summaryrefslogtreecommitdiff
path: root/man/systemd.exec.xml
diff options
context:
space:
mode:
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r--man/systemd.exec.xml46
1 files changed, 24 insertions, 22 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c0ecf92419..96298f11ed 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -86,7 +86,7 @@
<listitem><para>Takes an absolute directory path, or the
special value <literal>~</literal>. Sets the working directory
- for executed processes. If set to <literal>~</literal> the
+ for executed processes. If set to <literal>~</literal>, the
home directory of the user specified in
<varname>User=</varname> is used. If not set, defaults to the
root directory when systemd is running as a system instance
@@ -123,8 +123,8 @@
<listitem><para>Sets the supplementary Unix groups the
processes are executed as. This takes a space-separated list
of group names or IDs. This option may be specified more than
- once in which case all listed groups are set as supplementary
- groups. When the empty string is assigned the list of
+ once, in which case all listed groups are set as supplementary
+ groups. When the empty string is assigned, the list of
supplementary groups is reset, and all assignments prior to
this one will have no effect. In any way, this option does not
override, but extends the list of supplementary groups
@@ -157,7 +157,7 @@
<varlistentry>
<term><varname>IOSchedulingClass=</varname></term>
- <listitem><para>Sets the IO scheduling class for executed
+ <listitem><para>Sets the I/O scheduling class for executed
processes. Takes an integer between 0 and 3 or one of the
strings <option>none</option>, <option>realtime</option>,
<option>best-effort</option> or <option>idle</option>. See
@@ -168,10 +168,10 @@
<varlistentry>
<term><varname>IOSchedulingPriority=</varname></term>
- <listitem><para>Sets the IO scheduling priority for executed
+ <listitem><para>Sets the I/O scheduling priority for executed
processes. Takes an integer between 0 (highest priority) and 7
(lowest priority). The available priorities depend on the
- selected IO scheduling class (see above). See
+ selected I/O scheduling class (see above). See
<citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details.</para></listitem>
</varlistentry>
@@ -220,7 +220,7 @@
processes. Takes a list of CPU indices or ranges separated by
either whitespace or commas. CPU ranges are specified by the
lower and upper CPU indices separated by a dash.
- This option may be specified more than once in which case the
+ This option may be specified more than once, in which case the
specified CPU affinity masks are merged. If the empty string
is assigned, the mask is reset, all assignments prior to this
will have no effect. See
@@ -242,7 +242,7 @@
<listitem><para>Sets environment variables for executed
processes. Takes a space-separated list of variable
- assignments. This option may be specified more than once in
+ assignments. This option may be specified more than once, in
which case all listed variables will be set. If the same
variable is set twice, the later setting will override the
earlier setting. If the empty string is assigned to this
@@ -493,7 +493,7 @@
</varlistentry>
<varlistentry>
<term><varname>SyslogLevel=</varname></term>
- <listitem><para>Default syslog level to use when logging to
+ <listitem><para>The default syslog level to use when logging to
syslog or the kernel log buffer. One of
<option>emerg</option>,
<option>alert</option>,
@@ -512,7 +512,7 @@
different log level which can be used to override the default
log level specified here. The interpretation of these prefixes
may be disabled with <varname>SyslogLevelPrefix=</varname>,
- see below. For details see
+ see below. For details, see
<citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
Defaults to
@@ -568,7 +568,9 @@
of various resources for executed processes. See
<citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details. Use the string <varname>infinity</varname> to
- configure no limit on a specific resource.</para></listitem>
+ configure no limit on a specific resource. The multiplicative suffixes
+ K (=1024), M (=1024*1024) and so on for G, T, P and E may be used for
+ resource limits measured in bytes (e.g. LimitAS=16G).</para></listitem>
<table>
<title>Limit directives and their equivalent with ulimit</title>
@@ -685,7 +687,7 @@
of what <varname>Capabilities=</varname> does. If this option
is not used, the capability bounding set is not modified on
process execution, hence no limits on the capabilities of the
- process are enforced. This option may appear more than once in
+ process are enforced. This option may appear more than once, in
which case the bounding sets are merged. If the empty string
is assigned to this option, the bounding set is reset to the
empty capability set, and all prior settings have no effect.
@@ -706,7 +708,7 @@
<option>no-setuid-fixup-locked</option>,
<option>noroot</option>, and
<option>noroot-locked</option>.
- This option may appear more than once in which case the secure
+ This option may appear more than once, in which case the secure
bits are ORed. If the empty string is assigned to this option,
the bits are reset to 0. See
<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
@@ -747,7 +749,7 @@
inaccessible for processes inside the namespace. Note that
restricting access with these options does not extend to
submounts of a directory that are created later on. These
- options may be specified more than once in which case all
+ options may be specified more than once, in which case all
directories listed will have limited access from within the
namespace. If the empty string is assigned to this option, the
specific list is reset, and all prior assignments have no
@@ -850,7 +852,7 @@
directories read-only for processes invoked by this unit. If
set to <literal>full</literal>, the <filename>/etc</filename>
directory is mounted read-only, too. This setting ensures that
- any modification of the vendor supplied operating system (and
+ any modification of the vendor-supplied operating system (and
optionally its configuration) is prohibited for the service.
It is recommended to enable this setting for all long-running
services, unless they are involved with system updates or need
@@ -951,15 +953,15 @@
invoked process must implement a
<command>getty</command>-compatible utmp/wtmp logic. If
<literal>login</literal> is set, first an
- <constant>INIT_PROCESS</constant> entry, followed by an
+ <constant>INIT_PROCESS</constant> entry, followed by a
<constant>LOGIN_PROCESS</constant> entry is generated. In
- this case the invoked process must implement a <citerefentry
+ this case, the invoked process must implement a <citerefentry
project='die-net'><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>-compatible
utmp/wtmp logic. If <literal>user</literal> is set, first an
<constant>INIT_PROCESS</constant> entry, then a
- <constant>LOGIN_PROCESS</constant> entry and finally an
+ <constant>LOGIN_PROCESS</constant> entry and finally a
<constant>USER_PROCESS</constant> entry is generated. In this
- case the invoked process may be any process that is suitable
+ case, the invoked process may be any process that is suitable
to be run as session leader. Defaults to
<literal>init</literal>.</para></listitem>
</varlistentry>
@@ -994,7 +996,7 @@
<listitem><para>Takes a <option>SMACK64</option> security
label as argument. The process executed by the unit will be
started under this label and SMACK will decide whether the
- process is allowed to run or not based on it. The process
+ process is allowed to run or not, based on it. The process
will continue to run under the label specified here unless the
executable has its own <option>SMACK64EXEC</option> label, in
which case the process will transition to run under that
@@ -1050,7 +1052,7 @@
<function>sigreturn</function>,
<function>exit_group</function>, <function>exit</function>
system calls are implicitly whitelisted and do not need to be
- listed explicitly. This option may be specified more than once
+ listed explicitly. This option may be specified more than once,
in which case the filter masks are merged. If the empty string
is assigned, the filter is reset, all prior assignments will
have no effect.</para>
@@ -1086,7 +1088,7 @@
<varlistentry>
<term><varname>SystemCallArchitectures=</varname></term>
- <listitem><para>Takes a space separated list of architecture
+ <listitem><para>Takes a space-separated list of architecture
identifiers to include in the system call filter. The known
architecture identifiers are <constant>x86</constant>,
<constant>x86-64</constant>, <constant>x32</constant>,