Settings for systemd units
Systemd allows fine-grained customization of units by defining so-called properties. These properties or settings influence what a unit, such as a service, can or can not do. As their is a wide range of settings, this page has the goal to present them, including a quick reference to each of them.
Setting | Description | Available since |
---|---|---|
DeviceAllow | Define level of access to devices in /dev | 208 |
DevicePolicy | Define level of access to devices in /dev | 208 |
InaccessiblePaths | Define paths that should not be accessible | 231 |
MemoryDenyWriteExecute | Block creation or alteration of memory segments to become writable and executable as well | 231 |
ProcSubset | Define the subset of access by unit to /proc | 247 |
ProtectHome | Define what level of access is possible to home directories | 214 |
ProtectKernelLogs | Define if service may read or write to the kernel log ring buffer | 244 |
ProtectKernelModules | Define if kernel modules may be loaded | 232 |
ProtectProc | Control the 'hidepid' mount option to define what information from /proc is available | 247 |
ReadWritePaths | Define paths that can be opened to read from and write to new or existing files | 231 |
RestrictAddressFamilies | Control what socket address families can be used by a unit | 211 |
SocketBindAllow | Define which address families, transport protocols, and/or ports are allowed to bind() to a socket | 249 |
SocketBindDeny | Restricts address families, transport protocols, and/or ports to bind() to a socket | 249 |
SystemCallFilter | Define what syscalls are allowed or forbidden to be used by a process | 187 |