File Coverage

blib/lib/Config/Model/models/Systemd/Common/ResourceControl.pl

Criterion	Covered	Total	%
statement	18	18	100.0
branch			n/a
condition			n/a
subroutine	6	6	100.0
pod			n/a
total	24	24	100.0

line	stmt	sub	time	code
1				#
2				# This file is part of Config-Model-Systemd
3				#
4				# This software is Copyright (c) 2008-2022 by Dominique Dumont.
5				#
6				# This is free software, licensed under:
7				#
8				# The GNU Lesser General Public License, Version 2.1, February 1999
9				#
10	4	4	133090	use strict;
	4	1	13
	4	1	131
	1		23629
	1		2
	1		24
	1		23960
	1		3
	1		25
11	4	4	28	use warnings;
	4	1	12
	4	1	4593
	1		5
	1		2
	1		1081
	1		5
	1		3
	1		1053
12
13				return [
14				{
15				'accept' => [
16				'.*',
17				{
18				'type' => 'leaf',
19				'value_type' => 'uniline',
20				'warn' => 'Unexpected systemd parameter. Please contact cme author to update systemd model.'
21				}
22				],
23				'class_description' => 'Unit configuration files for services, slices, scopes, sockets, mount points, and swap devices share a subset
24				of configuration options for resource control of spawned processes. Internally, this relies on the Linux Control
25				Groups (cgroups) kernel concept for organizing processes in a hierarchical tree of named groups for the purpose of
26				resource management.
27
28				This man page lists the configuration options shared by
29				those six unit types. See
30				L<systemd.unit(5)>
31				for the common options of all unit configuration files, and
32				L<systemd.slice(5)>,
33				L<systemd.scope(5)>,
34				L<systemd.service(5)>,
35				L<systemd.socket(5)>,
36				L<systemd.mount(5)>,
37				and
38				L<systemd.swap(5)>
39				for more information on the specific unit configuration files. The
40				resource control configuration options are configured in the
41				[Slice], [Scope], [Service], [Socket], [Mount], or [Swap]
42				sections, depending on the unit type.
43
44				In addition, options which control resources available to programs
45				executed by systemd are listed in
46				L<systemd.exec(5)>.
47				Those options complement options listed here.
48
49				See the L<New
50				Control Group Interfaces\|https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface> for an introduction on how to make
51				use of resource control APIs from programs.
52				This configuration class was generated from systemd documentation.
53				by L<parse-man.pl\|https://github.com/dod38fr/config-model-systemd/contrib/parse-man.pl>
54				',
55				'copyright' => [
56				'2010-2016 Lennart Poettering and others',
57				'2016 Dominique Dumont'
58				],
59				'element' => [
60				'CPUAccounting',
61				{
62				'description' => 'Turn on CPU usage accounting for this unit. Takes a
63				boolean argument. Note that turning on CPU accounting for
64				one unit will also implicitly turn it on for all units
65				contained in the same slice and for all its parent slices
66				and the units contained therein. The system default for this
67				setting may be controlled with
68				C<DefaultCPUAccounting> in
69				L<systemd-system.conf(5)>.',
70				'type' => 'leaf',
71				'value_type' => 'boolean',
72				'write_as' => [
73				'no',
74				'yes'
75				]
76				},
77				'CPUWeight',
78				{
79				'description' => 'These options accept an integer value or a the special string "idle":
80
81				While C<StartupCPUWeight> applies to the startup and shutdown phases of the system,
82				C<CPUWeight> applies to normal runtime of the system, and if the former is not set also to
83				the startup and shutdown phases. Using C<StartupCPUWeight> allows prioritizing specific services at
84				boot-up and shutdown differently than during normal runtime.',
85				'type' => 'leaf',
86				'value_type' => 'uniline'
87				},
88				'StartupCPUWeight',
89				{
90				'description' => 'These options accept an integer value or a the special string "idle":
91
92				While C<StartupCPUWeight> applies to the startup and shutdown phases of the system,
93				C<CPUWeight> applies to normal runtime of the system, and if the former is not set also to
94				the startup and shutdown phases. Using C<StartupCPUWeight> allows prioritizing specific services at
95				boot-up and shutdown differently than during normal runtime.',
96				'type' => 'leaf',
97				'value_type' => 'uniline'
98				},
99				'CPUQuota',
100				{
101				'description' => 'Assign the specified CPU time quota to the processes executed. Takes a percentage value, suffixed with
102				"%". The percentage specifies how much CPU time the unit shall get at maximum, relative to the total CPU time
103				available on one CPU. Use values > 100% for allotting CPU time on more than one CPU. This controls the
104				C<cpu.max> attribute on the unified control group hierarchy and
105				C<cpu.cfs_quota_us> on legacy. For details about these control group attributes, see L<Control Groups v2\|https://docs.kernel.org/admin-guide/cgroup-v2.html> and L<CFS Bandwidth Control\|https://docs.kernel.org/scheduler/sched-bwc.html>.
106				Setting C<CPUQuota> to an empty value unsets the quota.
107
108				Example: C<CPUQuota=20%> ensures that the executed processes will never get more than
109				20% CPU time on one CPU.',
110				'type' => 'leaf',
111				'value_type' => 'uniline'
112				},
113				'CPUQuotaPeriodSec',
114				{
115				'description' => 'Assign the duration over which the CPU time quota specified by C<CPUQuota> is measured.
116				Takes a time duration value in seconds, with an optional suffix such as "ms" for milliseconds (or "s" for seconds.)
117				The default setting is 100ms. The period is clamped to the range supported by the kernel, which is [1ms, 1000ms].
118				Additionally, the period is adjusted up so that the quota interval is also at least 1ms.
119				Setting C<CPUQuotaPeriodSec> to an empty value resets it to the default.
120
121				This controls the second field of C<cpu.max> attribute on the unified control group hierarchy
122				and C<cpu.cfs_period_us> on legacy. For details about these control group attributes, see
123				L<Control Groups v2\|https://docs.kernel.org/admin-guide/cgroup-v2.html> and
124				L<CFS Scheduler\|https://docs.kernel.org/scheduler/sched-design-CFS.html>.
125
126				Example: C<CPUQuotaPeriodSec=10ms> to request that the CPU quota is measured in periods of 10ms.',
127				'type' => 'leaf',
128				'value_type' => 'uniline'
129				},
130				'AllowedCPUs',
131				{
132				'description' => 'Restrict processes to be executed on specific CPUs. Takes a list of CPU indices or ranges separated by either
133				whitespace or commas. CPU ranges are specified by the lower and upper CPU indices separated by a dash.
134
135				Setting C<AllowedCPUs> or C<StartupAllowedCPUs> doesn\'t guarantee that all
136				of the CPUs will be used by the processes as it may be limited by parent units. The effective configuration is
137				reported as C<EffectiveCPUs>.
138
139				While C<StartupAllowedCPUs> applies to the startup and shutdown phases of the system,
140				C<AllowedCPUs> applies to normal runtime of the system, and if the former is not set also to
141				the startup and shutdown phases. Using C<StartupAllowedCPUs> allows prioritizing specific services at
142				boot-up and shutdown differently than during normal runtime.
143
144				This setting is supported only with the unified control group hierarchy.',
145				'type' => 'leaf',
146				'value_type' => 'uniline'
147				},
148				'StartupAllowedCPUs',
149				{
150				'description' => 'Restrict processes to be executed on specific CPUs. Takes a list of CPU indices or ranges separated by either
151				whitespace or commas. CPU ranges are specified by the lower and upper CPU indices separated by a dash.
152
153				Setting C<AllowedCPUs> or C<StartupAllowedCPUs> doesn\'t guarantee that all
154				of the CPUs will be used by the processes as it may be limited by parent units. The effective configuration is
155				reported as C<EffectiveCPUs>.
156
157				While C<StartupAllowedCPUs> applies to the startup and shutdown phases of the system,
158				C<AllowedCPUs> applies to normal runtime of the system, and if the former is not set also to
159				the startup and shutdown phases. Using C<StartupAllowedCPUs> allows prioritizing specific services at
160				boot-up and shutdown differently than during normal runtime.
161
162				This setting is supported only with the unified control group hierarchy.',
163				'type' => 'leaf',
164				'value_type' => 'uniline'
165				},
166				'AllowedMemoryNodes',
167				{
168				'description' => 'Restrict processes to be executed on specific memory NUMA nodes. Takes a list of memory NUMA nodes indices
169				or ranges separated by either whitespace or commas. Memory NUMA nodes ranges are specified by the lower and upper
170				NUMA nodes indices separated by a dash.
171
172				Setting C<AllowedMemoryNodes> or C<StartupAllowedMemoryNodes> doesn\'t
173				guarantee that all of the memory NUMA nodes will be used by the processes as it may be limited by parent units.
174				The effective configuration is reported as C<EffectiveMemoryNodes>.
175
176				While C<StartupAllowedMemoryNodes> applies to the startup and shutdown phases of the system,
177				C<AllowedMemoryNodes> applies to normal runtime of the system, and if the former is not set also to
178				the startup and shutdown phases. Using C<StartupAllowedMemoryNodes> allows prioritizing specific services at
179				boot-up and shutdown differently than during normal runtime.
180
181				This setting is supported only with the unified control group hierarchy.',
182				'type' => 'leaf',
183				'value_type' => 'uniline'
184				},
185				'StartupAllowedMemoryNodes',
186				{
187				'description' => 'Restrict processes to be executed on specific memory NUMA nodes. Takes a list of memory NUMA nodes indices
188				or ranges separated by either whitespace or commas. Memory NUMA nodes ranges are specified by the lower and upper
189				NUMA nodes indices separated by a dash.
190
191				Setting C<AllowedMemoryNodes> or C<StartupAllowedMemoryNodes> doesn\'t
192				guarantee that all of the memory NUMA nodes will be used by the processes as it may be limited by parent units.
193				The effective configuration is reported as C<EffectiveMemoryNodes>.
194
195				While C<StartupAllowedMemoryNodes> applies to the startup and shutdown phases of the system,
196				C<AllowedMemoryNodes> applies to normal runtime of the system, and if the former is not set also to
197				the startup and shutdown phases. Using C<StartupAllowedMemoryNodes> allows prioritizing specific services at
198				boot-up and shutdown differently than during normal runtime.
199
200				This setting is supported only with the unified control group hierarchy.',
201				'type' => 'leaf',
202				'value_type' => 'uniline'
203				},
204				'MemoryAccounting',
205				{
206				'description' => 'Turn on process and kernel memory accounting for this
207				unit. Takes a boolean argument. Note that turning on memory
208				accounting for one unit will also implicitly turn it on for
209				all units contained in the same slice and for all its parent
210				slices and the units contained therein. The system default
211				for this setting may be controlled with
212				C<DefaultMemoryAccounting> in
213				L<systemd-system.conf(5)>.',
214				'type' => 'leaf',
215				'value_type' => 'boolean',
216				'write_as' => [
217				'no',
218				'yes'
219				]
220				},
221				'MemoryMin',
222				{
223				'description' => 'Specify the memory usage protection of the executed processes in this unit.
224				When reclaiming memory, the unit is treated as if it was using less memory resulting in memory
225				to be preferentially reclaimed from unprotected units.
226				Using C<MemoryLow> results in a weaker protection where memory may still
227				be reclaimed to avoid invoking the OOM killer in case there is no other reclaimable memory.
228
229				For a protection to be effective, it is generally required to set a corresponding
230				allocation on all ancestors, which is then distributed between children
231				(with the exception of the root slice).
232				Any C<MemoryMin> or C<MemoryLow> allocation that is not
233				explicitly distributed to specific children is used to create a shared protection for all children.
234				As this is a shared protection, the children will freely compete for the memory.
235
236				Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
237				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
238				percentage value may be specified, which is taken relative to the installed physical memory on the
239				system. If assigned the special value C<infinity>, all available memory is protected, which may be
240				useful in order to always inherit all of the protection afforded by ancestors.
241				This controls the C<memory.min> or C<memory.low> control group attribute.
242				For details about this control group attribute, see L<Memory Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files>.
243
244				Units may have their children use a default C<memory.min> or
245				C<memory.low> value by specifying C<DefaultMemoryMin> or
246				C<DefaultMemoryLow>, which has the same semantics as
247				C<MemoryMin> and C<MemoryLow>.
248				This setting does not affect C<memory.min> or C<memory.low>
249				in the unit itself.
250				Using it to set a default child allocation is only useful on kernels older than 5.7,
251				which do not support the C<memory_recursiveprot> cgroup2 mount option.',
252				'type' => 'leaf',
253				'value_type' => 'uniline'
254				},
255				'MemoryHigh',
256				{
257				'description' => 'Specify the throttling limit on memory usage of the executed processes in this unit. Memory usage may go
258				above the limit if unavoidable, but the processes are heavily slowed down and memory is taken away
259				aggressively in such cases. This is the main mechanism to control memory usage of a unit.
260
261				Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
262				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
263				percentage value may be specified, which is taken relative to the installed physical memory on the
264				system. If assigned the
265				special value C<infinity>, no memory throttling is applied. This controls the
266				C<memory.high> control group attribute. For details about this control group attribute, see
267				L<Memory Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files>.',
268				'type' => 'leaf',
269				'value_type' => 'uniline'
270				},
271				'MemoryMax',
272				{
273				'description' => 'Specify the absolute limit on memory usage of the executed processes in this unit. If memory usage
274				cannot be contained under the limit, out-of-memory killer is invoked inside the unit. It is recommended to
275				use C<MemoryHigh> as the main control mechanism and use C<MemoryMax> as the
276				last line of defense.
277
278				Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
279				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
280				percentage value may be specified, which is taken relative to the installed physical memory on the system. If
281				assigned the special value C<infinity>, no memory limit is applied. This controls the
282				C<memory.max> control group attribute. For details about this control group attribute, see
283				L<Memory Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files>.',
284				'type' => 'leaf',
285				'value_type' => 'uniline'
286				},
287				'MemorySwapMax',
288				{
289				'description' => 'Specify the absolute limit on swap usage of the executed processes in this unit.
290
291				Takes a swap size in bytes. If the value is suffixed with K, M, G or T, the specified swap size is
292				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the
293				special value C<infinity>, no swap limit is applied. This controls the
294				C<memory.swap.max> control group attribute. For details about this control group attribute,
295				see L<Memory Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files>.',
296				'type' => 'leaf',
297				'value_type' => 'uniline'
298				},
299				'TasksAccounting',
300				{
301				'description' => 'Turn on task accounting for this unit. Takes a
302				boolean argument. If enabled, the system manager will keep
303				track of the number of tasks in the unit. The number of
304				tasks accounted this way includes both kernel threads and
305				userspace processes, with each thread counting
306				individually. Note that turning on tasks accounting for one
307				unit will also implicitly turn it on for all units contained
308				in the same slice and for all its parent slices and the
309				units contained therein. The system default for this setting
310				may be controlled with
311				C<DefaultTasksAccounting> in
312				L<systemd-system.conf(5)>.',
313				'type' => 'leaf',
314				'value_type' => 'boolean',
315				'write_as' => [
316				'no',
317				'yes'
318				]
319				},
320				'TasksMax',
321				{
322				'description' => 'Specify the maximum number of tasks that may be created in the unit. This ensures that the
323				number of tasks accounted for the unit (see above) stays below a specific limit. This either takes
324				an absolute number of tasks or a percentage value that is taken relative to the configured maximum
325				number of tasks on the system. If assigned the special value C<infinity>, no tasks
326				limit is applied. This controls the C<pids.max> control group attribute. For
327				details about this control group attribute, the
328				L<pids controller
329				\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#pid>.
330
331				The system default for this setting may be controlled with
332				C<DefaultTasksMax> in
333				L<systemd-system.conf(5)>.',
334				'type' => 'leaf',
335				'value_type' => 'uniline'
336				},
337				'IOAccounting',
338				{
339				'description' => 'Turn on Block I/O accounting for this unit, if the unified control group hierarchy is used on the
340				system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly
341				turn it on for all units contained in the same slice and all for its parent slices and the units contained
342				therein. The system default for this setting may be controlled with C<DefaultIOAccounting>
343				in
344				L<systemd-system.conf(5)>.',
345				'type' => 'leaf',
346				'value_type' => 'boolean',
347				'write_as' => [
348				'no',
349				'yes'
350				]
351				},
352				'IOWeight',
353				{
354				'description' => 'Set the default overall block I/O weight for the executed processes, if the unified control
355				group hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the
356				default block I/O weight. This controls the C<io.weight> control group attribute,
357				which defaults to 100. For details about this control group attribute, see L<IO
358				Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>. The available I/O bandwidth is split up among all units within one slice
359				relative to their block I/O weight. A higher weight means more I/O bandwidth, a lower weight means
360				less.
361
362				While C<StartupIOWeight> applies
363				to the startup and shutdown phases of the system,
364				C<IOWeight> applies to the later runtime of
365				the system, and if the former is not set also to the startup
366				and shutdown phases. This allows prioritizing specific services at boot-up
367				and shutdown differently than during runtime.',
368				'type' => 'leaf',
369				'value_type' => 'uniline'
370				},
371				'StartupIOWeight',
372				{
373				'description' => 'Set the default overall block I/O weight for the executed processes, if the unified control
374				group hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the
375				default block I/O weight. This controls the C<io.weight> control group attribute,
376				which defaults to 100. For details about this control group attribute, see L<IO
377				Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>. The available I/O bandwidth is split up among all units within one slice
378				relative to their block I/O weight. A higher weight means more I/O bandwidth, a lower weight means
379				less.
380
381				While C<StartupIOWeight> applies
382				to the startup and shutdown phases of the system,
383				C<IOWeight> applies to the later runtime of
384				the system, and if the former is not set also to the startup
385				and shutdown phases. This allows prioritizing specific services at boot-up
386				and shutdown differently than during runtime.',
387				'type' => 'leaf',
388				'value_type' => 'uniline'
389				},
390				'IODeviceWeight',
391				{
392				'description' => 'Set the per-device overall block I/O weight for the executed processes, if the unified control group
393				hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify
394				the device specific weight value, between 1 and 10000. (Example: C</dev/sda 1000>). The file
395				path may be specified as path to a block device node or as any other file, in which case the backing block
396				device of the file system of the file is determined. This controls the C<io.weight> control
397				group attribute, which defaults to 100. Use this option multiple times to set weights for multiple devices.
398				For details about this control group attribute, see L<IO Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
399
400				The specified device node should reference a block device that has an I/O scheduler
401				associated, i.e. should not refer to partition or loopback block devices, but to the originating,
402				physical device. When a path to a regular file or directory is specified it is attempted to
403				discover the correct originating device backing the file system of the specified path. This works
404				correctly only for simpler cases, where the file system is directly placed on a partition or
405				physical block device, or where simple 1:1 encryption using dm-crypt/LUKS is used. This discovery
406				does not cover complex storage and in particular RAID and volume management storage devices.',
407				'type' => 'leaf',
408				'value_type' => 'uniline'
409				},
410				'IOReadBandwidthMax',
411				{
412				'description' => 'Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified
413				control group hierarchy is used on the system. This limit is not work-conserving and the executed processes
414				are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file
415				path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may
416				be a path to a block device node, or as any other file in which case the backing block device of the file
417				system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is
418				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
419				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the C<io.max> control
420				group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details
421				about this control group attribute, see L<IO Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
422
423				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
424				'type' => 'leaf',
425				'value_type' => 'uniline'
426				},
427				'IOWriteBandwidthMax',
428				{
429				'description' => 'Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified
430				control group hierarchy is used on the system. This limit is not work-conserving and the executed processes
431				are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file
432				path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may
433				be a path to a block device node, or as any other file in which case the backing block device of the file
434				system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is
435				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
436				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the C<io.max> control
437				group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details
438				about this control group attribute, see L<IO Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
439
440				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
441				'type' => 'leaf',
442				'value_type' => 'uniline'
443				},
444				'IOReadIOPSMax',
445				{
446				'description' => 'Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the
447				unified control group hierarchy is used on the system. This limit is not work-conserving and the executed
448				processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of
449				a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block
450				device node, or as any other file in which case the backing block device of the file system of the file is
451				used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS,
452				GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example:
453				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the C<io.max> control
454				group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about
455				this control group attribute, see L<IO Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
456
457				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
458				'type' => 'leaf',
459				'value_type' => 'uniline'
460				},
461				'IOWriteIOPSMax',
462				{
463				'description' => 'Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the
464				unified control group hierarchy is used on the system. This limit is not work-conserving and the executed
465				processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of
466				a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block
467				device node, or as any other file in which case the backing block device of the file system of the file is
468				used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS,
469				GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example:
470				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the C<io.max> control
471				group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about
472				this control group attribute, see L<IO Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
473
474				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
475				'type' => 'leaf',
476				'value_type' => 'uniline'
477				},
478				'IODeviceLatencyTargetSec',
479				{
480				'description' => 'Set the per-device average target I/O latency for the executed processes, if the unified control group
481				hierarchy is used on the system. Takes a file path and a timespan separated by a space to specify
482				the device specific latency target. (Example: "/dev/sda 25ms"). The file path may be specified
483				as path to a block device node or as any other file, in which case the backing block device of the file
484				system of the file is determined. This controls the C<io.latency> control group
485				attribute. Use this option multiple times to set latency target for multiple devices. For details about this
486				control group attribute, see L<IO Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
487
488				Implies C<IOAccounting=yes>.
489
490				These settings are supported only if the unified control group hierarchy is used.
491
492				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
493				'type' => 'leaf',
494				'value_type' => 'uniline'
495				},
496				'IPAccounting',
497				{
498				'description' => "Takes a boolean argument. If true, turns on IPv4 and IPv6 network traffic accounting for packets sent
499				or received by the unit. When this option is turned on, all IPv4 and IPv6 sockets created by any process of
500				the unit are accounted for.
501
502				When this option is used in socket units, it applies to all IPv4 and IPv6 sockets
503				associated with it (including both listening and connection sockets where this applies). Note that for
504				socket-activated services, this configuration setting and the accounting data of the service unit and the
505				socket unit are kept separate, and displayed separately. No propagation of the setting and the collected
506				statistics is done, in either direction. Moreover, any traffic sent or received on any of the socket unit's
507				sockets is accounted to the socket unit \x{2014} and never to the service unit it might have activated, even if the
508				socket is used by it.
509
510				The system default for this setting may be controlled with C<DefaultIPAccounting> in
511				L<systemd-system.conf(5)>.",
512				'type' => 'leaf',
513				'value_type' => 'boolean',
514				'write_as' => [
515				'no',
516				'yes'
517				]
518				},
519				'IPAddressAllow',
520				{
521				'description' => "Turn on network traffic filtering for IP packets sent and received over
522				C<AF_INET> and C<AF_INET6> sockets. Both directives take a
523				space separated list of IPv4 or IPv6 addresses, each optionally suffixed with an address prefix
524				length in bits after a C</> character. If the suffix is omitted, the address is
525				considered a host address, i.e. the filter covers the whole address (32 bits for IPv4, 128 bits for
526				IPv6).
527
528				The access lists configured with this option are applied to all sockets created by processes
529				of this unit (or in the case of socket units, associated with it). The lists are implicitly
530				combined with any lists configured for any of the parent slice units this unit might be a member
531				of. By default both access lists are empty. Both ingress and egress traffic is filtered by these
532				settings. In case of ingress traffic the source IP address is checked against these access lists,
533				in case of egress traffic the destination IP address is checked. The following rules are applied in
534				turn:
535
536				In order to implement an allow-listing IP firewall, it is recommended to use a
537				C<IPAddressDeny>C<any> setting on an upper-level slice unit
538				(such as the root slice C<-.slice> or the slice containing all system services
539				C<system.slice> \x{2013} see
540				L<systemd.special(7)>
541				for details on these slice units), plus individual per-service C<IPAddressAllow>
542				lines permitting network access to relevant services, and only them.
543
544				Note that for socket-activated services, the IP access list configured on the socket unit
545				applies to all sockets associated with it directly, but not to any sockets created by the
546				ultimately activated services for it. Conversely, the IP access list configured for the service is
547				not applied to any sockets passed into the service via socket activation. Thus, it is usually a
548				good idea to replicate the IP access lists on both the socket and the service unit. Nevertheless,
549				it may make sense to maintain one list more open and the other one more restricted, depending on
550				the usecase.
551
552				If these settings are used multiple times in the same unit the specified lists are combined. If an
553				empty string is assigned to these settings the specific access list is reset and all previous settings undone.
554
555				In place of explicit IPv4 or IPv6 address and prefix length specifications a small set of symbolic
556				names may be used. The following names are defined:
557
558				Note that these settings might not be supported on some systems (for example if eBPF control group
559				support is not enabled in the underlying kernel or container manager). These settings will have no effect in
560				that case. If compatibility with such systems is desired it is hence recommended to not exclusively rely on
561				them for IP security.",
562				'type' => 'leaf',
563				'value_type' => 'uniline'
564				},
565				'IPAddressDeny',
566				{
567				'description' => "Turn on network traffic filtering for IP packets sent and received over
568				C<AF_INET> and C<AF_INET6> sockets. Both directives take a
569				space separated list of IPv4 or IPv6 addresses, each optionally suffixed with an address prefix
570				length in bits after a C</> character. If the suffix is omitted, the address is
571				considered a host address, i.e. the filter covers the whole address (32 bits for IPv4, 128 bits for
572				IPv6).
573
574				The access lists configured with this option are applied to all sockets created by processes
575				of this unit (or in the case of socket units, associated with it). The lists are implicitly
576				combined with any lists configured for any of the parent slice units this unit might be a member
577				of. By default both access lists are empty. Both ingress and egress traffic is filtered by these
578				settings. In case of ingress traffic the source IP address is checked against these access lists,
579				in case of egress traffic the destination IP address is checked. The following rules are applied in
580				turn:
581
582				In order to implement an allow-listing IP firewall, it is recommended to use a
583				C<IPAddressDeny>C<any> setting on an upper-level slice unit
584				(such as the root slice C<-.slice> or the slice containing all system services
585				C<system.slice> \x{2013} see
586				L<systemd.special(7)>
587				for details on these slice units), plus individual per-service C<IPAddressAllow>
588				lines permitting network access to relevant services, and only them.
589
590				Note that for socket-activated services, the IP access list configured on the socket unit
591				applies to all sockets associated with it directly, but not to any sockets created by the
592				ultimately activated services for it. Conversely, the IP access list configured for the service is
593				not applied to any sockets passed into the service via socket activation. Thus, it is usually a
594				good idea to replicate the IP access lists on both the socket and the service unit. Nevertheless,
595				it may make sense to maintain one list more open and the other one more restricted, depending on
596				the usecase.
597
598				If these settings are used multiple times in the same unit the specified lists are combined. If an
599				empty string is assigned to these settings the specific access list is reset and all previous settings undone.
600
601				In place of explicit IPv4 or IPv6 address and prefix length specifications a small set of symbolic
602				names may be used. The following names are defined:
603
604				Note that these settings might not be supported on some systems (for example if eBPF control group
605				support is not enabled in the underlying kernel or container manager). These settings will have no effect in
606				that case. If compatibility with such systems is desired it is hence recommended to not exclusively rely on
607				them for IP security.",
608				'type' => 'leaf',
609				'value_type' => 'uniline'
610				},
611				'IPIngressFilterPath',
612				{
613				'description' => 'Add custom network traffic filters implemented as BPF programs, applying to all IP packets
614				sent and received over C<AF_INET> and C<AF_INET6> sockets.
615				Takes an absolute path to a pinned BPF program in the BPF virtual filesystem (C</sys/fs/bpf/>).
616
617				The filters configured with this option are applied to all sockets created by processes
618				of this unit (or in the case of socket units, associated with it). The filters are loaded in addition
619				to filters any of the parent slice units this unit might be a member of as well as any
620				C<IPAddressAllow> and C<IPAddressDeny> filters in any of these units.
621				By default there are no filters specified.
622
623				If these settings are used multiple times in the same unit all the specified programs are attached. If an
624				empty string is assigned to these settings the program list is reset and all previous specified programs ignored.
625
626				If the path BPF_FS_PROGRAM_PATH in C<IPIngressFilterPath> assignment
627				is already being handled by C<BPFProgram> ingress hook, e.g.
628				C<BPFProgram>C<ingress>:BPF_FS_PROGRAM_PATH,
629				the assignment will be still considered valid and the program will be attached to a cgroup. Same for
630				C<IPEgressFilterPath> path and C<egress> hook.
631
632				Note that for socket-activated services, the IP filter programs configured on the socket unit apply to
633				all sockets associated with it directly, but not to any sockets created by the ultimately activated services
634				for it. Conversely, the IP filter programs configured for the service are not applied to any sockets passed into
635				the service via socket activation. Thus, it is usually a good idea, to replicate the IP filter programs on both
636				the socket and the service unit, however it often makes sense to maintain one configuration more open and the other
637				one more restricted, depending on the usecase.
638
639				Note that these settings might not be supported on some systems (for example if eBPF control group
640				support is not enabled in the underlying kernel or container manager). These settings will fail the service in
641				that case. If compatibility with such systems is desired it is hence recommended to attach your filter manually
642				(requires C<Delegate>C<yes>) instead of using this setting.',
643				'type' => 'leaf',
644				'value_type' => 'uniline'
645				},
646				'IPEgressFilterPath',
647				{
648				'description' => 'Add custom network traffic filters implemented as BPF programs, applying to all IP packets
649				sent and received over C<AF_INET> and C<AF_INET6> sockets.
650				Takes an absolute path to a pinned BPF program in the BPF virtual filesystem (C</sys/fs/bpf/>).
651
652				The filters configured with this option are applied to all sockets created by processes
653				of this unit (or in the case of socket units, associated with it). The filters are loaded in addition
654				to filters any of the parent slice units this unit might be a member of as well as any
655				C<IPAddressAllow> and C<IPAddressDeny> filters in any of these units.
656				By default there are no filters specified.
657
658				If these settings are used multiple times in the same unit all the specified programs are attached. If an
659				empty string is assigned to these settings the program list is reset and all previous specified programs ignored.
660
661				If the path BPF_FS_PROGRAM_PATH in C<IPIngressFilterPath> assignment
662				is already being handled by C<BPFProgram> ingress hook, e.g.
663				C<BPFProgram>C<ingress>:BPF_FS_PROGRAM_PATH,
664				the assignment will be still considered valid and the program will be attached to a cgroup. Same for
665				C<IPEgressFilterPath> path and C<egress> hook.
666
667				Note that for socket-activated services, the IP filter programs configured on the socket unit apply to
668				all sockets associated with it directly, but not to any sockets created by the ultimately activated services
669				for it. Conversely, the IP filter programs configured for the service are not applied to any sockets passed into
670				the service via socket activation. Thus, it is usually a good idea, to replicate the IP filter programs on both
671				the socket and the service unit, however it often makes sense to maintain one configuration more open and the other
672				one more restricted, depending on the usecase.
673
674				Note that these settings might not be supported on some systems (for example if eBPF control group
675				support is not enabled in the underlying kernel or container manager). These settings will fail the service in
676				that case. If compatibility with such systems is desired it is hence recommended to attach your filter manually
677				(requires C<Delegate>C<yes>) instead of using this setting.',
678				'type' => 'leaf',
679				'value_type' => 'uniline'
680				},
681				'SocketBindAllow',
682				{
683				'description' => "Allow or deny binding a socket address to a socket by matching it with the bind-rule and
684				applying a corresponding action if there is a match.
685
686				bind-rule describes socket properties such as address-family,
687				transport-protocol and ip-ports.
688
689				bind-rule :=
690				{ [address-familyC<:>][transport-protocolC<:>][ip-ports] \| C<any> }
691
692				address-family := { C<ipv4> \| C<ipv6> }
693
694				transport-protocol := { C<tcp> \| C<udp> }
695
696				ip-ports := { ip-port \| ip-port-range }
697
698				An optional address-family expects C<ipv4> or C<ipv6> values.
699				If not specified, a rule will be matched for both IPv4 and IPv6 addresses and applied depending on other socket fields, e.g. transport-protocol,
700				ip-port.
701
702				An optional transport-protocol expects C<tcp> or C<udp> transport protocol names.
703				If not specified, a rule will be matched for any transport protocol.
704
705				An optional ip-port value must lie within 1\x{2026}65535 interval inclusively, i.e.
706				dynamic port C<0> is not allowed. A range of sequential ports is described by
707				ip-port-range := ip-port-lowC<->ip-port-high,
708				where ip-port-low is smaller than or equal to ip-port-high
709				and both are within 1\x{2026}65535 inclusively.
710
711				A special value C<any> can be used to apply a rule to any address family, transport protocol and any port with a positive value.
712
713				To allow multiple rules assign C<SocketBindAllow> or C<SocketBindDeny> multiple times.
714				To clear the existing assignments pass an empty C<SocketBindAllow> or C<SocketBindDeny>
715				assignment.
716
717				For each of C<SocketBindAllow> and C<SocketBindDeny>, maximum allowed number of assignments is
718				C<128>.
719
720				The feature is implemented with C<cgroup/bind4> and C<cgroup/bind6> cgroup-bpf hooks.
721
722				Examples:
723				\x{2026}
724				# Allow binding IPv6 socket addresses with a port greater than or equal to 10000.
725				[Service]
726				SocketBindAllow=ipv6:10000-65535
727				SocketBindDeny=any
728				\x{2026}
729				# Allow binding IPv4 and IPv6 socket addresses with 1234 and 4321 ports.
730				[Service]
731				SocketBindAllow=1234
732				SocketBindAllow=4321
733				SocketBindDeny=any
734				\x{2026}
735				# Deny binding IPv6 socket addresses.
736				[Service]
737				SocketBindDeny=ipv6
738				\x{2026}
739				# Deny binding IPv4 and IPv6 socket addresses.
740				[Service]
741				SocketBindDeny=any
742				\x{2026}
743				# Allow binding only over TCP
744				[Service]
745				SocketBindAllow=tcp
746				SocketBindDeny=any
747				\x{2026}
748				# Allow binding only over IPv6/TCP
749				[Service]
750				SocketBindAllow=ipv6:tcp
751				SocketBindDeny=any
752				\x{2026}
753				# Allow binding ports within 10000-65535 range over IPv4/UDP.
754				[Service]
755				SocketBindAllow=ipv4:udp:10000-65535
756				SocketBindDeny=any
757				\x{2026}
758				",
759				'type' => 'leaf',
760				'value_type' => 'uniline'
761				},
762				'SocketBindDeny',
763				{
764				'description' => "Allow or deny binding a socket address to a socket by matching it with the bind-rule and
765				applying a corresponding action if there is a match.
766
767				bind-rule describes socket properties such as address-family,
768				transport-protocol and ip-ports.
769
770				bind-rule :=
771				{ [address-familyC<:>][transport-protocolC<:>][ip-ports] \| C<any> }
772
773				address-family := { C<ipv4> \| C<ipv6> }
774
775				transport-protocol := { C<tcp> \| C<udp> }
776
777				ip-ports := { ip-port \| ip-port-range }
778
779				An optional address-family expects C<ipv4> or C<ipv6> values.
780				If not specified, a rule will be matched for both IPv4 and IPv6 addresses and applied depending on other socket fields, e.g. transport-protocol,
781				ip-port.
782
783				An optional transport-protocol expects C<tcp> or C<udp> transport protocol names.
784				If not specified, a rule will be matched for any transport protocol.
785
786				An optional ip-port value must lie within 1\x{2026}65535 interval inclusively, i.e.
787				dynamic port C<0> is not allowed. A range of sequential ports is described by
788				ip-port-range := ip-port-lowC<->ip-port-high,
789				where ip-port-low is smaller than or equal to ip-port-high
790				and both are within 1\x{2026}65535 inclusively.
791
792				A special value C<any> can be used to apply a rule to any address family, transport protocol and any port with a positive value.
793
794				To allow multiple rules assign C<SocketBindAllow> or C<SocketBindDeny> multiple times.
795				To clear the existing assignments pass an empty C<SocketBindAllow> or C<SocketBindDeny>
796				assignment.
797
798				For each of C<SocketBindAllow> and C<SocketBindDeny>, maximum allowed number of assignments is
799				C<128>.
800
801				The feature is implemented with C<cgroup/bind4> and C<cgroup/bind6> cgroup-bpf hooks.
802
803				Examples:
804				\x{2026}
805				# Allow binding IPv6 socket addresses with a port greater than or equal to 10000.
806				[Service]
807				SocketBindAllow=ipv6:10000-65535
808				SocketBindDeny=any
809				\x{2026}
810				# Allow binding IPv4 and IPv6 socket addresses with 1234 and 4321 ports.
811				[Service]
812				SocketBindAllow=1234
813				SocketBindAllow=4321
814				SocketBindDeny=any
815				\x{2026}
816				# Deny binding IPv6 socket addresses.
817				[Service]
818				SocketBindDeny=ipv6
819				\x{2026}
820				# Deny binding IPv4 and IPv6 socket addresses.
821				[Service]
822				SocketBindDeny=any
823				\x{2026}
824				# Allow binding only over TCP
825				[Service]
826				SocketBindAllow=tcp
827				SocketBindDeny=any
828				\x{2026}
829				# Allow binding only over IPv6/TCP
830				[Service]
831				SocketBindAllow=ipv6:tcp
832				SocketBindDeny=any
833				\x{2026}
834				# Allow binding ports within 10000-65535 range over IPv4/UDP.
835				[Service]
836				SocketBindAllow=ipv4:udp:10000-65535
837				SocketBindDeny=any
838				\x{2026}
839				",
840				'type' => 'leaf',
841				'value_type' => 'uniline'
842				},
843				'RestrictNetworkInterfaces',
844				{
845				'description' => 'Takes a list of space-separated network interface names. This option restricts the network
846				interfaces that processes of this unit can use. By default processes can only use the network interfaces
847				listed (allow-list). If the first character of the rule is C<~>, the effect is inverted:
848				the processes can only use network interfaces not listed (deny-list).
849
850				This option can appear multiple times, in which case the network interface names are merged. If the
851				empty string is assigned the set is reset, all prior assignments will have not effect.
852
853				If you specify both types of this option (i.e. allow-listing and deny-listing), the first encountered
854				will take precedence and will dictate the default action (allow vs deny). Then the next occurrences of this
855				option will add or delete the listed network interface names from the set, depending of its type and the
856				default action.
857
858				The loopback interface ("lo") is not treated in any special way, you have to configure it explicitly
859				in the unit file.
860
861				Example 1: allow-list
862
863
864				RestrictNetworkInterfaces=eth1
865				RestrictNetworkInterfaces=eth2
866
867				Programs in the unit will be only able to use the eth1 and eth2 network
868				interfaces.
869
870				Example 2: deny-list
871
872
873				RestrictNetworkInterfaces=~eth1 eth2
874
875				Programs in the unit will be able to use any network interface but eth1 and eth2.
876
877				Example 3: mixed
878
879
880				RestrictNetworkInterfaces=eth1 eth2
881				RestrictNetworkInterfaces=~eth1
882
883				Programs in the unit will be only able to use the eth2 network interface.
884				',
885				'type' => 'leaf',
886				'value_type' => 'uniline'
887				},
888				'DeviceAllow',
889				{
890				'cargo' => {
891				'type' => 'leaf',
892				'value_type' => 'uniline'
893				},
894				'description' => "Control access to specific device nodes by the executed processes. Takes two space-separated
895				strings: a device node specifier followed by a combination of C<r>,
896				C<w>, C<m> to control reading,
897				writing, or creation of the specific device nodes by the unit
898				(mknod), respectively. This functionality is implemented using eBPF
899				filtering.
900
901				When access to all physical devices should be disallowed,
902				C<PrivateDevices> may be used instead. See
903				L<systemd.exec(5)>.
904
905				The device node specifier is either a path to a device node in the file system, starting with
906				C</dev/>, or a string starting with either C<char-> or
907				C<block-> followed by a device group name, as listed in
908				C</proc/devices>. The latter is useful to allow-list all current and future
909				devices belonging to a specific device group at once. The device group is matched according to
910				filename globbing rules, you may hence use the C<*> and C<?>
911				wildcards. (Note that such globbing wildcards are not available for device node path
912				specifications!) In order to match device nodes by numeric major/minor, use device node paths in
913				the C</dev/char/> and C</dev/block/> directories. However,
914				matching devices by major/minor is generally not recommended as assignments are neither stable nor
915				portable between systems or different kernel versions.
916
917				Examples: C</dev/sda5> is a path to a device node, referring to an ATA or
918				SCSI block device. C<char-pts> and C<char-alsa> are specifiers for
919				all pseudo TTYs and all ALSA sound devices, respectively. C<char-cpu/*> is a
920				specifier matching all CPU related device groups.
921
922				Note that allow lists defined this way should only reference device groups which are
923				resolvable at the time the unit is started. Any device groups not resolvable then are not added to
924				the device allow list. In order to work around this limitation, consider extending service units
925				with a pair of After=modprobe\@xyz.service and
926				Wants=modprobe\@xyz.service lines that load the necessary kernel module
927				implementing the device group if missing.
928				Example:
929				\x{2026}
930				[Unit]
931				Wants=modprobe\@loop.service
932				After=modprobe\@loop.service
933				[Service]
934				DeviceAllow=block-loop
935				DeviceAllow=/dev/loop-control
936				\x{2026}
937				",
938				'type' => 'list'
939				},
940				'DevicePolicy',
941				{
942				'choice' => [
943				'auto',
944				'closed',
945				'strict'
946				],
947				'description' => '
948				Control the policy for allowing device access:
949				',
950				'type' => 'leaf',
951				'value_type' => 'enum'
952				},
953				'Slice',
954				{
955				'description' => 'The name of the slice unit to place the unit
956				in. Defaults to C<system.slice> for all
957				non-instantiated units of all unit types (except for slice
958				units themselves see below). Instance units are by default
959				placed in a subslice of C<system.slice>
960				that is named after the template name.
961
962				This option may be used to arrange systemd units in a
963				hierarchy of slices each of which might have resource
964				settings applied.
965
966				For units of type slice, the only accepted value for
967				this setting is the parent slice. Since the name of a slice
968				unit implies the parent slice, it is hence redundant to ever
969				set this parameter directly for slice units.
970
971				Special care should be taken when relying on the default slice assignment in templated service units
972				that have C<DefaultDependencies=no> set, see
973				L<systemd.service(5)>, section
974				"Default Dependencies" for details.',
975				'type' => 'leaf',
976				'value_type' => 'uniline'
977				},
978				'Delegate',
979				{
980				'description' => 'Turns on delegation of further resource control partitioning to processes of the unit. Units where this
981				is enabled may create and manage their own private subhierarchy of control groups below the control group of
982				the unit itself. For unprivileged services (i.e. those using the C<User> setting) the unit\'s
983				control group will be made accessible to the relevant user. When enabled the service manager will refrain
984				from manipulating control groups or moving processes below the unit\'s control group, so that a clear concept
985				of ownership is established: the control group tree above the unit\'s control group (i.e. towards the root
986				control group) is owned and managed by the service manager of the host, while the control group tree below
987				the unit\'s control group is owned and managed by the unit itself. Takes either a boolean argument or a list
988				of control group controller names. If true, delegation is turned on, and all supported controllers are
989				enabled for the unit, making them available to the unit\'s processes for management. If false, delegation is
990				turned off entirely (and no additional controllers are enabled). If set to a list of controllers, delegation
991				is turned on, and the specified controllers are enabled for the unit. Note that additional controllers than
992				the ones specified might be made available as well, depending on configuration of the containing slice unit
993				or other units contained in it. Note that assigning the empty string will enable delegation, but reset the
994				list of controllers, all assignments prior to this will have no effect. Defaults to false.
995
996				Note that controller delegation to less privileged code is only safe on the unified control group
997				hierarchy. Accordingly, access to the specified controllers will not be granted to unprivileged services on
998				the legacy hierarchy, even when requested.
999
1000				Not all of these controllers are available on all kernels however, and some are
1001				specific to the unified hierarchy while others are specific to the legacy hierarchy. Also note that the
1002				kernel might support further controllers, which aren\'t covered here yet as delegation is either not supported
1003				at all for them or not defined cleanly.
1004
1005				For further details on the delegation model consult L<Control Group APIs and Delegation\|https://systemd.io/CGROUP_DELEGATION>.',
1006				'type' => 'leaf',
1007				'value_type' => 'uniline'
1008				},
1009				'DisableControllers',
1010				{
1011				'description' => 'Disables controllers from being enabled for a unit\'s children. If a controller listed is already in use
1012				in its subtree, the controller will be removed from the subtree. This can be used to avoid child units being
1013				able to implicitly or explicitly enable a controller. Defaults to not disabling any controllers.
1014
1015				It may not be possible to successfully disable a controller if the unit or any child of the unit in
1016				question delegates controllers to its children, as any delegated subtree of the cgroup hierarchy is unmanaged
1017				by systemd.
1018
1019				Multiple controllers may be specified, separated by spaces. You may also pass
1020				C<DisableControllers> multiple times, in which case each new instance adds another controller
1021				to disable. Passing C<DisableControllers> by itself with no controller name present resets
1022				the disabled controller list.',
1023				'type' => 'leaf',
1024				'value_type' => 'uniline'
1025				},
1026				'ManagedOOMSwap',
1027				{
1028				'choice' => [
1029				'auto',
1030				'kill'
1031				],
1032				'description' => 'Specifies how
1033				L<systemd-oomd.service(8)>
1034				will act on this unit\'s cgroups. Defaults to C<auto>.
1035
1036				When set to C<kill>, the unit becomes a candidate for monitoring by
1037				systemd-oomd. If the cgroup passes the limits set by
1038				L<oomd.conf(5)> or
1039				the unit configuration, systemd-oomd will select a descendant cgroup and send
1040				C<SIGKILL> to all of the processes under it. You can find more details on
1041				candidates and kill behavior at
1042				L<systemd-oomd.service(8)>
1043				and
1044				L<oomd.conf(5)>.
1045
1046				Setting either of these properties to C<kill> will also result in
1047				C<After> and C<Wants> dependencies on
1048				C<systemd-oomd.service> unless C<DefaultDependencies=no>.
1049
1050				When set to C<auto>, systemd-oomd will not actively use this
1051				cgroup\'s data for monitoring and detection. However, if an ancestor cgroup has one of these
1052				properties set to C<kill>, a unit with C<auto> can still be a candidate
1053				for systemd-oomd to terminate.',
1054				'type' => 'leaf',
1055				'value_type' => 'enum'
1056				},
1057				'ManagedOOMMemoryPressure',
1058				{
1059				'choice' => [
1060				'auto',
1061				'kill'
1062				],
1063				'description' => 'Specifies how
1064				L<systemd-oomd.service(8)>
1065				will act on this unit\'s cgroups. Defaults to C<auto>.
1066
1067				When set to C<kill>, the unit becomes a candidate for monitoring by
1068				systemd-oomd. If the cgroup passes the limits set by
1069				L<oomd.conf(5)> or
1070				the unit configuration, systemd-oomd will select a descendant cgroup and send
1071				C<SIGKILL> to all of the processes under it. You can find more details on
1072				candidates and kill behavior at
1073				L<systemd-oomd.service(8)>
1074				and
1075				L<oomd.conf(5)>.
1076
1077				Setting either of these properties to C<kill> will also result in
1078				C<After> and C<Wants> dependencies on
1079				C<systemd-oomd.service> unless C<DefaultDependencies=no>.
1080
1081				When set to C<auto>, systemd-oomd will not actively use this
1082				cgroup\'s data for monitoring and detection. However, if an ancestor cgroup has one of these
1083				properties set to C<kill>, a unit with C<auto> can still be a candidate
1084				for systemd-oomd to terminate.',
1085				'type' => 'leaf',
1086				'value_type' => 'enum'
1087				},
1088				'ManagedOOMMemoryPressureLimit',
1089				{
1090				'description' => 'Overrides the default memory pressure limit set by
1091				L<oomd.conf(5)> for
1092				this unit (cgroup). Takes a percentage value between 0% and 100%, inclusive. This property is
1093				ignored unless C<ManagedOOMMemoryPressure>C<kill>. Defaults to 0%,
1094				which means to use the default set by
1095				L<oomd.conf(5)>.
1096				',
1097				'type' => 'leaf',
1098				'value_type' => 'uniline'
1099				},
1100				'ManagedOOMPreference',
1101				{
1102				'choice' => [
1103				'none',
1104				'avoid',
1105				'omit'
1106				],
1107				'description' => 'Allows deprioritizing or omitting this unit\'s cgroup as a candidate when
1108				systemd-oomd needs to act. Requires support for extended attributes (see
1109				L<xattr(7)>)
1110				in order to use C<avoid> or C<omit>.
1111
1112				When calculating candidates to relieve swap usage, systemd-oomd will
1113				only respect these extended attributes if the unit\'s cgroup is owned by root.
1114
1115				When calculating candidates to relieve memory pressure, systemd-oomd
1116				will only respect these extended attributes if the unit\'s cgroup owner, and the
1117				owner of the monitored ancestor cgroup are the same. For example, if systemd-oomd
1118				is calculating candidates for C<-.slice>, then extended attributes set
1119				on descendants of C</user.slice/user-1000.slice/user@1000.service/>
1120				will be ignored because the descendants are owned by UID 1000, and C<-.slice>
1121				is owned by UID 0. But, if calculating candidates for
1122				C</user.slice/user-1000.slice/user@1000.service/>, then extended attributes set
1123				on the descendants would be respected.
1124
1125				If this property is set to C<avoid>, the service manager will convey this to
1126				systemd-oomd, which will only select this cgroup if there are no other viable
1127				candidates.
1128
1129				If this property is set to C<omit>, the service manager will convey this to
1130				systemd-oomd, which will ignore this cgroup as a candidate and will not perform
1131				any actions on it.
1132
1133				It is recommended to use C<avoid> and C<omit> sparingly, as it
1134				can adversely affect systemd-oomd\'s kill behavior. Also note that these extended
1135				attributes are not applied recursively to cgroups under this unit\'s cgroup.
1136
1137				Defaults to C<none> which means systemd-oomd will rank this
1138				unit\'s cgroup as defined in
1139				L<systemd-oomd.service(8)>
1140				and L<oomd.conf(5)>.
1141				',
1142				'type' => 'leaf',
1143				'value_type' => 'enum'
1144				}
1145				],
1146				'generated_by' => 'parse-man.pl from systemd 252 doc',
1147				'license' => 'LGPLv2.1+',
1148				'name' => 'Systemd::Common::ResourceControl'
1149				}
1150				]
1151				;
1152