systemd.socket.html 47 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>systemd.socket</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
    a.headerlink {
      color: #c60f0f;
      font-size: 0.8em;
      padding: 0 4px 0 4px;
      text-decoration: none;
      visibility: hidden;
    }

    a.headerlink:hover {
      background-color: #c60f0f;
      color: white;
    }

    h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
      visibility: visible;
    }
  </style><a href="index.html">Index </a>·
  <a href="systemd.directives.html">Directives </a>·
  <a href="../python-systemd/index.html">Python </a>·
  <a href="../libudev/index.html">libudev </a>·
Michael Biebl's avatar
Michael Biebl committed
22
  <a href="../libudev/index.html">gudev </a><span style="float:right">systemd 215</span><hr><div class="refentry"><a name="systemd.socket"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>systemd.socket — Socket unit configuration</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename"><em class="replaceable"><code>socket</code></em>.socket</code></p></div><div class="refsect1"><a name="idm214183103728"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description"></a></h2><p>A unit configuration file whose name ends in
Michael Biebl's avatar
Michael Biebl committed
23
                "<code class="literal">.socket</code>" encodes information about
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
                an IPC or network socket or a file system FIFO
                controlled and supervised by systemd, for socket-based
                activation.</p><p>This man page lists the configuration options
                specific to this unit type. See
                <a href="systemd.unit.html"><span class="citerefentry"><span class="refentrytitle">systemd.unit</span>(5)</span></a>
                for the common options of all unit configuration
                files. The common configuration items are configured
                in the generic [Unit] and [Install] sections. The
                socket specific configuration options are configured
                in the [Socket] section.</p><p>Additional options are listed in
                <a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>,
                which define the execution environment the
                <code class="option">ExecStartPre=</code>,
                <code class="option">ExecStartPost=</code>,
                <code class="option">ExecStopPre=</code> and
                <code class="option">ExecStopPost=</code> commands are executed
                in, and in
Michael Biebl's avatar
Michael Biebl committed
41 42 43 44 45
                <a href="systemd.kill.html"><span class="citerefentry"><span class="refentrytitle">systemd.kill</span>(5)</span></a>,
                which define the way the processes are terminated, and
                in
                <a href="systemd.resource-control.html"><span class="citerefentry"><span class="refentrytitle">systemd.resource-control</span>(5)</span></a>,
                which configure resource control settings for the
46 47 48
                processes of the socket.</p><p>For each socket file, a matching service file
                must exist, describing the service to start on
                incoming traffic on the socket (see
49
                <a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>
50 51 52 53 54 55 56 57 58 59
                for more information about .service files). The name
                of the .service unit is by default the same as the
                name of the .socket unit, but can be altered with the
                <code class="option">Service=</code> option described below.
                Depending on the setting of the <code class="option">Accept=</code>
                option described below, this .service unit must either
                be named like the .socket unit, but with the suffix
                replaced, unless overridden with
                <code class="option">Service=</code>; or it must be a template
                unit named the same way. Example: a socket file
60 61 62
                <code class="filename">foo.socket</code> needs a matching
                service <code class="filename">foo.service</code> if
                <code class="option">Accept=false</code> is set. If
63 64 65 66
                <code class="option">Accept=true</code> is set, a service
                template file <code class="filename">foo@.service</code> must
                exist from which services are instantiated for each
                incoming connection.</p><p>Unless <code class="varname">DefaultDependencies=</code>
67 68 69 70 71 72 73 74 75 76 77 78
                is set to <code class="option">false</code>, socket units will
                implicitly have dependencies of type
                <code class="varname">Requires=</code> and
                <code class="varname">After=</code> on
                <code class="filename">sysinit.target</code> as well as
                dependencies of type <code class="varname">Conflicts=</code> and
                <code class="varname">Before=</code> on
                <code class="filename">shutdown.target</code>. These ensure
                that socket units pull in basic system
                initialization, and are terminated cleanly prior to
                system shutdown. Only sockets involved with early
                boot or late system shutdown should disable this
79 80 81 82 83 84 85 86 87 88
                option.</p><p>Socket units will have a
                <code class="varname">Before=</code> dependency on the service
                which they trigger added implicitly. No implicit
                <code class="varname">WantedBy=</code> or
                <code class="varname">RequiredBy=</code> dependency from the
                socket to the service is added. This means that the
                service may be started without the socket, in which
                case it must be able to open sockets by itself. To
                prevent this, an explicit <code class="varname">Requires=</code>
                dependency may be added.</p><p>Socket units may be used to implement on-demand
89
                starting of services, as well as parallelized starting
90 91
                of services. See the blog stories linked at the end
                for an introduction.</p><p>Note that the daemon software configured for
92 93 94 95 96 97
                socket activation with socket units needs to be able
                to accept sockets from systemd, either via systemd's
                native socket passing interface (see
                <a href="sd_listen_fds.html"><span class="citerefentry"><span class="refentrytitle">sd_listen_fds</span>(3)</span></a>
                for details) or via the traditional
                <a href="inetd.html"><span class="citerefentry"><span class="refentrytitle">inetd</span>(8)</span></a>-style
98 99
                socket passing (i.e. sockets passed in via standard input and
                output, using <code class="varname">StandardInput=socket</code>
Michael Biebl's avatar
Michael Biebl committed
100
                in the service file).</p></div><div class="refsect1"><a name="idm214183195712"></a><h2 id="Options">Options<a class="headerlink" title="Permalink to this headline" href="#Options"></a></h2><p>Socket files must include a [Socket] section,
101 102 103 104 105 106 107 108 109 110
                which carries information about the socket or FIFO it
                supervises. A number of options that may be used in
                this section are shared with other unit types. These
                options are documented in
                <a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>
                and
                <a href="systemd.kill.html"><span class="citerefentry"><span class="refentrytitle">systemd.kill</span>(5)</span></a>. The
                options specific to the [Socket] section of socket
                units are the following:</p><div class="variablelist"><dl class="variablelist"><dt id="ListenStream="><span class="term"><code class="varname">ListenStream=</code>, </span><span class="term"><code class="varname">ListenDatagram=</code>, </span><span class="term"><code class="varname">ListenSequentialPacket=</code></span><a class="headerlink" title="Permalink to this term" href="#ListenStream="></a></dt><dd><p>Specifies an address
                                to listen on for a stream
Michael Biebl's avatar
Michael Biebl committed
111
                                (<code class="constant">SOCK_STREAM</code>), datagram (<code class="constant">SOCK_DGRAM</code>),
112
                                or sequential packet
Michael Biebl's avatar
Michael Biebl committed
113
                                (<code class="constant">SOCK_SEQPACKET</code>) socket, respectively. The address
114
                                can be written in various formats:</p><p>If the address starts with a
Michael Biebl's avatar
Michael Biebl committed
115 116 117 118 119 120 121 122 123 124
                                slash ("<code class="literal">/</code>"), it is read as file system
                                socket in the <code class="constant">AF_UNIX</code> socket
                                family.</p><p>If the address starts with an at
                                symbol ("<code class="literal">@</code>"), it is read as abstract
                                namespace socket in the
                                <code class="constant">AF_UNIX</code>
                                family. The "<code class="literal">@</code>" is
                                replaced with a
                                <code class="constant">NUL</code> character
                                before binding. For details, see
125
                                <a href="unix.html"><span class="citerefentry"><span class="refentrytitle">unix</span>(7)</span></a>.</p><p>If the address string is a
Michael Biebl's avatar
Michael Biebl committed
126
                                single number, it is read as port
127 128 129 130 131 132 133
                                number to listen on via
                                IPv6. Depending on the value of
                                <code class="varname">BindIPv6Only=</code> (see below) this
                                might result in the service being
                                available via both IPv6 and IPv4 (default) or
                                just via IPv6.
                                </p><p>If the address string is a
Michael Biebl's avatar
Michael Biebl committed
134
                                string in the format v.w.x.y:z, it is
135 136 137
                                read as IPv4 specifier for listening
                                on an address v.w.x.y on a port
                                z.</p><p>If the address string is a
Michael Biebl's avatar
Michael Biebl committed
138
                                string in the format [x]:y, it is read
139 140 141 142 143
                                as IPv6 address x on a port y. Note
                                that this might make the service
                                available via IPv4, too, depending on
                                the <code class="varname">BindIPv6Only=</code>
                                setting (see below).
Michael Biebl's avatar
Michael Biebl committed
144
                                </p><p>Note that <code class="constant">SOCK_SEQPACKET</code>
145
                                (i.e. <code class="varname">ListenSequentialPacket=</code>)
Michael Biebl's avatar
Michael Biebl committed
146 147
                                is only available for <code class="constant">AF_UNIX</code>
                                sockets. <code class="constant">SOCK_STREAM</code>
148 149
                                (i.e. <code class="varname">ListenStream=</code>)
                                when used for IP sockets refers to TCP
Michael Biebl's avatar
Michael Biebl committed
150
                                sockets, <code class="constant">SOCK_DGRAM</code>
151 152 153 154 155 156
                                (i.e. <code class="varname">ListenDatagram=</code>)
                                to UDP.</p><p>These options may be specified
                                more than once in which case incoming
                                traffic on any of the sockets will
                                trigger service activation, and all
                                listed sockets will be passed to the
157
                                service, regardless of whether there is
158 159 160 161 162
                                incoming traffic on them or not. If
                                the empty string is assigned to any of
                                these options, the list of addresses
                                to listen on is reset, all prior uses
                                of any of these options will have no
163 164 165 166 167 168 169 170 171 172
                                effect.</p><p>It is also possible to have more
                                than one socket unit for the same
                                service when using
                                <code class="varname">Service=</code>, and the
                                service will receive all the sockets
                                configured in all the socket units.
                                Sockets configured in one unit are
                                passed in the order of configuration,
                                but no ordering between socket units
                                is specified.</p><p>If an IP address is used here,
173 174 175
                                it is often desirable to listen on it
                                before the interface it is configured
                                on is up and running, and even
176 177
                                regardless of whether it will be up and
                                running at any point. To deal with this,
178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198
                                it is recommended to set the
                                <code class="varname">FreeBind=</code> option
                                described below.</p></dd><dt id="ListenFIFO="><span class="term"><code class="varname">ListenFIFO=</code></span><a class="headerlink" title="Permalink to this term" href="#ListenFIFO="></a></dt><dd><p>Specifies a file
                                system FIFO to listen on. This expects
                                an absolute file system path as
                                argument. Behavior otherwise is very
                                similar to the
                                <code class="varname">ListenDatagram=</code>
                                directive above.</p></dd><dt id="ListenSpecial="><span class="term"><code class="varname">ListenSpecial=</code></span><a class="headerlink" title="Permalink to this term" href="#ListenSpecial="></a></dt><dd><p>Specifies a special
                                file in the file system to listen
                                on. This expects an absolute file
                                system path as argument. Behavior
                                otherwise is very similar to the
                                <code class="varname">ListenFIFO=</code>
                                directive above. Use this to open
                                character device nodes as well as
                                special files in
                                <code class="filename">/proc</code> and
                                <code class="filename">/sys</code>.</p></dd><dt id="ListenNetlink="><span class="term"><code class="varname">ListenNetlink=</code></span><a class="headerlink" title="Permalink to this term" href="#ListenNetlink="></a></dt><dd><p>Specifies a Netlink
                                family to create a socket for to
                                listen on. This expects a short string
Michael Biebl's avatar
Michael Biebl committed
199
                                referring to the <code class="constant">AF_NETLINK</code> family
200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228
                                name (such as <code class="varname">audit</code>
                                or <code class="varname">kobject-uevent</code>)
                                as argument, optionally suffixed by a
                                whitespace followed by a multicast
                                group integer. Behavior otherwise is
                                very similar to the
                                <code class="varname">ListenDatagram=</code>
                                directive above.</p></dd><dt id="ListenMessageQueue="><span class="term"><code class="varname">ListenMessageQueue=</code></span><a class="headerlink" title="Permalink to this term" href="#ListenMessageQueue="></a></dt><dd><p>Specifies a POSIX
                                message queue name to listen on. This
                                expects a valid message queue name
                                (i.e. beginning with /). Behavior
                                otherwise is very similar to the
                                <code class="varname">ListenFIFO=</code>
                                directive above. On Linux message
                                queue descriptors are actually file
                                descriptors and can be inherited
                                between processes.</p></dd><dt id="BindIPv6Only="><span class="term"><code class="varname">BindIPv6Only=</code></span><a class="headerlink" title="Permalink to this term" href="#BindIPv6Only="></a></dt><dd><p>Takes a one of
                                <code class="option">default</code>,
                                <code class="option">both</code> or
                                <code class="option">ipv6-only</code>. Controls
                                the IPV6_V6ONLY socket option (see
                                <a href="ipv6.html"><span class="citerefentry"><span class="refentrytitle">ipv6</span>(7)</span></a>
                                for details). If
                                <code class="option">both</code>, IPv6 sockets
                                bound will be accessible via both IPv4
                                and IPv6. If
                                <code class="option">ipv6-only</code>, they will
                                be accessible via IPv6 only. If
                                <code class="option">default</code> (which is the
Michael Biebl's avatar
Michael Biebl committed
229
                                default, surprise!), the system wide
230 231 232 233 234 235 236 237 238 239 240 241 242 243 244
                                default setting is used, as controlled
                                by
                                <code class="filename">/proc/sys/net/ipv6/bindv6only</code>,
                                which in turn defaults to the
                                equivalent of
                                <code class="option">both</code>.</p></dd><dt id="Backlog="><span class="term"><code class="varname">Backlog=</code></span><a class="headerlink" title="Permalink to this term" href="#Backlog="></a></dt><dd><p>Takes an unsigned
                                integer argument. Specifies the number
                                of connections to queue that have not
                                been accepted yet. This setting
                                matters only for stream and sequential
                                packet sockets. See
                                <a href="listen.html"><span class="citerefentry"><span class="refentrytitle">listen</span>(2)</span></a>
                                for details. Defaults to SOMAXCONN
                                (128).</p></dd><dt id="BindToDevice="><span class="term"><code class="varname">BindToDevice=</code></span><a class="headerlink" title="Permalink to this term" href="#BindToDevice="></a></dt><dd><p>Specifies a network
                                interface name to bind this socket
Michael Biebl's avatar
Michael Biebl committed
245
                                to. If set, traffic will only be
246 247 248 249 250 251 252 253 254
                                accepted from the specified network
                                interfaces. This controls the
                                SO_BINDTODEVICE socket option (see
                                <a href="socket.html"><span class="citerefentry"><span class="refentrytitle">socket</span>(7)</span></a>
                                for details). If this option is used,
                                an automatic dependency from this
                                socket unit on the network interface
                                device unit
                                (<a href="systemd.device.html"><span class="citerefentry"><span class="refentrytitle">systemd.device</span>(5)</span></a>
255
                                is created.</p></dd><dt id="SocketUser="><span class="term"><code class="varname">SocketUser=</code>, </span><span class="term"><code class="varname">SocketGroup=</code></span><a class="headerlink" title="Permalink to this term" href="#SocketUser="></a></dt><dd><p>Takes a UNIX
Michael Biebl's avatar
Michael Biebl committed
256
                                user/group name. When specified,
257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272
                                all AF_UNIX sockets and FIFO nodes in
                                the file system are owned by the
                                specified user and group. If unset
                                (the default), the nodes are owned by
                                the root user/group (if run in system
                                context) or the invoking user/group
                                (if run in user context). If only a
                                user is specified but no group, then
                                the group is derived from the user's
                                default group.</p></dd><dt id="SocketMode="><span class="term"><code class="varname">SocketMode=</code></span><a class="headerlink" title="Permalink to this term" href="#SocketMode="></a></dt><dd><p>If listening on a file
                                system socket or FIFO, this option
                                specifies the file system access mode
                                used when creating the file
                                node. Takes an access mode in octal
                                notation. Defaults to
                                0666.</p></dd><dt id="DirectoryMode="><span class="term"><code class="varname">DirectoryMode=</code></span><a class="headerlink" title="Permalink to this term" href="#DirectoryMode="></a></dt><dd><p>If listening on a file
273 274 275 276 277 278 279
                                system socket or FIFO, the parent
                                directories are automatically created
                                if needed. This option specifies the
                                file system access mode used when
                                creating these directories. Takes an
                                access mode in octal
                                notation. Defaults to
280
                                0755.</p></dd><dt id="Accept="><span class="term"><code class="varname">Accept=</code></span><a class="headerlink" title="Permalink to this term" href="#Accept="></a></dt><dd><p>Takes a boolean
281 282 283 284 285 286 287 288 289
                                argument. If true, a service instance
                                is spawned for each incoming
                                connection and only the connection
                                socket is passed to it. If false, all
                                listening sockets themselves are
                                passed to the started service unit,
                                and only one service unit is spawned
                                for all connections (also see
                                above). This value is ignored for
Michael Biebl's avatar
Michael Biebl committed
290 291
                                datagram sockets and FIFOs where a
                                single service unit unconditionally
292 293 294 295 296
                                handles all incoming traffic. Defaults
                                to <code class="option">false</code>. For
                                performance reasons, it is recommended
                                to write new daemons only in a way
                                that is suitable for
Michael Biebl's avatar
Michael Biebl committed
297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313
                                <code class="option">Accept=false</code>. A
                                daemon listening on an <code class="constant">AF_UNIX</code> socket
                                may, but does not need to, call
                                <a href="close.html"><span class="citerefentry"><span class="refentrytitle">close</span>(2)</span></a>
                                on the received socket before
                                exiting. However, it must not unlink
                                the socket from a file system. It
                                should not invoke
                                <a href="shutdown.html"><span class="citerefentry"><span class="refentrytitle">shutdown</span>(2)</span></a>
                                on sockets it got with
                                <code class="varname">Accept=false</code>, but
                                it may do so for sockets it got with
                                <code class="varname">Accept=true</code> set.
                                Setting <code class="varname">Accept=true</code>
                                is mostly useful to allow daemons
                                designed for usage with
                                <a href="inetd.html"><span class="citerefentry"><span class="refentrytitle">inetd</span>(8)</span></a>
314 315 316 317 318 319 320 321 322
                                to work unmodified with systemd socket
                                activation.</p></dd><dt id="MaxConnections="><span class="term"><code class="varname">MaxConnections=</code></span><a class="headerlink" title="Permalink to this term" href="#MaxConnections="></a></dt><dd><p>The maximum number of
                                connections to simultaneously run
                                services instances for, when
                                <code class="option">Accept=true</code> is
                                set. If more concurrent connections
                                are coming in, they will be refused
                                until at least one existing connection
                                is terminated. This setting has no
Michael Biebl's avatar
Michael Biebl committed
323
                                effect on sockets configured with
324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344
                                <code class="option">Accept=false</code> or datagram
                                sockets. Defaults to
                                64.</p></dd><dt id="KeepAlive="><span class="term"><code class="varname">KeepAlive=</code></span><a class="headerlink" title="Permalink to this term" href="#KeepAlive="></a></dt><dd><p>Takes a boolean
                                argument. If true, the TCP/IP stack
                                will send a keep alive message after
                                2h (depending on the configuration of
                                <code class="filename">/proc/sys/net/ipv4/tcp_keepalive_time</code>)
                                for all TCP streams accepted on this
                                socket. This controls the SO_KEEPALIVE
                                socket option (see
                                <a href="socket.html"><span class="citerefentry"><span class="refentrytitle">socket</span>(7)</span></a>
                                and the <a class="ulink" href="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/" target="_top">TCP
                                Keepalive HOWTO</a> for details.)
                                Defaults to
                                <code class="option">false</code>.</p></dd><dt id="Priority="><span class="term"><code class="varname">Priority=</code></span><a class="headerlink" title="Permalink to this term" href="#Priority="></a></dt><dd><p>Takes an integer
                                argument controlling the priority for
                                all traffic sent from this
                                socket. This controls the SO_PRIORITY
                                socket option (see
                                <a href="socket.html"><span class="citerefentry"><span class="refentrytitle">socket</span>(7)</span></a>
                                for details.).</p></dd><dt id="ReceiveBuffer="><span class="term"><code class="varname">ReceiveBuffer=</code>, </span><span class="term"><code class="varname">SendBuffer=</code></span><a class="headerlink" title="Permalink to this term" href="#ReceiveBuffer="></a></dt><dd><p>Takes an integer
345 346 347 348 349
                                argument controlling the receive or
                                send buffer sizes of this socket,
                                respectively. This controls the
                                SO_RCVBUF and SO_SNDBUF socket options
                                (see
350
                                <a href="socket.html"><span class="citerefentry"><span class="refentrytitle">socket</span>(7)</span></a>
351 352 353
                                for details.). The usual suffixes K,
                                M, G are supported and are understood
                                to the base of 1024.</p></dd><dt id="IPTOS="><span class="term"><code class="varname">IPTOS=</code></span><a class="headerlink" title="Permalink to this term" href="#IPTOS="></a></dt><dd><p>Takes an integer
354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380
                                argument controlling the IP
                                Type-Of-Service field for packets
                                generated from this socket. This
                                controls the IP_TOS socket option (see
                                <a href="ip.html"><span class="citerefentry"><span class="refentrytitle">ip</span>(7)</span></a>
                                for details.). Either a numeric string
                                or one of <code class="option">low-delay</code>,
                                <code class="option">throughput</code>,
                                <code class="option">reliability</code> or
                                <code class="option">low-cost</code> may be
                                specified.</p></dd><dt id="IPTTL="><span class="term"><code class="varname">IPTTL=</code></span><a class="headerlink" title="Permalink to this term" href="#IPTTL="></a></dt><dd><p>Takes an integer
                                argument controlling the IPv4
                                Time-To-Live/IPv6 Hop-Count field for
                                packets generated from this
                                socket. This sets the
                                IP_TTL/IPV6_UNICAST_HOPS socket
                                options (see
                                <a href="ip.html"><span class="citerefentry"><span class="refentrytitle">ip</span>(7)</span></a>
                                and
                                <a href="ipv6.html"><span class="citerefentry"><span class="refentrytitle">ipv6</span>(7)</span></a>
                                for details.)</p></dd><dt id="Mark="><span class="term"><code class="varname">Mark=</code></span><a class="headerlink" title="Permalink to this term" href="#Mark="></a></dt><dd><p>Takes an integer
                                value. Controls the firewall mark of
                                packets generated by this socket. This
                                can be used in the firewall logic to
                                filter packets from this socket. This
                                sets the SO_MARK socket option. See
                                <a href="iptables.html"><span class="citerefentry"><span class="refentrytitle">iptables</span>(8)</span></a>
Michael Biebl's avatar
Michael Biebl committed
381 382 383 384 385 386
                                for details.</p></dd><dt id="ReusePort="><span class="term"><code class="varname">ReusePort=</code></span><a class="headerlink" title="Permalink to this term" href="#ReusePort="></a></dt><dd><p>Takes a boolean
                                value. If true, allows multiple <a href="bind.html"><span class="citerefentry"><span class="refentrytitle">bind</span>(2)</span></a>s
                                to this TCP or UDP port.  This
                                controls the SO_REUSEPORT socket
                                option.  See
                                <a href="socket.html"><span class="citerefentry"><span class="refentrytitle">socket</span>(7)</span></a>
387 388 389
                                for details.</p></dd><dt id="SmackLabel="><span class="term"><code class="varname">SmackLabel=</code>, </span><span class="term"><code class="varname">SmackLabelIPIn=</code>, </span><span class="term"><code class="varname">SmackLabelIPOut=</code></span><a class="headerlink" title="Permalink to this term" href="#SmackLabel="></a></dt><dd><p>Takes a string
                                value. Controls the extended
                                attributes
Michael Biebl's avatar
Michael Biebl committed
390 391
                                "<code class="literal">security.SMACK64</code>",
                                "<code class="literal">security.SMACK64IPIN</code>"
392
                                and
Michael Biebl's avatar
Michael Biebl committed
393
                                "<code class="literal">security.SMACK64IPOUT</code>",
394 395 396
                                respectively, i.e. the security label
                                of the FIFO, or the security label for
                                the incoming or outgoing connections
Michael Biebl's avatar
Michael Biebl committed
397
                                of the socket, respectively. See
398
                                <a class="ulink" href="https://www.kernel.org/doc/Documentation/security/Smack.txt" target="_top">Smack.txt</a>
399 400
                                for details.</p></dd><dt id="PipeSize="><span class="term"><code class="varname">PipeSize=</code></span><a class="headerlink" title="Permalink to this term" href="#PipeSize="></a></dt><dd><p>Takes a size in
                                bytes. Controls the pipe buffer size
401
                                of FIFOs configured in this socket
Michael Biebl's avatar
Michael Biebl committed
402
                                unit. See
403
                                <a href="fcntl.html"><span class="citerefentry"><span class="refentrytitle">fcntl</span>(2)</span></a>
404 405 406
                                for details. The usual suffixes K, M,
                                G are supported and are understood to
                                the base of 1024.</p></dd><dt id="MessageQueueMaxMessages=,
407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436
                                MessageQueueMessageSize="><span class="term"><code class="varname">MessageQueueMaxMessages=</code>,
                                <code class="varname">MessageQueueMessageSize=</code></span><a class="headerlink" title="Permalink to this term" href="#MessageQueueMaxMessages=,%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20MessageQueueMessageSize="></a></dt><dd><p>These two settings
                                take integer values and control the
                                mq_maxmsg field or the mq_msgsize field, respectively, when
                                creating the message queue. Note that
                                either none or both of these variables
                                need to be set. See
                                <a href="mq_setattr.html"><span class="citerefentry"><span class="refentrytitle">mq_setattr</span>(3)</span></a>
                                for details.</p></dd><dt id="FreeBind="><span class="term"><code class="varname">FreeBind=</code></span><a class="headerlink" title="Permalink to this term" href="#FreeBind="></a></dt><dd><p>Takes a boolean
                                value. Controls whether the socket can
                                be bound to non-local IP
                                addresses. This is useful to configure
                                sockets listening on specific IP
                                addresses before those IP addresses
                                are successfully configured on a
                                network interface. This sets the
                                IP_FREEBIND socket option. For
                                robustness reasons it is recommended
                                to use this option whenever you bind a
                                socket to a specific IP
                                address. Defaults to <code class="option">false</code>.</p></dd><dt id="Transparent="><span class="term"><code class="varname">Transparent=</code></span><a class="headerlink" title="Permalink to this term" href="#Transparent="></a></dt><dd><p>Takes a boolean
                                value. Controls the IP_TRANSPARENT
                                socket option. Defaults to
                                <code class="option">false</code>.</p></dd><dt id="Broadcast="><span class="term"><code class="varname">Broadcast=</code></span><a class="headerlink" title="Permalink to this term" href="#Broadcast="></a></dt><dd><p>Takes a boolean
                                value. This controls the SO_BROADCAST
                                socket option, which allows broadcast
                                datagrams to be sent from this
                                socket. Defaults to
                                <code class="option">false</code>.</p></dd><dt id="PassCredentials="><span class="term"><code class="varname">PassCredentials=</code></span><a class="headerlink" title="Permalink to this term" href="#PassCredentials="></a></dt><dd><p>Takes a boolean
                                value. This controls the SO_PASSCRED
Michael Biebl's avatar
Michael Biebl committed
437
                                socket option, which allows <code class="constant">AF_UNIX</code> sockets to
438 439 440 441 442
                                receive the credentials of the sending
                                process in an ancillary message.
                                Defaults to
                                <code class="option">false</code>.</p></dd><dt id="PassSecurity="><span class="term"><code class="varname">PassSecurity=</code></span><a class="headerlink" title="Permalink to this term" href="#PassSecurity="></a></dt><dd><p>Takes a boolean
                                value. This controls the SO_PASSSEC
Michael Biebl's avatar
Michael Biebl committed
443
                                socket option, which allows <code class="constant">AF_UNIX</code>
444 445
                                sockets to receive the security
                                context of the sending process in an
Michael Biebl's avatar
Michael Biebl committed
446
                                ancillary message. Defaults to
447 448 449 450 451 452 453 454 455 456 457 458
                                <code class="option">false</code>.</p></dd><dt id="TCPCongestion="><span class="term"><code class="varname">TCPCongestion=</code></span><a class="headerlink" title="Permalink to this term" href="#TCPCongestion="></a></dt><dd><p>Takes a string
                                value. Controls the TCP congestion
                                algorithm used by this socket. Should
                                be one of "westwood", "veno", "cubic",
                                "lp" or any other available algorithm
                                supported by the IP stack. This
                                setting applies only to stream
                                sockets.</p></dd><dt id="ExecStartPre="><span class="term"><code class="varname">ExecStartPre=</code>, </span><span class="term"><code class="varname">ExecStartPost=</code></span><a class="headerlink" title="Permalink to this term" href="#ExecStartPre="></a></dt><dd><p>Takes one or more
                                command lines, which are executed
                                before or after the listening
                                sockets/FIFOs are created and
                                bound, respectively. The first token of the command
Michael Biebl's avatar
Michael Biebl committed
459
                                line must be an absolute filename,
460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482
                                then followed by arguments for the
                                process. Multiple command lines may be
                                specified following the same scheme as
                                used for
                                <code class="varname">ExecStartPre=</code> of
                                service unit files.</p></dd><dt id="ExecStopPre="><span class="term"><code class="varname">ExecStopPre=</code>, </span><span class="term"><code class="varname">ExecStopPost=</code></span><a class="headerlink" title="Permalink to this term" href="#ExecStopPre="></a></dt><dd><p>Additional commands
                                that are executed before or after
                                the listening sockets/FIFOs are closed
                                and removed, respectively. Multiple command lines
                                may be specified following the same
                                scheme as used for
                                <code class="varname">ExecStartPre=</code> of
                                service unit files.</p></dd><dt id="TimeoutSec="><span class="term"><code class="varname">TimeoutSec=</code></span><a class="headerlink" title="Permalink to this term" href="#TimeoutSec="></a></dt><dd><p>Configures the time to
                                wait for the commands specified in
                                <code class="varname">ExecStartPre=</code>,
                                <code class="varname">ExecStartPost=</code>,
                                <code class="varname">ExecStopPre=</code> and
                                <code class="varname">ExecStopPost=</code> to
                                finish. If a command does not exit
                                within the configured time, the socket
                                will be considered failed and be shut
                                down again. All commands still running,
                                will be terminated forcibly via
Michael Biebl's avatar
Michael Biebl committed
483 484
                                <code class="constant">SIGTERM</code>, and after another delay of
                                this time with <code class="constant">SIGKILL</code>. (See
485 486 487 488
                                <code class="option">KillMode=</code> in <a href="systemd.kill.html"><span class="citerefentry"><span class="refentrytitle">systemd.kill</span>(5)</span></a>.)
                                Takes a unit-less value in seconds, or
                                a time span value such as "5min
                                20s". Pass 0 to disable the timeout
489 490
                                logic. Defaults to <code class="varname">TimeoutStartSec=</code> from the
                                manager configuration file.</p></dd><dt id="Service="><span class="term"><code class="varname">Service=</code></span><a class="headerlink" title="Permalink to this term" href="#Service="></a></dt><dd><p>Specifies the service
491
                                unit name to activate on incoming
492 493 494 495 496 497 498 499
                                traffic. This setting is only allowed
                                for sockets with
                                <code class="varname">Accept=no</code>. It
                                defaults to the service that bears the
                                same name as the socket (with the
                                suffix replaced). In most cases, it
                                should not be necessary to use this
                                option.</p></dd><dt id="RemoveOnStop="><span class="term"><code class="varname">RemoveOnStop=</code></span><a class="headerlink" title="Permalink to this term" href="#RemoveOnStop="></a></dt><dd><p>Takes a boolean
Michael Biebl's avatar
Michael Biebl committed
500
                                argument. If enabled, any file nodes
501 502 503
                                created by this socket unit are
                                removed when it is stopped. This
                                applies to AF_UNIX sockets in the file
Michael Biebl's avatar
Michael Biebl committed
504 505
                                system, POSIX message queues, FIFOs,
                                as well as any symlinks to
506
                                them configured with
Michael Biebl's avatar
Michael Biebl committed
507
                                <code class="varname">Symlinks=</code>. Normally,
508 509 510 511 512 513 514 515 516 517 518
                                it should not be necessary to use this
                                option, and is not recommended as
                                services might continue to run after
                                the socket unit has been terminated
                                and it should still be possible to
                                communicate with them via their file
                                system node. Defaults to
                                off.</p></dd><dt id="Symlinks="><span class="term"><code class="varname">Symlinks=</code></span><a class="headerlink" title="Permalink to this term" href="#Symlinks="></a></dt><dd><p>Takes a list of file
                                system paths. The specified paths will
                                be created as symlinks to the AF_UNIX
                                socket path or FIFO path of this
Michael Biebl's avatar
Michael Biebl committed
519
                                socket unit.  If this setting is used,
520 521 522 523 524 525 526
                                only one AF_UNIX socket in the file
                                system or one FIFO may be configured
                                for the socket unit. Use this option
                                to manage one or more symlinked alias
                                names for a socket, binding their
                                lifecycle together. Defaults to the
                                empty list.</p></dd></dl></div><p>Check
527 528 529
                <a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>
                and
                <a href="systemd.kill.html"><span class="citerefentry"><span class="refentrytitle">systemd.kill</span>(5)</span></a>
Michael Biebl's avatar
Michael Biebl committed
530
                for more settings.</p></div><div class="refsect1"><a name="idm214178079200"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also"></a></h2><p>
531 532 533 534 535
                          <a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
                          <a href="systemctl.html"><span class="citerefentry"><span class="refentrytitle">systemctl</span>(8)</span></a>,
                          <a href="systemd.unit.html"><span class="citerefentry"><span class="refentrytitle">systemd.unit</span>(5)</span></a>,
                          <a href="systemd.exec.html"><span class="citerefentry"><span class="refentrytitle">systemd.exec</span>(5)</span></a>,
                          <a href="systemd.kill.html"><span class="citerefentry"><span class="refentrytitle">systemd.kill</span>(5)</span></a>,
Michael Biebl's avatar
Michael Biebl committed
536
                          <a href="systemd.resource-control.html"><span class="citerefentry"><span class="refentrytitle">systemd.resource-control</span>(5)</span></a>,
537 538 539
                          <a href="systemd.service.html"><span class="citerefentry"><span class="refentrytitle">systemd.service</span>(5)</span></a>,
                          <a href="systemd.directives.html"><span class="citerefentry"><span class="refentrytitle">systemd.directives</span>(7)</span></a>
                  </p><p>
Michael Biebl's avatar
Michael Biebl committed
540
                          For more extensive descriptions see the "systemd for Developers" series:
541 542 543 544 545
                          <a class="ulink" href="http://0pointer.de/blog/projects/socket-activation.html" target="_top">Socket Activation</a>,
                          <a class="ulink" href="http://0pointer.de/blog/projects/socket-activation2.html" target="_top">Socket Activation, part II</a>,
                          <a class="ulink" href="http://0pointer.de/blog/projects/inetd.html" target="_top">Converting inetd Services</a>,
                          <a class="ulink" href="http://0pointer.de/blog/projects/socket-activated-containers.html" target="_top">Socket Activated Internet Services and OS Containers</a>.
                  </p></div></div></body></html>