File Coverage

blib/lib/Config/Model/models/Systemd/Common/ResourceControl.pl

Criterion	Covered	Total	%
statement	18	18	100.0
branch			n/a
condition			n/a
subroutine	6	6	100.0
pod			n/a
total	24	24	100.0

line	stmt	sub	time	code
1				#
2				# This file is part of Config-Model-Systemd
3				#
4				# This software is Copyright (c) 2008-2022 by Dominique Dumont.
5				#
6				# This is free software, licensed under:
7				#
8				# The GNU Lesser General Public License, Version 2.1, February 1999
9				#
10	4	4	109966	use strict;
	4	1	11
	4	1	112
	1		19190
	1		3
	1		20
	1		19071
	1		2
	1		20
11	4	4	18	use warnings;
	4	1	10
	4	1	3770
	1		5
	1		3
	1		872
	1		5
	1		2
	1		908
12
13				return [
14				{
15				'accept' => [
16				'.*',
17				{
18				'type' => 'leaf',
19				'value_type' => 'uniline',
20				'warn' => 'Unexpected systemd parameter. Please contact cme author to update systemd model.'
21				}
22				],
23				'class_description' => 'Unit configuration files for services, slices, scopes, sockets, mount points, and swap devices share a subset
24				of configuration options for resource control of spawned processes. Internally, this relies on the Linux Control
25				Groups (cgroups) kernel concept for organizing processes in a hierarchical tree of named groups for the purpose of
26				resource management.
27
28				This man page lists the configuration options shared by
29				those six unit types. See
30				L<systemd.unit(5)>
31				for the common options of all unit configuration files, and
32				L<systemd.slice(5)>,
33				L<systemd.scope(5)>,
34				L<systemd.service(5)>,
35				L<systemd.socket(5)>,
36				L<systemd.mount(5)>,
37				and
38				L<systemd.swap(5)>
39				for more information on the specific unit configuration files. The
40				resource control configuration options are configured in the
41				[Slice], [Scope], [Service], [Socket], [Mount], or [Swap]
42				sections, depending on the unit type.
43
44				In addition, options which control resources available to programs
45				executed by systemd are listed in
46				L<systemd.exec(5)>.
47				Those options complement options listed here.
48
49				See the L<New
50				Control Group Interfaces\|https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface> for an introduction on how to make
51				use of resource control APIs from programs.
52				This configuration class was generated from systemd documentation.
53				by L<parse-man.pl\|https://github.com/dod38fr/config-model-systemd/contrib/parse-man.pl>
54				',
55				'copyright' => [
56				'2010-2016 Lennart Poettering and others',
57				'2016 Dominique Dumont'
58				],
59				'element' => [
60				'CPUAccounting',
61				{
62				'description' => 'Turn on CPU usage accounting for this unit. Takes a
63				boolean argument. Note that turning on CPU accounting for
64				one unit will also implicitly turn it on for all units
65				contained in the same slice and for all its parent slices
66				and the units contained therein. The system default for this
67				setting may be controlled with
68				C<DefaultCPUAccounting> in
69				L<systemd-system.conf(5)>.',
70				'type' => 'leaf',
71				'value_type' => 'boolean',
72				'write_as' => [
73				'no',
74				'yes'
75				]
76				},
77				'CPUWeight',
78				{
79				'description' => 'These options accept an integer value or a the special string "idle":
80
81				While C<StartupCPUWeight> applies to the startup and shutdown phases of the system,
82				C<CPUWeight> applies to normal runtime of the system, and if the former is not set also to
83				the startup and shutdown phases. Using C<StartupCPUWeight> allows prioritizing specific services at
84				boot-up and shutdown differently than during normal runtime.',
85				'type' => 'leaf',
86				'value_type' => 'uniline'
87				},
88				'StartupCPUWeight',
89				{
90				'description' => 'These options accept an integer value or a the special string "idle":
91
92				While C<StartupCPUWeight> applies to the startup and shutdown phases of the system,
93				C<CPUWeight> applies to normal runtime of the system, and if the former is not set also to
94				the startup and shutdown phases. Using C<StartupCPUWeight> allows prioritizing specific services at
95				boot-up and shutdown differently than during normal runtime.',
96				'type' => 'leaf',
97				'value_type' => 'uniline'
98				},
99				'CPUQuota',
100				{
101				'description' => 'Assign the specified CPU time quota to the processes executed. Takes a percentage value, suffixed with
102				"%". The percentage specifies how much CPU time the unit shall get at maximum, relative to the total CPU time
103				available on one CPU. Use values > 100% for allotting CPU time on more than one CPU. This controls the
104				C<cpu.max> attribute on the unified control group hierarchy and
105				C<cpu.cfs_quota_us> on legacy. For details about these control group attributes, see L<Control Groups
106				v2\|https://docs.kernel.org/admin-guide/cgroup-v2.html> and L<CFS Bandwidth
107				Control\|https://docs.kernel.org/scheduler/sched-bwc.html>.
108				Setting C<CPUQuota> to an empty value unsets the quota.
109
110				Example: C<CPUQuota=20%> ensures that the executed processes will never get more than
111				20% CPU time on one CPU.',
112				'type' => 'leaf',
113				'value_type' => 'uniline'
114				},
115				'CPUQuotaPeriodSec',
116				{
117				'description' => 'Assign the duration over which the CPU time quota specified by C<CPUQuota> is measured.
118				Takes a time duration value in seconds, with an optional suffix such as "ms" for milliseconds (or "s" for seconds.)
119				The default setting is 100ms. The period is clamped to the range supported by the kernel, which is [1ms, 1000ms].
120				Additionally, the period is adjusted up so that the quota interval is also at least 1ms.
121				Setting C<CPUQuotaPeriodSec> to an empty value resets it to the default.
122
123				This controls the second field of C<cpu.max> attribute on the unified control group hierarchy
124				and C<cpu.cfs_period_us> on legacy. For details about these control group attributes, see
125				L<Control Groups v2\|https://docs.kernel.org/admin-guide/cgroup-v2.html> and
126				L<CFS Scheduler\|https://docs.kernel.org/scheduler/sched-design-CFS.html>.
127
128				Example: C<CPUQuotaPeriodSec=10ms> to request that the CPU quota is measured in periods of 10ms.',
129				'type' => 'leaf',
130				'value_type' => 'uniline'
131				},
132				'AllowedCPUs',
133				{
134				'description' => 'Restrict processes to be executed on specific CPUs. Takes a list of CPU indices or ranges separated by either
135				whitespace or commas. CPU ranges are specified by the lower and upper CPU indices separated by a dash.
136
137				Setting C<AllowedCPUs> or C<StartupAllowedCPUs> doesn\'t guarantee that all
138				of the CPUs will be used by the processes as it may be limited by parent units. The effective configuration is
139				reported as C<EffectiveCPUs>.
140
141				While C<StartupAllowedCPUs> applies to the startup and shutdown phases of the system,
142				C<AllowedCPUs> applies to normal runtime of the system, and if the former is not set also to
143				the startup and shutdown phases. Using C<StartupAllowedCPUs> allows prioritizing specific services at
144				boot-up and shutdown differently than during normal runtime.
145
146				This setting is supported only with the unified control group hierarchy.',
147				'type' => 'leaf',
148				'value_type' => 'uniline'
149				},
150				'StartupAllowedCPUs',
151				{
152				'description' => 'Restrict processes to be executed on specific CPUs. Takes a list of CPU indices or ranges separated by either
153				whitespace or commas. CPU ranges are specified by the lower and upper CPU indices separated by a dash.
154
155				Setting C<AllowedCPUs> or C<StartupAllowedCPUs> doesn\'t guarantee that all
156				of the CPUs will be used by the processes as it may be limited by parent units. The effective configuration is
157				reported as C<EffectiveCPUs>.
158
159				While C<StartupAllowedCPUs> applies to the startup and shutdown phases of the system,
160				C<AllowedCPUs> applies to normal runtime of the system, and if the former is not set also to
161				the startup and shutdown phases. Using C<StartupAllowedCPUs> allows prioritizing specific services at
162				boot-up and shutdown differently than during normal runtime.
163
164				This setting is supported only with the unified control group hierarchy.',
165				'type' => 'leaf',
166				'value_type' => 'uniline'
167				},
168				'AllowedMemoryNodes',
169				{
170				'description' => 'Restrict processes to be executed on specific memory NUMA nodes. Takes a list of memory NUMA nodes indices
171				or ranges separated by either whitespace or commas. Memory NUMA nodes ranges are specified by the lower and upper
172				NUMA nodes indices separated by a dash.
173
174				Setting C<AllowedMemoryNodes> or C<StartupAllowedMemoryNodes> doesn\'t
175				guarantee that all of the memory NUMA nodes will be used by the processes as it may be limited by parent units.
176				The effective configuration is reported as C<EffectiveMemoryNodes>.
177
178				While C<StartupAllowedMemoryNodes> applies to the startup and shutdown phases of the system,
179				C<AllowedMemoryNodes> applies to normal runtime of the system, and if the former is not set also to
180				the startup and shutdown phases. Using C<StartupAllowedMemoryNodes> allows prioritizing specific services at
181				boot-up and shutdown differently than during normal runtime.
182
183				This setting is supported only with the unified control group hierarchy.',
184				'type' => 'leaf',
185				'value_type' => 'uniline'
186				},
187				'StartupAllowedMemoryNodes',
188				{
189				'description' => 'Restrict processes to be executed on specific memory NUMA nodes. Takes a list of memory NUMA nodes indices
190				or ranges separated by either whitespace or commas. Memory NUMA nodes ranges are specified by the lower and upper
191				NUMA nodes indices separated by a dash.
192
193				Setting C<AllowedMemoryNodes> or C<StartupAllowedMemoryNodes> doesn\'t
194				guarantee that all of the memory NUMA nodes will be used by the processes as it may be limited by parent units.
195				The effective configuration is reported as C<EffectiveMemoryNodes>.
196
197				While C<StartupAllowedMemoryNodes> applies to the startup and shutdown phases of the system,
198				C<AllowedMemoryNodes> applies to normal runtime of the system, and if the former is not set also to
199				the startup and shutdown phases. Using C<StartupAllowedMemoryNodes> allows prioritizing specific services at
200				boot-up and shutdown differently than during normal runtime.
201
202				This setting is supported only with the unified control group hierarchy.',
203				'type' => 'leaf',
204				'value_type' => 'uniline'
205				},
206				'MemoryAccounting',
207				{
208				'description' => 'Turn on process and kernel memory accounting for this
209				unit. Takes a boolean argument. Note that turning on memory
210				accounting for one unit will also implicitly turn it on for
211				all units contained in the same slice and for all its parent
212				slices and the units contained therein. The system default
213				for this setting may be controlled with
214				C<DefaultMemoryAccounting> in
215				L<systemd-system.conf(5)>.',
216				'type' => 'leaf',
217				'value_type' => 'boolean',
218				'write_as' => [
219				'no',
220				'yes'
221				]
222				},
223				'MemoryMin',
224				{
225				'description' => 'Specify the memory usage protection of the executed processes in this unit.
226				When reclaiming memory, the unit is treated as if it was using less memory resulting in memory
227				to be preferentially reclaimed from unprotected units.
228				Using C<MemoryLow> results in a weaker protection where memory may still
229				be reclaimed to avoid invoking the OOM killer in case there is no other reclaimable memory.
230
231				For a protection to be effective, it is generally required to set a corresponding
232				allocation on all ancestors, which is then distributed between children
233				(with the exception of the root slice).
234				Any C<MemoryMin> or C<MemoryLow> allocation that is not
235				explicitly distributed to specific children is used to create a shared protection for all children.
236				As this is a shared protection, the children will freely compete for the memory.
237
238				Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
239				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
240				percentage value may be specified, which is taken relative to the installed physical memory on the
241				system. If assigned the special value C<infinity>, all available memory is protected, which may be
242				useful in order to always inherit all of the protection afforded by ancestors.
243				This controls the C<memory.min> or C<memory.low> control group attribute.
244				For details about this control group attribute, see L<Memory Interface
245				Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files>.
246
247				Units may have their children use a default C<memory.min> or
248				C<memory.low> value by specifying C<DefaultMemoryMin> or
249				C<DefaultMemoryLow>, which has the same semantics as
250				C<MemoryMin> and C<MemoryLow>.
251				This setting does not affect C<memory.min> or C<memory.low>
252				in the unit itself.
253				Using it to set a default child allocation is only useful on kernels older than 5.7,
254				which do not support the C<memory_recursiveprot> cgroup2 mount option.',
255				'type' => 'leaf',
256				'value_type' => 'uniline'
257				},
258				'MemoryHigh',
259				{
260				'description' => 'Specify the throttling limit on memory usage of the executed processes in this unit. Memory usage may go
261				above the limit if unavoidable, but the processes are heavily slowed down and memory is taken away
262				aggressively in such cases. This is the main mechanism to control memory usage of a unit.
263
264				Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
265				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
266				percentage value may be specified, which is taken relative to the installed physical memory on the
267				system. If assigned the
268				special value C<infinity>, no memory throttling is applied. This controls the
269				C<memory.high> control group attribute. For details about this control group attribute, see
270				L<Memory Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files>.',
271				'type' => 'leaf',
272				'value_type' => 'uniline'
273				},
274				'MemoryMax',
275				{
276				'description' => 'Specify the absolute limit on memory usage of the executed processes in this unit. If memory usage
277				cannot be contained under the limit, out-of-memory killer is invoked inside the unit. It is recommended to
278				use C<MemoryHigh> as the main control mechanism and use C<MemoryMax> as the
279				last line of defense.
280
281				Takes a memory size in bytes. If the value is suffixed with K, M, G or T, the specified memory size is
282				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a
283				percentage value may be specified, which is taken relative to the installed physical memory on the system. If
284				assigned the special value C<infinity>, no memory limit is applied. This controls the
285				C<memory.max> control group attribute. For details about this control group attribute, see
286				L<Memory Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files>.',
287				'type' => 'leaf',
288				'value_type' => 'uniline'
289				},
290				'MemorySwapMax',
291				{
292				'description' => 'Specify the absolute limit on swap usage of the executed processes in this unit.
293
294				Takes a swap size in bytes. If the value is suffixed with K, M, G or T, the specified swap size is
295				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the
296				special value C<infinity>, no swap limit is applied. This controls the
297				C<memory.swap.max> control group attribute. For details about this control group attribute,
298				see L<Memory Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files>.',
299				'type' => 'leaf',
300				'value_type' => 'uniline'
301				},
302				'TasksAccounting',
303				{
304				'description' => 'Turn on task accounting for this unit. Takes a
305				boolean argument. If enabled, the system manager will keep
306				track of the number of tasks in the unit. The number of
307				tasks accounted this way includes both kernel threads and
308				userspace processes, with each thread counting
309				individually. Note that turning on tasks accounting for one
310				unit will also implicitly turn it on for all units contained
311				in the same slice and for all its parent slices and the
312				units contained therein. The system default for this setting
313				may be controlled with
314				C<DefaultTasksAccounting> in
315				L<systemd-system.conf(5)>.',
316				'type' => 'leaf',
317				'value_type' => 'boolean',
318				'write_as' => [
319				'no',
320				'yes'
321				]
322				},
323				'TasksMax',
324				{
325				'description' => 'Specify the maximum number of tasks that may be created in the unit. This ensures that the
326				number of tasks accounted for the unit (see above) stays below a specific limit. This either takes
327				an absolute number of tasks or a percentage value that is taken relative to the configured maximum
328				number of tasks on the system. If assigned the special value C<infinity>, no tasks
329				limit is applied. This controls the C<pids.max> control group attribute. For
330				details about this control group attribute, the
331				L<pids controller
332				\|https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#pid>.
333
334				The system default for this setting may be controlled with
335				C<DefaultTasksMax> in
336				L<systemd-system.conf(5)>.',
337				'type' => 'leaf',
338				'value_type' => 'uniline'
339				},
340				'IOAccounting',
341				{
342				'description' => 'Turn on Block I/O accounting for this unit, if the unified control group hierarchy is used on the
343				system. Takes a boolean argument. Note that turning on block I/O accounting for one unit will also implicitly
344				turn it on for all units contained in the same slice and all for its parent slices and the units contained
345				therein. The system default for this setting may be controlled with C<DefaultIOAccounting>
346				in
347				L<systemd-system.conf(5)>.',
348				'type' => 'leaf',
349				'value_type' => 'boolean',
350				'write_as' => [
351				'no',
352				'yes'
353				]
354				},
355				'IOWeight',
356				{
357				'description' => 'Set the default overall block I/O weight for the executed processes, if the unified control
358				group hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the
359				default block I/O weight. This controls the C<io.weight> control group attribute,
360				which defaults to 100. For details about this control group attribute, see L<IO
361				Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>. The available I/O bandwidth is
362				split up among all units within one slice
363				relative to their block I/O weight. A higher weight means more I/O bandwidth, a lower weight means
364				less.
365
366				While C<StartupIOWeight> applies
367				to the startup and shutdown phases of the system,
368				C<IOWeight> applies to the later runtime of
369				the system, and if the former is not set also to the startup
370				and shutdown phases. This allows prioritizing specific services at boot-up
371				and shutdown differently than during runtime.',
372				'type' => 'leaf',
373				'value_type' => 'uniline'
374				},
375				'StartupIOWeight',
376				{
377				'description' => 'Set the default overall block I/O weight for the executed processes, if the unified control
378				group hierarchy is used on the system. Takes a single weight value (between 1 and 10000) to set the
379				default block I/O weight. This controls the C<io.weight> control group attribute,
380				which defaults to 100. For details about this control group attribute, see L<IO
381				Interface Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>. The available I/O bandwidth is
382				split up among all units within one slice
383				relative to their block I/O weight. A higher weight means more I/O bandwidth, a lower weight means
384				less.
385
386				While C<StartupIOWeight> applies
387				to the startup and shutdown phases of the system,
388				C<IOWeight> applies to the later runtime of
389				the system, and if the former is not set also to the startup
390				and shutdown phases. This allows prioritizing specific services at boot-up
391				and shutdown differently than during runtime.',
392				'type' => 'leaf',
393				'value_type' => 'uniline'
394				},
395				'IODeviceWeight',
396				{
397				'description' => 'Set the per-device overall block I/O weight for the executed processes, if the unified control group
398				hierarchy is used on the system. Takes a space-separated pair of a file path and a weight value to specify
399				the device specific weight value, between 1 and 10000. (Example: C</dev/sda 1000>). The file
400				path may be specified as path to a block device node or as any other file, in which case the backing block
401				device of the file system of the file is determined. This controls the C<io.weight> control
402				group attribute, which defaults to 100. Use this option multiple times to set weights for multiple devices.
403				For details about this control group attribute, see L<IO Interface
404				Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
405
406				The specified device node should reference a block device that has an I/O scheduler
407				associated, i.e. should not refer to partition or loopback block devices, but to the originating,
408				physical device. When a path to a regular file or directory is specified it is attempted to
409				discover the correct originating device backing the file system of the specified path. This works
410				correctly only for simpler cases, where the file system is directly placed on a partition or
411				physical block device, or where simple 1:1 encryption using dm-crypt/LUKS is used. This discovery
412				does not cover complex storage and in particular RAID and volume management storage devices.',
413				'type' => 'leaf',
414				'value_type' => 'uniline'
415				},
416				'IOReadBandwidthMax',
417				{
418				'description' => 'Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified
419				control group hierarchy is used on the system. This limit is not work-conserving and the executed processes
420				are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file
421				path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may
422				be a path to a block device node, or as any other file in which case the backing block device of the file
423				system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is
424				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
425				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the C<io.max> control
426				group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details
427				about this control group attribute, see L<IO Interface
428				Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
429
430				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
431				'type' => 'leaf',
432				'value_type' => 'uniline'
433				},
434				'IOWriteBandwidthMax',
435				{
436				'description' => 'Set the per-device overall block I/O bandwidth maximum limit for the executed processes, if the unified
437				control group hierarchy is used on the system. This limit is not work-conserving and the executed processes
438				are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of a file
439				path and a bandwidth value (in bytes per second) to specify the device specific bandwidth. The file path may
440				be a path to a block device node, or as any other file in which case the backing block device of the file
441				system of the file is used. If the bandwidth is suffixed with K, M, G, or T, the specified bandwidth is
442				parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the base of 1000. (Example:
443				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This controls the C<io.max> control
444				group attributes. Use this option multiple times to set bandwidth limits for multiple devices. For details
445				about this control group attribute, see L<IO Interface
446				Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
447
448				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
449				'type' => 'leaf',
450				'value_type' => 'uniline'
451				},
452				'IOReadIOPSMax',
453				{
454				'description' => 'Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the
455				unified control group hierarchy is used on the system. This limit is not work-conserving and the executed
456				processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of
457				a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block
458				device node, or as any other file in which case the backing block device of the file system of the file is
459				used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS,
460				GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example:
461				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the C<io.max> control
462				group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about
463				this control group attribute, see L<IO Interface
464				Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
465
466				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
467				'type' => 'leaf',
468				'value_type' => 'uniline'
469				},
470				'IOWriteIOPSMax',
471				{
472				'description' => 'Set the per-device overall block I/O IOs-Per-Second maximum limit for the executed processes, if the
473				unified control group hierarchy is used on the system. This limit is not work-conserving and the executed
474				processes are not allowed to use more even if the device has idle capacity. Takes a space-separated pair of
475				a file path and an IOPS value to specify the device specific IOPS. The file path may be a path to a block
476				device node, or as any other file in which case the backing block device of the file system of the file is
477				used. If the IOPS is suffixed with K, M, G, or T, the specified IOPS is parsed as KiloIOPS, MegaIOPS,
478				GigaIOPS, or TeraIOPS, respectively, to the base of 1000. (Example:
479				"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 1K"). This controls the C<io.max> control
480				group attributes. Use this option multiple times to set IOPS limits for multiple devices. For details about
481				this control group attribute, see L<IO Interface
482				Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
483
484				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
485				'type' => 'leaf',
486				'value_type' => 'uniline'
487				},
488				'IODeviceLatencyTargetSec',
489				{
490				'description' => 'Set the per-device average target I/O latency for the executed processes, if the unified control group
491				hierarchy is used on the system. Takes a file path and a timespan separated by a space to specify
492				the device specific latency target. (Example: "/dev/sda 25ms"). The file path may be specified
493				as path to a block device node or as any other file, in which case the backing block device of the file
494				system of the file is determined. This controls the C<io.latency> control group
495				attribute. Use this option multiple times to set latency target for multiple devices. For details about this
496				control group attribute, see L<IO Interface
497				Files\|https://docs.kernel.org/admin-guide/cgroup-v2.html#io-interface-files>.
498
499				Implies C<IOAccounting=yes>.
500
501				These settings are supported only if the unified control group hierarchy is used.
502
503				Similar restrictions on block device discovery as for C<IODeviceWeight> apply, see above.',
504				'type' => 'leaf',
505				'value_type' => 'uniline'
506				},
507				'IPAccounting',
508				{
509				'description' => "Takes a boolean argument. If true, turns on IPv4 and IPv6 network traffic accounting for packets sent
510				or received by the unit. When this option is turned on, all IPv4 and IPv6 sockets created by any process of
511				the unit are accounted for.
512
513				When this option is used in socket units, it applies to all IPv4 and IPv6 sockets
514				associated with it (including both listening and connection sockets where this applies). Note that for
515				socket-activated services, this configuration setting and the accounting data of the service unit and the
516				socket unit are kept separate, and displayed separately. No propagation of the setting and the collected
517				statistics is done, in either direction. Moreover, any traffic sent or received on any of the socket unit's
518				sockets is accounted to the socket unit \x{2014} and never to the service unit it might have activated, even if the
519				socket is used by it.
520
521				The system default for this setting may be controlled with C<DefaultIPAccounting> in
522				L<systemd-system.conf(5)>.",
523				'type' => 'leaf',
524				'value_type' => 'boolean',
525				'write_as' => [
526				'no',
527				'yes'
528				]
529				},
530				'IPAddressAllow',
531				{
532				'description' => "Turn on network traffic filtering for IP packets sent and received over
533				C<AF_INET> and C<AF_INET6> sockets. Both directives take a
534				space separated list of IPv4 or IPv6 addresses, each optionally suffixed with an address prefix
535				length in bits after a C</> character. If the suffix is omitted, the address is
536				considered a host address, i.e. the filter covers the whole address (32 bits for IPv4, 128 bits for
537				IPv6).
538
539				The access lists configured with this option are applied to all sockets created by processes
540				of this unit (or in the case of socket units, associated with it). The lists are implicitly
541				combined with any lists configured for any of the parent slice units this unit might be a member
542				of. By default both access lists are empty. Both ingress and egress traffic is filtered by these
543				settings. In case of ingress traffic the source IP address is checked against these access lists,
544				in case of egress traffic the destination IP address is checked. The following rules are applied in
545				turn:
546
547				In order to implement an allow-listing IP firewall, it is recommended to use a
548				C<IPAddressDeny>C<any> setting on an upper-level slice unit
549				(such as the root slice C<-.slice> or the slice containing all system services
550				C<system.slice> \x{2013} see
551				L<systemd.special(7)>
552				for details on these slice units), plus individual per-service C<IPAddressAllow>
553				lines permitting network access to relevant services, and only them.
554
555				Note that for socket-activated services, the IP access list configured on the socket unit
556				applies to all sockets associated with it directly, but not to any sockets created by the
557				ultimately activated services for it. Conversely, the IP access list configured for the service is
558				not applied to any sockets passed into the service via socket activation. Thus, it is usually a
559				good idea to replicate the IP access lists on both the socket and the service unit. Nevertheless,
560				it may make sense to maintain one list more open and the other one more restricted, depending on
561				the usecase.
562
563				If these settings are used multiple times in the same unit the specified lists are combined. If an
564				empty string is assigned to these settings the specific access list is reset and all previous settings undone.
565
566				In place of explicit IPv4 or IPv6 address and prefix length specifications a small set of symbolic
567				names may be used. The following names are defined:
568
569				Note that these settings might not be supported on some systems (for example if eBPF control group
570				support is not enabled in the underlying kernel or container manager). These settings will have no effect in
571				that case. If compatibility with such systems is desired it is hence recommended to not exclusively rely on
572				them for IP security.",
573				'type' => 'leaf',
574				'value_type' => 'uniline'
575				},
576				'IPAddressDeny',
577				{
578				'description' => "Turn on network traffic filtering for IP packets sent and received over
579				C<AF_INET> and C<AF_INET6> sockets. Both directives take a
580				space separated list of IPv4 or IPv6 addresses, each optionally suffixed with an address prefix
581				length in bits after a C</> character. If the suffix is omitted, the address is
582				considered a host address, i.e. the filter covers the whole address (32 bits for IPv4, 128 bits for
583				IPv6).
584
585				The access lists configured with this option are applied to all sockets created by processes
586				of this unit (or in the case of socket units, associated with it). The lists are implicitly
587				combined with any lists configured for any of the parent slice units this unit might be a member
588				of. By default both access lists are empty. Both ingress and egress traffic is filtered by these
589				settings. In case of ingress traffic the source IP address is checked against these access lists,
590				in case of egress traffic the destination IP address is checked. The following rules are applied in
591				turn:
592
593				In order to implement an allow-listing IP firewall, it is recommended to use a
594				C<IPAddressDeny>C<any> setting on an upper-level slice unit
595				(such as the root slice C<-.slice> or the slice containing all system services
596				C<system.slice> \x{2013} see
597				L<systemd.special(7)>
598				for details on these slice units), plus individual per-service C<IPAddressAllow>
599				lines permitting network access to relevant services, and only them.
600
601				Note that for socket-activated services, the IP access list configured on the socket unit
602				applies to all sockets associated with it directly, but not to any sockets created by the
603				ultimately activated services for it. Conversely, the IP access list configured for the service is
604				not applied to any sockets passed into the service via socket activation. Thus, it is usually a
605				good idea to replicate the IP access lists on both the socket and the service unit. Nevertheless,
606				it may make sense to maintain one list more open and the other one more restricted, depending on
607				the usecase.
608
609				If these settings are used multiple times in the same unit the specified lists are combined. If an
610				empty string is assigned to these settings the specific access list is reset and all previous settings undone.
611
612				In place of explicit IPv4 or IPv6 address and prefix length specifications a small set of symbolic
613				names may be used. The following names are defined:
614
615				Note that these settings might not be supported on some systems (for example if eBPF control group
616				support is not enabled in the underlying kernel or container manager). These settings will have no effect in
617				that case. If compatibility with such systems is desired it is hence recommended to not exclusively rely on
618				them for IP security.",
619				'type' => 'leaf',
620				'value_type' => 'uniline'
621				},
622				'IPIngressFilterPath',
623				{
624				'description' => 'Add custom network traffic filters implemented as BPF programs, applying to all IP packets
625				sent and received over C<AF_INET> and C<AF_INET6> sockets.
626				Takes an absolute path to a pinned BPF program in the BPF virtual filesystem (C</sys/fs/bpf/>).
627
628				The filters configured with this option are applied to all sockets created by processes
629				of this unit (or in the case of socket units, associated with it). The filters are loaded in addition
630				to filters any of the parent slice units this unit might be a member of as well as any
631				C<IPAddressAllow> and C<IPAddressDeny> filters in any of these units.
632				By default there are no filters specified.
633
634				If these settings are used multiple times in the same unit all the specified programs are attached. If an
635				empty string is assigned to these settings the program list is reset and all previous specified programs ignored.
636
637				If the path BPF_FS_PROGRAM_PATH in C<IPIngressFilterPath> assignment
638				is already being handled by C<BPFProgram> ingress hook, e.g.
639				C<BPFProgram>C<ingress>:BPF_FS_PROGRAM_PATH,
640				the assignment will be still considered valid and the program will be attached to a cgroup. Same for
641				C<IPEgressFilterPath> path and C<egress> hook.
642
643				Note that for socket-activated services, the IP filter programs configured on the socket unit apply to
644				all sockets associated with it directly, but not to any sockets created by the ultimately activated services
645				for it. Conversely, the IP filter programs configured for the service are not applied to any sockets passed into
646				the service via socket activation. Thus, it is usually a good idea, to replicate the IP filter programs on both
647				the socket and the service unit, however it often makes sense to maintain one configuration more open and the other
648				one more restricted, depending on the usecase.
649
650				Note that these settings might not be supported on some systems (for example if eBPF control group
651				support is not enabled in the underlying kernel or container manager). These settings will fail the service in
652				that case. If compatibility with such systems is desired it is hence recommended to attach your filter manually
653				(requires C<Delegate>C<yes>) instead of using this setting.',
654				'type' => 'leaf',
655				'value_type' => 'uniline'
656				},
657				'IPEgressFilterPath',
658				{
659				'description' => 'Add custom network traffic filters implemented as BPF programs, applying to all IP packets
660				sent and received over C<AF_INET> and C<AF_INET6> sockets.
661				Takes an absolute path to a pinned BPF program in the BPF virtual filesystem (C</sys/fs/bpf/>).
662
663				The filters configured with this option are applied to all sockets created by processes
664				of this unit (or in the case of socket units, associated with it). The filters are loaded in addition
665				to filters any of the parent slice units this unit might be a member of as well as any
666				C<IPAddressAllow> and C<IPAddressDeny> filters in any of these units.
667				By default there are no filters specified.
668
669				If these settings are used multiple times in the same unit all the specified programs are attached. If an
670				empty string is assigned to these settings the program list is reset and all previous specified programs ignored.
671
672				If the path BPF_FS_PROGRAM_PATH in C<IPIngressFilterPath> assignment
673				is already being handled by C<BPFProgram> ingress hook, e.g.
674				C<BPFProgram>C<ingress>:BPF_FS_PROGRAM_PATH,
675				the assignment will be still considered valid and the program will be attached to a cgroup. Same for
676				C<IPEgressFilterPath> path and C<egress> hook.
677
678				Note that for socket-activated services, the IP filter programs configured on the socket unit apply to
679				all sockets associated with it directly, but not to any sockets created by the ultimately activated services
680				for it. Conversely, the IP filter programs configured for the service are not applied to any sockets passed into
681				the service via socket activation. Thus, it is usually a good idea, to replicate the IP filter programs on both
682				the socket and the service unit, however it often makes sense to maintain one configuration more open and the other
683				one more restricted, depending on the usecase.
684
685				Note that these settings might not be supported on some systems (for example if eBPF control group
686				support is not enabled in the underlying kernel or container manager). These settings will fail the service in
687				that case. If compatibility with such systems is desired it is hence recommended to attach your filter manually
688				(requires C<Delegate>C<yes>) instead of using this setting.',
689				'type' => 'leaf',
690				'value_type' => 'uniline'
691				},
692				'SocketBindAllow',
693				{
694				'description' => "Allow or deny binding a socket address to a socket by matching it with the bind-rule and
695				applying a corresponding action if there is a match.
696
697				bind-rule describes socket properties such as address-family,
698				transport-protocol and ip-ports.
699
700				bind-rule :=
701				{ [address-familyC<:>][transport-protocolC<:>][ip-ports] \| C<any> }
702
703				address-family := { C<ipv4> \| C<ipv6> }
704
705				transport-protocol := { C<tcp> \| C<udp> }
706
707				ip-ports := { ip-port \| ip-port-range }
708
709				An optional address-family expects C<ipv4> or C<ipv6> values.
710				If not specified, a rule will be matched for both IPv4 and IPv6 addresses and applied depending on other socket fields,
711				e.g. transport-protocol,
712				ip-port.
713
714				An optional transport-protocol expects C<tcp> or C<udp> transport protocol names.
715				If not specified, a rule will be matched for any transport protocol.
716
717				An optional ip-port value must lie within 1\x{2026}65535 interval inclusively, i.e.
718				dynamic port C<0> is not allowed. A range of sequential ports is described by
719				ip-port-range := ip-port-lowC<->ip-port-high,
720				where ip-port-low is smaller than or equal to ip-port-high
721				and both are within 1\x{2026}65535 inclusively.
722
723				A special value C<any> can be used to apply a rule to any address family, transport protocol and any port with a
724				positive value.
725
726				To allow multiple rules assign C<SocketBindAllow> or C<SocketBindDeny> multiple times.
727				To clear the existing assignments pass an empty C<SocketBindAllow> or C<SocketBindDeny>
728				assignment.
729
730				For each of C<SocketBindAllow> and C<SocketBindDeny>, maximum allowed number of assignments is
731				C<128>.
732
733				The feature is implemented with C<cgroup/bind4> and C<cgroup/bind6> cgroup-bpf hooks.
734
735				Examples:
736				\x{2026}
737				# Allow binding IPv6 socket addresses with a port greater than or equal to 10000.
738				[Service]
739				SocketBindAllow=ipv6:10000-65535
740				SocketBindDeny=any
741				\x{2026}
742				# Allow binding IPv4 and IPv6 socket addresses with 1234 and 4321 ports.
743				[Service]
744				SocketBindAllow=1234
745				SocketBindAllow=4321
746				SocketBindDeny=any
747				\x{2026}
748				# Deny binding IPv6 socket addresses.
749				[Service]
750				SocketBindDeny=ipv6
751				\x{2026}
752				# Deny binding IPv4 and IPv6 socket addresses.
753				[Service]
754				SocketBindDeny=any
755				\x{2026}
756				# Allow binding only over TCP
757				[Service]
758				SocketBindAllow=tcp
759				SocketBindDeny=any
760				\x{2026}
761				# Allow binding only over IPv6/TCP
762				[Service]
763				SocketBindAllow=ipv6:tcp
764				SocketBindDeny=any
765				\x{2026}
766				# Allow binding ports within 10000-65535 range over IPv4/UDP.
767				[Service]
768				SocketBindAllow=ipv4:udp:10000-65535
769				SocketBindDeny=any
770				\x{2026}
771				",
772				'type' => 'leaf',
773				'value_type' => 'uniline'
774				},
775				'SocketBindDeny',
776				{
777				'description' => "Allow or deny binding a socket address to a socket by matching it with the bind-rule and
778				applying a corresponding action if there is a match.
779
780				bind-rule describes socket properties such as address-family,
781				transport-protocol and ip-ports.
782
783				bind-rule :=
784				{ [address-familyC<:>][transport-protocolC<:>][ip-ports] \| C<any> }
785
786				address-family := { C<ipv4> \| C<ipv6> }
787
788				transport-protocol := { C<tcp> \| C<udp> }
789
790				ip-ports := { ip-port \| ip-port-range }
791
792				An optional address-family expects C<ipv4> or C<ipv6> values.
793				If not specified, a rule will be matched for both IPv4 and IPv6 addresses and applied depending on other socket fields,
794				e.g. transport-protocol,
795				ip-port.
796
797				An optional transport-protocol expects C<tcp> or C<udp> transport protocol names.
798				If not specified, a rule will be matched for any transport protocol.
799
800				An optional ip-port value must lie within 1\x{2026}65535 interval inclusively, i.e.
801				dynamic port C<0> is not allowed. A range of sequential ports is described by
802				ip-port-range := ip-port-lowC<->ip-port-high,
803				where ip-port-low is smaller than or equal to ip-port-high
804				and both are within 1\x{2026}65535 inclusively.
805
806				A special value C<any> can be used to apply a rule to any address family, transport protocol and any port with a
807				positive value.
808
809				To allow multiple rules assign C<SocketBindAllow> or C<SocketBindDeny> multiple times.
810				To clear the existing assignments pass an empty C<SocketBindAllow> or C<SocketBindDeny>
811				assignment.
812
813				For each of C<SocketBindAllow> and C<SocketBindDeny>, maximum allowed number of assignments is
814				C<128>.
815
816				The feature is implemented with C<cgroup/bind4> and C<cgroup/bind6> cgroup-bpf hooks.
817
818				Examples:
819				\x{2026}
820				# Allow binding IPv6 socket addresses with a port greater than or equal to 10000.
821				[Service]
822				SocketBindAllow=ipv6:10000-65535
823				SocketBindDeny=any
824				\x{2026}
825				# Allow binding IPv4 and IPv6 socket addresses with 1234 and 4321 ports.
826				[Service]
827				SocketBindAllow=1234
828				SocketBindAllow=4321
829				SocketBindDeny=any
830				\x{2026}
831				# Deny binding IPv6 socket addresses.
832				[Service]
833				SocketBindDeny=ipv6
834				\x{2026}
835				# Deny binding IPv4 and IPv6 socket addresses.
836				[Service]
837				SocketBindDeny=any
838				\x{2026}
839				# Allow binding only over TCP
840				[Service]
841				SocketBindAllow=tcp
842				SocketBindDeny=any
843				\x{2026}
844				# Allow binding only over IPv6/TCP
845				[Service]
846				SocketBindAllow=ipv6:tcp
847				SocketBindDeny=any
848				\x{2026}
849				# Allow binding ports within 10000-65535 range over IPv4/UDP.
850				[Service]
851				SocketBindAllow=ipv4:udp:10000-65535
852				SocketBindDeny=any
853				\x{2026}
854				",
855				'type' => 'leaf',
856				'value_type' => 'uniline'
857				},
858				'RestrictNetworkInterfaces',
859				{
860				'description' => 'Takes a list of space-separated network interface names. This option restricts the network
861				interfaces that processes of this unit can use. By default processes can only use the network interfaces
862				listed (allow-list). If the first character of the rule is C<~>, the effect is inverted:
863				the processes can only use network interfaces not listed (deny-list).
864
865				This option can appear multiple times, in which case the network interface names are merged. If the
866				empty string is assigned the set is reset, all prior assignments will have not effect.
867
868				If you specify both types of this option (i.e. allow-listing and deny-listing), the first encountered
869				will take precedence and will dictate the default action (allow vs deny). Then the next occurrences of this
870				option will add or delete the listed network interface names from the set, depending of its type and the
871				default action.
872
873				The loopback interface ("lo") is not treated in any special way, you have to configure it explicitly
874				in the unit file.
875
876				Example 1: allow-list
877
878
879				RestrictNetworkInterfaces=eth1
880				RestrictNetworkInterfaces=eth2
881
882				Programs in the unit will be only able to use the eth1 and eth2 network
883				interfaces.
884
885				Example 2: deny-list
886
887
888				RestrictNetworkInterfaces=~eth1 eth2
889
890				Programs in the unit will be able to use any network interface but eth1 and eth2.
891
892				Example 3: mixed
893
894
895				RestrictNetworkInterfaces=eth1 eth2
896				RestrictNetworkInterfaces=~eth1
897
898				Programs in the unit will be only able to use the eth2 network interface.
899				',
900				'type' => 'leaf',
901				'value_type' => 'uniline'
902				},
903				'DeviceAllow',
904				{
905				'cargo' => {
906				'type' => 'leaf',
907				'value_type' => 'uniline'
908				},
909				'description' => "Control access to specific device nodes by the executed processes. Takes two space-separated
910				strings: a device node specifier followed by a combination of C<r>,
911				C<w>, C<m> to control reading,
912				writing, or creation of the specific device nodes by the unit
913				(mknod), respectively. This functionality is implemented using eBPF
914				filtering.
915
916				When access to all physical devices should be disallowed,
917				C<PrivateDevices> may be used instead. See
918				L<systemd.exec(5)>.
919
920				The device node specifier is either a path to a device node in the file system, starting with
921				C</dev/>, or a string starting with either C<char-> or
922				C<block-> followed by a device group name, as listed in
923				C</proc/devices>. The latter is useful to allow-list all current and future
924				devices belonging to a specific device group at once. The device group is matched according to
925				filename globbing rules, you may hence use the C<*> and C<?>
926				wildcards. (Note that such globbing wildcards are not available for device node path
927				specifications!) In order to match device nodes by numeric major/minor, use device node paths in
928				the C</dev/char/> and C</dev/block/> directories. However,
929				matching devices by major/minor is generally not recommended as assignments are neither stable nor
930				portable between systems or different kernel versions.
931
932				Examples: C</dev/sda5> is a path to a device node, referring to an ATA or
933				SCSI block device. C<char-pts> and C<char-alsa> are specifiers for
934				all pseudo TTYs and all ALSA sound devices, respectively. C<char-cpu/*> is a
935				specifier matching all CPU related device groups.
936
937				Note that allow lists defined this way should only reference device groups which are
938				resolvable at the time the unit is started. Any device groups not resolvable then are not added to
939				the device allow list. In order to work around this limitation, consider extending service units
940				with a pair of After=modprobe\@xyz.service and
941				Wants=modprobe\@xyz.service lines that load the necessary kernel module
942				implementing the device group if missing.
943				Example:
944				\x{2026}
945				[Unit]
946				Wants=modprobe\@loop.service
947				After=modprobe\@loop.service
948				[Service]
949				DeviceAllow=block-loop
950				DeviceAllow=/dev/loop-control
951				\x{2026}
952				",
953				'type' => 'list'
954				},
955				'DevicePolicy',
956				{
957				'choice' => [
958				'auto',
959				'closed',
960				'strict'
961				],
962				'description' => '
963				Control the policy for allowing device access:
964				',
965				'type' => 'leaf',
966				'value_type' => 'enum'
967				},
968				'Slice',
969				{
970				'description' => 'The name of the slice unit to place the unit
971				in. Defaults to C<system.slice> for all
972				non-instantiated units of all unit types (except for slice
973				units themselves see below). Instance units are by default
974				placed in a subslice of C<system.slice>
975				that is named after the template name.
976
977				This option may be used to arrange systemd units in a
978				hierarchy of slices each of which might have resource
979				settings applied.
980
981				For units of type slice, the only accepted value for
982				this setting is the parent slice. Since the name of a slice
983				unit implies the parent slice, it is hence redundant to ever
984				set this parameter directly for slice units.
985
986				Special care should be taken when relying on the default slice assignment in templated service units
987				that have C<DefaultDependencies=no> set, see
988				L<systemd.service(5)>, section
989				"Default Dependencies" for details.',
990				'type' => 'leaf',
991				'value_type' => 'uniline'
992				},
993				'Delegate',
994				{
995				'description' => 'Turns on delegation of further resource control partitioning to processes of the unit. Units where this
996				is enabled may create and manage their own private subhierarchy of control groups below the control group of
997				the unit itself. For unprivileged services (i.e. those using the C<User> setting) the unit\'s
998				control group will be made accessible to the relevant user. When enabled the service manager will refrain
999				from manipulating control groups or moving processes below the unit\'s control group, so that a clear concept
1000				of ownership is established: the control group tree above the unit\'s control group (i.e. towards the root
1001				control group) is owned and managed by the service manager of the host, while the control group tree below
1002				the unit\'s control group is owned and managed by the unit itself. Takes either a boolean argument or a list
1003				of control group controller names. If true, delegation is turned on, and all supported controllers are
1004				enabled for the unit, making them available to the unit\'s processes for management. If false, delegation is
1005				turned off entirely (and no additional controllers are enabled). If set to a list of controllers, delegation
1006				is turned on, and the specified controllers are enabled for the unit. Note that additional controllers than
1007				the ones specified might be made available as well, depending on configuration of the containing slice unit
1008				or other units contained in it. Note that assigning the empty string will enable delegation, but reset the
1009				list of controllers, all assignments prior to this will have no effect. Defaults to false.
1010
1011				Note that controller delegation to less privileged code is only safe on the unified control group
1012				hierarchy. Accordingly, access to the specified controllers will not be granted to unprivileged services on
1013				the legacy hierarchy, even when requested.
1014
1015				Not all of these controllers are available on all kernels however, and some are
1016				specific to the unified hierarchy while others are specific to the legacy hierarchy. Also note that the
1017				kernel might support further controllers, which aren\'t covered here yet as delegation is either not supported
1018				at all for them or not defined cleanly.
1019
1020				For further details on the delegation model consult L<Control Group APIs and
1021				Delegation\|https://systemd.io/CGROUP_DELEGATION>.',
1022				'type' => 'leaf',
1023				'value_type' => 'uniline'
1024				},
1025				'DisableControllers',
1026				{
1027				'description' => 'Disables controllers from being enabled for a unit\'s children. If a controller listed is already in use
1028				in its subtree, the controller will be removed from the subtree. This can be used to avoid child units being
1029				able to implicitly or explicitly enable a controller. Defaults to not disabling any controllers.
1030
1031				It may not be possible to successfully disable a controller if the unit or any child of the unit in
1032				question delegates controllers to its children, as any delegated subtree of the cgroup hierarchy is unmanaged
1033				by systemd.
1034
1035				Multiple controllers may be specified, separated by spaces. You may also pass
1036				C<DisableControllers> multiple times, in which case each new instance adds another controller
1037				to disable. Passing C<DisableControllers> by itself with no controller name present resets
1038				the disabled controller list.',
1039				'type' => 'leaf',
1040				'value_type' => 'uniline'
1041				},
1042				'ManagedOOMSwap',
1043				{
1044				'choice' => [
1045				'auto',
1046				'kill'
1047				],
1048				'description' => 'Specifies how
1049				L<systemd-oomd.service(8)>
1050				will act on this unit\'s cgroups. Defaults to C<auto>.
1051
1052				When set to C<kill>, the unit becomes a candidate for monitoring by
1053				systemd-oomd. If the cgroup passes the limits set by
1054				L<oomd.conf(5)> or
1055				the unit configuration, systemd-oomd will select a descendant cgroup and send
1056				C<SIGKILL> to all of the processes under it. You can find more details on
1057				candidates and kill behavior at
1058				L<systemd-oomd.service(8)>
1059				and
1060				L<oomd.conf(5)>.
1061
1062				Setting either of these properties to C<kill> will also result in
1063				C<After> and C<Wants> dependencies on
1064				C<systemd-oomd.service> unless C<DefaultDependencies=no>.
1065
1066				When set to C<auto>, systemd-oomd will not actively use this
1067				cgroup\'s data for monitoring and detection. However, if an ancestor cgroup has one of these
1068				properties set to C<kill>, a unit with C<auto> can still be a candidate
1069				for systemd-oomd to terminate.',
1070				'type' => 'leaf',
1071				'value_type' => 'enum'
1072				},
1073				'ManagedOOMMemoryPressure',
1074				{
1075				'choice' => [
1076				'auto',
1077				'kill'
1078				],
1079				'description' => 'Specifies how
1080				L<systemd-oomd.service(8)>
1081				will act on this unit\'s cgroups. Defaults to C<auto>.
1082
1083				When set to C<kill>, the unit becomes a candidate for monitoring by
1084				systemd-oomd. If the cgroup passes the limits set by
1085				L<oomd.conf(5)> or
1086				the unit configuration, systemd-oomd will select a descendant cgroup and send
1087				C<SIGKILL> to all of the processes under it. You can find more details on
1088				candidates and kill behavior at
1089				L<systemd-oomd.service(8)>
1090				and
1091				L<oomd.conf(5)>.
1092
1093				Setting either of these properties to C<kill> will also result in
1094				C<After> and C<Wants> dependencies on
1095				C<systemd-oomd.service> unless C<DefaultDependencies=no>.
1096
1097				When set to C<auto>, systemd-oomd will not actively use this
1098				cgroup\'s data for monitoring and detection. However, if an ancestor cgroup has one of these
1099				properties set to C<kill>, a unit with C<auto> can still be a candidate
1100				for systemd-oomd to terminate.',
1101				'type' => 'leaf',
1102				'value_type' => 'enum'
1103				},
1104				'ManagedOOMMemoryPressureLimit',
1105				{
1106				'description' => 'Overrides the default memory pressure limit set by
1107				L<oomd.conf(5)> for
1108				this unit (cgroup). Takes a percentage value between 0% and 100%, inclusive. This property is
1109				ignored unless C<ManagedOOMMemoryPressure>C<kill>. Defaults to 0%,
1110				which means to use the default set by
1111				L<oomd.conf(5)>.
1112				',
1113				'type' => 'leaf',
1114				'value_type' => 'uniline'
1115				},
1116				'ManagedOOMPreference',
1117				{
1118				'choice' => [
1119				'none',
1120				'avoid',
1121				'omit'
1122				],
1123				'description' => 'Allows deprioritizing or omitting this unit\'s cgroup as a candidate when
1124				systemd-oomd needs to act. Requires support for extended attributes (see
1125				L<xattr(7)>)
1126				in order to use C<avoid> or C<omit>.
1127
1128				When calculating candidates to relieve swap usage, systemd-oomd will
1129				only respect these extended attributes if the unit\'s cgroup is owned by root.
1130
1131				When calculating candidates to relieve memory pressure, systemd-oomd
1132				will only respect these extended attributes if the unit\'s cgroup owner, and the
1133				owner of the monitored ancestor cgroup are the same. For example, if systemd-oomd
1134				is calculating candidates for C<-.slice>, then extended attributes set
1135				on descendants of C</user.slice/user-1000.slice/user@1000.service/>
1136				will be ignored because the descendants are owned by UID 1000, and C<-.slice>
1137				is owned by UID 0. But, if calculating candidates for
1138				C</user.slice/user-1000.slice/user@1000.service/>, then extended attributes set
1139				on the descendants would be respected.
1140
1141				If this property is set to C<avoid>, the service manager will convey this to
1142				systemd-oomd, which will only select this cgroup if there are no other viable
1143				candidates.
1144
1145				If this property is set to C<omit>, the service manager will convey this to
1146				systemd-oomd, which will ignore this cgroup as a candidate and will not perform
1147				any actions on it.
1148
1149				It is recommended to use C<avoid> and C<omit> sparingly, as it
1150				can adversely affect systemd-oomd\'s kill behavior. Also note that these extended
1151				attributes are not applied recursively to cgroups under this unit\'s cgroup.
1152
1153				Defaults to C<none> which means systemd-oomd will rank this
1154				unit\'s cgroup as defined in
1155				L<systemd-oomd.service(8)>
1156				and L<oomd.conf(5)>.
1157				',
1158				'type' => 'leaf',
1159				'value_type' => 'enum'
1160				}
1161				],
1162				'generated_by' => 'parse-man.pl from systemd 252 doc',
1163				'license' => 'LGPLv2.1+',
1164				'name' => 'Systemd::Common::ResourceControl'
1165				}
1166				]
1167				;
1168