summaryrefslogtreecommitdiff
path: root/man/systemd.resource-control.xml
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-11-05 17:57:23 +0100
committerLennart Poettering <lennart@poettering.net>2014-11-05 18:49:14 +0100
commita931ad47a8623163a29d898224d8a8c1177ffdaf (patch)
tree34741242cc98bf038f3b57058e4b283b0d53b275 /man/systemd.resource-control.xml
parentc962cb68d5754690cbe924a0d0b4251053217783 (diff)
core: introduce new Delegate=yes/no property controlling creation of cgroup subhierarchies
For priviliged units this resource control property ensures that the processes have all controllers systemd manages enabled. For unpriviliged services (those with User= set) this ensures that access rights to the service cgroup is granted to the user in question, to create further subgroups. Note that this only applies to the name=systemd hierarchy though, as access to other controllers is not safe for unpriviliged processes. Delegate=yes should be set for container scopes where a systemd instance inside the container shall manage the hierarchies below its own cgroup and have access to all controllers. Delegate=yes should also be set for user@.service, so that systemd --user can run, controlling its own cgroup tree. This commit changes machined, systemd-nspawn@.service and user@.service to set this boolean, in order to ensure that container management will just work, and the user systemd instance can run fine.
Diffstat (limited to 'man/systemd.resource-control.xml')
-rw-r--r--man/systemd.resource-control.xml14
1 files changed, 14 insertions, 0 deletions
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
index 968b328dd9..218946d4ee 100644
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@@ -394,6 +394,20 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>Delegate=</varname></term>
+
+ <listitem>
+ <para>Turns on delegation of further resource control
+ partitioning to processes of the unit. For unpriviliged
+ services (i.e. those using the <varname>User=</varname>
+ setting) this allows processes to create a subhierarchy
+ beneath its control group path. For priviliged services and
+ scopes this ensures the processes will have all control
+ group controllers enabled.</para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>