summaryrefslogtreecommitdiff
path: root/man/systemd.socket.xml
diff options
context:
space:
mode:
Diffstat (limited to 'man/systemd.socket.xml')
-rw-r--r--man/systemd.socket.xml112
1 files changed, 71 insertions, 41 deletions
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index 6dc847df3f..8c88d9f8aa 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -55,7 +55,7 @@
<title>Description</title>
<para>A unit configuration file whose name ends in
- <filename>.socket</filename> encodes information about
+ <literal>.socket</literal> encodes information about
an IPC or network socket or a file system FIFO
controlled and supervised by systemd, for socket-based
activation.</para>
@@ -77,9 +77,12 @@
<option>ExecStopPre=</option> and
<option>ExecStopPost=</option> commands are executed
in, and in
- <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- which define the way the processes are
- terminated.</para>
+ <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ which define the way the processes are terminated, and
+ in
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ which configure resource control settings for the
+ processes of the socket.</para>
<para>For each socket file a matching service file
(see
@@ -93,7 +96,7 @@
<filename>foo.socket</filename> needs a matching
service <filename>foo.service</filename> if
<option>Accept=false</option> is set. If
- <option>Accept=true</option> is set a service template
+ <option>Accept=true</option> is set, a service template
file <filename>foo@.service</filename> must exist from
which services are instantiated for each incoming
connection.</para>
@@ -150,26 +153,28 @@
<term><varname>ListenSequentialPacket=</varname></term>
<listitem><para>Specifies an address
to listen on for a stream
- (SOCK_STREAM), datagram (SOCK_DGRAM),
+ (<constant>SOCK_STREAM</constant>), datagram (<constant>SOCK_DGRAM</constant>),
or sequential packet
- (SOCK_SEQPACKET) socket, respectively. The address
+ (<constant>SOCK_SEQPACKET</constant>) socket, respectively. The address
can be written in various formats:</para>
<para>If the address starts with a
- slash (/), it is read as file system
- socket in the AF_UNIX socket
+ slash (<literal>/</literal>), it is read as file system
+ socket in the <constant>AF_UNIX</constant> socket
family.</para>
- <para>If the address starts with an
- at symbol (@) it is read as abstract
- namespace socket in the AF_UNIX
- family. The @ is replaced with a NUL
- character before binding. For details
- see
+ <para>If the address starts with an at
+ symbol (<literal>@</literal>), it is read as abstract
+ namespace socket in the
+ <constant>AF_UNIX</constant>
+ family. The <literal>@</literal> is
+ replaced with a
+ <constant>NUL</constant> character
+ before binding. For details, see
<citerefentry><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
<para>If the address string is a
- single number it is read as port
+ single number, it is read as port
number to listen on via
IPv6. Depending on the value of
<varname>BindIPv6Only=</varname> (see below) this
@@ -179,13 +184,13 @@
</para>
<para>If the address string is a
- string in the format v.w.x.y:z it is
+ string in the format v.w.x.y:z, it is
read as IPv4 specifier for listening
on an address v.w.x.y on a port
z.</para>
<para>If the address string is a
- string in the format [x]:y it is read
+ string in the format [x]:y, it is read
as IPv6 address x on a port y. Note
that this might make the service
available via IPv4, too, depending on
@@ -193,13 +198,13 @@
setting (see below).
</para>
- <para>Note that SOCK_SEQPACKET
+ <para>Note that <constant>SOCK_SEQPACKET</constant>
(i.e. <varname>ListenSequentialPacket=</varname>)
- is only available for AF_UNIX
- sockets. SOCK_STREAM
+ is only available for <constant>AF_UNIX</constant>
+ sockets. <constant>SOCK_STREAM</constant>
(i.e. <varname>ListenStream=</varname>)
when used for IP sockets refers to TCP
- sockets, SOCK_DGRAM
+ sockets, <constant>SOCK_DGRAM</constant>
(i.e. <varname>ListenDatagram=</varname>)
to UDP.</para>
@@ -258,7 +263,7 @@
<listitem><para>Specifies a Netlink
family to create a socket for to
listen on. This expects a short string
- referring to the AF_NETLINK family
+ referring to the <constant>AF_NETLINK</constant> family
name (such as <varname>audit</varname>
or <varname>kobject-uevent</varname>)
as argument, optionally suffixed by a
@@ -298,7 +303,7 @@
<option>ipv6-only</option>, they will
be accessible via IPv6 only. If
<option>default</option> (which is the
- default, surprise!) the system wide
+ default, surprise!), the system wide
default setting is used, as controlled
by
<filename>/proc/sys/net/ipv6/bindv6only</filename>,
@@ -325,7 +330,7 @@
<term><varname>BindToDevice=</varname></term>
<listitem><para>Specifies a network
interface name to bind this socket
- to. If set traffic will only be
+ to. If set, traffic will only be
accepted from the specified network
interfaces. This controls the
SO_BINDTODEVICE socket option (see
@@ -374,17 +379,30 @@
and only one service unit is spawned
for all connections (also see
above). This value is ignored for
- datagram sockets and FIFOs where
- a single service unit unconditionally
+ datagram sockets and FIFOs where a
+ single service unit unconditionally
handles all incoming traffic. Defaults
to <option>false</option>. For
performance reasons, it is recommended
to write new daemons only in a way
that is suitable for
- <option>Accept=false</option>. This
- option is mostly useful to allow
- daemons designed for usage with
- <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <option>Accept=false</option>. A
+ daemon listening on an <constant>AF_UNIX</constant> socket
+ may, but does not need to, call
+ <citerefentry><refentrytitle>close</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+ on the received socket before
+ exiting. However, it must not unlink
+ the socket from a file system. It
+ should not invoke
+ <citerefentry><refentrytitle>shutdown</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+ on sockets it got with
+ <varname>Accept=false</varname>, but
+ it may do so for sockets it got with
+ <varname>Accept=true</varname> set.
+ Setting <varname>Accept=true</varname>
+ is mostly useful to allow daemons
+ designed for usage with
+ <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
to work unmodified with systemd socket
activation.</para></listitem>
</varlistentry>
@@ -399,7 +417,7 @@
are coming in, they will be refused
until at least one existing connection
is terminated. This setting has no
- effect for sockets configured with
+ effect on sockets configured with
<option>Accept=false</option> or datagram
sockets. Defaults to
64.</para></listitem>
@@ -490,6 +508,17 @@
</varlistentry>
<varlistentry>
+ <term><varname>ReusePort=</varname></term>
+ <listitem><para>Takes a boolean
+ value. If true, allows multiple <citerefentry><refentrytitle>bind</refentrytitle><manvolnum>2</manvolnum></citerefentry>s
+ to this TCP or UDP port. This
+ controls the SO_REUSEPORT socket
+ option. See
+ <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for details.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>SmackLabel=</varname></term>
<term><varname>SmackLabelIPIn=</varname></term>
<term><varname>SmackLabelIPOut=</varname></term>
@@ -503,7 +532,7 @@
respectively, i.e. the security label
of the FIFO, or the security label for
the incoming or outgoing connections
- of the socket, respectively. See
+ of the socket, respectively. See
<ulink
url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink>
for details.</para></listitem>
@@ -514,7 +543,7 @@
<listitem><para>Takes an integer
value. Controls the pipe buffer size
of FIFOs configured in this socket
- unit. See
+ unit. See
<citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
for details.</para></listitem>
</varlistentry>
@@ -571,7 +600,7 @@
<term><varname>PassCredentials=</varname></term>
<listitem><para>Takes a boolean
value. This controls the SO_PASSCRED
- socket option, which allows AF_UNIX sockets to
+ socket option, which allows <constant>AF_UNIX</constant> sockets to
receive the credentials of the sending
process in an ancillary message.
Defaults to
@@ -582,10 +611,10 @@
<term><varname>PassSecurity=</varname></term>
<listitem><para>Takes a boolean
value. This controls the SO_PASSSEC
- socket option, which allows AF_UNIX
+ socket option, which allows <constant>AF_UNIX</constant>
sockets to receive the security
context of the sending process in an
- ancillary message. Defaults to
+ ancillary message. Defaults to
<option>false</option>.</para></listitem>
</varlistentry>
@@ -609,7 +638,7 @@
before or after the listening
sockets/FIFOs are created and
bound, respectively. The first token of the command
- line must be an absolute file name,
+ line must be an absolute filename,
then followed by arguments for the
process. Multiple command lines may be
specified following the same scheme as
@@ -644,8 +673,8 @@
will be considered failed and be shut
down again. All commands still running,
will be terminated forcibly via
- SIGTERM, and after another delay of
- this time with SIGKILL. (See
+ <constant>SIGTERM</constant>, and after another delay of
+ this time with <constant>SIGKILL</constant>. (See
<option>KillMode=</option> in <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.)
Takes a unit-less value in seconds, or
a time span value such as "5min
@@ -683,12 +712,13 @@
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
<para>
- For more extensive descriptions see the "Systemd for Developers" series:
+ For more extensive descriptions see the "systemd for Developers" series:
<ulink url="http://0pointer.de/blog/projects/socket-activation.html">Socket Activation</ulink>,
<ulink url="http://0pointer.de/blog/projects/socket-activation2.html">Socket Activation, part II</ulink>,
<ulink url="http://0pointer.de/blog/projects/inetd.html">Converting inetd Services</ulink>,
View Lorry Controller Status