官方文档
systemd toc
中文版本
systemd
systemctl
journalctl
daemon
systemd.unit
systemd.service
systemd.device
udev
设计思想:Original Design Document
概述
systemd 是内核启动后的第一个用户进程,PID 为1,是所有其它用户进程的父进程。
systemctl 用于管理 systemd 的行为,替换之前的 sysvinit 和 upstart。
下面是 ubuntu16 pstree 的结果(内容太多,删除了一些):
$pstree
systemd-+-NetworkManager-+-2*[dhclient]
| |-dnsmasq
| |-{gdbus}
| `-{gmain}
|-gpg-agent
|-irqbalance
|-lightdm-+-Xorg---{InputThread}
| |-lightdm-+-upstart-+-at-spi-bus-laun-+-dbus-daemon
| | | | |-{dconf worker}
| | | | |-{gdbus}
| | | | `-{gmain}
| | | |-at-spi2-registr-+-{gdbus}
| | | | `-{gmain}
| | | | |-window-stack-br
| | | `-zeitgeist-fts-+-{gdbus}
| | | `-{gmain}
| | |-{gdbus}
| | `-{gmain}
| |-{gdbus}
| `-{gmain}
|-rtkit-daemon---2*[{rtkit-daemon}]
|-sshd---sshd---sshd---bash---pstree
|-systemd---(sd-pam)
|-systemd-journal
|-systemd-logind
|-systemd-timesyn---{sd-resolve}
|-systemd-udevd
|-udisksd-+-{cleanup}
`-whoopsie-+-{gdbus}
`-{gmain}
看一下帮助:
$systemd -h
systemd [OPTIONS...]
Starts up and maintains the system or user services.
-h --help Show this help
--test Determine startup sequence, dump it and exit
--no-pager Do not pipe output into a pager
--dump-configuration-items Dump understood unit configuration items
--unit=UNIT Set default unit
--system Run a system instance, even if PID != 1
--user Run a user instance
--dump-core[=BOOL] Dump core on crash
--crash-vt=NR Change to specified VT on crash
--crash-reboot[=BOOL] Reboot on crash
--crash-shell[=BOOL] Run shell on crash
--confirm-spawn[=BOOL] Ask for confirmation when spawning processes
--show-status[=BOOL] Show status updates on the console during bootup
--log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)
--log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)
--log-color[=BOOL] Highlight important log messages
--log-location[=BOOL] Include code location in log messages
--default-standard-output= Set default standard output for services
--default-standard-error= Set default standard error output for services
概念
systemd 管理系统中的各种各样的实体(称为units),共有11种,并处理这些 uints 之间的依赖和先后顺序,按需启动之。
类型:
- Service
- Socket
- Target
- Device
- Mount
- Automount
- Timer
- Swap
- Path
- Slice
- Scope
状态:
- active
- inactive
- activating
- deactivating
- failed
依赖关系:
- Requires=
- Confilicts=
顺序关系:
- After=
- Before=
如果只有依赖关系,则可以并行启动。
所有 units 组成一颗树,根 unit 为 default.targe, 该 unit 为链接,在桌面系统中指向 graphical.targe,
在 server 类系统中指向 multi-user.target。
重点关注:
- 启动过程
- 配置
- 日志
- 管理 service
启动过程
Todo
配置
Todo
管理 units
查看系统安装了哪些 units
systemctl list-unit-files
# 可跟 -t 参数 过滤类型,如
systemctl list-unit-files -t timer
查看系统 load 了哪些 units 到内存
systemctl list-units
# 可跟 -t 参数 过滤类型,如
systemctl list-units -t timer
查看依赖关系
systemctl list-dependencies [--all]
日志
journalctl -u
实战
apt 自动更新服务
apt 自动更新服务是定时触发的,属于 timer 类型的 uint
$systemctl list-timers
NEXT LEFT LAST PASSED UNIT ACTIVATES
Thu 2019-09-12 06:11:15 PDT 4h 3min left Wed 2019-09-11 20:09:48 PDT 5h 57min ago apt-daily-upgrade.timer apt-daily-upgrade.service
Thu 2019-09-12 07:06:47 PDT 4h 59min left Wed 2019-09-11 20:09:48 PDT 5h 57min ago apt-daily.timer apt-daily.service
Thu 2019-09-12 20:24:48 PDT 18h left Wed 2019-09-11 20:24:42 PDT 5h 42min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
可以看到两个 timer 及对应的 service
- apt-daily-upgrade.timer : apt-daily-upgrade.service
- ago apt-daily.timer : apt-daily.service
$systemctl status apt-daily-upgrade.service
● apt-daily-upgrade.service - Daily apt upgrade and clean activities
Loaded: loaded (/lib/systemd/system/apt-daily-upgrade.service; static; vendor preset: enabled)
Active: inactive (dead) since Wed 2019-09-11 20:16:14 PDT; 6h ago
Docs: man:apt(8)
Process: 2597 ExecStart=/usr/lib/apt/apt.systemd.daily install (code=exited, status=0/SUCCESS)
Main PID: 2597 (code=exited, status=0/SUCCESS)
$ systemctl status apt-daily.service
● apt-daily.service - Daily apt download activities
Loaded: loaded (/lib/systemd/system/apt-daily.service; static; vendor preset: enabled)
Active: inactive (dead) since Wed 2019-09-11 20:15:20 PDT; 6h ago
Docs: man:apt(8)
Process: 1511 ExecStart=/usr/lib/apt/apt.systemd.daily update (code=exited, status=0/SUCCESS)
Main PID: 1511 (code=exited, status=0/SUCCESS)
两个 service 都调用了 /usr/lib/apt/apt.systemd.daily ,分别传入 install 和 update,具体干什么就先不管了。
注意事项
- 所有命令使用绝对路径
- LD_LIBRARY_PATH 不起作用,请修改 /et/ld.so.conf.d/ 并 ldconfig
- service 中可以指定 User=, Group=
相关工具
- systemctl
- journalctl
- systemd-analyze
systemctl
先上 help:
$ systemctl -h
systemctl [OPTIONS...] {COMMAND} ...
Query or send control commands to the systemd manager.
-h --help Show this help
--version Show package version
--system Connect to system manager
--user Connect to user service manager
-H --host=[USER@]HOST
Operate on remote host
-M --machine=CONTAINER
Operate on local container
-t --type=TYPE List units of a particular type
--state=STATE List units with particular LOAD or SUB or ACTIVE state
-p --property=NAME Show only properties by this name
-a --all Show all loaded units/properties, including dead/empty
ones. To list all units installed on the system, use
the 'list-unit-files' command instead.
-l --full Don't ellipsize unit names on output
-r --recursive Show unit list of host and local containers
--reverse Show reverse dependencies with 'list-dependencies'
--job-mode=MODE Specify how to deal with already queued jobs, when
queueing a new job
--show-types When showing sockets, explicitly show their type
-i --ignore-inhibitors
When shutting down or sleeping, ignore inhibitors
--kill-who=WHO Who to send signal to
-s --signal=SIGNAL Which signal to send
--now Start or stop unit in addition to enabling or disabling it
-q --quiet Suppress output
--no-block Do not wait until operation finished
--no-wall Don't send wall message before halt/power-off/reboot
--no-reload Don't reload daemon after en-/dis-abling unit files
--no-legend Do not print a legend (column headers and hints)
--no-pager Do not pipe output into a pager
--no-ask-password
Do not ask for system passwords
--global Enable/disable unit files globally
--runtime Enable unit files only temporarily until next reboot
-f --force When enabling unit files, override existing symlinks
When shutting down, execute action immediately
--preset-mode= Apply only enable, only disable, or all presets
--root=PATH Enable unit files in the specified root directory
-n --lines=INTEGER Number of journal entries to show
-o --output=STRING Change journal output mode (short, short-iso,
short-precise, short-monotonic, verbose,
export, json, json-pretty, json-sse, cat)
--firmware-setup Tell the firmware to show the setup menu on next boot
--plain Print unit dependencies as a list instead of a tree
Unit Commands:
list-units [PATTERN...] List loaded units
list-sockets [PATTERN...] List loaded sockets ordered by address
list-timers [PATTERN...] List loaded timers ordered by next elapse
start NAME... Start (activate) one or more units
stop NAME... Stop (deactivate) one or more units
reload NAME... Reload one or more units
--runtime Enable unit files only temporarily until next reboot
-f --force When enabling unit files, override existing symlinks
When shutting down, execute action immediately
--preset-mode= Apply only enable, only disable, or all presets
--root=PATH Enable unit files in the specified root directory
-n --lines=INTEGER Number of journal entries to show
-o --output=STRING Change journal output mode (short, short-iso,
short-precise, short-monotonic, verbose,
export, json, json-pretty, json-sse, cat)
--firmware-setup Tell the firmware to show the setup menu on next boot
--plain Print unit dependencies as a list instead of a tree
Unit Commands:
list-units [PATTERN...] List loaded units
list-sockets [PATTERN...] List loaded sockets ordered by address
list-timers [PATTERN...] List loaded timers ordered by next elapse
start NAME... Start (activate) one or more units
stop NAME... Stop (deactivate) one or more units
reload NAME... Reload one or more units
restart NAME... Start or restart one or more units
try-restart NAME... Restart one or more units if active
reload-or-restart NAME... Reload one or more units if possible,
otherwise start or restart
try-reload-or-restart NAME... If active, reload one or more units,
if supported, otherwise restart
isolate NAME Start one unit and stop all others
kill NAME... Send signal to processes of a unit
is-active PATTERN... Check whether units are active
is-failed PATTERN... Check whether units are failed
status [PATTERN...|PID...] Show runtime status of one or more units
show [PATTERN...|JOB...] Show properties of one or more
units/jobs or the manager
cat PATTERN... Show files and drop-ins of one or more units
set-property NAME ASSIGNMENT... Sets one or more properties of a unit
help PATTERN...|PID... Show manual for one or more units
reset-failed [PATTERN...] Reset failed state for all, one, or more
units
list-dependencies [NAME] Recursively show units which are required
or wanted by this unit or by which this
unit is required or wanted
Unit File Commands:
list-unit-files [PATTERN...] List installed unit files
enable NAME... Enable one or more unit files
disable NAME... Disable one or more unit files
reenable NAME... Reenable one or more unit files
preset NAME... Enable/disable one or more unit files
based on preset configuration
preset-all Enable/disable all unit files based on
preset configuration
is-enabled NAME... Check whether unit files are enabled
mask NAME... Mask one or more units
unmask NAME... Unmask one or more units
link PATH... Link one or more units files into
the search path
add-wants TARGET NAME... Add 'Wants' dependency for the target
on specified one or more units
add-requires TARGET NAME... Add 'Requires' dependency for the target
on specified one or more units
edit NAME... Edit one or more unit files
get-default Get the name of the default target
set-default NAME Set the default target
Machine Commands:
list-machines [PATTERN...] List local containers and host
Job Commands:
list-jobs [PATTERN...] List jobs
cancel [JOB...] Cancel all, one, or more jobs
Environment Commands:
show-environment Dump environment
set-environment NAME=VALUE... Set one or more environment variables
unset-environment NAME... Unset one or more environment variables
import-environment [NAME...] Import all or some environment variables
Manager Lifecycle Commands:
daemon-reload Reload systemd manager configuration
daemon-reexec Reexecute systemd manager
System Commands:
is-system-running Check whether system is fully running
default Enter system default mode
rescue Enter system rescue mode
emergency Enter system emergency mode
halt Shut down and halt the system
poweroff Shut down and power-off the system
reboot [ARG] Shut down and reboot the system
kexec Shut down and reboot the system with kexec
exit [EXIT_CODE] Request user instance or container exit
switch-root ROOT [INIT] Change to a different root file system
suspend Suspend the system
hibernate Hibernate the system
hybrid-sleep Hibernate and suspend the system
参数分两类:选项 和 命令
查看 选项可选值的方法
systemctl -xxx help,例如查看支持的 unit 类型:
$systemctl -t help
Available unit types:
service
socket
busname
target
device
mount
automount
swap
timer
path
slice
scope
查看系统安装的 uints
$systemctl list-unit-files
UNIT FILE STATE
proc-sys-fs-binfmt_misc.automount static
dev-hugepages.mount static
dev-mqueue.mount static
proc-sys-fs-binfmt_misc.mount static
run-vmblock\x2dfuse.mount enabled
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
acpid.path enabled
cups.path enabled
journal
$ journalctl -h
journalctl [OPTIONS...] [MATCHES...]
Query the journal.
Options:
--system Show the system journal
--user Show the user journal for the current user
-M --machine=CONTAINER Operate on local container
-S --since=DATE Show entries not older than the specified date
-U --until=DATE Show entries not newer than the specified date
-c --cursor=CURSOR Show entries starting at the specified cursor
--after-cursor=CURSOR Show entries after the specified cursor
--show-cursor Print the cursor after all the entries
-b --boot[=ID] Show current boot or the specified boot
--list-boots Show terse information about recorded boots
-k --dmesg Show kernel message log from the current boot
-u --unit=UNIT Show logs from the specified unit
--user-unit=UNIT Show logs from the specified user unit
-t --identifier=STRING Show entries with the specified syslog identifier
-p --priority=RANGE Show entries with the specified priority
-e --pager-end Immediately jump to the end in the pager
-f --follow Follow the journal
-n --lines[=INTEGER] Number of journal entries to show
--no-tail Show all lines, even in follow mode
-r --reverse Show the newest entries first
-o --output=STRING Change journal output mode (short, short-iso,
short-precise, short-monotonic, verbose,
export, json, json-pretty, json-sse, cat)
--utc Express time in Coordinated Universal Time (UTC)
-x --catalog Add message explanations where available
--no-full Ellipsize fields
-a --all Show all fields, including long and unprintable
-q --quiet Do not show info messages and privilege warning
--no-pager Do not pipe output into a pager
-m --merge Show entries from all available journals
-D --directory=PATH Show journal files from directory
--file=PATH Show journal file
--root=ROOT Operate on catalog files below a root directory
--interval=TIME Time interval for changing the FSS sealing key
--verify-key=KEY Specify FSS verification key
--force Override of the FSS key pair with --setup-keys
Commands:
-h --help Show this help text
--version Show package version
-N --fields List all field names currently used
-F --field=FIELD List all values that a specified field takes
--disk-usage Show total disk usage of all journal files
--vacuum-size=BYTES Reduce disk usage below specified size
--vacuum-files=INT Leave only the specified number of journal files
--vacuum-time=TIME Remove journal files older than specified time
--verify Verify journal file consistency
--sync Synchronize unwritten journal messages to disk
--flush Flush all journal data from /run into /var
--rotate Request immediate rotation of the journal files
--header Show journal header information
--list-catalog Show all message IDs in the catalog
--dump-catalog Show entries in the message catalog
--update-catalog Update the message catalog database
--new-id128 Generate a new 128-bit ID
--setup-keys Generate a new FSS key pair
可用配置项
$systemd --test --dump-configuration-items
[Unit]
Description=STRING
Documentation=URL
SourcePath=PATH
Requires=UNIT [...]
Requisite=UNIT [...]
Wants=UNIT [...]
BindsTo=UNIT [...]
BindTo=UNIT [...]
Conflicts=UNIT [...]
Before=UNIT [...]
After=UNIT [...]
OnFailure=UNIT [...]
PropagatesReloadTo=UNIT [...]
PropagateReloadTo=UNIT [...]
ReloadPropagatedFrom=UNIT [...]
PropagateReloadFrom=UNIT [...]
PartOf=UNIT [...]
JoinsNamespaceOf=UNIT [...]
RequiresOverridable=OTHER
RequisiteOverridable=OTHER
RequiresMountsFor=PATH [...]
StopWhenUnneeded=BOOLEAN
RefuseManualStart=BOOLEAN
RefuseManualStop=BOOLEAN
AllowIsolate=BOOLEAN
DefaultDependencies=BOOLEAN
OnFailureJobMode=MODE
OnFailureIsolate=BOOLEAN
IgnoreOnIsolate=BOOLEAN
IgnoreOnSnapshot=OTHER
JobTimeoutSec=OTHER
JobTimeoutAction=ACTION
JobTimeoutRebootArgument=STRING
StartLimitInterval=SECONDS
StartLimitBurst=UNSIGNED
StartLimitAction=ACTION
RebootArgument=STRING
ConditionPathExists=CONDITION
ConditionPathExistsGlob=CONDITION
ConditionPathIsDirectory=CONDITION
ConditionPathIsSymbolicLink=CONDITION
ConditionPathIsMountPoint=CONDITION
ConditionPathIsReadWrite=CONDITION
ConditionDirectoryNotEmpty=CONDITION
ConditionFileNotEmpty=CONDITION
ConditionFileIsExecutable=CONDITION
ConditionNeedsUpdate=CONDITION
ConditionFirstBoot=CONDITION
ConditionKernelCommandLine=CONDITION
ConditionArchitecture=CONDITION
ConditionVirtualization=CONDITION
ConditionSecurity=CONDITION
ConditionCapability=CONDITION
ConditionHost=CONDITION
ConditionACPower=CONDITION
ConditionNull=CONDITION
AssertPathExists=CONDITION
AssertPathExistsGlob=CONDITION
AssertPathIsDirectory=CONDITION
AssertPathIsSymbolicLink=CONDITION
AssertPathIsMountPoint=CONDITION
AssertPathIsReadWrite=CONDITION
AssertDirectoryNotEmpty=CONDITION
AssertFileNotEmpty=CONDITION
AssertFileIsExecutable=CONDITION
AssertNeedsUpdate=CONDITION
AssertFirstBoot=CONDITION
AssertKernelCommandLine=CONDITION
AssertArchitecture=CONDITION
AssertVirtualization=CONDITION
AssertSecurity=CONDITION
AssertCapability=CONDITION
AssertHost=CONDITION
AssertACPower=CONDITION
AssertNull=CONDITION
[Service]
PIDFile=PATH
ExecStartPre=PATH [ARGUMENT [...]]
ExecStart=PATH [ARGUMENT [...]]
ExecStartPost=PATH [ARGUMENT [...]]
ExecReload=PATH [ARGUMENT [...]]
ExecStop=PATH [ARGUMENT [...]]
ExecStopPost=PATH [ARGUMENT [...]]
RestartSec=SECONDS
TimeoutSec=SECONDS
TimeoutStartSec=SECONDS
TimeoutStopSec=SECONDS
RuntimeMaxSec=SECONDS
WatchdogSec=SECONDS
StartLimitInterval=SECONDS
StartLimitBurst=UNSIGNED
StartLimitAction=ACTION
RebootArgument=STRING
FailureAction=ACTION
Type=SERVICETYPE
Restart=SERVICERESTART
PermissionsStartOnly=BOOLEAN
RootDirectoryStartOnly=BOOLEAN
RemainAfterExit=BOOLEAN
GuessMainPID=BOOLEAN
RestartPreventExitStatus=STATUS
RestartForceExitStatus=STATUS
SuccessExitStatus=STATUS
SysVStartPriority=OTHER
NonBlocking=BOOLEAN
BusName=OTHER
FileDescriptorStoreMax=UNSIGNED
NotifyAccess=ACCESS
Sockets=SOCKETS
BusPolicy=OTHER
USBFunctionDescriptors=PATH
USBFunctionStrings=PATH
WorkingDirectory=OTHER
RootDirectory=PATH
User=STRING
Group=STRING
SupplementaryGroups=STRING [...]
Nice=NICE
OOMScoreAdjust=OOMSCOREADJUST
IOSchedulingClass=IOCLASS
IOSchedulingPriority=IOPRIORITY
CPUSchedulingPolicy=CPUSCHEDPOLICY
CPUSchedulingPriority=CPUSCHEDPRIO
CPUSchedulingResetOnFork=BOOLEAN
CPUAffinity=CPUAFFINITY
UMask=MODE
Environment=ENVIRON
EnvironmentFile=FILE
PassEnvironment=OTHER
StandardInput=INPUT
StandardOutput=OUTPUT
StandardError=OUTPUT
TTYPath=PATH
TTYReset=BOOLEAN
TTYVHangup=BOOLEAN
TTYVTDisallocate=BOOLEAN
SyslogIdentifier=STRING
SyslogFacility=FACILITY
SyslogLevel=LEVEL
SyslogLevelPrefix=BOOLEAN
Capabilities=CAPABILITIES
SecureBits=SECUREBITS
CapabilityBoundingSet=BOUNDINGSET
AmbientCapabilities=BOUNDINGSET
TimerSlackNSec=NANOSECONDS
NoNewPrivileges=OTHER
SystemCallFilter=SYSCALLS
SystemCallArchitectures=ARCHS
SystemCallErrorNumber=ERRNO
RestrictAddressFamilies=FAMILIES
LimitCPU=LIMIT
LimitFSIZE=LIMIT
LimitDATA=LIMIT
LimitSTACK=LIMIT
LimitCORE=LIMIT
LimitRSS=LIMIT
LimitNOFILE=LIMIT
LimitAS=LIMIT
LimitNPROC=LIMIT
LimitMEMLOCK=LIMIT
LimitLOCKS=LIMIT
LimitSIGPENDING=LIMIT
LimitMSGQUEUE=LIMIT
LimitNICE=LIMIT
LimitRTPRIO=LIMIT
LimitRTTIME=LIMIT
ReadWriteDirectories=PATH [...]
ReadOnlyDirectories=PATH [...]
InaccessibleDirectories=PATH [...]
PrivateTmp=BOOLEAN
PrivateNetwork=BOOLEAN
PrivateDevices=BOOLEAN
ProtectSystem=OTHER
ProtectHome=OTHER
MountFlags=MOUNTFLAG [...]
Personality=PERSONALITY
RuntimeDirectoryMode=MODE
RuntimeDirectory=OTHER
PAMName=STRING
IgnoreSIGPIPE=BOOLEAN
UtmpIdentifier=STRING
UtmpMode=OTHER
SELinuxContext=LABEL
AppArmorProfile=OTHER
SmackProcessLabel=OTHER
Slice=SLICE
CPUAccounting=BOOLEAN
CPUShares=SHARES
StartupCPUShares=SHARES
CPUQuota=OTHER
MemoryAccounting=BOOLEAN
MemoryLimit=LIMIT
DeviceAllow=DEVICE
DevicePolicy=POLICY
BlockIOAccounting=BOOLEAN
BlockIOWeight=WEIGHT
StartupBlockIOWeight=WEIGHT
BlockIODeviceWeight=DEVICEWEIGHT
BlockIOReadBandwidth=BANDWIDTH
BlockIOWriteBandwidth=BANDWIDTH
TasksAccounting=BOOLEAN
TasksMax=OTHER
Delegate=BOOLEAN
NetClass=OTHER
SendSIGKILL=BOOLEAN
SendSIGHUP=BOOLEAN
KillMode=KILLMODE
KillSignal=SIGNAL
[Socket]
ListenStream=SOCKET [...]
ListenDatagram=SOCKET [...]
ListenSequentialPacket=SOCKET [...]
ListenFIFO=SOCKET [...]
ListenNetlink=SOCKET [...]
ListenSpecial=SOCKET [...]
ListenMessageQueue=SOCKET [...]
ListenUSBFunction=SOCKET [...]
SocketProtocol=OTHER
BindIPv6Only=SOCKETBIND
Backlog=UNSIGNED
BindToDevice=NETWORKINTERFACE
ExecStartPre=PATH [ARGUMENT [...]]
ExecStartPost=PATH [ARGUMENT [...]]
ExecStopPre=PATH [ARGUMENT [...]]
ExecStopPost=PATH [ARGUMENT [...]]
TimeoutSec=SECONDS
SocketUser=STRING
SocketGroup=STRING
SocketMode=MODE
DirectoryMode=MODE
Accept=BOOLEAN
Writable=BOOLEAN
MaxConnections=UNSIGNED
KeepAlive=BOOLEAN
KeepAliveTimeSec=SECONDS
KeepAliveIntervalSec=SECONDS
KeepAliveProbes=UNSIGNED
DeferAcceptSec=SECONDS
NoDelay=BOOLEAN
Priority=INTEGER
ReceiveBuffer=SIZE
SendBuffer=SIZE
IPTOS=TOS
IPTTL=INTEGER
Mark=INTEGER
PipeSize=SIZE
FreeBind=BOOLEAN
Transparent=BOOLEAN
Broadcast=BOOLEAN
PassCredentials=BOOLEAN
PassSecurity=BOOLEAN
TCPCongestion=STRING
ReusePort=BOOLEAN
MessageQueueMaxMessages=LONG
MessageQueueMessageSize=LONG
RemoveOnStop=BOOLEAN
Symlinks=OTHER
FileDescriptorName=OTHER
Service=SERVICE
TriggerLimitIntervalSec=SECONDS
TriggerLimitBurst=UNSIGNED
SmackLabel=STRING
SmackLabelIPIn=STRING
SmackLabelIPOut=STRING
SELinuxContextFromNet=BOOLEAN
WorkingDirectory=OTHER
RootDirectory=PATH
User=STRING
Group=STRING
SupplementaryGroups=STRING [...]
Nice=NICE
OOMScoreAdjust=OOMSCOREADJUST
IOSchedulingClass=IOCLASS
IOSchedulingPriority=IOPRIORITY
CPUSchedulingPolicy=CPUSCHEDPOLICY
CPUSchedulingPriority=CPUSCHEDPRIO
CPUSchedulingResetOnFork=BOOLEAN
CPUAffinity=CPUAFFINITY
UMask=MODE
Environment=ENVIRON
EnvironmentFile=FILE
PassEnvironment=OTHER
StandardInput=INPUT
StandardOutput=OUTPUT
StandardError=OUTPUT
TTYPath=PATH
TTYReset=BOOLEAN
TTYVHangup=BOOLEAN
TTYVTDisallocate=BOOLEAN
SyslogIdentifier=STRING
SyslogFacility=FACILITY
SyslogLevel=LEVEL
SyslogLevelPrefix=BOOLEAN
Capabilities=CAPABILITIES
SecureBits=SECUREBITS
CapabilityBoundingSet=BOUNDINGSET
AmbientCapabilities=BOUNDINGSET
TimerSlackNSec=NANOSECONDS
NoNewPrivileges=OTHER
SystemCallFilter=SYSCALLS
SystemCallArchitectures=ARCHS
SystemCallErrorNumber=ERRNO
RestrictAddressFamilies=FAMILIES
LimitCPU=LIMIT
LimitFSIZE=LIMIT
LimitDATA=LIMIT
LimitSTACK=LIMIT
LimitCORE=LIMIT
LimitRSS=LIMIT
LimitNOFILE=LIMIT
LimitAS=LIMIT
LimitNPROC=LIMIT
LimitMEMLOCK=LIMIT
LimitLOCKS=LIMIT
LimitSIGPENDING=LIMIT
LimitMSGQUEUE=LIMIT
LimitNICE=LIMIT
LimitRTPRIO=LIMIT
LimitRTTIME=LIMIT
ReadWriteDirectories=PATH [...]
ReadOnlyDirectories=PATH [...]
InaccessibleDirectories=PATH [...]
PrivateTmp=BOOLEAN
PrivateNetwork=BOOLEAN
PrivateDevices=BOOLEAN
ProtectSystem=OTHER
ProtectHome=OTHER
MountFlags=MOUNTFLAG [...]
Personality=PERSONALITY
RuntimeDirectoryMode=MODE
RuntimeDirectory=OTHER
PAMName=STRING
IgnoreSIGPIPE=BOOLEAN
UtmpIdentifier=STRING
UtmpMode=OTHER
SELinuxContext=LABEL
AppArmorProfile=OTHER
SmackProcessLabel=OTHER
Slice=SLICE
CPUAccounting=BOOLEAN
CPUShares=SHARES
StartupCPUShares=SHARES
CPUQuota=OTHER
MemoryAccounting=BOOLEAN
MemoryLimit=LIMIT
DeviceAllow=DEVICE
DevicePolicy=POLICY
BlockIOAccounting=BOOLEAN
BlockIOWeight=WEIGHT
StartupBlockIOWeight=WEIGHT
BlockIODeviceWeight=DEVICEWEIGHT
BlockIOReadBandwidth=BANDWIDTH
BlockIOWriteBandwidth=BANDWIDTH
TasksAccounting=BOOLEAN
TasksMax=OTHER
Delegate=BOOLEAN
NetClass=OTHER
SendSIGKILL=BOOLEAN
SendSIGHUP=BOOLEAN
KillMode=KILLMODE
KillSignal=SIGNAL
[BusName]
Name=STRING
Activating=BOOLEAN
Service=OTHER
AllowUser=OTHER
AllowGroup=OTHER
AllowWorld=OTHER
SELinuxContext=LABEL
AcceptFileDescriptors=BOOLEAN
[Mount]
What=STRING
Where=PATH
Options=STRING
Type=STRING
TimeoutSec=SECONDS
DirectoryMode=MODE
SloppyOptions=BOOLEAN
WorkingDirectory=OTHER
RootDirectory=PATH
User=STRING
Group=STRING
SupplementaryGroups=STRING [...]
Nice=NICE
OOMScoreAdjust=OOMSCOREADJUST
IOSchedulingClass=IOCLASS
IOSchedulingPriority=IOPRIORITY
CPUSchedulingPolicy=CPUSCHEDPOLICY
CPUSchedulingPriority=CPUSCHEDPRIO
CPUSchedulingResetOnFork=BOOLEAN
CPUAffinity=CPUAFFINITY
UMask=MODE
Environment=ENVIRON
EnvironmentFile=FILE
PassEnvironment=OTHER
StandardInput=INPUT
StandardOutput=OUTPUT
StandardError=OUTPUT
TTYPath=PATH
TTYReset=BOOLEAN
TTYVHangup=BOOLEAN
TTYVTDisallocate=BOOLEAN
SyslogIdentifier=STRING
SyslogFacility=FACILITY
SyslogLevel=LEVEL
SyslogLevelPrefix=BOOLEAN
Capabilities=CAPABILITIES
SecureBits=SECUREBITS
CapabilityBoundingSet=BOUNDINGSET
AmbientCapabilities=BOUNDINGSET
TimerSlackNSec=NANOSECONDS
NoNewPrivileges=OTHER
SystemCallFilter=SYSCALLS
SystemCallArchitectures=ARCHS
SystemCallErrorNumber=ERRNO
RestrictAddressFamilies=FAMILIES
LimitCPU=LIMIT
LimitFSIZE=LIMIT
LimitDATA=LIMIT
LimitSTACK=LIMIT
LimitCORE=LIMIT
LimitRSS=LIMIT
LimitNOFILE=LIMIT
LimitAS=LIMIT
LimitNPROC=LIMIT
LimitMEMLOCK=LIMIT
LimitLOCKS=LIMIT
LimitSIGPENDING=LIMIT
LimitMSGQUEUE=LIMIT
LimitNICE=LIMIT
LimitRTPRIO=LIMIT
LimitRTTIME=LIMIT
ReadWriteDirectories=PATH [...]
ReadOnlyDirectories=PATH [...]
InaccessibleDirectories=PATH [...]
PrivateTmp=BOOLEAN
PrivateNetwork=BOOLEAN
PrivateDevices=BOOLEAN
ProtectSystem=OTHER
ProtectHome=OTHER
MountFlags=MOUNTFLAG [...]
Personality=PERSONALITY
RuntimeDirectoryMode=MODE
RuntimeDirectory=OTHER
PAMName=STRING
IgnoreSIGPIPE=BOOLEAN
UtmpIdentifier=STRING
UtmpMode=OTHER
SELinuxContext=LABEL
AppArmorProfile=OTHER
SmackProcessLabel=OTHER
Slice=SLICE
CPUAccounting=BOOLEAN
CPUShares=SHARES
StartupCPUShares=SHARES
CPUQuota=OTHER
MemoryAccounting=BOOLEAN
MemoryLimit=LIMIT
DeviceAllow=DEVICE
DevicePolicy=POLICY
BlockIOAccounting=BOOLEAN
BlockIOWeight=WEIGHT
StartupBlockIOWeight=WEIGHT
BlockIODeviceWeight=DEVICEWEIGHT
BlockIOReadBandwidth=BANDWIDTH
BlockIOWriteBandwidth=BANDWIDTH
TasksAccounting=BOOLEAN
TasksMax=OTHER
Delegate=BOOLEAN
NetClass=OTHER
SendSIGKILL=BOOLEAN
SendSIGHUP=BOOLEAN
KillMode=KILLMODE
KillSignal=SIGNAL
[Automount]
Where=PATH
DirectoryMode=MODE
TimeoutIdleSec=SECONDS
[Swap]
What=PATH
Priority=INTEGER
Options=STRING
TimeoutSec=SECONDS
WorkingDirectory=OTHER
RootDirectory=PATH
User=STRING
Group=STRING
SupplementaryGroups=STRING [...]
Nice=NICE
OOMScoreAdjust=OOMSCOREADJUST
IOSchedulingClass=IOCLASS
IOSchedulingPriority=IOPRIORITY
CPUSchedulingPolicy=CPUSCHEDPOLICY
CPUSchedulingPriority=CPUSCHEDPRIO
CPUSchedulingResetOnFork=BOOLEAN
CPUAffinity=CPUAFFINITY
UMask=MODE
Environment=ENVIRON
EnvironmentFile=FILE
PassEnvironment=OTHER
StandardInput=INPUT
StandardOutput=OUTPUT
StandardError=OUTPUT
TTYPath=PATH
TTYReset=BOOLEAN
TTYVHangup=BOOLEAN
TTYVTDisallocate=BOOLEAN
SyslogIdentifier=STRING
SyslogFacility=FACILITY
SyslogLevel=LEVEL
SyslogLevelPrefix=BOOLEAN
Capabilities=CAPABILITIES
SecureBits=SECUREBITS
CapabilityBoundingSet=BOUNDINGSET
AmbientCapabilities=BOUNDINGSET
TimerSlackNSec=NANOSECONDS
NoNewPrivileges=OTHER
SystemCallFilter=SYSCALLS
SystemCallArchitectures=ARCHS
SystemCallErrorNumber=ERRNO
RestrictAddressFamilies=FAMILIES
LimitCPU=LIMIT
LimitFSIZE=LIMIT
LimitDATA=LIMIT
LimitSTACK=LIMIT
LimitCORE=LIMIT
LimitRSS=LIMIT
LimitNOFILE=LIMIT
LimitAS=LIMIT
LimitNPROC=LIMIT
LimitMEMLOCK=LIMIT
LimitLOCKS=LIMIT
LimitSIGPENDING=LIMIT
LimitMSGQUEUE=LIMIT
LimitNICE=LIMIT
LimitRTPRIO=LIMIT
LimitRTTIME=LIMIT
ReadWriteDirectories=PATH [...]
ReadOnlyDirectories=PATH [...]
InaccessibleDirectories=PATH [...]
PrivateTmp=BOOLEAN
PrivateNetwork=BOOLEAN
PrivateDevices=BOOLEAN
ProtectSystem=OTHER
ProtectHome=OTHER
MountFlags=MOUNTFLAG [...]
Personality=PERSONALITY
RuntimeDirectoryMode=MODE
RuntimeDirectory=OTHER
PAMName=STRING
IgnoreSIGPIPE=BOOLEAN
UtmpIdentifier=STRING
UtmpMode=OTHER
SELinuxContext=LABEL
AppArmorProfile=OTHER
SmackProcessLabel=OTHER
Slice=SLICE
CPUAccounting=BOOLEAN
CPUShares=SHARES
StartupCPUShares=SHARES
CPUQuota=OTHER
MemoryAccounting=BOOLEAN
MemoryLimit=LIMIT
DeviceAllow=DEVICE
DevicePolicy=POLICY
BlockIOAccounting=BOOLEAN
BlockIOWeight=WEIGHT
StartupBlockIOWeight=WEIGHT
BlockIODeviceWeight=DEVICEWEIGHT
BlockIOReadBandwidth=BANDWIDTH
BlockIOWriteBandwidth=BANDWIDTH
TasksAccounting=BOOLEAN
TasksMax=OTHER
Delegate=BOOLEAN
NetClass=OTHER
SendSIGKILL=BOOLEAN
SendSIGHUP=BOOLEAN
KillMode=KILLMODE
KillSignal=SIGNAL
[Timer]
OnCalendar=TIMER
OnActiveSec=TIMER
OnBootSec=TIMER
OnStartupSec=TIMER
OnUnitActiveSec=TIMER
OnUnitInactiveSec=TIMER
Persistent=BOOLEAN
WakeSystem=BOOLEAN
RemainAfterElapse=BOOLEAN
AccuracySec=SECONDS
RandomizedDelaySec=SECONDS
Unit=UNIT
[Path]
PathExists=PATH
PathExistsGlob=PATH
PathChanged=PATH
PathModified=PATH
DirectoryNotEmpty=PATH
Unit=UNIT
MakeDirectory=BOOLEAN
DirectoryMode=MODE
[Slice]
Slice=SLICE
CPUAccounting=BOOLEAN
CPUShares=SHARES
StartupCPUShares=SHARES
CPUQuota=OTHER
MemoryAccounting=BOOLEAN
MemoryLimit=LIMIT
DeviceAllow=DEVICE
DevicePolicy=POLICY
BlockIOAccounting=BOOLEAN
BlockIOWeight=WEIGHT
StartupBlockIOWeight=WEIGHT
BlockIODeviceWeight=DEVICEWEIGHT
BlockIOReadBandwidth=BANDWIDTH
BlockIOWriteBandwidth=BANDWIDTH
TasksAccounting=BOOLEAN
TasksMax=OTHER
Delegate=BOOLEAN
NetClass=OTHER
[Scope]
Slice=SLICE
CPUAccounting=BOOLEAN
CPUShares=SHARES
StartupCPUShares=SHARES
CPUQuota=OTHER
MemoryAccounting=BOOLEAN
MemoryLimit=LIMIT
DeviceAllow=DEVICE
DevicePolicy=POLICY
BlockIOAccounting=BOOLEAN
BlockIOWeight=WEIGHT
StartupBlockIOWeight=WEIGHT
BlockIODeviceWeight=DEVICEWEIGHT
BlockIOReadBandwidth=BANDWIDTH
BlockIOWriteBandwidth=BANDWIDTH
TasksAccounting=BOOLEAN
TasksMax=OTHER
Delegate=BOOLEAN
NetClass=OTHER
SendSIGKILL=BOOLEAN
SendSIGHUP=BOOLEAN
KillMode=KILLMODE
KillSignal=SIGNAL
TimeoutStopSec=SECONDS
[Install]
Alias=OTHER
WantedBy=OTHER
RequiredBy=OTHER
Also=OTHER
DefaultInstance=OTHER