diff options
Diffstat (limited to 'man/systemd.resource-control.xml')
-rw-r--r-- | man/systemd.resource-control.xml | 767 |
1 files changed, 0 insertions, 767 deletions
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml deleted file mode 100644 index 02878b28a0..0000000000 --- a/man/systemd.resource-control.xml +++ /dev/null @@ -1,767 +0,0 @@ -<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" -"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> - -<!-- - This file is part of systemd. - - Copyright 2013 Zbigniew Jędrzejewski-Szmek - - systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1 of the License, or - (at your option) any later version. - - systemd is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with systemd; If not, see <http://www.gnu.org/licenses/>. ---> - -<refentry id="systemd.resource-control"> - <refentryinfo> - <title>systemd.resource-control</title> - <productname>systemd</productname> - - <authorgroup> - <author> - <contrib>Developer</contrib> - <firstname>Lennart</firstname> - <surname>Poettering</surname> - <email>lennart@poettering.net</email> - </author> - </authorgroup> - </refentryinfo> - - <refmeta> - <refentrytitle>systemd.resource-control</refentrytitle> - <manvolnum>5</manvolnum> - </refmeta> - - <refnamediv> - <refname>systemd.resource-control</refname> - <refpurpose>Resource control unit settings</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <para> - <filename><replaceable>slice</replaceable>.slice</filename>, - <filename><replaceable>scope</replaceable>.scope</filename>, - <filename><replaceable>service</replaceable>.service</filename>, - <filename><replaceable>socket</replaceable>.socket</filename>, - <filename><replaceable>mount</replaceable>.mount</filename>, - <filename><replaceable>swap</replaceable>.swap</filename> - </para> - </refsynopsisdiv> - - <refsect1> - <title>Description</title> - - <para>Unit configuration files for services, slices, scopes, sockets, mount points, and swap devices share a subset - of configuration options for resource control of spawned processes. Internally, this relies on the Linux Control - Groups (cgroups) kernel concept for organizing processes in a hierarchical tree of named groups for the purpose of - resource management.</para> - - <para>This man page lists the configuration options shared by - those six unit types. See - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for the common options of all unit configuration files, and - <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - and - <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for more information on the specific unit configuration files. The - resource control configuration options are configured in the - [Slice], [Scope], [Service], [Socket], [Mount], or [Swap] - sections, depending on the unit type.</para> - - <para>In addition, options which control resources available to programs - <emphasis>executed</emphasis> by systemd are listed in - <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. - Those options complement options listed here.</para> - - <para>See the <ulink - url="http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/">New - Control Group Interfaces</ulink> for an introduction on how to make - use of resource control APIs from programs.</para> - </refsect1> - - <refsect1> - <title>Automatic Dependencies</title> - - <para>Units with the <varname>Slice=</varname> setting set automatically acquire <varname>Requires=</varname> and - <varname>After=</varname> dependencies on the specified slice unit.</para> - </refsect1> - - <refsect1> - <title>Unified and Legacy Control Group Hierarchies</title> - - <para>The unified control group hierarchy is the new version of kernel control group interface, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>. Depending on the resource type, - there are differences in resource control capabilities. Also, because of interface changes, some resource types - have separate set of options on the unified hierarchy.</para> - - <para> - <variablelist> - - <varlistentry> - <term><option>CPU</option></term> - <listitem> - <para>Due to the lack of consensus in the kernel community, the CPU controller support on the unified - control group hierarchy requires out-of-tree kernel patches. See <ulink - url="https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git/tree/Documentation/cgroup-v2-cpu.txt?h=cgroup-v2-cpu">cgroup-v2-cpu.txt</ulink>.</para> - - <para><varname>CPUWeight=</varname> and <varname>StartupCPUWeight=</varname> replace - <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>, respectively.</para> - - <para>The <literal>cpuacct</literal> controller does not exist separately on the unified hierarchy.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>Memory</option></term> - <listitem> - <para><varname>MemoryMax=</varname> replaces <varname>MemoryLimit=</varname>. <varname>MemoryLow=</varname> - and <varname>MemoryHigh=</varname> are effective only on unified hierarchy.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>IO</option></term> - <listitem> - <para><varname>IO</varname> prefixed settings are superset of and replace <varname>BlockIO</varname> - prefixed ones. On unified hierarchy, IO resource control also applies to buffered writes.</para> - </listitem> - </varlistentry> - - </variablelist> - </para> - - <para>To ease the transition, there is best-effort translation between the two versions of settings. For each - controller, if any of the settings for the unified hierarchy are present, all settings for the legacy hierarchy are - ignored. If the resulting settings are for the other type of hierarchy, the configurations are translated before - application.</para> - - <para>Legacy control group hierarchy (see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt">cgroups.txt</ulink>), also called cgroup-v1, - doesn't allow safe delegation of controllers to unprivileged processes. If the system uses the legacy control group - hierarchy, resource control is disabled for systemd user instance, see - <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>. - </para> - </refsect1> - - <refsect1> - <title>Options</title> - - <para>Units of the types listed above can have settings - for resource control configuration:</para> - - <variablelist class='unit-directives'> - - <varlistentry> - <term><varname>CPUAccounting=</varname></term> - - <listitem> - <para>Turn on CPU usage accounting for this unit. Takes a - boolean argument. Note that turning on CPU accounting for - one unit will also implicitly turn it on for all units - contained in the same slice and for all its parent slices - and the units contained therein. The system default for this - setting may be controlled with - <varname>DefaultCPUAccounting=</varname> in - <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>CPUWeight=<replaceable>weight</replaceable></varname></term> - <term><varname>StartupCPUWeight=<replaceable>weight</replaceable></varname></term> - - <listitem> - <para>Assign the specified CPU time weight to the processes executed, if the unified control group hierarchy - is used on the system. These options take an integer value and control the <literal>cpu.weight</literal> - control group attribute. The allowed range is 1 to 10000. Defaults to 100. For details about this control - group attribute, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink> and <ulink - url="https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>. - The available CPU time is split up among all units within one slice relative to their CPU time weight.</para> - - <para>While <varname>StartupCPUWeight=</varname> only applies to the startup phase of the system, - <varname>CPUWeight=</varname> applies to normal runtime of the system, and if the former is not set also to - the startup phase. Using <varname>StartupCPUWeight=</varname> allows prioritizing specific services at - boot-up differently than during normal runtime.</para> - - <para>Implies <literal>CPUAccounting=true</literal>.</para> - - <para>These settings replace <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>CPUQuota=</varname></term> - - <listitem> - <para>Assign the specified CPU time quota to the processes executed. Takes a percentage value, suffixed with - "%". The percentage specifies how much CPU time the unit shall get at maximum, relative to the total CPU time - available on one CPU. Use values > 100% for allotting CPU time on more than one CPU. This controls the - <literal>cpu.max</literal> attribute on the unified control group hierarchy and - <literal>cpu.cfs_quota_us</literal> on legacy. For details about these control group attributes, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink> and <ulink - url="https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>.</para> - - <para>Example: <varname>CPUQuota=20%</varname> ensures that the executed processes will never get more than - 20% CPU time on one CPU.</para> - - <para>Implies <literal>CPUAccounting=true</literal>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>MemoryAccounting=</varname></term> - - <listitem> - <para>Turn on process and kernel memory accounting for this - unit. Takes a boolean argument. Note that turning on memory - accounting for one unit will also implicitly turn it on for - all units contained in the same slice and for all its parent - slices and the units contained therein. The system default - for this setting may be controlled with - <varname>DefaultMemoryAccounting=</varname> in - <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>MemoryLow=<replaceable>bytes</replaceable></varname></term> - - <listitem> - <para>Specify the best-effort memory usage protection of the executed processes in this unit. If the memory - usages of this unit and all its ancestors are below their low boundaries, this unit's memory won't be - reclaimed as long as memory can be reclaimed from unprotected units.</para> - - <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is - parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a - percentage value may be specified, which is taken relative to the installed physical memory on the - system. This controls the <literal>memory.low</literal> control group attribute. For details about this - control group attribute, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para> - - <para>Implies <literal>MemoryAccounting=true</literal>.</para> - - <para>This setting is supported only if the unified control group hierarchy is used and disables - <varname>MemoryLimit=</varname>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>MemoryHigh=<replaceable>bytes</replaceable></varname></term> - - <listitem> - <para>Specify the high limit on memory usage of the executed processes in this unit. Memory usage may go - above the limit if unavoidable, but the processes are heavily slowed down and memory is taken away - aggressively in such cases. This is the main mechanism to control memory usage of a unit.</para> - - <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is - parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a - percentage value may be specified, which is taken relative to the installed physical memory on the - system. If assigned the - special value <literal>infinity</literal>, no memory limit is applied. This controls the - <literal>memory.high</literal> control group attribute. For details about this control group attribute, see - <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para> - - <para>Implies <literal>MemoryAccounting=true</literal>.</para> - - <para>This setting is supported only if the unified control group hierarchy is used and disables - <varname>MemoryLimit=</varname>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>MemoryMax=<replaceable>bytes</replaceable></varname></term> - - <listitem> - <para>Specify the absolute limit on memory usage of the executed processes in this unit. If memory usage - cannot be contained under the limit, out-of-memory killer is invoked inside the unit. It is recommended to - use <varname>MemoryHigh=</varname> as the main control mechanism and use <varname>MemoryMax=</varname> as the - last line of defense.</para> - - <para>Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is - parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a - percentage value may be specified, which is taken relative to the installed physical memory on the system. If - assigned the special value <literal>infinity</literal>, no memory limit is applied. This controls the - <literal>memory.max</literal> control group attribute. For details about this control group attribute, see - <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para> - - <para>Implies <literal>MemoryAccounting=true</literal>.</para> - - <para>This setting replaces <varname>MemoryLimit=</varname>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>MemorySwapMax=<replaceable>bytes</replaceable></varname></term> - - <listitem> - <para>Specify the absolute limit on swap usage of the executed processes in this unit.</para> - - <para>Takes a swap size in bytes. If the value is suffixed with K, M, G or T, the specified swap size is - parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the - special value <literal>infinity</literal>, no swap limit is applied. This controls the - <literal>memory.swap.max</literal> control group attribute. For details about this control group attribute, - see <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para> - - <para>Implies <literal>MemoryAccounting=true</literal>.</para> - - <para>This setting is supported only if the unified control group hierarchy is used and disables - <varname>MemoryLimit=</varname>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>TasksAccounting=</varname></term> - - <listitem> - <para>Turn on task accounting for this unit. Takes a - boolean argument. If enabled, the system manager will keep - track of the number of tasks in the unit. The number of - tasks accounted this way includes both kernel threads and - userspace processes, with each thread counting - individually. Note that turning on tasks accounting for one - unit will also implicitly turn it on for all units contained - in the same slice and for all its parent slices and the - units contained therein. The system default for this setting - may be controlled with - <varname>DefaultTasksAccounting=</varname> in - <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>TasksMax=<replaceable>N</replaceable></varname></term> - - <listitem> - <para>Specify the maximum number of tasks that may be created in the unit. This ensures that the number of - tasks accounted for the unit (see above) stays below a specific limit. This either takes an absolute number - of tasks or a percentage value that is taken relative to the configured maximum number of tasks on the - system. If assigned the special value <literal>infinity</literal>, no tasks limit is applied. This controls - the <literal>pids.max</literal> control group attribute. For details about this control group attribute, see - <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/pids.txt">pids.txt</ulink>.</para> - - <para>Implies <literal>TasksAccounting=true</literal>. The - system default for this setting may be controlled with - <varname>DefaultTasksMax=</varname> in - <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>IOAccounting=</varname></term> - - <listitem> - <para>Turn on Block I/O accounting for this unit, if the unified control group hierarchy is used on the - system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly - turn it on for all units contained in the same slice and all for its parent slices and the units contained - therein. The system default for this setting may be controlled with <varname>DefaultIOAccounting=</varname> - in - <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> - - <para>This setting replaces <varname>BlockIOAccounting=</varname> and disables settings prefixed with - <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>IOWeight=<replaceable>weight</replaceable></varname></term> - <term><varname>StartupIOWeight=<replaceable>weight</replaceable></varname></term> - - <listitem> - <para>Set the default overall block I/O weight for the executed processes, if the unified control group - hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the default block - I/O weight. This controls the <literal>io.weight</literal> control group attribute, which defaults to - 100. For details about this control group attribute, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>. The available I/O - bandwidth is split up among all units within one slice relative to their block I/O weight.</para> - - <para>While <varname>StartupIOWeight=</varname> only applies - to the startup phase of the system, - <varname>IOWeight=</varname> applies to the later runtime of - the system, and if the former is not set also to the startup - phase. This allows prioritizing specific services at boot-up - differently than during runtime.</para> - - <para>Implies <literal>IOAccounting=true</literal>.</para> - - <para>These settings replace <varname>BlockIOWeight=</varname> and <varname>StartupBlockIOWeight=</varname> - and disable settings prefixed with <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>IODeviceWeight=<replaceable>device</replaceable> <replaceable>weight</replaceable></varname></term> - - <listitem> - <para>Set the per-device overall block I/O weight for the executed processes, if the unified control group - hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify - the device specific weight value, between 1 and 10000. (Example: "/dev/sda 1000"). The file path may be - specified as path to a block device node or as any other file, in which case the backing block device of the - file system of the file is determined. This controls the <literal>io.weight</literal> control group - attribute, which defaults to 100. Use this option multiple times to set weights for multiple devices. For - details about this control group attribute, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>.</para> - - <para>Implies <literal>IOAccounting=true</literal>.</para> - - <para>This setting replaces <varname>BlockIODeviceWeight=</varname> and disables settings prefixed with - <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>IOReadBandwidthMax=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term> - <term><varname>IOWriteBandwidthMax=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term> - - <listitem> - <para>Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified - control group hierarchy is used on the system. This limit is not work-conserving and the executed processes - are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file - path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may - be a path to a block device node, or as any other file in which case the backing block device of the file - system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is - parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example: - "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the <literal>io.max</literal> control - group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details - about this control group attribute, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>. - </para> - - <para>Implies <literal>IOAccounting=true</literal>.</para> - - <para>These settings replace <varname>BlockIOReadBandwidth=</varname> and - <varname>BlockIOWriteBandwidth=</varname> and disable settings prefixed with <varname>BlockIO</varname> or - <varname>StartupBlockIO</varname>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>IOReadIOPSMax=<replaceable>device</replaceable> <replaceable>IOPS</replaceable></varname></term> - <term><varname>IOWriteIOPSMax=<replaceable>device</replaceable> <replaceable>IOPS</replaceable></varname></term> - - <listitem> - <para>Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the - unified control group hierarchy is used on the system. This limit is not work-conserving and the executed - processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of - a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block - device node, or as any other file in which case the backing block device of the file system of the file is - used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS, - GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example: - "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the <literal>io.max</literal> control - group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about - this control group attribute, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v2.txt">cgroup-v2.txt</ulink>. - </para> - - <para>Implies <literal>IOAccounting=true</literal>.</para> - - <para>These settings are supported only if the unified control group hierarchy is used and disable settings - prefixed with <varname>BlockIO</varname> or <varname>StartupBlockIO</varname>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>DeviceAllow=</varname></term> - - <listitem> - <para>Control access to specific device nodes by the - executed processes. Takes two space-separated strings: a - device node specifier followed by a combination of - <constant>r</constant>, <constant>w</constant>, - <constant>m</constant> to control - <emphasis>r</emphasis>eading, <emphasis>w</emphasis>riting, - or creation of the specific device node(s) by the unit - (<emphasis>m</emphasis>knod), respectively. This controls - the <literal>devices.allow</literal> and - <literal>devices.deny</literal> control group - attributes. For details about these control group - attributes, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt">devices.txt</ulink>.</para> - - <para>The device node specifier is either a path to a device - node in the file system, starting with - <filename>/dev/</filename>, or a string starting with either - <literal>char-</literal> or <literal>block-</literal> - followed by a device group name, as listed in - <filename>/proc/devices</filename>. The latter is useful to - whitelist all current and future devices belonging to a - specific device group at once. The device group is matched - according to file name globbing rules, you may hence use the - <literal>*</literal> and <literal>?</literal> - wildcards. Examples: <filename>/dev/sda5</filename> is a - path to a device node, referring to an ATA or SCSI block - device. <literal>char-pts</literal> and - <literal>char-alsa</literal> are specifiers for all pseudo - TTYs and all ALSA sound devices, - respectively. <literal>char-cpu/*</literal> is a specifier - matching all CPU related device groups.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>DevicePolicy=auto|closed|strict</varname></term> - - <listitem> - <para> - Control the policy for allowing device access: - </para> - <variablelist> - <varlistentry> - <term><option>strict</option></term> - <listitem> - <para>means to only allow types of access that are - explicitly specified.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>closed</option></term> - <listitem> - <para>in addition, allows access to standard pseudo - devices including - <filename>/dev/null</filename>, - <filename>/dev/zero</filename>, - <filename>/dev/full</filename>, - <filename>/dev/random</filename>, and - <filename>/dev/urandom</filename>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>auto</option></term> - <listitem> - <para> - in addition, allows access to all devices if no - explicit <varname>DeviceAllow=</varname> is present. - This is the default. - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>Slice=</varname></term> - - <listitem> - <para>The name of the slice unit to place the unit - in. Defaults to <filename>system.slice</filename> for all - non-instantiated units of all unit types (except for slice - units themselves see below). Instance units are by default - placed in a subslice of <filename>system.slice</filename> - that is named after the template name.</para> - - <para>This option may be used to arrange systemd units in a - hierarchy of slices each of which might have resource - settings applied.</para> - - <para>For units of type slice, the only accepted value for - this setting is the parent slice. Since the name of a slice - unit implies the parent slice, it is hence redundant to ever - set this parameter directly for slice units.</para> - - <para>Special care should be taken when relying on the default slice assignment in templated service units - that have <varname>DefaultDependencies=no</varname> set, see - <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, section - "Automatic Dependencies" for details.</para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>Delegate=</varname></term> - - <listitem> - <para>Turns on delegation of further resource control - partitioning to processes of the unit. For unprivileged - services (i.e. those using the <varname>User=</varname> - setting), this allows processes to create a subhierarchy - beneath its control group path. For privileged services and - scopes, this ensures the processes will have all control - group controllers enabled.</para> - </listitem> - </varlistentry> - - </variablelist> - </refsect1> - - <refsect1> - <title>Deprecated Options</title> - - <para>The following options are deprecated. Use the indicated superseding options instead:</para> - - <variablelist class='unit-directives'> - - <varlistentry> - <term><varname>CPUShares=<replaceable>weight</replaceable></varname></term> - <term><varname>StartupCPUShares=<replaceable>weight</replaceable></varname></term> - - <listitem> - <para>Assign the specified CPU time share weight to the processes executed. These options take an integer - value and control the <literal>cpu.shares</literal> control group attribute. The allowed range is 2 to - 262144. Defaults to 1024. For details about this control group attribute, see <ulink - url="https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt">sched-design-CFS.txt</ulink>. - The available CPU time is split up among all units within one slice relative to their CPU time share - weight.</para> - - <para>While <varname>StartupCPUShares=</varname> only applies to the startup phase of the system, - <varname>CPUShares=</varname> applies to normal runtime of the system, and if the former is not set also to - the startup phase. Using <varname>StartupCPUShares=</varname> allows prioritizing specific services at - boot-up differently than during normal runtime.</para> - - <para>Implies <literal>CPUAccounting=true</literal>.</para> - - <para>These settings are deprecated. Use <varname>CPUWeight=</varname> and - <varname>StartupCPUWeight=</varname> instead.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>MemoryLimit=<replaceable>bytes</replaceable></varname></term> - - <listitem> - <para>Specify the limit on maximum memory usage of the executed processes. The limit specifies how much - process and kernel memory can be used by tasks in this unit. Takes a memory size in bytes. If the value is - suffixed with K, M, G or T, the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or - Terabytes (with the base 1024), respectively. Alternatively, a percentage value may be specified, which is - taken relative to the installed physical memory on the system. If assigned the special value - <literal>infinity</literal>, no memory limit is applied. This controls the - <literal>memory.limit_in_bytes</literal> control group attribute. For details about this control group - attribute, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt">memory.txt</ulink>.</para> - - <para>Implies <literal>MemoryAccounting=true</literal>.</para> - - <para>This setting is deprecated. Use <varname>MemoryMax=</varname> instead.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>BlockIOAccounting=</varname></term> - - <listitem> - <para>Turn on Block I/O accounting for this unit, if the legacy control group hierarchy is used on the - system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly - turn it on for all units contained in the same slice and all for its parent slices and the units contained - therein. The system default for this setting may be controlled with - <varname>DefaultBlockIOAccounting=</varname> in - <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> - - <para>This setting is deprecated. Use <varname>IOAccounting=</varname> instead.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>BlockIOWeight=<replaceable>weight</replaceable></varname></term> - <term><varname>StartupBlockIOWeight=<replaceable>weight</replaceable></varname></term> - - <listitem><para>Set the default overall block I/O weight for the executed processes, if the legacy control - group hierarchy is used on the system. Takes a single weight value (between 10 and 1000) to set the default - block I/O weight. This controls the <literal>blkio.weight</literal> control group attribute, which defaults to - 500. For details about this control group attribute, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>. - The available I/O bandwidth is split up among all units within one slice relative to their block I/O - weight.</para> - - <para>While <varname>StartupBlockIOWeight=</varname> only - applies to the startup phase of the system, - <varname>BlockIOWeight=</varname> applies to the later runtime - of the system, and if the former is not set also to the - startup phase. This allows prioritizing specific services at - boot-up differently than during runtime.</para> - - <para>Implies - <literal>BlockIOAccounting=true</literal>.</para> - - <para>These settings are deprecated. Use <varname>IOWeight=</varname> and <varname>StartupIOWeight=</varname> - instead.</para> - - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>BlockIODeviceWeight=<replaceable>device</replaceable> <replaceable>weight</replaceable></varname></term> - - <listitem> - <para>Set the per-device overall block I/O weight for the executed processes, if the legacy control group - hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify - the device specific weight value, between 10 and 1000. (Example: "/dev/sda 500"). The file path may be - specified as path to a block device node or as any other file, in which case the backing block device of the - file system of the file is determined. This controls the <literal>blkio.weight_device</literal> control group - attribute, which defaults to 1000. Use this option multiple times to set weights for multiple devices. For - details about this control group attribute, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>.</para> - - <para>Implies - <literal>BlockIOAccounting=true</literal>.</para> - - <para>This setting is deprecated. Use <varname>IODeviceWeight=</varname> instead.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>BlockIOReadBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term> - <term><varname>BlockIOWriteBandwidth=<replaceable>device</replaceable> <replaceable>bytes</replaceable></varname></term> - - <listitem> - <para>Set the per-device overall block I/O bandwidth limit for the executed processes, if the legacy control - group hierarchy is used on the system. Takes a space-separated pair of a file path and a bandwidth value (in - bytes per second) to specify the device specific bandwidth. The file path may be a path to a block device - node, or as any other file in which case the backing block device of the file system of the file is used. If - the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is parsed as Kilobytes, Megabytes, - Gigabytes, or Terabytes, respectively, to the base of 1000. (Example: - "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the - <literal>blkio.throttle.read_bps_device</literal> and <literal>blkio.throttle.write_bps_device</literal> - control group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For - details about these control group attributes, see <ulink - url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>. - </para> - - <para>Implies - <literal>BlockIOAccounting=true</literal>.</para> - - <para>These settings are deprecated. Use <varname>IOReadBandwidthMax=</varname> and - <varname>IOWriteBandwidthMax=</varname> instead.</para> - </listitem> - </varlistentry> - - </variablelist> - </refsect1> - - <refsect1> - <title>See Also</title> - <para> - <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, - The documentation for control groups and specific controllers in the Linux kernel: - <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt">cgroups.txt</ulink>, - <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/cpuacct.txt">cpuacct.txt</ulink>, - <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt">memory.txt</ulink>, - <ulink url="https://www.kernel.org/doc/Documentation/cgroup-v1/blkio-controller.txt">blkio-controller.txt</ulink>. - </para> - </refsect1> -</refentry> |