summaryrefslogtreecommitdiffstats
path: root/docs/TRANSIENT-SETTINGS.md (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add support for conditions on the machines firmwareUwe Kleine-König2021-04-281-0/+1
| | | | | | This allows to limit units to machines that run on a certain firmware type. For device tree defined machines checking against the machine's compatible is also possible.
* Introduce ExitTypeHenri Chain2021-03-311-0/+1
|
* oom: add unit file settings for oomd avoid/omit xattrsAnita Zhang2021-02-121-0/+1
|
* oom: rework *MemoryPressureLimit= properties to have 1/10000 precisionAnita Zhang2021-02-031-1/+1
| | | | | | | Requested in https://github.com/systemd/systemd/pull/15206#discussion_r505506657, preserve the full granularity for memory pressure limits (permyriad) instead of capping out at percent.
* timer: add new feature FixedRandomDelay=Kristijan Gjoshev2020-11-051-0/+1
| | | | | | | | | | | | | FixedRandomDelay=yes will use `siphash24(sd_id128_get_machine() || MANAGER_IS_SYSTEM(m) || getuid() || u->id)`, where || is concatenation, instead of a random number to choose a value between 0 and RandomizedDelaySec= as the timer delay. This essentially sets up a fixed, but seemingly random, offset for each timer iteration rather than having a random offset recalculated each time it fires. Closes #10355 Co-author: Anita Zhang <the.anitazha@gmail.com>
* core: add ManagedOOM*= properties to configure systemd-oomd on the unitAnita Zhang2020-10-081-0/+3
| | | | | This adds the hook ups so it can be read with the usual systemd utilities. Used in later commits by sytemd-oomd.
* exec: SystemCallLog= directiveTopi Miettinen2020-09-151-0/+1
| | | | | | | | | | | | With new directive SystemCallLog= it's possible to list system calls to be logged. This can be used for auditing or temporarily when constructing system call filters. --- v5: drop intermediary, update HASHMAP_FOREACH_KEY() use v4: skip useless debug messages, actually parse directive v3: don't declare unused variables with old libseccomp v2: fix build without seccomp or old libseccomp
* socket: New option 'FlushPending' (boolean) to flush socket before entering ↵Renaud Métrich2020-09-011-0/+1
| | | | | | | listening state Disabled by default. When Enabled, before listening on the socket, flush the content. Applies when Accept=no only.
* core: introduce ProtectProc= and ProcSubset= to expose hidepid= and subset= ↵Lennart Poettering2020-08-241-0/+2
| | | | | | | | | | | procfs mount options Kernel 5.8 gained a hidepid= implementation that is truly per procfs, which allows us to mount a distinct once into every unit, with individual hidepid= settings. Let's expose this via two new settings: ProtectProc= (wrapping hidpid=) and ProcSubset= (wrapping subset=). Replaces: #11670
* doc: add recentry introduced transient settingsYu Watanabe2020-07-011-20/+25
| | | | Also sort entries for service settings.
* core: add new PassPacketInfo= socket unit propertyLennart Poettering2020-05-271-0/+1
|
* man: document ReadWriteOnly property for mount unitsMartin Hundebøll2020-05-201-0/+1
|
* manager: add CoredumpFilter= settingZbigniew Jędrzejewski-Szmek2020-04-091-0/+1
| | | | Fixes #6685.
* man: doc: Document ProtectClock=Kevin Kuehler2020-01-271-0/+1
|
* docs: uppercase all markdown document titlesLennart Poettering2020-01-141-2/+2
| | | | | For most we used uppercasing, but not for all. Let's stick to one rule, and uppercase them all.
* docs: make it prettyTobias Bernard2019-12-111-0/+1
| | | | | | | Add custom Jekyll theme, logo, webfont and .gitignore FIXME: the markdown files have some H1 headers which need to be replaced with H2
* docs: place all our markdown docs in rough categoriesLennart Poettering2019-12-111-0/+1
|
* doc: update list of transient unitsZbigniew Jędrzejewski-Szmek2019-11-271-4/+6
| | | | | | | Doing this manually seem to work only so well, but it is indeed hard to generate automatically. Let's add the stuff that is missing for now. AddRef= is not a unit file setting, remove it from the list.
* doc: drop rhs from transient settings listZbigniew Jędrzejewski-Szmek2019-11-271-4/+4
| | | | I don't know why these particular ones had them.
* Merge pull request #14151 from mk-fg/fix-timer-dump-syntax-bugAnita Zhang2019-11-261-1/+1
|\ | | | | core.timer: fix "systemd-analyze dump" and docs syntax inconsistencies wrt OnTimezoneChange=
| * core.timer: fix "systemd-analyze dump" and docs syntax inconsistencies wrt ↵Mike Kazantsev2019-11-261-1/+1
| | | | | | | | OnTimezoneChange=
* | Merge pull request #13423 from pwithnall/12035-session-time-limitsZbigniew Jędrzejewski-Szmek2019-10-281-0/+1
|\ \ | |/ |/| Add `RuntimeMaxSec=` support to scope units (time-limited login sessions)
| * scope: Support RuntimeMaxSec= directive in scope unitsPhilip Withnall2019-10-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Just as `RuntimeMaxSec=` is supported for service units, add support for it to scope units. This will gracefully kill a scope after the timeout expires from the moment the scope enters the running state. This could be used for time-limited login sessions, for example. Signed-off-by: Philip Withnall <withnall@endlessm.com> Fixes: #12035
* | cgroup: introduce support for cgroup v2 CPUSET controllerPavel Hrdina2019-09-241-0/+2
|/ | | | | | | | | | | | | | Introduce support for configuring cpus and mems for processes using cgroup v2 CPUSET controller. This allows users to limit which cpus and memory NUMA nodes can be used by processes to better utilize system resources. The cgroup v2 interfaces to control it are cpuset.cpus and cpuset.mems where the requested configuration is written. However, it doesn't mean that the requested configuration will be actually used as parent cgroup may limit the cpus or mems as well. In order to reflect the real configuration cgroup v2 provides read-only files cpuset.cpus.effective and cpuset.mems.effective which are exported to users as well.
* core: ExecCondition= for servicesAnita Zhang2019-07-171-0/+1
| | | | Closes #10596
* cgroup: Polish hierarchically aware protection docs a bitChris Down2019-05-081-0/+1
| | | | | | | I missed adding a section in `systemd.resource-control` about DefaultMemoryMin in #12332. Also, add a NEWS entry going over the general concept.
* core: support DisableControllers= for transient unitsAnita Zhang2019-04-221-0/+1
|
* service: handle abort stops with dedicated timeoutJan Klötzke2019-04-121-0/+1
| | | | | | | | | | | | | | | | | When shooting down a service with SIGABRT the user might want to have a much longer stop timeout than on regular stops/shutdowns. Especially in the face of short stop timeouts the time might not be sufficient to write huge core dumps before the service is killed. This commit adds a dedicated (Default)TimeoutAbortSec= timer that is used when stopping a service via SIGABRT. In all other cases the existing TimeoutStopSec= is used. The timer value is unset by default to skip the special handling and use TimeoutStopSec= for state 'stop-watchdog' to keep the old behaviour. If the service is in state 'stop-watchdog' and the service should be stopped explicitly we still go to 'stop-sigterm' and re-apply the usual TimeoutStopSec= timeout.
* cgroup: Implement default propagation of MemoryLow with DefaultMemoryLowChris Down2019-04-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In cgroup v2 we have protection tunables -- currently MemoryLow and MemoryMin (there will be more in future for other resources, too). The design of these protection tunables requires not only intermediate cgroups to propagate protections, but also the units at the leaf of that resource's operation to accept it (by setting MemoryLow or MemoryMin). This makes sense from an low-level API design perspective, but it's a good idea to also have a higher-level abstraction that can, by default, propagate these resources to children recursively. In this patch, this happens by having descendants set memory.low to N if their ancestor has DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow value. Any affected unit can opt out of this propagation by manually setting `MemoryLow` to some value in its unit configuration. A unit can also stop further propagation by setting `DefaultMemoryLow=` with no argument. This removes further propagation in the subtree, but has no effect on the unit itself (for that, use `MemoryLow=0`). Our use case in production is simplifying the configuration of machines which heavily rely on memory protection tunables, but currently require tweaking a huge number of unit files to make that a reality. This directive makes that significantly less fragile, and decreases the risk of misconfiguration. After this patch is merged, I will implement DefaultMemoryMin= using the same principles.
* man: document the new RestrictSUIDSGID= settingLennart Poettering2019-04-021-0/+1
|
* core: optionally, trigger .timer units on timezone and clock changesLennart Poettering2019-04-021-1/+3
| | | | Fixes: #6228
* core: add CPUQuotaPeriodSec=Filipe Brandenburger2019-02-141-0/+1
| | | | | | | | | | | | | | | This new setting allows configuration of CFS period on the CPU cgroup, instead of using a hardcoded default of 100ms. Tested: - Legacy cgroup + Unified cgroup - systemctl set-property - systemctl show - Confirmed that the cgroup settings (such as cpu.cfs_period_ns) were set appropriately, including updating the CPU quota (cpu.cfs_quota_ns) when CPUQuotaPeriodSec= is updated. - Checked that clamping works properly when either period or (quota * period) are below the resolution of 1ms, or if period is above the max of 1s.
* docs: add a "front matter" snippet to our markdown pagesFilipe Brandenburger2019-01-021-0/+4
| | | | | | | | | | | | | | | | It turns out Jekyll (the engine behind GitHub Pages) requires that pages include a "Front Matter" snippet of YAML at the top for proper rendering. Omitting it will still render the pages, but including it opens up new possibilities, such as using a {% for %} loop to generate index.md instead of requiring a separate script. I'm hoping this will also fix the issue with some of the pages (notably CODE_OF_CONDUCT.html) not being available under systemd.io Tested locally by rendering the website with Jekyll. Before this change, the *.md files were kept unchanged (so not sure how that even works?!), after this commit, proper *.html files were generated from it.
* core: allow to set exit status when using SuccessAction=/FailureAction=exit ↵Lennart Poettering2018-11-271-0/+2
| | | | | | | | | | | in units This adds SuccessActionExitStatus= and FailureActionExitStatus= that may be used to configure the exit status to propagate in when SuccessAction=exit or FailureAction=exit is used. When not specified let's also propagate the exit status of the main process we fork off for the unit.
* docs/TRANSIENT-SETTINGS: drop PermissionsStartOnly= fromZbigniew Jędrzejewski-Szmek2018-11-161-1/+0
|
* core: implement per unit journal rate limitingAnita Zhang2018-10-181-0/+2
| | | | | | | | | Add LogRateLimitIntervalSec= and LogRateLimitBurst= options for services. If provided, these values get passed to the journald client context, and those values are used in the rate limiting function in the journal over the the journald.conf values. Part of #10230
* Make Watchdog Signal ConfigurableAnita Zhang2018-09-261-0/+1
| | | | | | | | | | Allows configuring the watchdog signal (with a default of SIGABRT). This allows an alternative to SIGABRT when coredumps are not desirable. Appropriate references to SIGABRT or aborting were renamed to reflect more liberal watchdog signals. Closes #8658
* docs: move doc/ to docs/Filipe Brandenburger2018-09-081-0/+457
The docs/ directory is special in GitHub, since it can be used to serve GitHub Pages from, so there's a benefit to switching to it in order to expose it directly as a website. Updated references to it from the documentations themselves, from the CONTRIBUTING.md file and from Meson build files.