# WARNING : This file is NOT a valid systemd service. # It was created to demonstrate/test KDE syntax highlighting. # It includes invalid sections, option names and option values. ; NOTE: Alerts in comments are supported. [Automount] Where = /the/mount/directory ExtraOptions = some,extra, mount , options, %I DirectoryMode = 0755 TimeoutIdleSec = 5min 5s [Install] Alias = some.service some.invalid some_%b.service WantedBy = some.service some.socket some.invalid RequiredBy = some.service some.socket some.invalid UpheldBy = some.service some.socket some.invalid Also = some.service some.socket some.invalid DefaultInstance = id [Mount] What = /dev/disk/by-uuid/444c-0d9d-411e-a973-015b31acaa # NOTE: Since systemd version 256 fstab-style identifiers are supported too. What = UUID=444c-0d9d-411e-a973-015b31acaa Where = /the/mount/directory Type = btrfs Options = subvol=some_name,compress=lzo,noatime,noauto,nodev,nosuid SloppyOptions = on LazyUnmount = true ReadWriteOnly = true ForceUnmount = yes DirectoryMode = 0700 TimeoutSec = 5 m 20 s # see [Service] for options from systemd.exec and systemd.kill [Path] PathExists = /some/absolute/path PathExistsGlob = /some/g[lo]b* PathChanged = /some/absolute/path PathModified = /some/absolute/path DirectoryNotEmpty = /some/absolute/path Unit = some@instance.service MakeDirectory = yes DirectoryMode = 0700 TriggerLimitIntervalSec = 1min 10sec TriggerLimitBurst = 15 [Service] ## from systemd.service Type = exec RemainAfterExit = false GuessMainPID = no PIDFile = some/path BusName = some.name ExecStart = /usr/bin/Xorg ${DISPLAY} ${XDG_VTNR} \ -logfile %t/X.%i.log \ -nolisten tcp \ -quiet ExecStartPre = @/bin/start/pre some args ExecStartPost = -cmd arg, @cmd2 name -o \x0A ExecCondition = /bin/exec/condition ExecReload = /bin/exec/reload ExecStop = /bin/kill -SIGABRT $MAINPID ExecStopPost = -:!!/bin/stop/post RestartSec = 15 RestartSteps = 2 RestartMaxDelaySec = 150ms TimeoutStartSec = 5s 100ms TimeoutStopSec = infinity TimeoutAbortSec = 15 TimeoutSec = 10 TimeoutStartFailureMode = abort TimeoutStopFailureMode = kill RuntimeMaxSec = 1min 20 seconds RuntimeRandomizedExtraSec = 12 WatchdogSec = 90 Restart = on-watchdog RestartMode = direct SuccessExitStatus = PROTOCOL RUNTIME_DIRECTORY \ SECCOMP 15 23 SIGUSR1 SIGXCPU RestartPreventExitStatus = 15 23 SIGUSR1 \ SIGXCPU RestartForceExitStatus = SIGQUIT SIGSTOP 99 RootDirectoryStartOnly = false NonBlocking = false NotifyAccess = exec Sockets = some.socket \ some-other.socket FileDescriptorStoreMax = 5 FileDescriptorStorePreserve = yes USBFunctionDescriptors = /some/absolute/path USBFunctionStrings = /some/absolute/path OOMPolicy = stop OpenFile = /some/path:fd-name:graceful,read-only ReloadSignal = SIGUSR1 ## from systemd.exec ExecPaths = some/path some/other/path ExtensionImages = /source/path ExtensionDirectories = /source/path IPCNamespacePath = /some/absolute/path MemoryKSM = false NoExecPaths = some/path some/other/path PrivateIPC = false ## from systemd.exec Paths ExecSearchPath = /some/path:/some/other/path WorkingDirectory = ~ RootDirectory = /some/path RootImage = /some/path RootImageOptions = partition_name,noauto RootEphemeral = false RootHash = /some/path RootHash = 0xABCDEF RootHashSignature = RootVerity = /some/path MountAPIVFS = true ProcSubset = pid BindPaths = /source/path,/destination/path,rbind \ /source/path2,/destination/path2,norbind \ /source/path3 BindReadOnlyPaths = /source/path,/destination/path,rbind \ /source/path2,/destination/path2,norbind \ /source/path3 MountImages = /source/path,dest ## from systemd.exec Credentials User = 1000 Group = group-name DynamicUser = true SupplementaryGroups = group1 group-two 100 \ one-more-group SetLoginEnvironment = false PAMName = LoadCredential = some_id:/path/to/credential/data LoadCredentialEncrypted = some_id:/path/to/credential/data # accepts an optional single trailing asterisk ImportCredential = some* SetCredential = some_id:some_credential SetCredentialEncrypted = some_id:some_encrypted_credential ## from systemd.exec Capabilities CapabilityBoundingSet = ~ CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE \ CAP_NET_ADMIN CAP_SYS_BOOT AmbientCapabilities = CAP_SYS_ADMIN \ CAP_DAC_OVERRIDE ## from systemd.exec Security NoNewPrivileges = true SecureBits = keep-caps keep-caps-locked \ no-setuid-fixup \ no-setuid-fixup-locked ## from systemd.exec Mandatory Access Control SELinuxContext = AppArmorProfile = - someprofile SmackProcessLabel = -label ## from systemd.exec Process Properties LimitCPU = 15s:20s LimitFSIZE = 12G:24G LimitDATA = infinity LimitSTACK = 512K LimitCORE = 128K LimitRSS = 2G LimitNOFILE = 123:234 LimitAS = 3G LimitNPROC = 4711 LimitMEMLOCK = 12G LimitLOCKS = 321 LimitSIGPENDING = 46 LimitMSGQUEUE = 512K LimitNICE = +12 : +15 LimitRTPRIO = 20 : 40 LimitRTTIME = 12us : 15 UMask = 0022 CoredumpFilter = default private-dax shared-dax KeyringMode = private OOMScoreAdjust = 123 TimerSlackNSec = 321 Personality = x86-64 IgnoreSIGPIPE = false ## from systemd.exec Scheduling Nice = +12 CPUSchedulingPolicy = fifo CPUSchedulingPriority = 34 CPUSchedulingResetOnFork = false CPUAffinity = 0 1, 2 , \ 3, 4-8 NUMAPolicy = interleave NUMAMask = 1,2,3-8 IOSchedulingClass = idle IOSchedulingPriority = 5 ## from systemd.exec Sandboxing ProtectSystem = strict ProtectHome = read-only RuntimeDirectory = some/dir:some_symlink StateDirectory = some/dir CacheDirectory = some/dir LogsDirectory = some/dir ConfigurationDirectory = some/dir RuntimeDirectoryMode = 0755 StateDirectoryMode = 0755 CacheDirectoryMode = 0755 LogsDirectoryMode = 0755 ConfigurationDirectoryMode = 0755 RuntimeDirectoryPreserve = restart TimeoutCleanSec = 20 ReadWritePaths = some/dir ReadOnlyPaths = some/dir InaccessiblePaths = some/dir TemporaryFileSystem = /var:ro PrivateTmp = yes PrivateDevices = on PrivateNetwork = no NetworkNamespacePath = /some/path PrivateUsers = off ProtectHostname = false ProtectClock = no ProtectKernelTunables = yes ProtectKernelModules = true ProtectKernelLogs = yes ProtectControlGroups = y RestrictAddressFamilies = ~ AF_INET AF_VSOCK RestrictFileSystems = ~btrfs ntfs3 \ @temporary RestrictNamespaces = cgroup net \ ipc LockPersonality = yes MemoryDenyWriteExecute = true RestrictRealtime = true RestrictSUIDSGID = true RemoveIPC = no PrivateMounts = false MountFlags = shared ## from systemd.exec System Call Filtering SystemCallFilter = @debug @aio SystemCallErrorNumber = ETIMEDOUT SystemCallArchitectures = mips64-n32 \ native sparc SystemCallLog = ~ some_name \ another_name ## from systemd.exec System Call Environment Environment = DISPLAY=:%i Environment = XAUTHORITY=%t/Xauthority.%i \ "var=value with spaces" Environment = XDG_VTNR=vt%i EnvironmentFile = - /some/path PassEnvironment = SOME VARIABLES TO PASS UnsetEnvironment = SOME VARIABLES TO BE UNSET ## from systemd.exec Logging and Standard Input/Output StandardInput = file:/some/absolute/path StandardOutput = journal+console StandardError = inherit StandardInputText = SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3B StandardInputData = yBkZW5rIG5hbnUhCkpldHogaXNzZSB1ZmYsIGVy LogLevelMax = info LogExtraFields = FIELD=VALUE OTHER_FIELD=VALUE2 LogRateLimitIntervalSec = 1s 500ms LogRateLimitBurst = 50 LogFilterPatterns = ~some_rx LogFilterPatterns = \x7esome_rx LogNamespace = some_name SyslogIdentifier = some_identifier SyslogFacility = daemon SyslogLevel = debug SyslogLevelPrefix = true TTYPath = /dev/console TTYReset = yes TTYVHangup = on TTYRows = 24 TTYColumns = 80 TTYVTDisallocate = true ## from systemd.exec System V Compatibility UtmpIdentifier = utid UtmpMode = init ## from systemd.kill KillMode = process KillSignal = SIGABRT RestartKillSignal = SIGHUP SendSIGHUP = yes SendSIGKILL = no FinalKillSignal = SIGABRT WatchdogSignal = SIGQUIT ## from systemd.resource-control CPUAccounting = yes CPUWeight = 1234 StartupCPUWeight = 321 CPUQuota = 123.4% CPUQuotaPeriodSec = 1s 23ms 45us AllowedCPUs = 0-8, 12 StartupAllowedCPUs = 0-24 AllowedMemoryNodes = 5-8, 12 StartupAllowedMemoryNodes = 5-10, 12 MemoryAccounting = yes MemoryMin = 10G MemoryLow = 20% StartupMemoryLow = 22% DefaultStartupMemoryLow = infinity MemoryHigh = 40 % StartupMemoryHigh = 12% MemoryMax = 60% StartupMemoryMax = 55% MemorySwapMax = 10G StartupMemorySwapMax = 5G MemoryZSwapMax = 2G MemoryZSwapWriteback = false StartupMemoryZSwapMax = 1500k TasksAccounting = on TasksMax = 50% IOAccounting = on IOWeight = 1000 StartupIOWeight = 500 IODeviceWeight = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1000 IOReadBandwidthMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 10M IOWriteBandwidthMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K IOWriteIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 2K IODeviceLatencyTargetSec = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5s 20ms 100us IPAccounting = on IPAddressAllow = 127.0.0.0/8 ::1/128 IPAddressDeny = 127.0.0.0/8 ::1/128 DevicePolicy = strict Slice = some.slice Delegate = bpf-firewall DelegateSubgroup = some-cgroup-name DisableControllers = cpu io ManagedOOMSwap = auto ManagedOOMMemoryPressure = kill ManagedOOMMemoryPressureLimit = 50% ManagedOOMPreference = omit MemoryPressureWatch = skip MemoryPressureThresholdSec = 50ms CoredumpReceive = true BPFProgram = bind6:/sys/fs/bpf/sock-addr-hook RestrictNetworkInterfaces = ~eth1 eth2 NFTSet = cgroup:inet:filter:my_service \ user:inet:filter:serviceuser [Slice] # The Slice section may include options of the resource-control option group. # See [Service] for available options of systemd.resource-control. [Socket] ListenStream = 0.0.0.0:4000 ListenDatagram = /path/to/socket ListenFIFO = /some/path ListenSequentialPacket = @namespace ListenSpecial = /some/path ListenNetlink = kobject-uevent ListenMessageQueue = /queue ListenUSBFunction = /some/path SocketProtocol = sctp BindIPv6Only = both Backlog = 123 BindToDevice = name SocketGroup = users SocketUser = someuser SocketMode = 0644 DirectoryMode = 0744 Accept = no Writable = yes FlushPending = true MaxConnections = 34 MaxConnectionsPerSource = 10 KeepAlive = yes KeepAliveTimeSec = 15s 30ms KeepAliveIntervalSec = 10s 123us KeepAliveProbes = 12 NoDelay = false Priority = 5 DeferAcceptSec = 1s 100ms ReceiveBuffer = 10K SendBuffer = 15K IPTOS = low-delay IPTTL = 12 Mark = 12 ReusePort = no SmackLabel = value SmackLabelIPIn = value SmackLabelIPOut = value SELinuxContextFromNet = true PipeSize = 1M MessageQueueMaxMessages = 12 MessageQueueMessageSize = 1234 FreeBind = yes Transparent = no Broadcast = true PassCredentials = yes PassSecurity = true PassPacketInfo = true Timestamping = nsec TCPCongestion = westwood ExecStartPre = +/usr/bin/start/pre ExecStartPost = @/usr/bin/start/post arg ExecStopPre = /usr/bin/stop/pre ExecStopPost = /usr/bin/stop/post TimeoutSec = 1m 30sec Service = some.service RemoveOnStop = yes Symlinks = /some/path /some/other/path FileDescriptorName = some_name TriggerLimitIntervalSec = 1s 500ms TriggerLimitBurst = 50 PollLimitIntervalSec = 1s 300ms PollLimitBurst = 120 PassFileDescriptorsToExec = true # see [Service] for options from systemd.exec and systemd.kill [Swap] What = /dev/disk/by-uuid/5db77-fde6-424e-a1bb-e88e8996c # NOTE: Since systemd version 256 fstab-style identifiers are supported too. What = UUID=5db77-fde6-424e-a1bb-e88e8996c Priority = 123 Options = some,device,options TimeoutSec = 1m 20s # see [Service] for options from systemd.exec and systemd.kill [Timer] OnActiveSec = 90 OnBootSec = 5min 15s 100ms OnStartupSec = 2 minutes OnUnitActiveSec = 1 min OnUnitInactiveSec = 1m 30s OnCalendar = daily AccuracySec = 1min 10sec RandomizedDelaySec = 30s FixedRandomDelay = yes OnClockChange = false OnTimezoneChange = true Unit = some_timed.service Persistent = true WakeSystem = no RemainAfterElapse = true [Unit] Description = Testing systemd unit Documentation = https://docs.kde.org/stable5/en/applications/katepart/highlight.html \ man:/systemd.unit Requires = some.service Requisite = some-service-name.service Wants = some.service BindsTo = some.service BindsTo = %i.mount PartOf = some.service Upholds = some.service some-other.service Conflicts = some.service Before = some.service After = some.service some@instance.service OnFailure = some.service OnSuccess = some.service some-other.service PropagatesReloadTo = some.service ReloadPropagatedFrom = some.service JoinsNamespaceOf = some.service PropagatesStopTo = some.service some-other.service StopPropagatedFrom = some.service some-other.service RequiresMountsFor = /tmp /var/log %h WantsMountsFor = /tmp /var/log %h OnFailureJobMode = fail OnSuccessJobMode = replace IgnoreOnIsolate = true StopWhenUnneeded = false RefuseManualStart = false RefuseManualStop = true AllowIsolate = true DefaultDependencies = no SurviveFinalKillSignal = yes CollectMode = inactive FailureAction = reboot SuccessAction = none FailureActionExitStatus = 15 SuccessActionExitStatus = 255 JobTimeoutSec = 10 JobRunningTimeoutSec = infinity JobTimeoutAction = none JobTimeoutRebootArgument = some argument StartLimitIntervalSec = 0 StartLimitBurst = 10 StartLimitAction = none RebootArgument = some argument ConditionArchitecture = x86 ConditionVirtualization = |vmware ConditionHost = !shodan* ConditionKernelCommandLine = !kernel_option ConditionKernelVersion = | >= 4.* ConditionCredential = name ConditionEnvironment = SOME_ENVIRONMENT_VARIABLE=some_value ConditionSecurity = | ! selinux ConditionCapability = !CAP_NET_ADMIN ConditionACPower = true ConditionNeedsUpdate = !/var ConditionFirstBoot = |false ConditionPathExists = !/some/absolute/path ConditionPathExistsGlob = |!/m?t/s[ao]me/path* ConditionPathIsDirectory = !/some/path ConditionPathIsSymbolicLink = !/some/path ConditionPathIsMountPoint = /some/path ConditionPathIsReadWrite = !/some/path ConditionPathIsEncrypted = !/some/absolute/path ConditionDirectoryNotEmpty = !/some/path ConditionFileNotEmpty = !/some/path ConditionFileIsExecutable = !/some/path ConditionUser = |@system ConditionGroup = |groupname ConditionControlGroupController = memory ConditionMemory = | >= 1G ConditionCPUs = | < 8 ConditionCPUFeature = | sse2 ConditionOSRelease = ID=some-id ConditionMemoryPressure = 20%/5min ConditionCPUPressure = 12%/10sec ConditionIOPressure = 30% / 1min AssertArchitecture = x86 AssertVirtualization = |vmware AssertHost = !shodan* AssertKernelCommandLine = !kernel_option AssertKernelVersion = !>=5.3 AssertCredential = name AssertEnvironment = SOME_ENVIRONMENT_VARIABLE=some_value AssertSecurity = | ! selinux AssertCapability = !CAP_NET_ADMIN AssertACPower = true AssertNeedsUpdate = !/var AssertFirstBoot = |false AssertPathExists = !/some/absolute/path AssertPathExistsGlob = |!/mnt/* AssertPathIsDirectory = !/some/path AssertPathIsSymbolicLink = !/some/path AssertPathIsMountPoint = !/some/path AssertPathIsReadWrite = !/some/path AssertPathIsEncrypted = !/some/path AssertDirectoryNotEmpty = !/some/path AssertFileNotEmpty = !/some/path AssertFileIsExecutable = !/some/path AssertUser = |@system AssertGroup = |groupname AssertControlGroupController = memory AssertCPUFeature = | sse4_2 AssertOSRelease = ID=some-id AssertMemoryPressure = 20%/5min AssertCPUPressure = 12%/10sec AssertIOPressure = 30% / 1min ###### invalid sections [Device] [Invalid] [Slice] [Target] ############ # Extensions ############ ###### option [Unit] Description = testing extensions X-this = some value X-multiple-lines = some.service \ other service ###### section [X-Unit] name = value ## Comments in an extension section are just the same as elsewhere. Some text in an extension section. The extension section ends with the next section header. ######## # Format ######## ###### for options accepting multiple values, lines may be continued # using a trailing backlash [Unit] Before = before-me.socket \ before-me.service ###### additional spaces are OK [Unit] RequiresMountsFor = /tmp /var/log ######################################################## # Testing valid and invalid values for defined contexts. ######################################################## ###### invalid options [Unit] # missing assignment operator Description is invalid as it lacks the assignment operator # invalid option name InvalidOption = some text # WantedBy belongs to the [Install] section WantedBy = some.service some.socket ###### AC architecture [Unit] # see "architecture" for all possible values AssertArchitecture = alpha AssertArchitecture = | alpha AssertArchitecture = |! alpha AssertArchitecture = ! alpha # other options ConditionArchitecture = |! alpha ## invalid values AssertArchitecture = !| alpha AssertArchitecture = || alpha AssertArchitecture = !! alpha ###### AC boolean [Unit] # see "boolean" for all possible values AssertACPower = true AssertACPower = | true AssertACPower = | ! true AssertACPower = ! true # other options AssertFirstBoot = | ! true ConditionACPower = | ! true ConditionFirstBoot = | ! true ## invalid values AssertACPower = ! | true AssertACPower = | | true AssertACPower = !! true ###### AC capability [Unit] # see "capability" for all possible values AssertCapability = CAP_CHOWN AssertCapability = | CAP_CHOWN AssertCapability = |! CAP_CHOWN AssertCapability = ! CAP_CHOWN # other options ConditionCapability = |! CAP_CHOWN ## invalid values AssertCapability = !| CAP_CHOWN AssertCapability = || CAP_CHOWN AssertCapability = !! CAP_CHOWN ###### AC cardinal [Unit] ConditionCPUs = < 123456789 ConditionCPUs = <= 123456789 ConditionCPUs = = 123456789 ConditionCPUs = != 123456789 ConditionCPUs = >=123456789 ConditionCPUs = > 123456789 ConditionCPUs = |< 123456789 ConditionCPUs = |<= 123456789 ConditionCPUs = |= 123456789 ConditionCPUs = | != 123456789 ConditionCPUs = | >=123456789 ConditionCPUs = | > 123456789 ## other options ConditionCPUs = > 4 ## invalid values ConditionCPUs = == 123456789 ConditionCPUs = >> 123456789 ConditionCPUs = = 123456789.987 ConditionCPUs = || = 123456789.987 ###### AC cardinal KMGT [Unit] ConditionMemory = > 123456789 ConditionMemory = |< 123456789 ConditionMemory = |! >= 1G ConditionMemory = | != 512K ## invalid values # no exabyte (yet) ConditionMemory = = 1E ###### AC cpu feature [Unit] # see "cpu feature" for all possible values ConditionCPUFeature = |! sse2 ###### AC controller cg (assert/condition for control group controller) [Unit] AssertControlGroupController = cpu AssertControlGroupController = | cpu AssertControlGroupController = |! cpu AssertControlGroupController = ! cpu # other options ConditionControlGroupController = |! cpu ## invalid values AssertControlGroupController = !| cpu AssertControlGroupController = || cpu AssertControlGroupController = !! cpu ###### AC firmware [Unit] # see "firmware" for all possible values ConditionFirmware = |! uefi ###### AC group [Unit] AssertGroup = | name AssertGroup = |! name AssertGroup = ! name # other options ConditionGroup = |! name ## invalid values AssertGroup = !| name AssertGroup = || name AssertGroup = !! name ###### AC security [Unit] # see "security" for all possible values AssertSecurity = audit AssertSecurity = | audit AssertSecurity = |! audit AssertSecurity = ! audit # other options ConditionSecurity = |! audit ## invalid values AssertSecurity = !| audit AssertSecurity = || audit AssertSecurity = !! audit ###### AC text [Unit] AssertKernelCommandLine = option=value AssertKernelCommandLine = | arg AssertKernelCommandLine = |! arg AssertKernelCommandLine = ! arg # other options AssertDirectoryNotEmpty = |! /some/path AssertFileIsExecutable = |! /some/path AssertFileNotEmpty = |! /some/path AssertKernelVersion = |! arg AssertNeedsUpdate = |! /etc AssertPathExists = |! /some/path AssertPathIsDirectory = |! /some/path AssertPathIsEncrypted = |! /some/path AssertPathIsMountPoint = |! /some/path AssertPathIsReadWrite = |! /some/path AssertPathIsSymbolicLink = |! /some/path ConditionDirectoryNotEmpty = |! /some/path ConditionEnvironment = |! name=value ConditionFileIsExecutable = |! /some/path ConditionFileNotEmpty = |! /some/path ConditionKernelCommandLine = |! arg ConditionKernelVersion = |! arg ConditionNeedsUpdate = |! /var ConditionPathExists = |! /some/path ConditionPathIsDirectory = |! /some/path ConditionPathIsEncrypted = |! /some/path ConditionPathIsMountPoint = |! /some/path ConditionPathIsReadWrite = |! /some/path ConditionPathIsSymbolicLink = |! /some/path ## invalid values AssertKernelCommandLine = !| arg AssertKernelCommandLine = || arg AssertKernelCommandLine = !! arg ###### AC text * [Unit] AssertHost = hostname AssertHost = hostname* AssertHost = | hostname* AssertHost = |!hostname* AssertHost = !hostname* # other options ConditionHost = |!hostname* ## invalid values AssertHost = !| hostname* AssertHost = || hostname* AssertHost = !! hostname* ###### AC text glob [Unit] AssertPathExistsGlob = |!/s[ao]me/path* ## invalid values ConditionPathExistsGlob = !! /s?me/path* ###### AC threshold [Unit] # there is only a fixed set of time spans to choose from ConditionMemoryPressure = 10%/10sec ConditionMemoryPressure = 20%/1min ConditionMemoryPressure = | ! 30 % / 5min ## invalid values # invalid time span ConditionMemoryPressure = 30%/5sec # no % ConditionMemoryPressure = 30 / 10sec # no separator before time span ConditionMemoryPressure = 30% 10sec ###### AC user AssertUser = | @system AssertUser = | name AssertUser = |! @system AssertUser = ! name # other options ConditionUser = |! @system ## invalid values AssertUser = !| name AssertUser = || name AssertUser = !! name ###### AC virtualization # accepts boolean too AssertVirtualization = |true # see "virtualization" for all possible values AssertVirtualization = container AssertVirtualization = | container AssertVirtualization = |! container ConditionVirtualization = |! container AssertVirtualization = ! container ## invalid values AssertVirtualization = ! | true AssertVirtualization = | | true AssertVirtualization = !! true # multiple values AssertVirtualization = true false ###### - text [Service] AppArmorProfile = - some-profile AppArmorProfile =-profile ###### -+/path list [Service] ReadWritePaths = -/some/path ReadWritePaths = -+/some/path ReadWritePaths = +/some/path ReadWritePaths =+/some/path-+/ -/some/other/path \ -+/one/more/path ## invalid values ReadWritePaths = - /some/path ReadWritePaths = + /some/path ReadWritePaths = +-/some/path ###### ~ address family list [Service] RestrictAddressFamilies = AF_ALG RestrictAddressFamilies = AF_APPLETALK RestrictAddressFamilies = AF_ASH RestrictAddressFamilies = AF_ATMPVC RestrictAddressFamilies = AF_ATMSVC RestrictAddressFamilies = AF_AX25 RestrictAddressFamilies = AF_BLUETOOTH RestrictAddressFamilies = AF_BRIDGE RestrictAddressFamilies = AF_CAIF RestrictAddressFamilies = AF_CAN RestrictAddressFamilies = AF_DECnet RestrictAddressFamilies = AF_ECONET RestrictAddressFamilies = AF_FILE RestrictAddressFamilies = AF_IB RestrictAddressFamilies = AF_IEEE802154 RestrictAddressFamilies = AF_INET RestrictAddressFamilies = AF_INET6 RestrictAddressFamilies = AF_IPX RestrictAddressFamilies = AF_IRDA RestrictAddressFamilies = AF_ISDN RestrictAddressFamilies = AF_IUCV RestrictAddressFamilies = AF_KCM RestrictAddressFamilies = AF_KEY RestrictAddressFamilies = AF_LLC RestrictAddressFamilies = AF_LOCAL RestrictAddressFamilies = AF_MAX RestrictAddressFamilies = AF_MPLS RestrictAddressFamilies = AF_NETBEUI RestrictAddressFamilies = AF_NETLINK RestrictAddressFamilies = AF_NETROM RestrictAddressFamilies = AF_NFC RestrictAddressFamilies = AF_PACKET RestrictAddressFamilies = AF_PHONET RestrictAddressFamilies = AF_PPPOX RestrictAddressFamilies = AF_QIPCRTR RestrictAddressFamilies = AF_RDS RestrictAddressFamilies = AF_ROSE RestrictAddressFamilies = AF_ROUTE RestrictAddressFamilies = AF_RXRPC RestrictAddressFamilies = AF_SECURITY RestrictAddressFamilies = AF_SMC RestrictAddressFamilies = AF_SNA RestrictAddressFamilies = AF_TIPC RestrictAddressFamilies = AF_UNIX RestrictAddressFamilies = AF_UNSPEC RestrictAddressFamilies = AF_VSOCK RestrictAddressFamilies = AF_WANPIPE RestrictAddressFamilies = AF_X25 RestrictAddressFamilies = AF_XDP RestrictAddressFamilies = ~ AF_XDP AF_LOCAL \ AF_SECURITY # since version 249 an additional 'none' is supported RestrictAddressFamilies = none ## invalid values RestrictAddressFamilies = AF_INVALID # multiple values including `none` RestrictAddressFamilies = AF_ROUTE none AF_ROSE ###### ~ capability list # all the values of capability, but multple values for a single option entry are valid [Service] AmbientCapabilities = ~ CAP_NET_ADMIN CAP_NET_RAW \ CAP_WAKE_ALARM CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_RAW \ CAP_WAKE_ALARM ###### ~ namespace list [Service] RestrictNamespaces = cgroup RestrictNamespaces = ipc RestrictNamespaces = mnt RestrictNamespaces = net RestrictNamespaces = pid RestrictNamespaces = user RestrictNamespaces = uts RestrictNamespaces = cgroup uts RestrictNamespaces = ~ cgroup pid \ uts # includes boolean RestrictNamespaces = true RestrictNamespaces = false ## invalid values RestrictNamespaces = invalid RestrictNamespaces = ~ true # if boolean, no multiple values RestrictNamespaces = true cgroup ###### ~ system call filter list [Service] SystemCallFilter = @aio SystemCallFilter = @basic-io SystemCallFilter = @chown SystemCallFilter = @clock SystemCallFilter = @cpu-emulation SystemCallFilter = @debug SystemCallFilter = @default SystemCallFilter = @file-system SystemCallFilter = @io-event SystemCallFilter = @ipc SystemCallFilter = @keyring SystemCallFilter = @memlock SystemCallFilter = @module SystemCallFilter = @mount SystemCallFilter = @network-io SystemCallFilter = @obsolete SystemCallFilter = @privileged SystemCallFilter = @process SystemCallFilter = @raw-io SystemCallFilter = @reboot SystemCallFilter = @resources SystemCallFilter = @setuid SystemCallFilter = @signal SystemCallFilter = @swap SystemCallFilter = @sync SystemCallFilter = @system-service SystemCallFilter = @timer SystemCallFilter = @obsolete @timer \ @swap SystemCallFilter = ~ @reboot @swap ## invalid values SystemCallFilter = invalid SystemCallFilter = @invalid @ sync ###### action [Unit] FailureAction = exit FailureAction = exit-force FailureAction = halt FailureAction = halt-force FailureAction = halt-immediate FailureAction = kexec FailureAction = kexec-force FailureAction = none FailureAction = poweroff FailureAction = poweroff-force FailureAction = poweroff-immediate FailureAction = reboot FailureAction = reboot-force FailureAction = reboot-immediate FailureAction = soft-reboot FailureAction = soft-reboot-force ## invalid values FailureAction = invalid FailureAction = invalid exit # multiple values FailureAction = none exit ###### architecture [Unit] ConditionArchitecture = alpha ConditionArchitecture = arc ConditionArchitecture = arc-be ConditionArchitecture = arm ConditionArchitecture = arm-be ConditionArchitecture = arm64 ConditionArchitecture = arm64-be ConditionArchitecture = cris ConditionArchitecture = ia64 ConditionArchitecture = m68k ConditionArchitecture = mips ConditionArchitecture = mips-le ConditionArchitecture = mips64 ConditionArchitecture = mips64-le ConditionArchitecture = parisc ConditionArchitecture = parisc64 ConditionArchitecture = ppc ConditionArchitecture = ppc-le ConditionArchitecture = ppc64 ConditionArchitecture = ppc64-le ConditionArchitecture = s390 ConditionArchitecture = s390x ConditionArchitecture = sh ConditionArchitecture = sh64 ConditionArchitecture = sparc ConditionArchitecture = sparc64 ConditionArchitecture = tilegx ConditionArchitecture = x86 ConditionArchitecture = x86-64 # special value "native" ConditionArchitecture = native ## invalid values ConditionArchitecture = invalid ConditionArchitecture = invalid x86 # multiple values ConditionArchitecture = sparc x86 ###### boolean [Unit] StopWhenUnneeded = 1 StopWhenUnneeded = 0 StopWhenUnneeded = true StopWhenUnneeded = t StopWhenUnneeded = false StopWhenUnneeded = f StopWhenUnneeded = yes StopWhenUnneeded = y StopWhenUnneeded = no StopWhenUnneeded = n StopWhenUnneeded = on StopWhenUnneeded = off ## invalid values StopWhenUnneeded = invalid # multiple values StopWhenUnneeded = false true ###### calendar [Timer] OnCalendar = daily OnCalendar = hourly OnCalendar = minutely OnCalendar = monthly OnCalendar = quarterly OnCalendar = semiannually OnCalendar = weekly OnCalendar = yearly OnCalendar = daily UTC OnCalendar = daily utc OnCalendar = monday *-12-* 17:00 OnCalendar = Mon *-12-* 17:00 ## invalid values OnCalendar = Mo *-12-* 17:00 ###### capability [Unit] ConditionCapability = CAP_AUDIT_CONTROL ConditionCapability = CAP_AUDIT_READ ConditionCapability = CAP_AUDIT_WRITE ConditionCapability = CAP_BLOCK_SUSPEND ConditionCapability = CAP_CHECKPOINT_RESTORE ConditionCapability = CAP_CHOWN ConditionCapability = CAP_DAC_OVERRIDE ConditionCapability = CAP_DAC_READ_SEARCH ConditionCapability = CAP_FOWNER ConditionCapability = CAP_FSETID ConditionCapability = CAP_IPC_LOCK ConditionCapability = CAP_IPC_OWNER ConditionCapability = CAP_KILL ConditionCapability = CAP_LEASE ConditionCapability = CAP_LINUX_IMMUTABLE ConditionCapability = CAP_MAC_ADMIN ConditionCapability = CAP_MAC_OVERRIDE ConditionCapability = CAP_MKNOD ConditionCapability = CAP_NET_ADMIN ConditionCapability = CAP_NET_BIND_SERVICE ConditionCapability = CAP_NET_BROADCAST ConditionCapability = CAP_NET_RAW ConditionCapability = CAP_SETGID ConditionCapability = CAP_SETFCAP ConditionCapability = CAP_SETPCAP ConditionCapability = CAP_SETUID ConditionCapability = CAP_SYS_ADMIN ConditionCapability = CAP_SYS_BOOT ConditionCapability = CAP_SYS_CHROOT ConditionCapability = CAP_SYS_MODULE ConditionCapability = CAP_SYS_NICE ConditionCapability = CAP_SYS_PACCT ConditionCapability = CAP_SYS_PTRACE ConditionCapability = CAP_SYS_RAWIO ConditionCapability = CAP_SYS_RESOURCE ConditionCapability = CAP_SYS_TIME ConditionCapability = CAP_SYS_TTY_CONFIG ConditionCapability = CAP_SYSLOG ConditionCapability = CAP_WAKE_ALARM ## invalid values ConditionCapability = invalid # multiple values ConditionCapability = CAP_NET_ADMIN CAP_NET_RAW ###### cardinal [Unit] StartLimitBurst = 15 ## invalid values StartLimitBurst = -10 StartLimitBurst = 12.34 StartLimitBurst = 10% StartLimitBurst = infinity # multiple values StartLimitBurst = 10 20 ###### cardinal % infinity [Service] TasksMax = 15 TasksMax = 10% TasksMax = infinity ## invalid values TasksMax = -10 TasksMax = 12.34 # multiple values TasksMax = 10 20 TasksMax = infinity 20 ###### cardinal %KGMT infinity [Service] MemoryMin = 123 MemoryMin = 12K MemoryMin = 12M MemoryMin = 12G MemoryMin = 12T MemoryMin = 12 G MemoryMin = 20% MemoryMin = infinity ## invalid values MemoryMin = invalid # invalid bytes suffix MemoryMin = 12g MemoryMin = 12H MemoryMin = 12 E MemoryMin = 12P ###### cardinal KGMT [Socket] PipeSize = 123 PipeSize = 12K PipeSize = 12M PipeSize = 12G PipeSize = 12T PipeSize = 12 G ## invalid values PipeSize = invalid PipeSize = infinity # invalid bytes suffix PipeSize = 12g PipeSize = 12H PipeSize = 12 E PipeSize = 12P PipeSize = 20% ###### cardinal KGMT infinity [Service] MemorySwapMax = 123 MemorySwapMax = 12K MemorySwapMax = 12M MemorySwapMax = 12G MemorySwapMax = 12T MemorySwapMax = 12 G MemorySwapMax = infinity ## invalid values MemorySwapMax = invalid # invalid bytes suffix MemorySwapMax = 12g MemorySwapMax = 12H MemorySwapMax = 12 E MemorySwapMax = 12P MemorySwapMax = 20% ###### collect mode [Unit] CollectMode = inactive CollectMode = inactive-or-failed ## invalid values CollectMode = invalid CollectMode = invalid inactive # multiple values CollectMode = inactive-or-failed inactive ###### condition needs update [Unit] ConditionNeedsUpdate = !/etc ConditionNeedsUpdate = !/var ## invalid values ConditionNeedsUpdate = /home # multiple values ConditionNeedsUpdate = /etc /var ###### condition user [Unit] ConditionUser = @system ConditionUser = name1 ConditionUser = 1050 ## invalid values ConditionUser = -1050 # multiple values ConditionUser = @system 1050 ###### controller cg (control group controller) [Unit] AssertControlGroupController = cpu AssertControlGroupController = io AssertControlGroupController = memory AssertControlGroupController = pids AssertControlGroupController = v1 AssertControlGroupController = v2 # multiple values AssertControlGroupController = cpu memory ## invalid values AssertControlGroupController = invalid ###### controller list [Service] # single controller DisableControllers = blkio DisableControllers = bpf-devices DisableControllers = bpf-firewall DisableControllers = cpu DisableControllers = cpuacct DisableControllers = cpuset DisableControllers = devices DisableControllers = io DisableControllers = memory DisableControllers = pids # multiple controllers DisableControllers = cpu io \ memory ## invalid values DisableControllers = dev invalid ###### cpu affinity [Service] # either "numa" or any of the values for "cpu index list" CPUAffinity = numa CPUAffinity = 0 1, 2 , \ 3, 4-8 , 10 - 12 # since version 249 specifiers are supported CPUAffinity = %I ## invalid values CPUAffinity = numa-x # no multiple "numa" CPUAffinity = numa numa # no CPU index list and "numa" CPUAffinity = numa 0 1 2 CPUAffinity = 0 1 2 numa ###### cpu feature [Unit] ConditionCPUFeature = abm ConditionCPUFeature = adx ConditionCPUFeature = aes ConditionCPUFeature = apic ConditionCPUFeature = avx ConditionCPUFeature = avx2 ConditionCPUFeature = bmi1 ConditionCPUFeature = bmi2 ConditionCPUFeature = clflush ConditionCPUFeature = cmov ConditionCPUFeature = constant_tsc ConditionCPUFeature = cx16 ConditionCPUFeature = cx8 ConditionCPUFeature = de ConditionCPUFeature = f16c ConditionCPUFeature = fma3 ConditionCPUFeature = fpu ConditionCPUFeature = fxsr ConditionCPUFeature = ht ConditionCPUFeature = lahf_lm ConditionCPUFeature = lm ConditionCPUFeature = mca ConditionCPUFeature = mce ConditionCPUFeature = mmx ConditionCPUFeature = monitor ConditionCPUFeature = movbe ConditionCPUFeature = msr ConditionCPUFeature = mtrr ConditionCPUFeature = osxsave ConditionCPUFeature = pae ConditionCPUFeature = pat ConditionCPUFeature = pclmul ConditionCPUFeature = pge ConditionCPUFeature = pni ConditionCPUFeature = popcnt ConditionCPUFeature = pse ConditionCPUFeature = pse36 ConditionCPUFeature = rdrand ConditionCPUFeature = rdseed ConditionCPUFeature = rdtscp ConditionCPUFeature = sep ConditionCPUFeature = sha_ni ConditionCPUFeature = sse ConditionCPUFeature = sse2 ConditionCPUFeature = sse4_1 ConditionCPUFeature = sse4_2 ConditionCPUFeature = ssse3 ConditionCPUFeature = syscall ConditionCPUFeature = tsc ConditionCPUFeature = vme ConditionCPUFeature = xsave ## invalid values ConditionCPUFeature = invalid # multiple values ConditionCPUFeature = tsc mmx ###### cpu index list [Service] NUMAMask = 0 1 2 NUMAMask = 0,1, 2 # using ranges NUMAMask = 0-2 NUMAMask = 0 - 2 NUMAMask = 0 1, 2 , \ 3, 4-8 , ## invalid values NUMAMask = 0 invalid 2, 3;4 NUMAMask = 0-a1 NUMAMask = numa ###### cpu scheduling policy [Service] CPUSchedulingPolicy = batch CPUSchedulingPolicy = fifo CPUSchedulingPolicy = idle CPUSchedulingPolicy = other CPUSchedulingPolicy = rr ## invalid values CPUSchedulingPolicy = invalid # multiple values CPUSchedulingPolicy = batch fifo ###### cpu scheduling priority [Service] CPUSchedulingPriority = 12 CPUSchedulingPriority = 99 ## invalid values CPUSchedulingPriority = invalid CPUSchedulingPriority = -12 CPUSchedulingPriority = 0.12 # out of range CPUSchedulingPriority = 0 CPUSchedulingPriority = 100 # multiple values CPUSchedulingPriority = 12 34 ###### cpu weight [Service] CPUWeight = idle # integer 1..10000 CPUWeight = 1 CPUWeight = 12 CPUWeight = 123 CPUWeight = 1234 CPUWeight = 1234 CPUWeight = 10000 ## invalid values CPUWeight = -1 CPUWeight = 0 CPUWeight = 10001 CPUWeight = 12345 CPUWeight = 12.3 CPUWeight = invalid # multiple values CPUWeight = 1 10000 ###### delegate [Service] # single boolean Delegate = false Delegate = true # single controller Delegate = blkio Delegate = bpf-devices Delegate = bpf-firewall Delegate = cpu Delegate = cpuacct Delegate = cpuset Delegate = devices Delegate = io Delegate = memory Delegate = pids # multiple controllers Delegate = cpu io \ memory ## invalid values Delegate = invalid # multiple boolean values Delegate = on off ###### device cardinal KMGT [Service] IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 123 IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 12K IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 12M IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 12G IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 12T IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 12 G IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 \ 10M ## invalid values IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 20% # invalid multiplier suffix IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 12g IOReadIOPSMax = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 12E # no device IOReadIOPSMax = 10 IOReadIOPSMax = 10M ###### device policy [Service] DevicePolicy = auto DevicePolicy = closed DevicePolicy = strict ## invalid values DevicePolicy = invalid # multiple values DevicePolicy = auto closed ###### device time span [Service] IODeviceLatencyTargetSec = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 123 IODeviceLatencyTargetSec = /dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5s 20ms \ 100us ## invalid values # no device IODeviceLatencyTargetSec = 123 IODeviceLatencyTargetSec = 5s 20ms 100us ###### exec [Service] # specifier and environment variable ExecStart = /some/cmd %u arg $var1 inside${var2}word ${var3} $var4 ExecStart = cmd1 %h arg1_1 $var1, cmd2 %u arg2_1 $var2_1\ $var2_2 # escapes (not exactly the same as detected by HlCStringChar) ExecStart = cmd \, \' \" \\ \a \b \f \n \r \s \t \v \x0A \012 \u1234 \U12abcdef # prefix ExecStart = @/some/cmd arg "@!+-:" ExecStart = -/some/cmd-1 -option arg ExecStart = :/some/cmd arg ExecStart = +/some/cmd arg ExecStart = !/some/cmd arg ExecStart = !!/some/cmd arg ExecStart = @:-!!/some/cmd arg ExecStart = @!!-:/some/cmd arg ExecStart = @:-+/some/cmd arg ## invalid values # invalid prefix ExecStart = @ /some/cmd arg ExecStart = @ -/some/cmd arg ExecStart = +!/some/cmd arg ExecStart = !!!/some/cmd arg ExecStart = @+@/some/cmd arg ExecStart = @!!+/some/cmd arg ###### exit status [Service] SuccessExitStatus = 75 SuccessExitStatus = ADDRESS_FAMILIES SuccessExitStatus = APPARMOR SuccessExitStatus = BPF SuccessExitStatus = CACHE_DIRECTORY SuccessExitStatus = CANTCREAT SuccessExitStatus = CAPABILITIES SuccessExitStatus = CGROUP SuccessExitStatus = CHDIR SuccessExitStatus = CHOWN SuccessExitStatus = CHROOT SuccessExitStatus = CONFIG SuccessExitStatus = CONFIGURATION_DIRECTORY SuccessExitStatus = CONFIRM SuccessExitStatus = CPUAFFINITY SuccessExitStatus = CREDENTIALS SuccessExitStatus = DATAERR SuccessExitStatus = EXCEPTION SuccessExitStatus = EXEC SuccessExitStatus = FAILURE SuccessExitStatus = FDS SuccessExitStatus = GROUP SuccessExitStatus = INVALIDARGUMENT SuccessExitStatus = IOERR SuccessExitStatus = IOPRIO SuccessExitStatus = KEYRING SuccessExitStatus = LIMITS SuccessExitStatus = LOGS_DIRECTORY SuccessExitStatus = MEMORY SuccessExitStatus = NAMESPACE SuccessExitStatus = NETWORK SuccessExitStatus = NICE SuccessExitStatus = NOHOST SuccessExitStatus = NOINPUT SuccessExitStatus = NOPERM SuccessExitStatus = NOPERMISSION SuccessExitStatus = NOTCONFIGURED SuccessExitStatus = NOTIMPLEMENTED SuccessExitStatus = NOTINSTALLED SuccessExitStatus = NOTRUNNING SuccessExitStatus = NOUSER SuccessExitStatus = NO_NEW_PRIVILEGES SuccessExitStatus = NUMA_POLICY SuccessExitStatus = OOM_ADJUST SuccessExitStatus = OSERR SuccessExitStatus = OSFILE SuccessExitStatus = PAM SuccessExitStatus = PERSONALITY SuccessExitStatus = PROTOCOL SuccessExitStatus = RUNTIME_DIRECTORY SuccessExitStatus = SECCOMP SuccessExitStatus = SECUREBITS SuccessExitStatus = SELINUX_CONTEXT SuccessExitStatus = SETSCHEDULER SuccessExitStatus = SETSID SuccessExitStatus = SIGNAL_MASK SuccessExitStatus = SMACK_PROCESS_LABEL SuccessExitStatus = SOFTWARE SuccessExitStatus = STATE_DIRECTORY SuccessExitStatus = STDERR SuccessExitStatus = STDIN SuccessExitStatus = STDOUT SuccessExitStatus = SUCCESS SuccessExitStatus = TEMPFAIL SuccessExitStatus = TIMERSLACK SuccessExitStatus = UNAVAILABLE SuccessExitStatus = USAGE SuccessExitStatus = USER # using signals (see values for context "signal" for a complete list of values) SuccessExitStatus = SIGABRT SuccessExitStatus = ADDRESS_FAMILIES 75 \ 23 SIGHUP ## invalid values SuccessExitStatus = invalid SuccessExitStatus = -23 ###### exit type [Service] ExitType = main ExitType = cgroup ## invalid values ExitType = invalid # multiple values ExitType = main cgroup ###### failure mode [Service] TimeoutStartFailureMode = abort TimeoutStartFailureMode = kill TimeoutStartFailureMode = terminate ## invalid values TimeoutStartFailureMode = invalid # multiple values TimeoutStartFailureMode = abort kill ###### file mode [Automount] DirectoryMode = 755 ## invalid values DirectoryMode = invalid # need octal digits DirectoryMode = 0758 DirectoryMode = 075A # need 3 to 4 octal digits DirectoryMode = 07 # multiple values DirectoryMode = 0755 0755 ###### firmware [Unit] ConditionFirmware = uefi ConditionFirmware = device-tree ConditionFirmware = device-tree-compatible(some-device-tree) ConditionFirmware = device-tree-compatible( some-device-tree ) ConditionFirmware = smbios-field(board_name = "Custom Board") ## invalid values ConditionFirmware = invalid ConditionFirmware = device-tree-invalid # missing argument ConditionFirmware = device-tree-compatible ConditionFirmware = device-tree-compatible() ConditionFirmware = smbios-field ConditionFirmware = smbios-field() # multiple values ConditionFirmware = uefi device-tree ###### fs set [Service] RestrictFileSystems = @auxiliary-api RestrictFileSystems = @basic-api RestrictFileSystems = @common-block RestrictFileSystems = @historical-block RestrictFileSystems = @known RestrictFileSystems = @network RestrictFileSystems = @privileged-api RestrictFileSystems = @temporary ## invalid values RestrictFileSystems = invalid RestrictFileSystems = temporary ###### fs type # A selection of file system types to be used as `Type` in mount units. [Mount] Type = binfmt_misc Type = btrfs Type = configfs Type = debugfs Type = devtmpfs Type = efivarfs Type = exfat Type = ext2 Type = ext3 Type = ext4 Type = f2fs Type = fuse Type = fusectl Type = gfs2 Type = hugetlbfs Type = iso9660 Type = jfs Type = mqueue Type = msdos Type = nfs Type = nilfs2 Type = ntfs Type = ntfs3 Type = ocfs2 Type = overlay Type = proc Type = reiserfs Type = tmpfs Type = tracefs Type = udf Type = vfat Type = virtiofs Type = xfs ## invalid values Type = invalid Type = invalid ext4 # multiple values Type = btrfs ext4 ###### fs type set list ## list of fs type names and fs set names [Service] RestrictFileSystems = @auxiliary-api btrfs \ nfs @temporary unknown ###### group and user [Service] User = 0 User = 1000 Group = 100 User = some-name Group = some_name User = _some-name-1 User = name1 # using specifiers User = %i User = name-%i User = some-%i-name User = %U-name User = some-%i-name-%U ## invalid values # no negative integers User = -1000 # no float User = 100.0 # no name with leading digit User = 1name # no name with leading hyphen User = -name # multiple values User = 1000 1001 ###### group list [Service] SupplementaryGroups = some-name %U some%iname \ %Uname 1001 name%U ###### io scheduling class # see systemd.exec [Service] IOSchedulingClass = 0 IOSchedulingClass = 1 IOSchedulingClass = 2 IOSchedulingClass = 3 IOSchedulingClass = best-effort IOSchedulingClass = idle IOSchedulingClass = realtime ## invalid values IOSchedulingClass = invalid IOSchedulingClass = none IOSchedulingClass = 4 IOSchedulingClass = 123 IOSchedulingClass = -1 # multiple values IOSchedulingClass = 1 idle IOSchedulingClass = idle idle IOSchedulingClass = idle 1 ###### ip address list [Service] IPAddressAllow = any IPAddressAllow = localhost IPAddressAllow = link-local IPAddressDeny = multicast IPAddressAllow = localhost \ multicast IPAddressAllow = 127.0.0.0/8 ::1/128 169.254.0.0/16 fe80::/64 ## invalid values IPAddressAllow = invalid ###### ip bind [Socket] BindIPv6Only = both BindIPv6Only = default BindIPv6Only = ipv6-only ## invalid values BindIPv6Only = invalid # multiple values BindIPv6Only = both default ###### io scheduling priority [Service] IOSchedulingPriority = 0 IOSchedulingPriority = 1 IOSchedulingPriority = 2 IOSchedulingPriority = 3 IOSchedulingPriority = 4 IOSchedulingPriority = 5 IOSchedulingPriority = 6 IOSchedulingPriority = 7 ## invalid values IOSchedulingPriority = 8 IOSchedulingPriority = 123 IOSchedulingPriority = -1 # multiple values IOSchedulingPriority = 0 3 ###### ip tos (terms-of-service) [Socket] IPTOS = 15 IPTOS = low-cost IPTOS = low-delay IPTOS = reliability IPTOS = throughput ## invalid values IPTOS = invalid # multiple values IPTOS = 15 20 IPTOS = low-delay 15 ###### keyring mode [Service] KeyringMode = inherit KeyringMode = private KeyringMode = shared ## invalid values KeyringMode = invalid # multiple values KeyringMode = shared private ###### kill mode [Service] KillMode = control-group KillMode = mixed KillMode = none KillMode = process ## invalid values KillMode = invalid # multiple values KillMode = mixed process ###### limit bytes [Service] LimitFSIZE = 123 LimitFSIZE = 12K LimitFSIZE = 12M LimitFSIZE = 12G LimitFSIZE = 12T LimitFSIZE = 12P LimitFSIZE = 12E LimitFSIZE = 12 G LimitFSIZE = 12G:24G LimitFSIZE = 12 G:24 G LimitFSIZE = 12 G: 24 G LimitFSIZE = 12 G :24 G LimitFSIZE = 12 G : 24 G LimitFSIZE = infinity ## invalid values LimitFSIZE = invalid # invalid bytes suffix LimitFSIZE = 12g LimitFSIZE = 12H ###### limit nice level [Service] LimitNICE = -1 LimitNICE = -12 LimitNICE = -20 LimitNICE = +1 LimitNICE = +12 LimitNICE = +19 LimitNICE = 0 LimitNICE = 9 LimitNICE = 12 LimitNICE = 23 LimitNICE = 34 LimitNICE = 40 LimitNICE = -10:+10 LimitNICE = 20:30 LimitNICE = infinity ## invalid values LimitNICE = invalid LimitNICE = 0.2 LimitNICE = 20 : infinity LimitNICE = infinity : 20 # out of range LimitNICE = -21 LimitNICE = -123 LimitNICE = +20 LimitNICE = +123 LimitNICE = 41 LimitNICE = 123 ###### limit number [Service] LimitNOFILE = 123 LimitNOFILE = 123:321 LimitNOFILE = infinity ## invalid values LimitNOFILE = invalid # negative values LimitNOFILE = -123 ###### limit time span [Service] LimitCPU = 15s 10us : 20s 5ms LimitCPU = infinity ## invalid values # only a single infinity LimitCPU = infinity : infinity LimitCPU = infinity : 10s 15ms LimitCPU = 10s 15ms : infinity ###### log facility [Service] SyslogFacility = auth SyslogFacility = authpriv SyslogFacility = cron SyslogFacility = daemon SyslogFacility = ftp SyslogFacility = kern SyslogFacility = local0 SyslogFacility = local1 SyslogFacility = local2 SyslogFacility = local3 SyslogFacility = local4 SyslogFacility = local5 SyslogFacility = local6 SyslogFacility = local7 SyslogFacility = lpr SyslogFacility = mail SyslogFacility = news SyslogFacility = syslog SyslogFacility = user SyslogFacility = uucp ## invalid values SyslogFacility = invalid # multiple values SyslogFacility = cron daemon ###### log level [Service] LogLevelMax = alert LogLevelMax = crit LogLevelMax = debug LogLevelMax = emerg LogLevelMax = err LogLevelMax = info LogLevelMax = notice LogLevelMax = warning ## invalid values LogLevelMax = invalid # multiple values LogLevelMax = info notice ###### memory mapping [Service] CoredumpFilter = all CoredumpFilter = default CoredumpFilter = private-anonymous CoredumpFilter = shared-anonymous CoredumpFilter = private-file-backed CoredumpFilter = shared-file-backed CoredumpFilter = elf-headers CoredumpFilter = private-huge CoredumpFilter = shared-huge CoredumpFilter = private-dax CoredumpFilter = shared-dax # multiple values CoredumpFilter = private-file-backed shared-dax ## invalid values CoredumpFilter = invalid CoredumpFilter = private-file-backed invalid elf-headers CoredumpFilter = invalid shared-dax # only spaces as separator CoredumpFilter = private-file-backed, shared-dax ###### memory pressure watch [Service] MemoryPressureWatch = auto MemoryPressureWatch = off MemoryPressureWatch = on MemoryPressureWatch = skip ## invalid values MemoryPressureWatch = invalid # multiple values MemoryPressureWatch = auto skip ###### mount flag [Service] MountFlags = private MountFlags = shared MountFlags = slave ## invalid values MountFlags = invalid # multiple values MountFlags = shared slave ###### nft set list [Service] NFTSet = cgroup:arp::filter::my_service NFTSet = cgroup:bridge::filter::my_service NFTSet = cgroup:inet::filter::my_service NFTSet = cgroup:ip::filter::my_service NFTSet = cgroup:ip6::filter::my_service NFTSet = cgroup:ip::filter::my_service NFTSet = cgroup:netdev::filter::my_service NFTSet = group:inet::filter::my_service NFTSet = user:inet::filter::my_service ## multiple sets NFTSet = cgroup:inet:filter:my_service \ user:inet:filter:serviceuser ## invalid values NFTSet = invalid:inet::filter::my_service NFTSet = cgroup::invalid::filter::my_service ###### nice level [Service] Nice = -1 Nice = -12 Nice = -20 Nice = +1 Nice = +12 Nice = +19 Nice = 0 Nice = 12 Nice = 19 ## invalid values Nice = invalid Nice = 0.2 # out of range Nice = -21 Nice = -123 Nice = +20 Nice = +123 Nice = 20 Nice = 30 Nice = 123 # multiple values Nice = 12 34 ###### notify access [Service] NotifyAccess = all NotifyAccess = exec NotifyAccess = main NotifyAccess = none ## invalid values NotifyAccess = invalid # multiple values NotifyAccess = exec none ###### numa mask [Service] NUMAMask = all NUMAMask = 1,2,3-8 ## invalid values NUMAMask = invalid # both all and cpu index list NUMAMask = all, 1,2,3-8 NUMAMask = 1,2,3-8, all ###### numa policy [Service] NUMAPolicy = bind NUMAPolicy = default NUMAPolicy = interleave NUMAPolicy = local NUMAPolicy = preferred ## invalid values NUMAPolicy = invalid # multiple values NUMAPolicy = interleave local ###### on failure job mode [Unit] OnFailureJobMode = fail OnFailureJobMode = flush OnFailureJobMode = ignore-dependencies OnFailureJobMode = ignore-requirements OnFailureJobMode = isolate OnFailureJobMode = replace OnFailureJobMode = replace-irreversibly ## invalid values OnFailureJobMode = invalid OnFailureJobMode = invalid fail # multiple values OnFailureJobMode = replace fail ###### oom behavior (out-of-memory killer behavior) [Service] ManagedOOMSwap = auto ManagedOOMSwap = kill ## invalid values ManagedOOMSwap = invalid # multiple values ManagedOOMSwap = auto kill ###### oom preference (out-of-memory killer preference) [Service] ManagedOOMPreference = avoid ManagedOOMPreference = none ManagedOOMPreference = omit ## invalid values ManagedOOMPreference = invalid # multiple values ManagedOOMPreference = avoid none ###### oom policy (out-of-memory killer policy) [Service] OOMPolicy = continue OOMPolicy = kill OOMPolicy = stop ## invalid values OOMPolicy = invalid # multiple values OOMPolicy = kill stop ###### oom score adjust (out-of-memory killer score adjustment) [Service] OOMScoreAdjust = -1000 OOMScoreAdjust = -123 OOMScoreAdjust = 0 OOMScoreAdjust = 321 OOMScoreAdjust = +321 OOMScoreAdjust = +1000 OOMScoreAdjust = 1000 ## invalid values OOMScoreAdjust = invalid OOMScoreAdjust = 1.2 # out of range OOMScoreAdjust = -1001 OOMScoreAdjust = +1001 OOMScoreAdjust = 1001 ###### open file option [Service] OpenFile = /some/path/:some-name:append,graceful,read-only,truncate ## invalid values OpenFile = /some/path/:some-name:some,invalid,options ###### percent [Slice] CPUQuota = 0.1% CPUQuota = 12 % CPUQuota = 123.4% ## invalid values CPUQuota = 10 CPUQuota = invalid # multiple values CPUQuota = 10% 20% ###### personality [Service] Personality = arm Personality = arm-be Personality = arm64 Personality = arm64-be Personality = ppc Personality = ppc-le Personality = ppc64 Personality = ppc64-le Personality = s390 Personality = s390x Personality = x86 Personality = x86-64 ## invalid values Personality = invalid Personality = alpha Personality = m68k # multiple values Personality = x86-64 s390x ###### proc subset [Service] ProcSubset = all ProcSubset = pid ## invalid values ProcSubset = invalid # multiple values ProcSubset = all pid ###### protect home [Service] ProtectHome = read-only ProtectHome = tmpfs ProtectHome = true ProtectHome = false ProtectHome = yes ## invalid values ProtectHome = invalid # multiple values ProtectHome = tmpfs true ###### protect system [Service] ProtectSystem = full ProtectSystem = strict ProtectSystem = true ProtectSystem = false ProtectSystem = yes ProtectSystem = no ## invalid values ProtectSystem = invalid # multiple values ProtectSystem = full true ###### restart [Service] Restart = always Restart = no Restart = on-abnormal Restart = on-abort Restart = on-failure Restart = on-success Restart = on-watchdog ## invalid values Restart = invalid # multiple values Restart = no on-abort ###### restart mode [Service] RestartMode = direct RestartMode = normal ## invalid values RestartMode = invalid # multiple values RestartMode = direct normal ###### runtime directory preserve [Service] RuntimeDirectoryPreserve = restart RuntimeDirectoryPreserve = true RuntimeDirectoryPreserve = false RuntimeDirectoryPreserve = yes RuntimeDirectoryPreserve = no ## invalid values RuntimeDirectoryPreserve = invalid # multiple values RuntimeDirectoryPreserve = restart no ###### secure bits list [Service] SecureBits = keep-caps SecureBits = keep-caps-locked SecureBits = no-setuid-fixup SecureBits = no-setuid-fixup-locked SecureBits = noroot SecureBits = noroot-locked SecureBits = keep-caps noroot-locked \ no-setuid-fixup ## invalid values SecureBits = invalid ###### security [Unit] ConditionSecurity = apparmor ConditionSecurity = audit ConditionSecurity = ima ConditionSecurity = measured-uki ConditionSecurity = selinux ConditionSecurity = smack ConditionSecurity = tomoyo ConditionSecurity = tpm2 ConditionSecurity = uefi-secureboot ## invalid values ConditionSecurity = invalid # multiple values ConditionSecurity = invalid selinux ConditionSecurity = apparmor selinux ###### service type [Service] Type = dbus Type = exec Type = forking Type = idle Type = notify Type = oneshot Type = simple ## invalid values Type = invalid # multiple values Type = exec forking ###### signal [Service] KillSignal = SIGABRT KillSignal = SIGALRM KillSignal = SIGBUS KillSignal = SIGCHLD KillSignal = SIGCLD KillSignal = SIGCONT KillSignal = SIGEMT KillSignal = SIGFPE KillSignal = SIGHUP KillSignal = SIGILL KillSignal = SIGINFO KillSignal = SIGINT KillSignal = SIGIO KillSignal = SIGIOT KillSignal = SIGKILL KillSignal = SIGLOST KillSignal = SIGPIPE KillSignal = SIGPOLL KillSignal = SIGPROF KillSignal = SIGPWR KillSignal = SIGQUIT KillSignal = SIGSEGV KillSignal = SIGSTKFLT KillSignal = SIGSTOP KillSignal = SIGSYS KillSignal = SIGTERM KillSignal = SIGTRAP KillSignal = SIGTSTP KillSignal = SIGTTIN KillSignal = SIGTTOU KillSignal = SIGUNUSED KillSignal = SIGURG KillSignal = SIGUSR1 KillSignal = SIGUSR2 KillSignal = SIGVTALRM KillSignal = SIGWINCH KillSignal = SIGXCPU KillSignal = SIGXFSZ ## invalid values KillSignal = SIG_INVALID ###### socket bind rule [Service] SocketBindAllow = any SocketBindAllow = ipv4: SocketBindAllow = ipv4:tcp: SocketBindAllow = ipv4:tcp:12345 SocketBindAllow = ipv4:tcp:1-123 SocketBindAllow = ipv6:udp:1-123 SocketBindAllow = ipv6: udp: 1 - 123 SocketBindAllow = tcp: SocketBindAllow = 12345 SocketBindAllow = 123-456 ## invalid values SocketBindAllow = ipv4 : SocketBindAllow = ipv5:tcp: SocketBindAllow = ipv4:udcp: SocketBindAllow = tcp:ipv4 SocketBindAllow = ipv4:tcp: 12345 # multiple values SocketBindAllow = any ipv4: ###### socket protocol [Socket] SocketProtocol = sctp SocketProtocol = udplite ## invalid values SocketProtocol = invalid # multiple values SocketProtocol = sctp udplite ###### standard input [Service] StandardInput = data StandardInput = fd StandardInput = fd:some_name StandardInput = file:/some/absolute/path StandardInput = null StandardInput = socket StandardInput = tty StandardInput = tty-fail StandardInput = tty-force ## invalid values StandardInput = invalid # multiple values StandardInput = null tty StandardInput = file:/some/absolute/path socket # no absolute path immediately after `file:` StandardInput = file: StandardInput = file:some//path StandardInput = file: /some/absolute/path ###### standard output [Service] # NOTE: Option StandardError accepts the same values. StandardOutput = append:/some/absolute/path StandardOutput = fd StandardOutput = fd:some_name StandardOutput = file:/some/absolute/path StandardOutput = inherit StandardOutput = journal StandardOutput = journal+console StandardOutput = kmsg StandardOutput = kmsg+console StandardOutput = null StandardOutput = socket StandardOutput = truncate:/some/absolute/path StandardOutput = tty ## invalid values StandardOutput = invalid StandardOutput = syslog # no absolute path immediately after append:, file: StandardOutput = append: StandardOutput = append:some/relative/path StandardOutput = append: /some/relative/path StandardOutput = file: StandardOutput = file:some/relative/path StandardOutput = file: /some/relative/path # multiple values StandardOutput = null tty StandardOutput = file:/some/absolute/path socket ###### system call architecture [Service] SystemCallArchitectures = mips64-le-n32 SystemCallArchitectures = mips64-n32 SystemCallArchitectures = native SystemCallArchitectures = x32 # all values from "architecture" are also valid SystemCallArchitectures = alpha \ mips sparc ## invalid values SystemCallArchitectures = invalid ###### system call errno [Service] SystemCallErrorNumber = kill SystemCallErrorNumber = log # from man errno(3) SystemCallErrorNumber = EACCES SystemCallErrorNumber = EADDRINUSE SystemCallErrorNumber = EADDRNOTAVAIL SystemCallErrorNumber = EAFNOSUPPORT SystemCallErrorNumber = EAGAIN SystemCallErrorNumber = EALREADY SystemCallErrorNumber = EBADE SystemCallErrorNumber = EBADF SystemCallErrorNumber = EBADFD SystemCallErrorNumber = EBADMSG SystemCallErrorNumber = EBADR SystemCallErrorNumber = EBADRQC SystemCallErrorNumber = EBADSLT SystemCallErrorNumber = EBUSY SystemCallErrorNumber = ECANCELED SystemCallErrorNumber = ECHILD SystemCallErrorNumber = ECHRNG SystemCallErrorNumber = ECOMM SystemCallErrorNumber = ECONNABORTED SystemCallErrorNumber = ECONNREFUSED SystemCallErrorNumber = ECONNRESET SystemCallErrorNumber = EDEADLK SystemCallErrorNumber = EDEADLOCK SystemCallErrorNumber = EDESTADDRREQ SystemCallErrorNumber = EDOM SystemCallErrorNumber = EDQUOT SystemCallErrorNumber = EEXIST SystemCallErrorNumber = EFAULT SystemCallErrorNumber = EFBIG SystemCallErrorNumber = EHOSTDOWN SystemCallErrorNumber = EHOSTUNREACH SystemCallErrorNumber = EHWPOISON SystemCallErrorNumber = EIDRM SystemCallErrorNumber = EILSEQ SystemCallErrorNumber = EINPROGRESS SystemCallErrorNumber = EINTR SystemCallErrorNumber = EINVAL SystemCallErrorNumber = EIO SystemCallErrorNumber = EISCONN SystemCallErrorNumber = EISDIR SystemCallErrorNumber = EISNAM SystemCallErrorNumber = EKEYEXPIRED SystemCallErrorNumber = EKEYREJECTED SystemCallErrorNumber = EKEYREVOKED SystemCallErrorNumber = EL2HLT SystemCallErrorNumber = EL2NSYNC SystemCallErrorNumber = EL3HLT SystemCallErrorNumber = EL3RST SystemCallErrorNumber = ELIBACC SystemCallErrorNumber = ELIBBAD SystemCallErrorNumber = ELIBEXEC SystemCallErrorNumber = ELIBMAX SystemCallErrorNumber = ELIBSCN SystemCallErrorNumber = ELNRNG SystemCallErrorNumber = ELOOP SystemCallErrorNumber = EMEDIUMTYPE SystemCallErrorNumber = EMFILE SystemCallErrorNumber = EMLINK SystemCallErrorNumber = EMSGSIZE SystemCallErrorNumber = EMULTIHOP SystemCallErrorNumber = ENAMETOOLONG SystemCallErrorNumber = ENETDOWN SystemCallErrorNumber = ENETRESET SystemCallErrorNumber = ENETUNREACH SystemCallErrorNumber = ENFILE SystemCallErrorNumber = ENOANO SystemCallErrorNumber = ENOBUFS SystemCallErrorNumber = ENODATA SystemCallErrorNumber = ENODEV SystemCallErrorNumber = ENOENT SystemCallErrorNumber = ENOEXEC SystemCallErrorNumber = ENOKEY SystemCallErrorNumber = ENOLCK SystemCallErrorNumber = ENOLINK SystemCallErrorNumber = ENOMEDIUM SystemCallErrorNumber = ENOMEM SystemCallErrorNumber = ENOMSG SystemCallErrorNumber = ENONET SystemCallErrorNumber = ENOPKG SystemCallErrorNumber = ENOPROTOOPT SystemCallErrorNumber = ENOSPC SystemCallErrorNumber = ENOSR SystemCallErrorNumber = ENOSTR SystemCallErrorNumber = ENOSYS SystemCallErrorNumber = ENOTBLK SystemCallErrorNumber = ENOTCONN SystemCallErrorNumber = ENOTDIR SystemCallErrorNumber = ENOTEMPTY SystemCallErrorNumber = ENOTRECOVERABLE SystemCallErrorNumber = ENOTSOCK SystemCallErrorNumber = ENOTSUP SystemCallErrorNumber = ENOTTY SystemCallErrorNumber = ENOTUNIQ SystemCallErrorNumber = ENXIO SystemCallErrorNumber = EOPNOTSUPP SystemCallErrorNumber = EOVERFLOW SystemCallErrorNumber = EOWNERDEAD SystemCallErrorNumber = EPERM SystemCallErrorNumber = EPFNOSUPPORT SystemCallErrorNumber = EPIPE SystemCallErrorNumber = EPROTO SystemCallErrorNumber = EPROTONOSUPPORT SystemCallErrorNumber = EPROTOTYPE SystemCallErrorNumber = ERANGE SystemCallErrorNumber = EREMCHG SystemCallErrorNumber = EREMOTE SystemCallErrorNumber = EREMOTEIO SystemCallErrorNumber = ERESTART SystemCallErrorNumber = ERFKILL SystemCallErrorNumber = EROFS SystemCallErrorNumber = ESHUTDOWN SystemCallErrorNumber = ESOCKTNOSUPPORT SystemCallErrorNumber = ESPIPE SystemCallErrorNumber = ESRCH SystemCallErrorNumber = ESTALE SystemCallErrorNumber = ESTRPIPE SystemCallErrorNumber = ETIME SystemCallErrorNumber = ETIMEDOUT SystemCallErrorNumber = ETOOMANYREFS SystemCallErrorNumber = ETXTBSY SystemCallErrorNumber = EUCLEAN SystemCallErrorNumber = EUNATCH SystemCallErrorNumber = EUSERS SystemCallErrorNumber = EWOULDBLOCK SystemCallErrorNumber = EXDEV SystemCallErrorNumber = EXFULL SystemCallErrorNumber = 1 SystemCallErrorNumber = 12 SystemCallErrorNumber = 123 SystemCallErrorNumber = 1234 SystemCallErrorNumber = 2 SystemCallErrorNumber = 23 SystemCallErrorNumber = 234 SystemCallErrorNumber = 2345 SystemCallErrorNumber = 3 SystemCallErrorNumber = 34 SystemCallErrorNumber = 345 SystemCallErrorNumber = 3456 SystemCallErrorNumber = 3999 SystemCallErrorNumber = 4000 SystemCallErrorNumber = 4009 SystemCallErrorNumber = 4019 SystemCallErrorNumber = 4089 SystemCallErrorNumber = 4095 ## invalid values SystemCallErrorNumber = invalid SystemCallErrorNumber = -12 SystemCallErrorNumber = 0.12 # out of range SystemCallErrorNumber = 0 SystemCallErrorNumber = 4096 SystemCallErrorNumber = 5000 # multiple values SystemCallErrorNumber = ESPIPE EUCLEAN SystemCallErrorNumber = 123 EUCLEAN ###### time span [Timer] # without unit OnBootSec = 15 # micro second OnBootSec = 123 usec OnBootSec = 123us # using UTF-8 "Micro Sign" U+00B5 µ µ µ OnBootSec = 123 µs # using UTF-8 "Greek Small Letter Mu" U+03BC μ μ μ OnBootSec = 123 μs # milli second OnBootSec = 123 msec OnBootSec = 123ms # second OnBootSec = 74 s OnBootSec = 2sec OnBootSec = 12 second OnBootSec = 1 seconds # minute OnBootSec = 342 m OnBootSec = 2min OnBootSec = 7 minute OnBootSec = 1 minutes # hour OnBootSec = 2 h OnBootSec = 48 hr OnBootSec = 2hour OnBootSec = 2hours # day OnBootSec = 2 d OnBootSec = 1 day OnBootSec = 7 days # week OnBootSec = 2 w OnBootSec = 123 week OnBootSec = 0 weeks # month OnBootSec = 12 M OnBootSec = 7 month OnBootSec = 1 months # year OnBootSec = 1y OnBootSec = 123year OnBootSec = 12 years # combined OnBootSec = 55s500ms OnBootSec = 300ms20s 5day OnBootSec = 123 5 days 1m 12 1sec 123 \ 23 msec 13 1us # multiple hours OnBootSec = 7hr 2hr \ 1d 2w ## invalid values # mi is invalid OnBootSec = 1mi # hs is invalid OnBootSec = 2hs # ds is invalid OnBootSec = 7 ds 1y # unit without amount OnBootSec = 12 min sec OnBootSec = min 1 sec # invalid unit OnBootSec = 12foo 1 bar ###### timeout # all values from time span are valid [Unit] JobTimeoutSec = 0 JobTimeoutSec = 12345 JobTimeoutSec = 123 5 days 1m 12 1sec 123\ 23 msec 13 1us JobTimeoutSec = infinity ## invalid values JobTimeoutSec = invalid JobTimeoutSec = inf JobTimeoutSec = -10 JobTimeoutSec = 0.235 ###### timestamping [Socket] Timestamping = ns Timestamping = nsec Timestamping = off Timestamping = us Timestamping = usec # using UTF-8 "Micro Sign" U+00B5 µ µ µ Timestamping = µs # using UTF-8 "Greek Small Letter Mu" U+03BC μ μ μ Timestamping = μs ## invalid values Timestamping = nanosec # multiple values Timestamping = nsec off ###### unit [Path] #### names Unit = some-name.service Unit = some.name.service Unit = some:name.service Unit = some@.service Unit = some@instance.service Unit = some@other-instance.service Unit = some@other.instance.service Unit = some@other:instance.service Unit = some@other@instance.service Unit = some@other%iinstance.service Unit = systemd-fsck@dev-nvme0n1p2.service Unit = some@%i.service Unit = dev-disk-by\x2duuid-5af23b\x2dfde6\x2d424e\x2da1bb\x2de88bc.swap ## invalid names # \x2x is an invalid escape as 2x is no hex number Unit = dev-disk-by\x2xuuid-5af23b\x2dfde6\x2d424e\x2da1bb\x2de88bc.swap #### extensions Unit = some.automount Unit = some.device Unit = some.mount Unit = some.service Unit = some.socket Unit = some.slice Unit = some.swap Unit = some.target ## invalid extension Unit = some.invalid # incomplete unit, missing extension Unit = some. # multiple values Unit = some.service some-other.service Unit = some.service.service \ some.other.service.service ###### unit list [Unit] #### names After = some.service.service \ some.other.service.service \ some@instance.service \ some@%i.service ## invalid values # incomplete unit, missing extension After = some. \ some.service \ some-other.service ###### unit list socket [Service] Sockets = some.socket some@instance.socket ## invalid values Sockets = some.service Sockets = some.service some.socket ###### unit service [Socket] Service = some.service Service = some@instance.service ## invalid values Service = some.invalid # other unit types Service = some.socket Service = some.target # multiple values Service = some.service other.service ###### unit slice [Service] Slice = some.slice Slice = some@instance.slice ## invalid values # other unit types Slice = some.service Slice = some.target # multiple values Slice = some.slice other.slice ###### utmp mode [Service] UtmpMode = init UtmpMode = login UtmpMode = user ## invalid values UtmpMode = invalid # multiple values UtmpMode = login user ###### variable assignments [Service] Environment = DISPLAY=:%i Environment = XAUTHORITY=%t/Xauthority.%i var1=15 \ "var2=value with spaces" EMPTY= Environment = XDG_VTNR=vt%i LogExtraFields = NAME=VALUE ###### virtualization [Unit] ConditionVirtualization = acrn ConditionVirtualization = bhyve ConditionVirtualization = bochs ConditionVirtualization = docker ConditionVirtualization = google ConditionVirtualization = kvm ConditionVirtualization = lxc ConditionVirtualization = lxc-libvirt ConditionVirtualization = microsoft ConditionVirtualization = openvz ConditionVirtualization = oracle ConditionVirtualization = parallels ConditionVirtualization = qemu ConditionVirtualization = qnx ConditionVirtualization = rkt ConditionVirtualization = sre ConditionVirtualization = systemd-nspawn ConditionVirtualization = uml ConditionVirtualization = vmware ConditionVirtualization = wsl ConditionVirtualization = xen ConditionVirtualization = zvm # using boolean ConditionVirtualization = true # using generic type ConditionVirtualization = container ConditionVirtualization = vm # private users ConditionVirtualization = private-users # negated ConditionVirtualization = !vmware ## invalid values ConditionVirtualization = invalid ConditionVirtualization = invalid vmware # multiple values ConditionVirtualization = xen vmware ###### weight [Service] # integer 1..10000 IOWeight = 1 IOWeight = 12 IOWeight = 123 IOWeight = 1234 IOWeight = 1234 IOWeight = 10000 ## invalid values IOWeight = -1 IOWeight = 0 IOWeight = 10001 IOWeight = 12345 IOWeight = 12.3 IOWeight = invalid # multiple values IOWeight = 1 10000 ###### working directory [Service] WorkingDirectory = ~ WorkingDirectory = - ~ WorkingDirectory = %h WorkingDirectory = /some/absolute/path WorkingDirectory = -/some/absolute-path WorkingDirectory = - /some/absolute/path ## invalid values # using `-` without a path WorkingDirectory = - # multiple paths WorkingDirectory = ~ /some/absolute/path WorkingDirectory = /some/absolute/path ~ WorkingDirectory = /some/absolute/path /some/other/path WorkingDirectory = - - /some/absolute/path