File Coverage

blib/lib/Config/Model/models/Systemd/Common/ResourceControl.pl

Criterion	Covered	Total	%
statement	18	18	100.0
branch			n/a
condition			n/a
subroutine	6	6	100.0
pod			n/a
total	24	24	100.0

line	stmt	sub	time	code
1				#
2				# This file is part of Config-Model-Systemd
3				#
4				# This software is Copyright (c) 2008-2022 by Dominique Dumont.
5				#
6				# This is free software, licensed under:
7				#
8				# The GNU Lesser General Public License, Version 2.1, February 1999
9				#
10	4	4	96880	use strict;
	4	1	10
	4	1	101
	1		16434
	1		2
	1		18
	1		19015
	1		2
	1		25
11	4	4	18	use warnings;
	4	1	7
	4	1	4462
	1		3
	1		2
	1		917
	1		4
	1		4
	1		1047
12
13				return [
14				{
15				'accept' => [
16				'.*',
17				{
18				'type' => 'leaf',
19				'value_type' => 'uniline',
20				'warn' => 'Unexpected systemd parameter. Please contact cme author to update systemd model.'
21				}
22				],
23				'class_description' => 'Unit configuration files for services, slices, scopes, sockets, mount points, and swap devices share a subset
24				of configuration options for resource control of spawned processes. Internally, this relies on the Linux Control
25				Groups (cgroups) kernel concept for organizing processes in a hierarchical tree of named groups for the purpose of
26				resource management.
27
28				This man page lists the configuration options shared by
29				those six unit types. See
30				L<systemd.unit(5)>
31				for the common options of all unit configuration files, and
32				L<systemd.slice(5)>,
33				L<systemd.scope(5)>,
34				L<systemd.service(5)>,
35				L<systemd.socket(5)>,
36				L<systemd.mount(5)>,
37				and
38				L<systemd.swap(5)>
39				for more information on the specific unit configuration files. The
40				resource control configuration options are configured in the
41				[Slice], [Scope], [Service], [Socket], [Mount], or [Swap]
42				sections, depending on the unit type.
43
44				In addition, options which control resources available to programs
45				executed by systemd are listed in
46				L<systemd.exec(5)>.
47				Those options complement options listed here.
48
49				See the L<New
50				Control Group Interfaces\|https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/> for an introduction on how to make
51				use of resource control APIs from programs.
52				This configuration class was generated from systemd documentation.
53				by L<parse-man.pl\|https://github.com/dod38fr/config-model-systemd/contrib/parse-man.pl>
54				',
55				'copyright' => [
56				'2010-2016 Lennart Poettering and others',
57				'2016 Dominique Dumont'
58				],
59				'element' => [
60				'CPUAccounting',
61				{
62				'description' => 'Turn on CPU usage accounting for this unit. Takes a
63				boolean argument. Note that turning on CPU accounting for
64				one unit will also implicitly turn it on for all units
65				contained in the same slice and for all its parent slices
66				and the units contained therein. The system default for this
67				setting may be controlled with
68				C<DefaultCPUAccounting> in
69				L<systemd-system.conf(5)>.',
70				'type' => 'leaf',
71				'value_type' => 'boolean',
72				'write_as' => [
73				'no',
74				'yes'
75				]
76				},
77				'CPUWeight',
78				{
79				'description' => 'Assign the specified CPU time weight to the processes executed, if the unified control group
80				hierarchy is used on the system. These options take an integer value and control the
81				C<cpu.weight> control group attribute. The allowed range is 1 to 10000. Defaults to
82				100. For details about this control group attribute, see L<Control Groups v2\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html>
83				and L<CFS
84				Scheduler\|https://www.kernel.org/doc/html/latest/scheduler/sched-design-CFS.html>. The available CPU time is split up among all units within one slice relative to
85				their CPU time weight. A higher weight means more CPU time, a lower weight means less.
86
87				While C<StartupCPUWeight> applies to the startup and shutdown phases of the system,
88				C<CPUWeight> applies to normal runtime of the system, and if the former is not set also to
89				the startup and shutdown phases. Using C<StartupCPUWeight> allows prioritizing specific services at
90				boot-up and shutdown differently than during normal runtime.
91
92				These settings replace C<CPUShares> and C<StartupCPUShares>.',
93				'max' => '10000',
94				'min' => '1',
95				'type' => 'leaf',
96				'upstream_default' => '100',
97				'value_type' => 'integer'
98				},
99				'StartupCPUWeight',
100				{
101				'description' => 'Assign the specified CPU time weight to the processes executed, if the unified control group
102				hierarchy is used on the system. These options take an integer value and control the
103				C<cpu.weight> control group attribute. The allowed range is 1 to 10000. Defaults to
104				100. For details about this control group attribute, see L<Control Groups v2\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html>
105				and L<CFS
106				Scheduler\|https://www.kernel.org/doc/html/latest/scheduler/sched-design-CFS.html>. The available CPU time is split up among all units within one slice relative to
107				their CPU time weight. A higher weight means more CPU time, a lower weight means less.
108
109				While C<StartupCPUWeight> applies to the startup and shutdown phases of the system,
110				C<CPUWeight> applies to normal runtime of the system, and if the former is not set also to
111				the startup and shutdown phases. Using C<StartupCPUWeight> allows prioritizing specific services at
112				boot-up and shutdown differently than during normal runtime.
113
114				These settings replace C<CPUShares> and C<StartupCPUShares>.',
115				'max' => '10000',
116				'min' => '1',
117				'type' => 'leaf',
118				'upstream_default' => '100',
119				'value_type' => 'integer'
120				},
121				'CPUQuota',
122				{
123				'description' => 'Assign the specified CPU time quota to the processes executed. Takes a percentage value, suffixed with
124				"%". The percentage specifies how much CPU time the unit shall get at maximum, relative to the total CPU time
125				available on one CPU. Use values > 100% for allotting CPU time on more than one CPU. This controls the
126				C<cpu.max> attribute on the unified control group hierarchy and
127				C<cpu.cfs_quota_us> on legacy. For details about these control group attributes, see L<Control Groups v2\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html> and L<sched-bwc.txt\|https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt>.
128				Setting C<CPUQuota> to an empty value unsets the quota.
129
130				Example: C<CPUQuota=20%> ensures that the executed processes will never get more than
131				20% CPU time on one CPU.',
132				'type' => 'leaf',
133				'value_type' => 'uniline'
134				},
135				'CPUQuotaPeriodSec',
136				{
137				'description' => 'Assign the duration over which the CPU time quota specified by C<CPUQuota> is measured.
138				Takes a time duration value in seconds, with an optional suffix such as "ms" for milliseconds (or "s" for seconds.)
139				The default setting is 100ms. The period is clamped to the range supported by the kernel, which is [1ms, 1000ms].
140				Additionally, the period is adjusted up so that the quota interval is also at least 1ms.
141				Setting C<CPUQuotaPeriodSec> to an empty value resets it to the default.
142
143				This controls the second field of C<cpu.max> attribute on the unified control group hierarchy
144				and C<cpu.cfs_period_us> on legacy. For details about these control group attributes, see
145				L<Control Groups v2\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html> and
146				L<CFS Scheduler\|https://www.kernel.org/doc/html/latest/scheduler/sched-design-CFS.html>.
147
148				Example: C<CPUQuotaPeriodSec=10ms> to request that the CPU quota is measured in periods of 10ms.',
149				'type' => 'leaf',
150				'value_type' => 'uniline'
151				},
152				'AllowedCPUs',
153				{
154				'description' => 'Restrict processes to be executed on specific CPUs. Takes a list of CPU indices or ranges separated by either
155				whitespace or commas. CPU ranges are specified by the lower and upper CPU indices separated by a dash.
156
157				Setting C<AllowedCPUs> or C<StartupAllowedCPUs> doesn\'t guarantee that all
158				of the CPUs will be used by the processes as it may be limited by parent units. The effective configuration is
159				reported as C<EffectiveCPUs>.
160
161				While C<StartupAllowedCPUs> applies to the startup and shutdown phases of the system,
162				C<AllowedCPUs> applies to normal runtime of the system, and if the former is not set also to
163				the startup and shutdown phases. Using C<StartupAllowedCPUs> allows prioritizing specific services at
164				boot-up and shutdown differently than during normal runtime.
165
166				This setting is supported only with the unified control group hierarchy.',
167				'type' => 'leaf',
168				'value_type' => 'uniline'
169				},
170				'StartupAllowedCPUs',
171				{
172				'description' => 'Restrict processes to be executed on specific CPUs. Takes a list of CPU indices or ranges separated by either
173				whitespace or commas. CPU ranges are specified by the lower and upper CPU indices separated by a dash.
174
175				Setting C<AllowedCPUs> or C<StartupAllowedCPUs> doesn\'t guarantee that all
176				of the CPUs will be used by the processes as it may be limited by parent units. The effective configuration is
177				reported as C<EffectiveCPUs>.
178
179				While C<StartupAllowedCPUs> applies to the startup and shutdown phases of the system,
180				C<AllowedCPUs> applies to normal runtime of the system, and if the former is not set also to
181				the startup and shutdown phases. Using C<StartupAllowedCPUs> allows prioritizing specific services at
182				boot-up and shutdown differently than during normal runtime.
183
184				This setting is supported only with the unified control group hierarchy.',
185				'type' => 'leaf',
186				'value_type' => 'uniline'
187				},
188				'AllowedMemoryNodes',
189				{
190				'description' => 'Restrict processes to be executed on specific memory NUMA nodes. Takes a list of memory NUMA nodes indices
191				or ranges separated by either whitespace or commas. Memory NUMA nodes ranges are specified by the lower and upper
192				NUMA nodes indices separated by a dash.
193
194				Setting C<AllowedMemoryNodes> or C<StartupAllowedMemoryNodes> doesn\'t
195				guarantee that all of the memory NUMA nodes will be used by the processes as it may be limited by parent units.
196				The effective configuration is reported as C<EffectiveMemoryNodes>.
197
198				While C<StartupAllowedMemoryNodes> applies to the startup and shutdown phases of the system,
199				C<AllowedMemoryNodes> applies to normal runtime of the system, and if the former is not set also to
200				the startup and shutdown phases. Using C<StartupAllowedMemoryNodes> allows prioritizing specific services at
201				boot-up and shutdown differently than during normal runtime.
202
203				This setting is supported only with the unified control group hierarchy.',
204				'type' => 'leaf',
205				'value_type' => 'uniline'
206				},
207				'StartupAllowedMemoryNodes',
208				{
209				'description' => 'Restrict processes to be executed on specific memory NUMA nodes. Takes a list of memory NUMA nodes indices
210				or ranges separated by either whitespace or commas. Memory NUMA nodes ranges are specified by the lower and upper
211				NUMA nodes indices separated by a dash.
212
213				Setting C<AllowedMemoryNodes> or C<StartupAllowedMemoryNodes> doesn\'t
214				guarantee that all of the memory NUMA nodes will be used by the processes as it may be limited by parent units.
215				The effective configuration is reported as C<EffectiveMemoryNodes>.
216
217				While C<StartupAllowedMemoryNodes> applies to the startup and shutdown phases of the system,
218				C<AllowedMemoryNodes> applies to normal runtime of the system, and if the former is not set also to
219				the startup and shutdown phases. Using C<StartupAllowedMemoryNodes> allows prioritizing specific services at
220				boot-up and shutdown differently than during normal runtime.
221
222				This setting is supported only with the unified control group hierarchy.',
223				'type' => 'leaf',
224				'value_type' => 'uniline'
225				},
226				'MemoryAccounting',
227				{
228				'description' => 'Turn on process and kernel memory accounting for this
229				unit. Takes a boolean argument. Note that turning on memory
230				accounting for one unit will also implicitly turn it on for
231				all units contained in the same slice and for all its parent
232				slices and the units contained therein. The system default
233				for this setting may be controlled with
234				C<DefaultMemoryAccounting> in
235				L<systemd-system.conf(5)>.',
236				'type' => 'leaf',
237				'value_type' => 'boolean',
238				'write_as' => [
239				'no',
240				'yes'
241				]
242				},
243				'MemoryMin',
244				{
245				'description' => 'Specify the memory usage protection of the executed processes in this unit.
246				When reclaiming memory, the unit is treated as if it was using less memory resulting in memory
247				to be preferentially reclaimed from unprotected units.
248				Using C<MemoryLow> results in a weaker protection where memory may still
249				be reclaimed to avoid invoking the OOM killer in case there is no other reclaimable memory.
250
251				For a protection to be effective, it is generally required to set a corresponding
252				allocation on all ancestors, which is then distributed between children
253				(with the exception of the root slice).
254				Any C<MemoryMin> or C<MemoryLow> allocation that is not
255				explicitly distributed to specific children is used to create a shared protection for all children.
256				As this is a shared protection, the children will freely compete for the memory.
257
258				Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
259				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
260				percentage value may be specified, which is taken relative to the installed physical memory on the
261				system. If assigned the special value C<infinity>, all available memory is protected, which may be
262				useful in order to always inherit all of the protection afforded by ancestors.
263				This controls the C<memory.min> or C<memory.low> control group attribute.
264				For details about this control group attribute, see L<Memory Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#memory-interface-files>.
265
266				This setting is supported only if the unified control group hierarchy is used and disables
267				C<MemoryLimit>.
268
269				Units may have their children use a default C<memory.min> or
270				C<memory.low> value by specifying C<DefaultMemoryMin> or
271				C<DefaultMemoryLow>, which has the same semantics as
272				C<MemoryMin> and C<MemoryLow>.
273				This setting does not affect C<memory.min> or C<memory.low>
274				in the unit itself.
275				Using it to set a default child allocation is only useful on kernels older than 5.7,
276				which do not support the C<memory_recursiveprot> cgroup2 mount option.',
277				'type' => 'leaf',
278				'value_type' => 'uniline'
279				},
280				'MemoryHigh',
281				{
282				'description' => 'Specify the throttling limit on memory usage of the executed processes in this unit. Memory usage may go
283				above the limit if unavoidable, but the processes are heavily slowed down and memory is taken away
284				aggressively in such cases. This is the main mechanism to control memory usage of a unit.
285
286				Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
287				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
288				percentage value may be specified, which is taken relative to the installed physical memory on the
289				system. If assigned the
290				special value C<infinity>, no memory throttling is applied. This controls the
291				C<memory.high> control group attribute. For details about this control group attribute, see
292				L<Memory Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#memory-interface-files>.
293
294				This setting is supported only if the unified control group hierarchy is used and disables
295				C<MemoryLimit>.',
296				'type' => 'leaf',
297				'value_type' => 'uniline'
298				},
299				'MemoryMax',
300				{
301				'description' => 'Specify the absolute limit on memory usage of the executed processes in this unit. If memory usage
302				cannot be contained under the limit, out-of-memory killer is invoked inside the unit. It is recommended to
303				use C<MemoryHigh> as the main control mechanism and use C<MemoryMax> as the
304				last line of defense.
305
306				Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
307				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
308				percentage value may be specified, which is taken relative to the installed physical memory on the system. If
309				assigned the special value C<infinity>, no memory limit is applied. This controls the
310				C<memory.max> control group attribute. For details about this control group attribute, see
311				L<Memory Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#memory-interface-files>.
312
313				This setting replaces C<MemoryLimit>.',
314				'type' => 'leaf',
315				'value_type' => 'uniline'
316				},
317				'MemorySwapMax',
318				{
319				'description' => 'Specify the absolute limit on swap usage of the executed processes in this unit.
320
321				Takes a swap size in bytes. If the value is suffixed with K, M, G or T, the specified swap size is
322				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the
323				special value C<infinity>, no swap limit is applied. This controls the
324				C<memory.swap.max> control group attribute. For details about this control group attribute,
325				see L<Memory Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#memory-interface-files>.
326
327				This setting is supported only if the unified control group hierarchy is used and disables
328				C<MemoryLimit>.',
329				'type' => 'leaf',
330				'value_type' => 'uniline'
331				},
332				'TasksAccounting',
333				{
334				'description' => 'Turn on task accounting for this unit. Takes a
335				boolean argument. If enabled, the system manager will keep
336				track of the number of tasks in the unit. The number of
337				tasks accounted this way includes both kernel threads and
338				userspace processes, with each thread counting
339				individually. Note that turning on tasks accounting for one
340				unit will also implicitly turn it on for all units contained
341				in the same slice and for all its parent slices and the
342				units contained therein. The system default for this setting
343				may be controlled with
344				C<DefaultTasksAccounting> in
345				L<systemd-system.conf(5)>.',
346				'type' => 'leaf',
347				'value_type' => 'boolean',
348				'write_as' => [
349				'no',
350				'yes'
351				]
352				},
353				'TasksMax',
354				{
355				'description' => 'Specify the maximum number of tasks that may be created in the unit. This ensures that the number of
356				tasks accounted for the unit (see above) stays below a specific limit. This either takes an absolute number
357				of tasks or a percentage value that is taken relative to the configured maximum number of tasks on the
358				system. If assigned the special value C<infinity>, no tasks limit is applied. This controls
359				the C<pids.max> control group attribute. For details about this control group attribute, see
360				L<Process Number Controller\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/pids.html>.
361
362				The system default for this setting may be controlled with
363				C<DefaultTasksMax> in
364				L<systemd-system.conf(5)>.',
365				'type' => 'leaf',
366				'value_type' => 'uniline'
367				},
368				'IOAccounting',
369				{
370				'description' => 'Turn on Block I/O accounting for this unit, if the unified control group hierarchy is used on the
371				system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly
372				turn it on for all units contained in the same slice and all for its parent slices and the units contained
373				therein. The system default for this setting may be controlled with C<DefaultIOAccounting>
374				in
375				L<systemd-system.conf(5)>.
376
377				This setting replaces C<BlockIOAccounting> and disables settings prefixed with
378				C<BlockIO> or C<StartupBlockIO>.',
379				'type' => 'leaf',
380				'value_type' => 'boolean',
381				'write_as' => [
382				'no',
383				'yes'
384				]
385				},
386				'IOWeight',
387				{
388				'description' => 'Set the default overall block I/O weight for the executed processes, if the unified control
389				group hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the
390				default block I/O weight. This controls the C<io.weight> control group attribute,
391				which defaults to 100. For details about this control group attribute, see L<IO
392				Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files>. The available I/O bandwidth is split up among all units within one slice
393				relative to their block I/O weight. A higher weight means more I/O bandwidth, a lower weight means
394				less.
395
396				While C<StartupIOWeight> applies
397				to the startup and shutdown phases of the system,
398				C<IOWeight> applies to the later runtime of
399				the system, and if the former is not set also to the startup
400				and shutdown phases. This allows prioritizing specific services at boot-up
401				and shutdown differently than during runtime.
402
403				These settings replace C<BlockIOWeight> and C<StartupBlockIOWeight>
404				and disable settings prefixed with C<BlockIO> or C<StartupBlockIO>.',
405				'type' => 'leaf',
406				'value_type' => 'uniline'
407				},
408				'StartupIOWeight',
409				{
410				'description' => 'Set the default overall block I/O weight for the executed processes, if the unified control
411				group hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the
412				default block I/O weight. This controls the C<io.weight> control group attribute,
413				which defaults to 100. For details about this control group attribute, see L<IO
414				Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files>. The available I/O bandwidth is split up among all units within one slice
415				relative to their block I/O weight. A higher weight means more I/O bandwidth, a lower weight means
416				less.
417
418				While C<StartupIOWeight> applies
419				to the startup and shutdown phases of the system,
420				C<IOWeight> applies to the later runtime of
421				the system, and if the former is not set also to the startup
422				and shutdown phases. This allows prioritizing specific services at boot-up
423				and shutdown differently than during runtime.
424
425				These settings replace C<BlockIOWeight> and C<StartupBlockIOWeight>
426				and disable settings prefixed with C<BlockIO> or C<StartupBlockIO>.',
427				'type' => 'leaf',
428				'value_type' => 'uniline'
429				},
430				'IODeviceWeight',
431				{
432				'description' => 'Set the per-device overall block I/O weight for the executed processes, if the unified control group
433				hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify
434				the device specific weight value, between 1 and 10000. (Example: C</dev/sda 1000>). The file
435				path may be specified as path to a block device node or as any other file, in which case the backing block
436				device of the file system of the file is determined. This controls the C<io.weight> control
437				group attribute, which defaults to 100. Use this option multiple times to set weights for multiple devices.
438				For details about this control group attribute, see L<IO Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files>.
439
440				This setting replaces C<BlockIODeviceWeight> and disables settings prefixed with
441				C<BlockIO> or C<StartupBlockIO>.
442
443				The specified device node should reference a block device that has an I/O scheduler
444				associated, i.e. should not refer to partition or loopback block devices, but to the originating,
445				physical device. When a path to a regular file or directory is specified it is attempted to
446				discover the correct originating device backing the file system of the specified path. This works
447				correctly only for simpler cases, where the file system is directly placed on a partition or
448				physical block device, or where simple 1:1 encryption using dm-crypt/LUKS is used. This discovery
449				does not cover complex storage and in particular RAID and volume management storage devices.',
450				'type' => 'leaf',
451				'value_type' => 'uniline'
452				},
453				'IOReadBandwidthMax',
454				{
455				'description' => 'Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified
456				control group hierarchy is used on the system. This limit is not work-conserving and the executed processes
457				are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file
458				path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may
459				be a path to a block device node, or as any other file in which case the backing block device of the file
460				system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is
461				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
462				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the C<io.max> control
463				group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details
464				about this control group attribute, see L<IO Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files>.
465
466				These settings replace C<BlockIOReadBandwidth> and
467				C<BlockIOWriteBandwidth> and disable settings prefixed with C<BlockIO> or
468				C<StartupBlockIO>.
469
470				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
471				'type' => 'leaf',
472				'value_type' => 'uniline'
473				},
474				'IOWriteBandwidthMax',
475				{
476				'description' => 'Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified
477				control group hierarchy is used on the system. This limit is not work-conserving and the executed processes
478				are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file
479				path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may
480				be a path to a block device node, or as any other file in which case the backing block device of the file
481				system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is
482				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
483				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the C<io.max> control
484				group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details
485				about this control group attribute, see L<IO Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files>.
486
487				These settings replace C<BlockIOReadBandwidth> and
488				C<BlockIOWriteBandwidth> and disable settings prefixed with C<BlockIO> or
489				C<StartupBlockIO>.
490
491				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
492				'type' => 'leaf',
493				'value_type' => 'uniline'
494				},
495				'IOReadIOPSMax',
496				{
497				'description' => 'Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the
498				unified control group hierarchy is used on the system. This limit is not work-conserving and the executed
499				processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of
500				a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block
501				device node, or as any other file in which case the backing block device of the file system of the file is
502				used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS,
503				GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example:
504				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the C<io.max> control
505				group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about
506				this control group attribute, see L<IO Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files>.
507
508				These settings are supported only if the unified control group hierarchy is used and disable settings
509				prefixed with C<BlockIO> or C<StartupBlockIO>.
510
511				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
512				'type' => 'leaf',
513				'value_type' => 'uniline'
514				},
515				'IOWriteIOPSMax',
516				{
517				'description' => 'Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the
518				unified control group hierarchy is used on the system. This limit is not work-conserving and the executed
519				processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of
520				a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block
521				device node, or as any other file in which case the backing block device of the file system of the file is
522				used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS,
523				GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example:
524				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the C<io.max> control
525				group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about
526				this control group attribute, see L<IO Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files>.
527
528				These settings are supported only if the unified control group hierarchy is used and disable settings
529				prefixed with C<BlockIO> or C<StartupBlockIO>.
530
531				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
532				'type' => 'leaf',
533				'value_type' => 'uniline'
534				},
535				'IODeviceLatencyTargetSec',
536				{
537				'description' => 'Set the per-device average target I/O latency for the executed processes, if the unified control group
538				hierarchy is used on the system. Takes a file path and a timespan separated by a space to specify
539				the device specific latency target. (Example: "/dev/sda 25ms"). The file path may be specified
540				as path to a block device node or as any other file, in which case the backing block device of the file
541				system of the file is determined. This controls the C<io.latency> control group
542				attribute. Use this option multiple times to set latency target for multiple devices. For details about this
543				control group attribute, see L<IO Interface Files\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#io-interface-files>.
544
545				Implies C<IOAccounting=yes>.
546
547				These settings are supported only if the unified control group hierarchy is used.
548
549				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
550				'type' => 'leaf',
551				'value_type' => 'uniline'
552				},
553				'IPAccounting',
554				{
555				'description' => "Takes a boolean argument. If true, turns on IPv4 and IPv6 network traffic accounting for packets sent
556				or received by the unit. When this option is turned on, all IPv4 and IPv6 sockets created by any process of
557				the unit are accounted for.
558
559				When this option is used in socket units, it applies to all IPv4 and IPv6 sockets
560				associated with it (including both listening and connection sockets where this applies). Note that for
561				socket-activated services, this configuration setting and the accounting data of the service unit and the
562				socket unit are kept separate, and displayed separately. No propagation of the setting and the collected
563				statistics is done, in either direction. Moreover, any traffic sent or received on any of the socket unit's
564				sockets is accounted to the socket unit \x{2014} and never to the service unit it might have activated, even if the
565				socket is used by it.
566
567				The system default for this setting may be controlled with C<DefaultIPAccounting> in
568				L<systemd-system.conf(5)>.",
569				'type' => 'leaf',
570				'value_type' => 'boolean',
571				'write_as' => [
572				'no',
573				'yes'
574				]
575				},
576				'IPAddressAllow',
577				{
578				'description' => "Turn on network traffic filtering for IP packets sent and received over
579				C<AF_INET> and C<AF_INET6> sockets. Both directives take a
580				space separated list of IPv4 or IPv6 addresses, each optionally suffixed with an address prefix
581				length in bits after a C</> character. If the suffix is omitted, the address is
582				considered a host address, i.e. the filter covers the whole address (32 bits for IPv4, 128 bits for
583				IPv6).
584
585				The access lists configured with this option are applied to all sockets created by processes
586				of this unit (or in the case of socket units, associated with it). The lists are implicitly
587				combined with any lists configured for any of the parent slice units this unit might be a member
588				of. By default both access lists are empty. Both ingress and egress traffic is filtered by these
589				settings. In case of ingress traffic the source IP address is checked against these access lists,
590				in case of egress traffic the destination IP address is checked. The following rules are applied in
591				turn:
592
593				In order to implement an allow-listing IP firewall, it is recommended to use a
594				C<IPAddressDeny>C<any> setting on an upper-level slice unit
595				(such as the root slice C<-.slice> or the slice containing all system services
596				C<system.slice> \x{2013} see
597				L<systemd.special(7)>
598				for details on these slice units), plus individual per-service C<IPAddressAllow>
599				lines permitting network access to relevant services, and only them.
600
601				Note that for socket-activated services, the IP access list configured on the socket unit
602				applies to all sockets associated with it directly, but not to any sockets created by the
603				ultimately activated services for it. Conversely, the IP access list configured for the service is
604				not applied to any sockets passed into the service via socket activation. Thus, it is usually a
605				good idea to replicate the IP access lists on both the socket and the service unit. Nevertheless,
606				it may make sense to maintain one list more open and the other one more restricted, depending on
607				the usecase.
608
609				If these settings are used multiple times in the same unit the specified lists are combined. If an
610				empty string is assigned to these settings the specific access list is reset and all previous settings undone.
611
612				In place of explicit IPv4 or IPv6 address and prefix length specifications a small set of symbolic
613				names may be used. The following names are defined:
614
615				Note that these settings might not be supported on some systems (for example if eBPF control group
616				support is not enabled in the underlying kernel or container manager). These settings will have no effect in
617				that case. If compatibility with such systems is desired it is hence recommended to not exclusively rely on
618				them for IP security.",
619				'type' => 'leaf',
620				'value_type' => 'uniline'
621				},
622				'IPAddressDeny',
623				{
624				'description' => "Turn on network traffic filtering for IP packets sent and received over
625				C<AF_INET> and C<AF_INET6> sockets. Both directives take a
626				space separated list of IPv4 or IPv6 addresses, each optionally suffixed with an address prefix
627				length in bits after a C</> character. If the suffix is omitted, the address is
628				considered a host address, i.e. the filter covers the whole address (32 bits for IPv4, 128 bits for
629				IPv6).
630
631				The access lists configured with this option are applied to all sockets created by processes
632				of this unit (or in the case of socket units, associated with it). The lists are implicitly
633				combined with any lists configured for any of the parent slice units this unit might be a member
634				of. By default both access lists are empty. Both ingress and egress traffic is filtered by these
635				settings. In case of ingress traffic the source IP address is checked against these access lists,
636				in case of egress traffic the destination IP address is checked. The following rules are applied in
637				turn:
638
639				In order to implement an allow-listing IP firewall, it is recommended to use a
640				C<IPAddressDeny>C<any> setting on an upper-level slice unit
641				(such as the root slice C<-.slice> or the slice containing all system services
642				C<system.slice> \x{2013} see
643				L<systemd.special(7)>
644				for details on these slice units), plus individual per-service C<IPAddressAllow>
645				lines permitting network access to relevant services, and only them.
646
647				Note that for socket-activated services, the IP access list configured on the socket unit
648				applies to all sockets associated with it directly, but not to any sockets created by the
649				ultimately activated services for it. Conversely, the IP access list configured for the service is
650				not applied to any sockets passed into the service via socket activation. Thus, it is usually a
651				good idea to replicate the IP access lists on both the socket and the service unit. Nevertheless,
652				it may make sense to maintain one list more open and the other one more restricted, depending on
653				the usecase.
654
655				If these settings are used multiple times in the same unit the specified lists are combined. If an
656				empty string is assigned to these settings the specific access list is reset and all previous settings undone.
657
658				In place of explicit IPv4 or IPv6 address and prefix length specifications a small set of symbolic
659				names may be used. The following names are defined:
660
661				Note that these settings might not be supported on some systems (for example if eBPF control group
662				support is not enabled in the underlying kernel or container manager). These settings will have no effect in
663				that case. If compatibility with such systems is desired it is hence recommended to not exclusively rely on
664				them for IP security.",
665				'type' => 'leaf',
666				'value_type' => 'uniline'
667				},
668				'IPIngressFilterPath',
669				{
670				'description' => 'Add custom network traffic filters implemented as BPF programs, applying to all IP packets
671				sent and received over C<AF_INET> and C<AF_INET6> sockets.
672				Takes an absolute path to a pinned BPF program in the BPF virtual filesystem (C</sys/fs/bpf/>).
673
674				The filters configured with this option are applied to all sockets created by processes
675				of this unit (or in the case of socket units, associated with it). The filters are loaded in addition
676				to filters any of the parent slice units this unit might be a member of as well as any
677				C<IPAddressAllow> and C<IPAddressDeny> filters in any of these units.
678				By default there are no filters specified.
679
680				If these settings are used multiple times in the same unit all the specified programs are attached. If an
681				empty string is assigned to these settings the program list is reset and all previous specified programs ignored.
682
683				If the path BPF_FS_PROGRAM_PATH in C<IPIngressFilterPath> assignment
684				is already being handled by C<BPFProgram> ingress hook, e.g.
685				C<BPFProgram>C<ingress>:BPF_FS_PROGRAM_PATH,
686				the assignment will be still considered valid and the program will be attached to a cgroup. Same for
687				C<IPEgressFilterPath> path and C<egress> hook.
688
689				Note that for socket-activated services, the IP filter programs configured on the socket unit apply to
690				all sockets associated with it directly, but not to any sockets created by the ultimately activated services
691				for it. Conversely, the IP filter programs configured for the service are not applied to any sockets passed into
692				the service via socket activation. Thus, it is usually a good idea, to replicate the IP filter programs on both
693				the socket and the service unit, however it often makes sense to maintain one configuration more open and the other
694				one more restricted, depending on the usecase.
695
696				Note that these settings might not be supported on some systems (for example if eBPF control group
697				support is not enabled in the underlying kernel or container manager). These settings will fail the service in
698				that case. If compatibility with such systems is desired it is hence recommended to attach your filter manually
699				(requires C<Delegate>C<yes>) instead of using this setting.',
700				'type' => 'leaf',
701				'value_type' => 'uniline'
702				},
703				'IPEgressFilterPath',
704				{
705				'description' => 'Add custom network traffic filters implemented as BPF programs, applying to all IP packets
706				sent and received over C<AF_INET> and C<AF_INET6> sockets.
707				Takes an absolute path to a pinned BPF program in the BPF virtual filesystem (C</sys/fs/bpf/>).
708
709				The filters configured with this option are applied to all sockets created by processes
710				of this unit (or in the case of socket units, associated with it). The filters are loaded in addition
711				to filters any of the parent slice units this unit might be a member of as well as any
712				C<IPAddressAllow> and C<IPAddressDeny> filters in any of these units.
713				By default there are no filters specified.
714
715				If these settings are used multiple times in the same unit all the specified programs are attached. If an
716				empty string is assigned to these settings the program list is reset and all previous specified programs ignored.
717
718				If the path BPF_FS_PROGRAM_PATH in C<IPIngressFilterPath> assignment
719				is already being handled by C<BPFProgram> ingress hook, e.g.
720				C<BPFProgram>C<ingress>:BPF_FS_PROGRAM_PATH,
721				the assignment will be still considered valid and the program will be attached to a cgroup. Same for
722				C<IPEgressFilterPath> path and C<egress> hook.
723
724				Note that for socket-activated services, the IP filter programs configured on the socket unit apply to
725				all sockets associated with it directly, but not to any sockets created by the ultimately activated services
726				for it. Conversely, the IP filter programs configured for the service are not applied to any sockets passed into
727				the service via socket activation. Thus, it is usually a good idea, to replicate the IP filter programs on both
728				the socket and the service unit, however it often makes sense to maintain one configuration more open and the other
729				one more restricted, depending on the usecase.
730
731				Note that these settings might not be supported on some systems (for example if eBPF control group
732				support is not enabled in the underlying kernel or container manager). These settings will fail the service in
733				that case. If compatibility with such systems is desired it is hence recommended to attach your filter manually
734				(requires C<Delegate>C<yes>) instead of using this setting.',
735				'type' => 'leaf',
736				'value_type' => 'uniline'
737				},
738				'BPFProgram',
739				{
740				'description' => 'Add a custom cgroup BPF program.
741
742				C<BPFProgram> allows attaching BPF hooks to the cgroup of a systemd unit.
743				(This generalizes the functionality exposed via C<IPEgressFilterPath> for egress and
744				C<IPIngressFilterPath> for ingress.)
745				Cgroup-bpf hooks in the form of BPF programs loaded to the BPF filesystem are attached with cgroup-bpf attach
746				flags determined by the unit. For details about attachment types and flags see L<\|https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/include/uapi/linux/bpf.h>.
747				For general BPF documentation please refer to L<\|https://www.kernel.org/doc/html/latest/bpf/index.html>.
748
749				The specification of BPF program consists of a type followed by a
750				program-path with C<:> as the separator:
751				typeC<:>program-path.
752
753				type is the string name of BPF attach type also used in
754				bpftool. type can be one of C<egress>,
755				C<ingress>, C<sock_create>, C<sock_ops>,
756				C<device>, C<bind4>, C<bind6>,
757				C<connect4>, C<connect6>, C<post_bind4>,
758				C<post_bind6>, C<sendmsg4>, C<sendmsg6>,
759				C<sysctl>, C<recvmsg4>, C<recvmsg6>,
760				C<getsockopt>, C<setsockopt>.
761
762				Setting C<BPFProgram> to an empty value makes previous assignments ineffective.
763
764				Multiple assignments of the same type:program-path
765				value have the same effect as a single assignment: the program with the path program-path
766				will be attached to cgroup hook type just once.
767
768				If BPF C<egress> pinned to program-path path is already being
769				handled by C<IPEgressFilterPath>, C<BPFProgram>
770				assignment will be considered valid and C<BPFProgram> will be attached to a cgroup.
771				Similarly for C<ingress> hook and C<IPIngressFilterPath> assignment.
772
773				BPF programs passed with C<BPFProgram> are attached to the cgroup of a unit with BPF
774				attach flag C<multi>, that allows further attachments of the same
775				type within cgroup hierarchy topped by the unit cgroup.
776
777				Examples:
778
779				BPFProgram=egress:/sys/fs/bpf/egress-hook
780				BPFProgram=bind6:/sys/fs/bpf/sock-addr-hook
781
782				',
783				'type' => 'leaf',
784				'value_type' => 'uniline'
785				},
786				'SocketBindAllow',
787				{
788				'description' => "Allow or deny binding a socket address to a socket by matching it with the bind-rule and
789				applying a corresponding action if there is a match.
790
791				bind-rule describes socket properties such as address-family,
792				transport-protocol and ip-ports.
793
794				bind-rule :=
795				{ [address-familyC<:>][transport-protocolC<:>][ip-ports] \| C<any> }
796
797				address-family := { C<ipv4> \| C<ipv6> }
798
799				transport-protocol := { C<tcp> \| C<udp> }
800
801				ip-ports := { ip-port \| ip-port-range }
802
803				An optional address-family expects C<ipv4> or C<ipv6> values.
804				If not specified, a rule will be matched for both IPv4 and IPv6 addresses and applied depending on other socket fields, e.g. transport-protocol,
805				ip-port.
806
807				An optional transport-protocol expects C<tcp> or C<udp> transport protocol names.
808				If not specified, a rule will be matched for any transport protocol.
809
810				An optional ip-port value must lie within 1\x{2026}65535 interval inclusively, i.e.
811				dynamic port C<0> is not allowed. A range of sequential ports is described by
812				ip-port-range := ip-port-lowC<->ip-port-high,
813				where ip-port-low is smaller than or equal to ip-port-high
814				and both are within 1\x{2026}65535 inclusively.
815
816				A special value C<any> can be used to apply a rule to any address family, transport protocol and any port with a positive value.
817
818				To allow multiple rules assign C<SocketBindAllow> or C<SocketBindDeny> multiple times.
819				To clear the existing assignments pass an empty C<SocketBindAllow> or C<SocketBindDeny>
820				assignment.
821
822				For each of C<SocketBindAllow> and C<SocketBindDeny>, maximum allowed number of assignments is
823				C<128>.
824
825				The feature is implemented with C<cgroup/bind4> and C<cgroup/bind6> cgroup-bpf hooks.
826
827				Examples:
828				\x{2026}
829				# Allow binding IPv6 socket addresses with a port greater than or equal to 10000.
830				[Service]
831				SocketBindAllow=ipv6:10000-65535
832				SocketBindDeny=any
833				\x{2026}
834				# Allow binding IPv4 and IPv6 socket addresses with 1234 and 4321 ports.
835				[Service]
836				SocketBindAllow=1234
837				SocketBindAllow=4321
838				SocketBindDeny=any
839				\x{2026}
840				# Deny binding IPv6 socket addresses.
841				[Service]
842				SocketBindDeny=ipv6
843				\x{2026}
844				# Deny binding IPv4 and IPv6 socket addresses.
845				[Service]
846				SocketBindDeny=any
847				\x{2026}
848				# Allow binding only over TCP
849				[Service]
850				SocketBindAllow=tcp
851				SocketBindDeny=any
852				\x{2026}
853				# Allow binding only over IPv6/TCP
854				[Service]
855				SocketBindAllow=ipv6:tcp
856				SocketBindDeny=any
857				\x{2026}
858				# Allow binding ports within 10000-65535 range over IPv4/UDP.
859				[Service]
860				SocketBindAllow=ipv4:udp:10000-65535
861				SocketBindDeny=any
862				\x{2026}
863				",
864				'type' => 'leaf',
865				'value_type' => 'uniline'
866				},
867				'SocketBindDeny',
868				{
869				'description' => "Allow or deny binding a socket address to a socket by matching it with the bind-rule and
870				applying a corresponding action if there is a match.
871
872				bind-rule describes socket properties such as address-family,
873				transport-protocol and ip-ports.
874
875				bind-rule :=
876				{ [address-familyC<:>][transport-protocolC<:>][ip-ports] \| C<any> }
877
878				address-family := { C<ipv4> \| C<ipv6> }
879
880				transport-protocol := { C<tcp> \| C<udp> }
881
882				ip-ports := { ip-port \| ip-port-range }
883
884				An optional address-family expects C<ipv4> or C<ipv6> values.
885				If not specified, a rule will be matched for both IPv4 and IPv6 addresses and applied depending on other socket fields, e.g. transport-protocol,
886				ip-port.
887
888				An optional transport-protocol expects C<tcp> or C<udp> transport protocol names.
889				If not specified, a rule will be matched for any transport protocol.
890
891				An optional ip-port value must lie within 1\x{2026}65535 interval inclusively, i.e.
892				dynamic port C<0> is not allowed. A range of sequential ports is described by
893				ip-port-range := ip-port-lowC<->ip-port-high,
894				where ip-port-low is smaller than or equal to ip-port-high
895				and both are within 1\x{2026}65535 inclusively.
896
897				A special value C<any> can be used to apply a rule to any address family, transport protocol and any port with a positive value.
898
899				To allow multiple rules assign C<SocketBindAllow> or C<SocketBindDeny> multiple times.
900				To clear the existing assignments pass an empty C<SocketBindAllow> or C<SocketBindDeny>
901				assignment.
902
903				For each of C<SocketBindAllow> and C<SocketBindDeny>, maximum allowed number of assignments is
904				C<128>.
905
906				The feature is implemented with C<cgroup/bind4> and C<cgroup/bind6> cgroup-bpf hooks.
907
908				Examples:
909				\x{2026}
910				# Allow binding IPv6 socket addresses with a port greater than or equal to 10000.
911				[Service]
912				SocketBindAllow=ipv6:10000-65535
913				SocketBindDeny=any
914				\x{2026}
915				# Allow binding IPv4 and IPv6 socket addresses with 1234 and 4321 ports.
916				[Service]
917				SocketBindAllow=1234
918				SocketBindAllow=4321
919				SocketBindDeny=any
920				\x{2026}
921				# Deny binding IPv6 socket addresses.
922				[Service]
923				SocketBindDeny=ipv6
924				\x{2026}
925				# Deny binding IPv4 and IPv6 socket addresses.
926				[Service]
927				SocketBindDeny=any
928				\x{2026}
929				# Allow binding only over TCP
930				[Service]
931				SocketBindAllow=tcp
932				SocketBindDeny=any
933				\x{2026}
934				# Allow binding only over IPv6/TCP
935				[Service]
936				SocketBindAllow=ipv6:tcp
937				SocketBindDeny=any
938				\x{2026}
939				# Allow binding ports within 10000-65535 range over IPv4/UDP.
940				[Service]
941				SocketBindAllow=ipv4:udp:10000-65535
942				SocketBindDeny=any
943				\x{2026}
944				",
945				'type' => 'leaf',
946				'value_type' => 'uniline'
947				},
948				'RestrictNetworkInterfaces',
949				{
950				'description' => 'Takes a list of space-separated network interface names. This option restricts the network
951				interfaces that processes of this unit can use. By default processes can only use the network interfaces
952				listed (allow-list). If the first character of the rule is C<~>, the effect is inverted:
953				the processes can only use network interfaces not listed (deny-list).
954
955				This option can appear multiple times, in which case the network interface names are merged. If the
956				empty string is assigned the set is reset, all prior assignments will have not effect.
957
958				If you specify both types of this option (i.e. allow-listing and deny-listing), the first encountered
959				will take precedence and will dictate the default action (allow vs deny). Then the next occurrences of this
960				option will add or delete the listed network interface names from the set, depending of its type and the
961				default action.
962
963				The loopback interface ("lo") is not treated in any special way, you have to configure it explicitly
964				in the unit file.
965
966				Example 1: allow-list
967
968
969				RestrictNetworkInterfaces=eth1
970				RestrictNetworkInterfaces=eth2
971
972				Programs in the unit will be only able to use the eth1 and eth2 network
973				interfaces.
974
975				Example 2: deny-list
976
977
978				RestrictNetworkInterfaces=~eth1 eth2
979
980				Programs in the unit will be able to use any network interface but eth1 and eth2.
981
982				Example 3: mixed
983
984
985				RestrictNetworkInterfaces=eth1 eth2
986				RestrictNetworkInterfaces=~eth1
987
988				Programs in the unit will be only able to use the eth2 network interface.
989				',
990				'type' => 'leaf',
991				'value_type' => 'uniline'
992				},
993				'DeviceAllow',
994				{
995				'cargo' => {
996				'type' => 'leaf',
997				'value_type' => 'uniline'
998				},
999				'description' => "Control access to specific device nodes by the executed processes. Takes two space-separated
1000				strings: a device node specifier followed by a combination of C<r>,
1001				C<w>, C<m> to control reading,
1002				writing, or creation of the specific device node(s) by the unit
1003				(mknod), respectively. On cgroup-v1 this controls the
1004				C<devices.allow> control group attribute. For details about this control group
1005				attribute, see L<Device Whitelist Controller\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/devices.html>.
1006				In the unified cgroup hierarchy this functionality is implemented using eBPF filtering.
1007
1008				When access to all physical devices should be disallowed,
1009				C<PrivateDevices> may be used instead. See
1010				L<systemd.exec(5)>.
1011
1012				The device node specifier is either a path to a device node in the file system, starting with
1013				C</dev/>, or a string starting with either C<char-> or
1014				C<block-> followed by a device group name, as listed in
1015				C</proc/devices>. The latter is useful to allow-list all current and future
1016				devices belonging to a specific device group at once. The device group is matched according to
1017				filename globbing rules, you may hence use the C<*> and C<?>
1018				wildcards. (Note that such globbing wildcards are not available for device node path
1019				specifications!) In order to match device nodes by numeric major/minor, use device node paths in
1020				the C</dev/char/> and C</dev/block/> directories. However,
1021				matching devices by major/minor is generally not recommended as assignments are neither stable nor
1022				portable between systems or different kernel versions.
1023
1024				Examples: C</dev/sda5> is a path to a device node, referring to an ATA or
1025				SCSI block device. C<char-pts> and C<char-alsa> are specifiers for
1026				all pseudo TTYs and all ALSA sound devices, respectively. C<char-cpu/*> is a
1027				specifier matching all CPU related device groups.
1028
1029				Note that allow lists defined this way should only reference device groups which are
1030				resolvable at the time the unit is started. Any device groups not resolvable then are not added to
1031				the device allow list. In order to work around this limitation, consider extending service units
1032				with a pair of After=modprobe\@xyz.service and
1033				Wants=modprobe\@xyz.service lines that load the necessary kernel module
1034				implementing the device group if missing.
1035				Example:
1036				\x{2026}
1037				[Unit]
1038				Wants=modprobe\@loop.service
1039				After=modprobe\@loop.service
1040				[Service]
1041				DeviceAllow=block-loop
1042				DeviceAllow=/dev/loop-control
1043				\x{2026}
1044				",
1045				'type' => 'list'
1046				},
1047				'DevicePolicy',
1048				{
1049				'choice' => [
1050				'auto',
1051				'closed',
1052				'strict'
1053				],
1054				'description' => '
1055				Control the policy for allowing device access:
1056				',
1057				'type' => 'leaf',
1058				'value_type' => 'enum'
1059				},
1060				'Slice',
1061				{
1062				'description' => 'The name of the slice unit to place the unit
1063				in. Defaults to C<system.slice> for all
1064				non-instantiated units of all unit types (except for slice
1065				units themselves see below). Instance units are by default
1066				placed in a subslice of C<system.slice>
1067				that is named after the template name.
1068
1069				This option may be used to arrange systemd units in a
1070				hierarchy of slices each of which might have resource
1071				settings applied.
1072
1073				For units of type slice, the only accepted value for
1074				this setting is the parent slice. Since the name of a slice
1075				unit implies the parent slice, it is hence redundant to ever
1076				set this parameter directly for slice units.
1077
1078				Special care should be taken when relying on the default slice assignment in templated service units
1079				that have C<DefaultDependencies=no> set, see
1080				L<systemd.service(5)>, section
1081				"Default Dependencies" for details.',
1082				'type' => 'leaf',
1083				'value_type' => 'uniline'
1084				},
1085				'Delegate',
1086				{
1087				'description' => 'Turns on delegation of further resource control partitioning to processes of the unit. Units where this
1088				is enabled may create and manage their own private subhierarchy of control groups below the control group of
1089				the unit itself. For unprivileged services (i.e. those using the C<User> setting) the unit\'s
1090				control group will be made accessible to the relevant user. When enabled the service manager will refrain
1091				from manipulating control groups or moving processes below the unit\'s control group, so that a clear concept
1092				of ownership is established: the control group tree above the unit\'s control group (i.e. towards the root
1093				control group) is owned and managed by the service manager of the host, while the control group tree below
1094				the unit\'s control group is owned and managed by the unit itself. Takes either a boolean argument or a list
1095				of control group controller names. If true, delegation is turned on, and all supported controllers are
1096				enabled for the unit, making them available to the unit\'s processes for management. If false, delegation is
1097				turned off entirely (and no additional controllers are enabled). If set to a list of controllers, delegation
1098				is turned on, and the specified controllers are enabled for the unit. Note that additional controllers than
1099				the ones specified might be made available as well, depending on configuration of the containing slice unit
1100				or other units contained in it. Note that assigning the empty string will enable delegation, but reset the
1101				list of controllers, all assignments prior to this will have no effect. Defaults to false.
1102
1103				Note that controller delegation to less privileged code is only safe on the unified control group
1104				hierarchy. Accordingly, access to the specified controllers will not be granted to unprivileged services on
1105				the legacy hierarchy, even when requested.
1106
1107				Not all of these controllers are available on all kernels however, and some are
1108				specific to the unified hierarchy while others are specific to the legacy hierarchy. Also note that the
1109				kernel might support further controllers, which aren\'t covered here yet as delegation is either not supported
1110				at all for them or not defined cleanly.
1111
1112				For further details on the delegation model consult L<Control Group APIs and Delegation\|https://systemd.io/CGROUP_DELEGATION>.',
1113				'type' => 'leaf',
1114				'value_type' => 'uniline'
1115				},
1116				'DisableControllers',
1117				{
1118				'description' => 'Disables controllers from being enabled for a unit\'s children. If a controller listed is already in use
1119				in its subtree, the controller will be removed from the subtree. This can be used to avoid child units being
1120				able to implicitly or explicitly enable a controller. Defaults to not disabling any controllers.
1121
1122				It may not be possible to successfully disable a controller if the unit or any child of the unit in
1123				question delegates controllers to its children, as any delegated subtree of the cgroup hierarchy is unmanaged
1124				by systemd.
1125
1126				Multiple controllers may be specified, separated by spaces. You may also pass
1127				C<DisableControllers> multiple times, in which case each new instance adds another controller
1128				to disable. Passing C<DisableControllers> by itself with no controller name present resets
1129				the disabled controller list.',
1130				'type' => 'leaf',
1131				'value_type' => 'uniline'
1132				},
1133				'ManagedOOMSwap',
1134				{
1135				'choice' => [
1136				'auto',
1137				'kill'
1138				],
1139				'description' => 'Specifies how
1140				L<systemd-oomd.service(8)>
1141				will act on this unit\'s cgroups. Defaults to C<auto>.
1142
1143				When set to C<kill>, the unit becomes a candidate for monitoring by
1144				systemd-oomd. If the cgroup passes the limits set by
1145				L<oomd.conf(5)> or
1146				the unit configuration, systemd-oomd will select a descendant cgroup and send
1147				C<SIGKILL> to all of the processes under it. You can find more details on
1148				candidates and kill behavior at
1149				L<systemd-oomd.service(8)>
1150				and
1151				L<oomd.conf(5)>.
1152
1153				Setting either of these properties to C<kill> will also result in
1154				C<After> and C<Wants> dependencies on
1155				C<systemd-oomd.service> unless C<DefaultDependencies=no>.
1156
1157				When set to C<auto>, systemd-oomd will not actively use this
1158				cgroup\'s data for monitoring and detection. However, if an ancestor cgroup has one of these
1159				properties set to C<kill>, a unit with C<auto> can still be a candidate
1160				for systemd-oomd to terminate.',
1161				'type' => 'leaf',
1162				'value_type' => 'enum'
1163				},
1164				'ManagedOOMMemoryPressure',
1165				{
1166				'choice' => [
1167				'auto',
1168				'kill'
1169				],
1170				'description' => 'Specifies how
1171				L<systemd-oomd.service(8)>
1172				will act on this unit\'s cgroups. Defaults to C<auto>.
1173
1174				When set to C<kill>, the unit becomes a candidate for monitoring by
1175				systemd-oomd. If the cgroup passes the limits set by
1176				L<oomd.conf(5)> or
1177				the unit configuration, systemd-oomd will select a descendant cgroup and send
1178				C<SIGKILL> to all of the processes under it. You can find more details on
1179				candidates and kill behavior at
1180				L<systemd-oomd.service(8)>
1181				and
1182				L<oomd.conf(5)>.
1183
1184				Setting either of these properties to C<kill> will also result in
1185				C<After> and C<Wants> dependencies on
1186				C<systemd-oomd.service> unless C<DefaultDependencies=no>.
1187
1188				When set to C<auto>, systemd-oomd will not actively use this
1189				cgroup\'s data for monitoring and detection. However, if an ancestor cgroup has one of these
1190				properties set to C<kill>, a unit with C<auto> can still be a candidate
1191				for systemd-oomd to terminate.',
1192				'type' => 'leaf',
1193				'value_type' => 'enum'
1194				},
1195				'ManagedOOMMemoryPressureLimit',
1196				{
1197				'description' => 'Overrides the default memory pressure limit set by
1198				L<oomd.conf(5)> for
1199				this unit (cgroup). Takes a percentage value between 0% and 100%, inclusive. This property is
1200				ignored unless C<ManagedOOMMemoryPressure>C<kill>. Defaults to 0%,
1201				which means to use the default set by
1202				L<oomd.conf(5)>.
1203				',
1204				'type' => 'leaf',
1205				'value_type' => 'uniline'
1206				},
1207				'ManagedOOMPreference',
1208				{
1209				'choice' => [
1210				'none',
1211				'avoid',
1212				'omit'
1213				],
1214				'description' => 'Allows deprioritizing or omitting this unit\'s cgroup as a candidate when
1215				systemd-oomd needs to act. Requires support for extended attributes (see
1216				L<xattr(7)>)
1217				in order to use C<avoid> or C<omit>. Additionally,
1218				systemd-oomd will ignore these extended attributes if the unit\'s cgroup is not
1219				owned by the root user.
1220
1221				If this property is set to C<avoid>, the service manager will convey this to
1222				systemd-oomd, which will only select this cgroup if there are no other viable
1223				candidates.
1224
1225				If this property is set to C<omit>, the service manager will convey this to
1226				systemd-oomd, which will ignore this cgroup as a candidate and will not perform
1227				any actions on it.
1228
1229				It is recommended to use C<avoid> and C<omit> sparingly, as it
1230				can adversely affect systemd-oomd\'s kill behavior. Also note that these extended
1231				attributes are not applied recursively to cgroups under this unit\'s cgroup.
1232
1233				Defaults to C<none> which means systemd-oomd will rank this
1234				unit\'s cgroup as defined in
1235				L<systemd-oomd.service(8)>
1236				and L<oomd.conf(5)>.
1237				',
1238				'type' => 'leaf',
1239				'value_type' => 'enum'
1240				},
1241				'CPUShares',
1242				{
1243				'description' => 'Assign the specified CPU time share weight to the processes executed. These options take an integer
1244				value and control the C<cpu.shares> control group attribute. The allowed range is 2 to
1245				262144. Defaults to 1024. For details about this control group attribute, see L<CFS Scheduler\|https://www.kernel.org/doc/html/latest/scheduler/sched-design-CFS.html>.
1246				The available CPU time is split up among all units within one slice relative to their CPU time share
1247				weight.
1248
1249				While C<StartupCPUShares> applies to the startup and shutdown phases of the system,
1250				C<CPUShares> applies to normal runtime of the system, and if the former is not set also to
1251				the startup and shutdown phases. Using C<StartupCPUShares> allows prioritizing specific services at
1252				boot-up and shutdown differently than during normal runtime.
1253
1254				Implies C<CPUAccounting=yes>.
1255
1256				These settings are deprecated. Use C<CPUWeight> and
1257				C<StartupCPUWeight> instead.',
1258				'max' => '262144',
1259				'min' => '2',
1260				'type' => 'leaf',
1261				'upstream_default' => '1024',
1262				'value_type' => 'integer'
1263				},
1264				'StartupCPUShares',
1265				{
1266				'description' => 'Assign the specified CPU time share weight to the processes executed. These options take an integer
1267				value and control the C<cpu.shares> control group attribute. The allowed range is 2 to
1268				262144. Defaults to 1024. For details about this control group attribute, see L<CFS Scheduler\|https://www.kernel.org/doc/html/latest/scheduler/sched-design-CFS.html>.
1269				The available CPU time is split up among all units within one slice relative to their CPU time share
1270				weight.
1271
1272				While C<StartupCPUShares> applies to the startup and shutdown phases of the system,
1273				C<CPUShares> applies to normal runtime of the system, and if the former is not set also to
1274				the startup and shutdown phases. Using C<StartupCPUShares> allows prioritizing specific services at
1275				boot-up and shutdown differently than during normal runtime.
1276
1277				Implies C<CPUAccounting=yes>.
1278
1279				These settings are deprecated. Use C<CPUWeight> and
1280				C<StartupCPUWeight> instead.',
1281				'max' => '262144',
1282				'min' => '2',
1283				'type' => 'leaf',
1284				'upstream_default' => '1024',
1285				'value_type' => 'integer'
1286				},
1287				'MemoryLimit',
1288				{
1289				'description' => 'Specify the limit on maximum memory usage of the executed processes. The limit specifies how much
1290				process and kernel memory can be used by tasks in this unit. Takes a memory size in bytes. If the value is
1291				suffixed with K, M, G or T, the specified memory size is parsed as Kilobytes, Megabytes, Gigabytes, or
1292				Terabytes (with the base 1024), respectively. Alternatively, a percentage value may be specified, which is
1293				taken relative to the installed physical memory on the system. If assigned the special value
1294				C<infinity>, no memory limit is applied. This controls the
1295				C<memory.limit_in_bytes> control group attribute. For details about this control group
1296				attribute, see L<Memory Resource Controller\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/memory.html>.
1297
1298				Implies C<MemoryAccounting=yes>.
1299
1300				This setting is deprecated. Use C<MemoryMax> instead.',
1301				'type' => 'leaf',
1302				'value_type' => 'uniline'
1303				},
1304				'BlockIOAccounting',
1305				{
1306				'description' => 'Turn on Block I/O accounting for this unit, if the legacy control group hierarchy is used on the
1307				system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly
1308				turn it on for all units contained in the same slice and all for its parent slices and the units contained
1309				therein. The system default for this setting may be controlled with
1310				C<DefaultBlockIOAccounting> in
1311				L<systemd-system.conf(5)>.
1312
1313				This setting is deprecated. Use C<IOAccounting> instead.',
1314				'type' => 'leaf',
1315				'value_type' => 'boolean',
1316				'write_as' => [
1317				'no',
1318				'yes'
1319				]
1320				},
1321				'BlockIOWeight',
1322				{
1323				'description' => 'Set the default overall block I/O weight for the executed processes, if the legacy control
1324				group hierarchy is used on the system. Takes a single weight value (between 10 and 1000) to set the default
1325				block I/O weight. This controls the C<blkio.weight> control group attribute, which defaults to
1326				500. For details about this control group attribute, see L<Block IO Controller\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/blkio-controller.html>.
1327				The available I/O bandwidth is split up among all units within one slice relative to their block I/O
1328				weight.
1329
1330				While C<StartupBlockIOWeight> only
1331				applies to the startup and shutdown phases of the system,
1332				C<BlockIOWeight> applies to the later runtime
1333				of the system, and if the former is not set also to the
1334				startup and shutdown phases. This allows prioritizing specific services at
1335				boot-up and shutdown differently than during runtime.
1336
1337				Implies
1338				C<BlockIOAccounting=yes>.
1339
1340				These settings are deprecated. Use C<IOWeight> and C<StartupIOWeight>
1341				instead.',
1342				'type' => 'leaf',
1343				'value_type' => 'uniline'
1344				},
1345				'StartupBlockIOWeight',
1346				{
1347				'description' => 'Set the default overall block I/O weight for the executed processes, if the legacy control
1348				group hierarchy is used on the system. Takes a single weight value (between 10 and 1000) to set the default
1349				block I/O weight. This controls the C<blkio.weight> control group attribute, which defaults to
1350				500. For details about this control group attribute, see L<Block IO Controller\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/blkio-controller.html>.
1351				The available I/O bandwidth is split up among all units within one slice relative to their block I/O
1352				weight.
1353
1354				While C<StartupBlockIOWeight> only
1355				applies to the startup and shutdown phases of the system,
1356				C<BlockIOWeight> applies to the later runtime
1357				of the system, and if the former is not set also to the
1358				startup and shutdown phases. This allows prioritizing specific services at
1359				boot-up and shutdown differently than during runtime.
1360
1361				Implies
1362				C<BlockIOAccounting=yes>.
1363
1364				These settings are deprecated. Use C<IOWeight> and C<StartupIOWeight>
1365				instead.',
1366				'type' => 'leaf',
1367				'value_type' => 'uniline'
1368				},
1369				'BlockIODeviceWeight',
1370				{
1371				'description' => 'Set the per-device overall block I/O weight for the executed processes, if the legacy control group
1372				hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify
1373				the device specific weight value, between 10 and 1000. (Example: "/dev/sda 500"). The file path may be
1374				specified as path to a block device node or as any other file, in which case the backing block device of the
1375				file system of the file is determined. This controls the C<blkio.weight_device> control group
1376				attribute, which defaults to 1000. Use this option multiple times to set weights for multiple devices. For
1377				details about this control group attribute, see L<Block IO Controller\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/blkio-controller.html>.
1378
1379				Implies
1380				C<BlockIOAccounting=yes>.
1381
1382				This setting is deprecated. Use C<IODeviceWeight> instead.',
1383				'type' => 'leaf',
1384				'value_type' => 'uniline'
1385				},
1386				'BlockIOReadBandwidth',
1387				{
1388				'description' => 'Set the per-device overall block I/O bandwidth limit for the executed processes, if the legacy control
1389				group hierarchy is used on the system. Takes a space-separated pair of a file path and a bandwidth value (in
1390				bytes per second) to specify the device specific bandwidth. The file path may be a path to a block device
1391				node, or as any other file in which case the backing block device of the file system of the file is used. If
1392				the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is parsed as Kilobytes, Megabytes,
1393				Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
1394				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the
1395				C<blkio.throttle.read_bps_device> and C<blkio.throttle.write_bps_device>
1396				control group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For
1397				details about these control group attributes, see L<Block IO Controller\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/blkio-controller.html>.
1398
1399				Implies
1400				C<BlockIOAccounting=yes>.
1401
1402				These settings are deprecated. Use C<IOReadBandwidthMax> and
1403				C<IOWriteBandwidthMax> instead.',
1404				'type' => 'leaf',
1405				'value_type' => 'uniline'
1406				},
1407				'BlockIOWriteBandwidth',
1408				{
1409				'description' => 'Set the per-device overall block I/O bandwidth limit for the executed processes, if the legacy control
1410				group hierarchy is used on the system. Takes a space-separated pair of a file path and a bandwidth value (in
1411				bytes per second) to specify the device specific bandwidth. The file path may be a path to a block device
1412				node, or as any other file in which case the backing block device of the file system of the file is used. If
1413				the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is parsed as Kilobytes, Megabytes,
1414				Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
1415				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the
1416				C<blkio.throttle.read_bps_device> and C<blkio.throttle.write_bps_device>
1417				control group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For
1418				details about these control group attributes, see L<Block IO Controller\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/blkio-controller.html>.
1419
1420				Implies
1421				C<BlockIOAccounting=yes>.
1422
1423				These settings are deprecated. Use C<IOReadBandwidthMax> and
1424				C<IOWriteBandwidthMax> instead.',
1425				'type' => 'leaf',
1426				'value_type' => 'uniline'
1427				}
1428				],
1429				'generated_by' => 'parse-man.pl from systemd 250 doc',
1430				'license' => 'LGPLv2.1+',
1431				'name' => 'Systemd::Common::ResourceControl'
1432				}
1433				]
1434				;
1435