diff options
author | Michael Biebl <biebl@debian.org> | 2017-12-14 23:22:02 +0100 |
---|---|---|
committer | Michael Biebl <biebl@debian.org> | 2017-12-14 23:22:02 +0100 |
commit | 52ad194e0b816b8273dd8d0fea3e6d467f6ca34e (patch) | |
tree | 1a3b3117e015f200ca0ce23f5ad27be6d0a7b0fb /man/systemd.resource-control.xml | |
parent | f5e65279187b6aa0c0c5a00b14dca9eab441ffb2 (diff) | |
download | systemd-52ad194e0b816b8273dd8d0fea3e6d467f6ca34e.tar.gz |
New upstream version 236
Diffstat (limited to 'man/systemd.resource-control.xml')
-rw-r--r-- | man/systemd.resource-control.xml | 43 |
1 files changed, 30 insertions, 13 deletions
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index 0c0c91608a..18b7bf8f6a 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -3,6 +3,8 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> <!-- + SPDX-License-Identifier: LGPL-2.1+ + This file is part of systemd. Copyright 2013 Zbigniew Jędrzejewski-Szmek @@ -120,10 +122,6 @@ <varlistentry> <term><option>CPU</option></term> <listitem> - <para>Due to the lack of consensus in the kernel community, the CPU controller support on the unified - control group hierarchy requires out-of-tree kernel patches. See <ulink - url="https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git/tree/Documentation/cgroup-v2-cpu.txt?h=cgroup-v2-cpu">cgroup-v2-cpu.txt</ulink>.</para> - <para><varname>CPUWeight=</varname> and <varname>StartupCPUWeight=</varname> replace <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>, respectively.</para> @@ -142,7 +140,7 @@ <varlistentry> <term><option>IO</option></term> <listitem> - <para><varname>IO</varname> prefixed settings are superset of and replace <varname>BlockIO</varname> + <para><varname>IO</varname> prefixed settings are a superset of and replace <varname>BlockIO</varname> prefixed ones. On unified hierarchy, IO resource control also applies to buffered writes.</para> </listitem> </varlistentry> @@ -500,7 +498,7 @@ </varlistentry> <varlistentry> - <term><varname>IPAddressAllow=<replaceable>ADDDRESS[/PREFIXLENGTH]…</replaceable></varname></term> + <term><varname>IPAddressAllow=<replaceable>ADDRESS[/PREFIXLENGTH]…</replaceable></varname></term> <term><varname>IPAddressDeny=<replaceable>ADDRESS[/PREFIXLENGTH]…</replaceable></varname></term> <listitem> @@ -711,13 +709,32 @@ <term><varname>Delegate=</varname></term> <listitem> - <para>Turns on delegation of further resource control - partitioning to processes of the unit. For unprivileged - services (i.e. those using the <varname>User=</varname> - setting), this allows processes to create a subhierarchy - beneath its control group path. For privileged services and - scopes, this ensures the processes will have all control - group controllers enabled.</para> + <para>Turns on delegation of further resource control partitioning to processes of the unit. Units where this + is enabled may create and manage their own private subhierarchy of control groups below the control group of + the unit itself. For unprivileged services (i.e. those using the <varname>User=</varname> setting) the unit's + control group will be made accessible to the relevant user. When enabled the service manager will refrain + from manipulating control groups or moving processes below the unit's control group, so that a clear concept + of ownership is established: the control group tree above the unit's control group (i.e. towards the root + control group) is owned and managed by the service manager of the host, while the control group tree below + the unit's control group is owned and managed by the unit itself. Takes either a boolean argument or a list + of control group controller names. If true, delegation is turned on, and all supported controllers are + enabled for the unit, making them available to the unit's processes for management. If false, delegation is + turned off entirely (and no additional controllers are enabled). If set to a list of controllers, delegation + is turned on, and the specified controllers are enabled for the unit. Note that additional controllers than + the ones specified might be made available as well, depending on configuration of the containing slice unit + or other units contained in it. Note that assigning the empty string will enable delegation, but reset the + list of controllers, all assignments prior to this will have no effect. Defaults to false.</para> + + <para>Note that controller delegation to less privileged code is only safe on the unified control group + hierarchy. Accordingly, access to the specified controllers will not be granted to unprivileged services on + the legacy hierarchy, even when requested.</para> + + <para>The following controller names may be specified: <option>cpu</option>, <option>cpuacct</option>, + <option>io</option>, <option>blkio</option>, <option>memory</option>, <option>devices</option>, + <option>pids</option>. Not all of these controllers are available on all kernels however, and some are + specific to the unified hierarchy while others are specific to the legacy hierarchy. Also note that the + kernel might support further controllers, which aren't covered here yet as delegation is either not supported + at all for them or not defined cleanly.</para> </listitem> </varlistentry> |