From cd48e23f6a33c9acb47a06b99d9bdc84ee42cebe Mon Sep 17 00:00:00 2001 From: Richard Phibel Date: Mon, 7 Nov 2022 17:13:15 +0100 Subject: core: add OpenFile setting --- man/systemd.service.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'man/systemd.service.xml') diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 1c9e59f722..e327f688f4 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -1156,6 +1156,37 @@ kills, this setting determines the state of the unit after systemd-oomd kills a cgroup associated with it. + + OpenFile= + Takes an argument of the form path:fd-name:options, + where: + + path is a path to a file or an AF_UNIX socket in the file system; + fd-name is a name that will be associated with the file descriptor; + the name may contain any ASCII character, but must exclude control characters and ":", and must be at most 255 characters in length; + it is optional and, if not provided, defaults to the file name; + options is a comma-separated list of access options; + possible values are + read-only, + append, + truncate, + graceful; + if not specified, files will be opened in rw mode; + if graceful is specified, errors during file/socket opening are ignored. + Specifying the same option several times is treated as an error. + + The file or socket is opened by the service manager and the file descriptor is passed to the service. + If the path is a socket, we call connect() on it. + See sd_listen_fds3 + for more details on how to retrieve these file descriptors. + + This setting is useful to allow services to access files/sockets that they can't access themselves + (due to running in a separate mount namespace, not having privileges, ...). + + This setting can be specified multiple times, in which case all the specified paths are opened and the file descriptors passed to the service. + If the empty string is assigned, the entire list of open files defined prior to this is reset. + + Check -- cgit v1.2.1