,
|
|
<code class="varname">BlockIOAccounting=</code>
|
|
and
|
|
<code class="varname">MemoryAccounting=</code>. See
|
|
<a href="systemd.resource-control.html"><span class="citerefentry"><span class="refentrytitle">systemd.resource-control</span>(5)</span></a>
|
|
for details on the per-unit
|
|
settings.</p></dd><dt id="DefaultLimitCPU="><span class="term"><code class="varname">DefaultLimitCPU=</code>, </span><span class="term"><code class="varname">DefaultLimitFSIZE=</code>, </span><span class="term"><code class="varname">DefaultLimitDATA=</code>, </span><span class="term"><code class="varname">DefaultLimitSTACK=</code>, </span><span class="term"><code class="varname">DefaultLimitCORE=</code>, </span><span class="term"><code class="varname">DefaultLimitRSS=</code>, </span><span class="term"><code class="varname">DefaultLimitNOFILE=</code>, </span><span class="term"><code class="varname">DefaultLimitAS=</code>, </span><span class="term"><code class="varname">DefaultLimitNPROC=</code>, </span><span class="term"><code class="varname">DefaultLimitMEMLOCK=</code>, </span><span class="term"><code class="varname">DefaultLimitLOCKS=</code>, </span><span class="term"><code class="varname">DefaultLimitSIGPENDING=</code>, </span><span class="term"><code class="varname">DefaultLimitMSGQUEUE=</code>, </span><span class="term"><code class="varname">DefaultLimitNICE=</code>, </span><span class="term"><code class="varname">DefaultLimitRTPRIO=</code>, </span><span class="term"><code class="varname">DefaultLimitRTTIME=</code></span><a class="headerlink" title="Permalink to this term" href="#DefaultLimitCPU=">¶</a></dt><dd><p>These settings control
|
|
various default resource limits for
|
|
units. See
|
|
<a href="setrlimit.html"><span class="citerefentry"><span class="refentrytitle">setrlimit</span>(2)</span></a>
|
|
for details. Use the string
|
|
<code class="varname">infinity</code> to
|
|
configure no limit on a specific
|
|
resource. These settings may be
|
|
overridden in individual units
|
|
using the corresponding LimitXXX=
|
|
directives. Note that these resource
|
|
limits are only defaults for units,
|
|
they are not applied to PID 1
|
|
itself.</p></dd></dl></div></div><div class="refsect1"><a name="idm214191475072"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also">¶</a></h2><p>
|
|
<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
|
|
<a href="systemd.directives.html"><span class="citerefentry"><span class="refentrytitle">systemd.directives</span>(7)</span></a>,
|
|
<a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>,
|
|
<a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>,
|
|
<a href="environ.html"><span class="citerefentry"><span class="refentrytitle">environ</span>(7)</span></a>,
|
|
<a href="capabilities.html"><span class="citerefentry"><span class="refentrytitle">capabilities</span>(7)</span></a>
|
|
</p></div></div></body></html>
|