diff options
Diffstat (limited to 'man/systemd.socket.xml')
| -rw-r--r-- | man/systemd.socket.xml | 759 |
1 files changed, 0 insertions, 759 deletions
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml deleted file mode 100644 index 1e9778bc2a..0000000000 --- a/man/systemd.socket.xml +++ /dev/null @@ -1,759 +0,0 @@ -<?xml version='1.0'?> <!--*-nxml-*--> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> - -<!-- - This file is part of systemd. - - Copyright 2010 Lennart Poettering - - systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1 of the License, or - (at your option) any later version. - - systemd is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with systemd; If not, see <http://www.gnu.org/licenses/>. ---> - -<refentry id="systemd.socket"> - <refentryinfo> - <title>systemd.socket</title> - <productname>systemd</productname> - - <authorgroup> - <author> - <contrib>Developer</contrib> - <firstname>Lennart</firstname> - <surname>Poettering</surname> - <email>lennart@poettering.net</email> - </author> - </authorgroup> - </refentryinfo> - - <refmeta> - <refentrytitle>systemd.socket</refentrytitle> - <manvolnum>5</manvolnum> - </refmeta> - - <refnamediv> - <refname>systemd.socket</refname> - <refpurpose>Socket unit configuration</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <para><filename><replaceable>socket</replaceable>.socket</filename></para> - </refsynopsisdiv> - - <refsect1> - <title>Description</title> - - <para>A unit configuration file whose name ends in - <literal>.socket</literal> encodes information about an IPC or - network socket or a file system FIFO controlled and supervised by - systemd, for socket-based activation.</para> - - <para>This man page lists the configuration options specific to - this unit type. See - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for the common options of all unit configuration files. The common - configuration items are configured in the generic [Unit] and - [Install] sections. The socket specific configuration options are - configured in the [Socket] section.</para> - - <para>Additional options are listed in - <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - which define the execution environment the - <option>ExecStartPre=</option>, <option>ExecStartPost=</option>, - <option>ExecStopPre=</option> and <option>ExecStopPost=</option> - commands are executed in, and in - <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - which define the way the processes are terminated, and in - <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - which configure resource control settings for the processes of the - socket.</para> - - <para>For each socket file, a matching service file must exist, - describing the service to start on incoming traffic on the socket - (see - <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for more information about .service files). The name of the - .service unit is by default the same as the name of the .socket - unit, but can be altered with the <option>Service=</option> option - described below. Depending on the setting of the - <option>Accept=</option> option described below, this .service - unit must either be named like the .socket unit, but with the - suffix replaced, unless overridden with <option>Service=</option>; - or it must be a template unit named the same way. Example: a - socket file <filename>foo.socket</filename> needs a matching - service <filename>foo.service</filename> if - <option>Accept=false</option> is set. If - <option>Accept=true</option> is set, a service template file - <filename>foo@.service</filename> must exist from which services - are instantiated for each incoming connection.</para> - - <para>Unless <varname>DefaultDependencies=</varname> is set to - <option>false</option>, socket units will implicitly have - dependencies of type <varname>Requires=</varname> and - <varname>After=</varname> on <filename>sysinit.target</filename> - as well as dependencies of type <varname>Conflicts=</varname> and - <varname>Before=</varname> on - <filename>shutdown.target</filename>. These ensure that socket - units pull in basic system initialization, and are terminated - cleanly prior to system shutdown. Only sockets involved with early - boot or late system shutdown should disable this option.</para> - - <para>Socket units will have a <varname>Before=</varname> - dependency on the service which they trigger added implicitly. No - implicit <varname>WantedBy=</varname> or - <varname>RequiredBy=</varname> dependency from the socket to the - service is added. This means that the service may be started - without the socket, in which case it must be able to open sockets - by itself. To prevent this, an explicit - <varname>Requires=</varname> dependency may be added.</para> - - <para>Socket units may be used to implement on-demand starting of - services, as well as parallelized starting of services. See the - blog stories linked at the end for an introduction.</para> - - <para>Note that the daemon software configured for socket - activation with socket units needs to be able to accept sockets - from systemd, either via systemd's native socket passing interface - (see - <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry> - for details) or via the traditional - <citerefentry project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>-style - socket passing (i.e. sockets passed in via standard input and - output, using <varname>StandardInput=socket</varname> in the - service file).</para> - </refsect1> - - <refsect1> - <title>Options</title> - - <para>Socket files must include a [Socket] section, which carries - information about the socket or FIFO it supervises. A number of - options that may be used in this section are shared with other - unit types. These options are documented in - <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> - and - <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>. - The options specific to the [Socket] section of socket units are - the following:</para> - - <variablelist class='unit-directives'> - <varlistentry> - <term><varname>ListenStream=</varname></term> - <term><varname>ListenDatagram=</varname></term> - <term><varname>ListenSequentialPacket=</varname></term> - <listitem><para>Specifies an address to listen on for a stream - (<constant>SOCK_STREAM</constant>), datagram - (<constant>SOCK_DGRAM</constant>), or sequential packet - (<constant>SOCK_SEQPACKET</constant>) socket, respectively. - The address can be written in various formats:</para> - - <para>If the address starts with a slash - (<literal>/</literal>), it is read as file system socket in - the <constant>AF_UNIX</constant> socket family.</para> - - <para>If the address starts with an at symbol - (<literal>@</literal>), it is read as abstract namespace - socket in the <constant>AF_UNIX</constant> family. The - <literal>@</literal> is replaced with a - <constant>NUL</constant> character before binding. For - details, see - <citerefentry project='man-pages'><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para> - - <para>If the address string is a single number, it is read as - port number to listen on via IPv6. Depending on the value of - <varname>BindIPv6Only=</varname> (see below) this might result - in the service being available via both IPv6 and IPv4 - (default) or just via IPv6. - </para> - - <para>If the address string is a string in the format - v.w.x.y:z, it is read as IPv4 specifier for listening on an - address v.w.x.y on a port z.</para> - - <para>If the address string is a string in the format [x]:y, - it is read as IPv6 address x on a port y. Note that this might - make the service available via IPv4, too, depending on the - <varname>BindIPv6Only=</varname> setting (see below). - </para> - - <para>Note that <constant>SOCK_SEQPACKET</constant> (i.e. - <varname>ListenSequentialPacket=</varname>) is only available - for <constant>AF_UNIX</constant> sockets. - <constant>SOCK_STREAM</constant> (i.e. - <varname>ListenStream=</varname>) when used for IP sockets - refers to TCP sockets, <constant>SOCK_DGRAM</constant> (i.e. - <varname>ListenDatagram=</varname>) to UDP.</para> - - <para>These options may be specified more than once in which - case incoming traffic on any of the sockets will trigger - service activation, and all listed sockets will be passed to - the service, regardless of whether there is incoming traffic - on them or not. If the empty string is assigned to any of - these options, the list of addresses to listen on is reset, - all prior uses of any of these options will have no - effect.</para> - - <para>It is also possible to have more than one socket unit - for the same service when using <varname>Service=</varname>, - and the service will receive all the sockets configured in all - the socket units. Sockets configured in one unit are passed in - the order of configuration, but no ordering between socket - units is specified.</para> - - <para>If an IP address is used here, it is often desirable to - listen on it before the interface it is configured on is up - and running, and even regardless of whether it will be up and - running at any point. To deal with this, it is recommended to - set the <varname>FreeBind=</varname> option described - below.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>ListenFIFO=</varname></term> - <listitem><para>Specifies a file system FIFO to listen on. - This expects an absolute file system path as argument. - Behavior otherwise is very similar to the - <varname>ListenDatagram=</varname> directive - above.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>ListenSpecial=</varname></term> - <listitem><para>Specifies a special file in the file system to - listen on. This expects an absolute file system path as - argument. Behavior otherwise is very similar to the - <varname>ListenFIFO=</varname> directive above. Use this to - open character device nodes as well as special files in - <filename>/proc</filename> and - <filename>/sys</filename>.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>ListenNetlink=</varname></term> - <listitem><para>Specifies a Netlink family to create a socket - for to listen on. This expects a short string referring to the - <constant>AF_NETLINK</constant> family name (such as - <varname>audit</varname> or <varname>kobject-uevent</varname>) - as argument, optionally suffixed by a whitespace followed by a - multicast group integer. Behavior otherwise is very similar to - the <varname>ListenDatagram=</varname> directive - above.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>ListenMessageQueue=</varname></term> - <listitem><para>Specifies a POSIX message queue name to listen - on. This expects a valid message queue name (i.e. beginning - with /). Behavior otherwise is very similar to the - <varname>ListenFIFO=</varname> directive above. On Linux - message queue descriptors are actually file descriptors and - can be inherited between processes.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>BindIPv6Only=</varname></term> - <listitem><para>Takes a one of <option>default</option>, - <option>both</option> or <option>ipv6-only</option>. Controls - the IPV6_V6ONLY socket option (see - <citerefentry project='die-net'><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry> - for details). If <option>both</option>, IPv6 sockets bound - will be accessible via both IPv4 and IPv6. If - <option>ipv6-only</option>, they will be accessible via IPv6 - only. If <option>default</option> (which is the default, - surprise!), the system wide default setting is used, as - controlled by - <filename>/proc/sys/net/ipv6/bindv6only</filename>, which in - turn defaults to the equivalent of - <option>both</option>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>Backlog=</varname></term> - <listitem><para>Takes an unsigned integer argument. Specifies - the number of connections to queue that have not been accepted - yet. This setting matters only for stream and sequential - packet sockets. See - <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry> - for details. Defaults to SOMAXCONN (128).</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>BindToDevice=</varname></term> - <listitem><para>Specifies a network interface name to bind - this socket to. If set, traffic will only be accepted from the - specified network interfaces. This controls the - SO_BINDTODEVICE socket option (see - <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> - for details). If this option is used, an automatic dependency - from this socket unit on the network interface device unit - (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry> - is created.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>SocketUser=</varname></term> - <term><varname>SocketGroup=</varname></term> - - <listitem><para>Takes a UNIX user/group name. When specified, - all AF_UNIX sockets and FIFO nodes in the file system are - owned by the specified user and group. If unset (the default), - the nodes are owned by the root user/group (if run in system - context) or the invoking user/group (if run in user context). - If only a user is specified but no group, then the group is - derived from the user's default group.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>SocketMode=</varname></term> - <listitem><para>If listening on a file system socket or FIFO, - this option specifies the file system access mode used when - creating the file node. Takes an access mode in octal - notation. Defaults to 0666.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>DirectoryMode=</varname></term> - <listitem><para>If listening on a file system socket or FIFO, - the parent directories are automatically created if needed. - This option specifies the file system access mode used when - creating these directories. Takes an access mode in octal - notation. Defaults to 0755.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>Accept=</varname></term> - <listitem><para>Takes a boolean argument. If true, a service - instance is spawned for each incoming connection and only the - connection socket is passed to it. If false, all listening - sockets themselves are passed to the started service unit, and - only one service unit is spawned for all connections (also see - above). This value is ignored for datagram sockets and FIFOs - where a single service unit unconditionally handles all - incoming traffic. Defaults to <option>false</option>. For - performance reasons, it is recommended to write new daemons - only in a way that is suitable for - <option>Accept=false</option>. A daemon listening on an - <constant>AF_UNIX</constant> socket may, but does not need to, - call - <citerefentry><refentrytitle>close</refentrytitle><manvolnum>2</manvolnum></citerefentry> - on the received socket before exiting. However, it must not - unlink the socket from a file system. It should not invoke - <citerefentry><refentrytitle>shutdown</refentrytitle><manvolnum>2</manvolnum></citerefentry> - on sockets it got with <varname>Accept=false</varname>, but it - may do so for sockets it got with - <varname>Accept=true</varname> set. Setting - <varname>Accept=true</varname> is mostly useful to allow - daemons designed for usage with - <citerefentry project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry> - to work unmodified with systemd socket - activation.</para> - - <para>For IPv4 and IPv6 connections the <varname>REMOTE_ADDR</varname> - environment variable will contain the remote IP, and <varname>REMOTE_PORT</varname> - will contain the remote port. This is the same as the format used by CGI. - For SOCK_RAW the port is the IP protocol.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>MaxConnections=</varname></term> - <listitem><para>The maximum number of connections to - simultaneously run services instances for, when - <option>Accept=true</option> is set. If more concurrent - connections are coming in, they will be refused until at least - one existing connection is terminated. This setting has no - effect on sockets configured with - <option>Accept=false</option> or datagram sockets. Defaults to - 64.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>KeepAlive=</varname></term> - <listitem><para>Takes a boolean argument. If true, the TCP/IP - stack will send a keep alive message after 2h (depending on - the configuration of - <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>) - for all TCP streams accepted on this socket. This controls the - SO_KEEPALIVE socket option (see - <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> - and the <ulink - url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP - Keepalive HOWTO</ulink> for details.) Defaults to - <option>false</option>.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>KeepAliveTimeSec=</varname></term> - <listitem><para>Takes time (in seconds) as argument . The connection needs to remain - idle before TCP starts sending keepalive probes. This controls the TCP_KEEPIDLE - socket option (see - <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> - and the <ulink - url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP - Keepalive HOWTO</ulink> for details.) - Defaults value is 7200 seconds (2 hours).</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>KeepAliveIntervalSec=</varname></term> - <listitem><para>Takes time (in seconds) as argument between - individual keepalive probes, if the socket option SO_KEEPALIVE - has been set on this socket seconds as argument. This controls - the TCP_KEEPINTVL socket option (see - <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> - and the <ulink - url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP - Keepalive HOWTO</ulink> for details.) Defaults value is 75 - seconds.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>KeepAliveProbes=</varname></term> - <listitem><para>Takes integer as argument. It's the number of - unacknowledged probes to send before considering the - connection dead and notifying the application layer. This - controls the TCP_KEEPCNT socket option (see - <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> - and the <ulink - url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP - Keepalive HOWTO</ulink> for details.) Defaults value is - 9.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>NoDelay=</varname></term> - <listitem><para>Takes a boolean argument. TCP Nagle's - algorithm works by combining a number of small outgoing - messages, and sending them all at once. This controls the - TCP_NODELAY socket option (see - <citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry> - Defaults to <option>false</option>.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>Priority=</varname></term> - <listitem><para>Takes an integer argument controlling the - priority for all traffic sent from this socket. This controls - the SO_PRIORITY socket option (see - <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> - for details.).</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>DeferAcceptSec=</varname></term> - - <listitem><para>Takes time (in seconds) as argument. If set, - the listening process will be awakened only when data arrives - on the socket, and not immediately when connection is - established. When this option is set, the - <constant>TCP_DEFER_ACCEPT</constant> socket option will be - used (see - <citerefentry project='die-net'><refentrytitle>tcp</refentrytitle><manvolnum>7</manvolnum></citerefentry>), - and the kernel will ignore initial ACK packets without any - data. The argument specifies the approximate amount of time - the kernel should wait for incoming data before falling back - to the normal behaviour of honouring empty ACK packets. This - option is beneficial for protocols where the client sends the - data first (e.g. HTTP, in contrast to SMTP), because the - server process will not be woken up unnecessarily before it - can take any action. - </para> - - <para>If the client also uses the - <constant>TCP_DEFER_ACCEPT</constant> option, the latency of - the initial connection may be reduced, because the kernel will - send data in the final packet establishing the connection (the - third packet in the "three-way handshake").</para> - - <para>Disabled by default.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><varname>ReceiveBuffer=</varname></term> - <term><varname>SendBuffer=</varname></term> - <listitem><para>Takes an integer argument controlling the - receive or send buffer sizes of this socket, respectively. - This controls the SO_RCVBUF and SO_SNDBUF socket options (see - <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> - for details.). The usual suffixes K, M, G are supported and - are understood to the base of 1024.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>IPTOS=</varname></term> - <listitem><para>Takes an integer argument controlling the IP - Type-Of-Service field for packets generated from this socket. - This controls the IP_TOS socket option (see - <citerefentry project='die-net'><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry> - for details.). Either a numeric string or one of - <option>low-delay</option>, <option>throughput</option>, - <option>reliability</option> or <option>low-cost</option> may - be specified.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>IPTTL=</varname></term> - <listitem><para>Takes an integer argument controlling the IPv4 - Time-To-Live/IPv6 Hop-Count field for packets generated from - this socket. This sets the IP_TTL/IPV6_UNICAST_HOPS socket - options (see - <citerefentry project='die-net'><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry> - and - <citerefentry project='die-net'><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry> - for details.)</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>Mark=</varname></term> - <listitem><para>Takes an integer value. Controls the firewall - mark of packets generated by this socket. This can be used in - the firewall logic to filter packets from this socket. This - sets the SO_MARK socket option. See - <citerefentry project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry> - for details.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>ReusePort=</varname></term> - <listitem><para>Takes a boolean value. If true, allows - multiple - <citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s - to this TCP or UDP port. This controls the SO_REUSEPORT socket - option. See - <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry> - for details.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>SmackLabel=</varname></term> - <term><varname>SmackLabelIPIn=</varname></term> - <term><varname>SmackLabelIPOut=</varname></term> - <listitem><para>Takes a string value. Controls the extended - attributes <literal>security.SMACK64</literal>, - <literal>security.SMACK64IPIN</literal> and - <literal>security.SMACK64IPOUT</literal>, respectively, i.e. - the security label of the FIFO, or the security label for the - incoming or outgoing connections of the socket, respectively. - See <ulink - url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink> - for details.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>SELinuxContextFromNet=</varname></term> - <listitem><para>Takes a boolean argument. When true, systemd - will attempt to figure out the SELinux label used for the - instantiated service from the information handed by the peer - over the network. Note that only the security level is used - from the information provided by the peer. Other parts of the - resulting SELinux context originate from either the target - binary that is effectively triggered by socket unit or from - the value of the <varname>SELinuxContext=</varname> option. - This configuration option only affects sockets with - <varname>Accept=</varname> mode set to - <literal>true</literal>. Also note that this option is useful - only when MLS/MCS SELinux policy is deployed. Defaults to - <literal>false</literal>. </para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>PipeSize=</varname></term> - <listitem><para>Takes a size in bytes. Controls the pipe - buffer size of FIFOs configured in this socket unit. See - <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry> - for details. The usual suffixes K, M, G are supported and are - understood to the base of 1024.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>MessageQueueMaxMessages=</varname>, - <varname>MessageQueueMessageSize=</varname></term> - <listitem><para>These two settings take integer values and - control the mq_maxmsg field or the mq_msgsize field, - respectively, when creating the message queue. Note that - either none or both of these variables need to be set. See - <citerefentry project='die-net'><refentrytitle>mq_setattr</refentrytitle><manvolnum>3</manvolnum></citerefentry> - for details.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>FreeBind=</varname></term> - <listitem><para>Takes a boolean value. Controls whether the - socket can be bound to non-local IP addresses. This is useful - to configure sockets listening on specific IP addresses before - those IP addresses are successfully configured on a network - interface. This sets the IP_FREEBIND socket option. For - robustness reasons it is recommended to use this option - whenever you bind a socket to a specific IP address. Defaults - to <option>false</option>.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>Transparent=</varname></term> - <listitem><para>Takes a boolean value. Controls the - IP_TRANSPARENT socket option. Defaults to - <option>false</option>.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>Broadcast=</varname></term> - <listitem><para>Takes a boolean value. This controls the - SO_BROADCAST socket option, which allows broadcast datagrams - to be sent from this socket. Defaults to - <option>false</option>.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>PassCredentials=</varname></term> - <listitem><para>Takes a boolean value. This controls the - SO_PASSCRED socket option, which allows - <constant>AF_UNIX</constant> sockets to receive the - credentials of the sending process in an ancillary message. - Defaults to <option>false</option>.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>PassSecurity=</varname></term> - <listitem><para>Takes a boolean value. This controls the - SO_PASSSEC socket option, which allows - <constant>AF_UNIX</constant> sockets to receive the security - context of the sending process in an ancillary message. - Defaults to <option>false</option>.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>TCPCongestion=</varname></term> - <listitem><para>Takes a string value. Controls the TCP - congestion algorithm used by this socket. Should be one of - "westwood", "veno", "cubic", "lp" or any other available - algorithm supported by the IP stack. This setting applies only - to stream sockets.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>ExecStartPre=</varname></term> - <term><varname>ExecStartPost=</varname></term> - <listitem><para>Takes one or more command lines, which are - executed before or after the listening sockets/FIFOs are - created and bound, respectively. The first token of the - command line must be an absolute filename, then followed by - arguments for the process. Multiple command lines may be - specified following the same scheme as used for - <varname>ExecStartPre=</varname> of service unit - files.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>ExecStopPre=</varname></term> - <term><varname>ExecStopPost=</varname></term> - <listitem><para>Additional commands that are executed before - or after the listening sockets/FIFOs are closed and removed, - respectively. Multiple command lines may be specified - following the same scheme as used for - <varname>ExecStartPre=</varname> of service unit - files.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>TimeoutSec=</varname></term> - <listitem><para>Configures the time to wait for the commands - specified in <varname>ExecStartPre=</varname>, - <varname>ExecStartPost=</varname>, - <varname>ExecStopPre=</varname> and - <varname>ExecStopPost=</varname> to finish. If a command does - not exit within the configured time, the socket will be - considered failed and be shut down again. All commands still - running will be terminated forcibly via - <constant>SIGTERM</constant>, and after another delay of this - time with <constant>SIGKILL</constant>. (See - <option>KillMode=</option> in - <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.) - Takes a unit-less value in seconds, or a time span value such - as "5min 20s". Pass <literal>0</literal> to disable the - timeout logic. Defaults to - <varname>DefaultTimeoutStartSec=</varname> from the manager - configuration file (see - <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>). - </para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>Service=</varname></term> - <listitem><para>Specifies the service unit name to activate on - incoming traffic. This setting is only allowed for sockets - with <varname>Accept=no</varname>. It defaults to the service - that bears the same name as the socket (with the suffix - replaced). In most cases, it should not be necessary to use - this option.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>RemoveOnStop=</varname></term> - <listitem><para>Takes a boolean argument. If enabled, any file - nodes created by this socket unit are removed when it is - stopped. This applies to AF_UNIX sockets in the file system, - POSIX message queues, FIFOs, as well as any symlinks to them - configured with <varname>Symlinks=</varname>. Normally, it - should not be necessary to use this option, and is not - recommended as services might continue to run after the socket - unit has been terminated and it should still be possible to - communicate with them via their file system node. Defaults to - off.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>Symlinks=</varname></term> - <listitem><para>Takes a list of file system paths. The - specified paths will be created as symlinks to the AF_UNIX - socket path or FIFO path of this socket unit. If this setting - is used, only one AF_UNIX socket in the file system or one - FIFO may be configured for the socket unit. Use this option to - manage one or more symlinked alias names for a socket, binding - their lifecycle together. Defaults to the empty - list.</para></listitem> - </varlistentry> - - </variablelist> - - <para>Check - <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> - and - <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry> - for more settings.</para> - - </refsect1> - - <refsect1> - <title>See Also</title> - <para> - <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry> - </para> - - <para> - For more extensive descriptions see the "systemd for Developers" series: - <ulink url="http://0pointer.de/blog/projects/socket-activation.html">Socket Activation</ulink>, - <ulink url="http://0pointer.de/blog/projects/socket-activation2.html">Socket Activation, part II</ulink>, - <ulink url="http://0pointer.de/blog/projects/inetd.html">Converting inetd Services</ulink>, - <ulink url="http://0pointer.de/blog/projects/socket-activated-containers.html">Socket Activated Internet Services and OS Containers</ulink>. - </para> - </refsect1> - -</refentry> |