Struct RunSystem

pub struct RunSystem { /* private fields */ }

Information of a transient service for running on the system service manager.

Implementations

impl RunSystem

pub fn new<T: AsRef<str>>(path: T) -> Self

Create a new RunSystem from a path to executable.

pub fn arg<T: AsRef<str>>(self, arg: T) -> Self

Append an argument to the command line.

pub fn args<T: AsRef<str>, I: IntoIterator<Item = T>>(self, args: I) -> Self

Append multiple arguments to the command line.

pub fn service_name<T: AsRef<str>>(self, name: T) -> Self

Set a custom name for the transient service.

If the name is not terminated with .service, it will be appended automatically.

pub fn identity(self, i: Identity) -> Self

Set an identity to run the transient service. The default is Identity::root().

pub fn collect_on_fail(self) -> Self

Unload the transient service even if it fails.

This is not available if systemd_236 is disabled.

Read CollectMode= in systemd.unit(5) for details.

pub fn runtime_max(self, d: Duration) -> Self

Configure a maximum time for the service to run. If this is used and the service has been active for longer than the specified time it is terminated and put into a failure state.

A Duration exceeding u64::MAX microseconds is trimmed to u64::MAX microseconds silently.

Read RuntimeMaxSec= in systemd.service(5) for details.

This setting will be unavailable with the feature systemd_229 disabled.

pub fn memory_max(self, d: Byte) -> Self

Specify the absolute limit on memory usage of the executed processes in this unit. If memory usage cannot be contained under the limit, out-of-memory killer is invoked inside the unit.

A Byte exceeding u64::MAX bytes is trimmed to u64::MAX bytes silently.

Read MemoryMax= in systemd.resource-control(5) for details.

If the feature systemd_231 is disabled, MemoryLimit= will be used instead if MemoryMax= for compatibility.

pub fn memory_swap_max(self, d: Byte) -> Self

Specify the absolute limit on swap usage of the executed processes in this unit.

This setting is supported only if the unified control group is used, so it’s not available if the feature unified_cgroup is disabled. And, if systemd_232 is disabled, this setting will also be unavailable.

A Byte exceeding u64::MAX bytes is trimmed to u64::MAX bytes silently.

Read MemorySwapMax= in systemd.resource-control(5) for details.

pub fn cpu_quota(self, percent: NonZeroU64) -> Self

Assign the specified CPU time quota to the processes executed. Takes a percentage value. The percentage specifies how much CPU time the unit shall get at maximum, relativeto the total CPU time available on one CPU. Use values > 100 for allotting CPU time on more than one CPU.

The value will be trimmed to u64::MAX / 10000 silently if it exceeds this upper limit.

Read CPUQuota= in systemd.resource-control(5) for details.

pub fn allowed_cpus<'a, I: IntoIterator<Item = &'a usize>>( self, cpus: I, ) -> Self

Restrict processes to be executed on specific CPUs.

This setting doesn’t guarantee that all of the CPUs will be used by the processes as it may be limited by parent units.

Setting an empty list of CPUs will allow the processes of the unit to run on all CPUs. This is also the default behavior if this is not used.

Referring to an offline or non-existing CPU in this setting causes Systemd to ignore this setting silently.

Read AllowedCPUs= in systemd.resource-control(5) for details.

This setting is supported only if the unified control group is used, so it’s not available if the feature unified_cgroup is disabled. And, this setting is not available if the feature systemd_244 is disabled.

pub fn private_network(self) -> Self

If this setting is used, sets up a new network namespace for the executed processes and configures only the loopback network device “lo” inside it. No other network devices will be available to the executed process. This is useful to turn off network access by the executed process.

Read PrivateNetwork= in systemd.exec(5) for details.

This setting is not available if the feature systemd_227 is disabled. And, it will be ignored silently if CONFIG_NET_NS is not enabled in the configuration of the running kernel.

pub fn private_ipc(self) -> Self

If this setting is used, sets up a new IPC namespace for the executed processes. Each IPC namespace has its own set of System V IPC identifiers and its own POSIX message queue file system. This is useful to avoid name clash of IPC identifiers.

Read PrivateIPC= in systemd.exec(5) for details.

This setting is not available if the feature systemd_249 is disabled. And, it will be ignored silently if CONFIG_IPC_NS is not enabled in the configuration of the running kernel.

pub fn mount<T: AsRef<str>>(self, mount_point: T, mount: Mount) -> Self

Set up a mount point for the transient service. See Mount for details.

This setting is not available if the feature systemd_233 is disabled.

pub fn mount_api_vfs(self) -> Self

Mount the API file systems /proc, /sys, /dev, and /run for the private mount namespace of the transient service.

Read MountAPIVFS= in systemd.exec(5) for details.

Implied by Identity::dynamic.

This setting is mostly useful with RunSystem::mount at /, but you’ll need to ensure the mount points for the API file systems existing first if this setting is specified or implied.

This setting is not available if the feature systemd_233 is disabled. And, if the version of systemd is less than 248, /run is not affected by this setting. You may use RunSystem::mount to control /run more precisely anyway.

pub fn private_devices(self) -> Self

Sets up a new /dev mount for the executed processes and only adds API pseudo devices such as /dev/null to it, but no physical devices such as /dev/sda, system memory /dev/mem, system ports /dev/port and others.

Read PrivateDevices= in systemd.exec(5) for details.

This setting is not available if the feature systemd_227 is disabled.

pub fn no_new_privileges(self) -> Self

Ensures that the service process and all its children can never gain new privileges through execve() (e.g. via setuid or setgid bits, or filesystem capabilities).

Read NoNewPrivileges= in systemd.exec(5) for details.

Implied by Identity::dynamic.

This setting is not available if the feature systemd_227 is disabled.

pub fn limit_fsize_soft_hard(self, soft: Byte, hard: Byte) -> Self

Set soft and hard limits of the maximum size in bytes of files that the process may create.

Any setting exceeding u64::MAX bytes will be trimmed to u64::MAX bytes silently. And, if soft is greater than hard, it will be trimmed to hard silently.

Read LimitFSIZE= in systemd.exec(5) and RLIMIT_FSIZE in prlimit(2) for details.

pub fn limit_fsize(self, lim: Byte) -> Self

Shorthand for self.limit_fsize_soft_hard(lim, lim).

pub fn limit_core_soft_hard(self, soft: Byte, hard: Byte) -> Self

Set soft and hard limits of the maximum size in bytes of files that the process may create.

Any setting exceeding u64::MAX bytes will be trimmed to u64::MAX bytes silently. And, if soft is greater than hard, it will be trimmed to hard silently.

Read LimitCORE= in systemd.exec(5) and RLIMIT_CORE in prlimit(2) for details.

pub fn limit_core(self, lim: Byte) -> Self

Shorthand for self.limit_fsize_soft_hard(lim, lim).

pub fn limit_nproc_soft_hard(self, soft: NonZeroU64, hard: NonZeroU64) -> Self

Set soft and hard limits of the number of threads for the real user ID of the process.

If soft is greater than hard, it will be trimmed to hard silently.

Read LimitNPROC= in systemd.exec(5) and RLIMIT_NPROC in prlimit(2) for details.

pub fn limit_nproc(self, lim: NonZeroU64) -> Self

Shorthand for self.limit_nproc_soft_hard(lim, lim).

pub fn limit_nofile_soft_hard(self, soft: NonZeroU64, hard: NonZeroU64) -> Self

Set the value one greater than soft and hard limits of the number of file descriptors opened by the process.

If soft is greater than hard, it will be trimmed to hard silently.

Read LimitNOFILE= in systemd.exec(5) and RLIMIT_NOFILE in prlimit(2) for details.

pub fn limit_nofile(self, lim: NonZeroU64) -> Self

Shorthand for self.limit_nofile_soft_hard(lim, lim).

pub fn limit_stack_soft_hard(self, soft: Byte, hard: Byte) -> Self

Set the soft and hard limit on the size of the process stack.

If soft is greater than hard, it will be trimmed to hard silently.

Read LimitSTACK= in systemd.exec(5) and RLIMIT_STACK in prlimit(2) for details.

pub fn limit_stack(self, lim: Byte) -> Self

Shorthand for self.limit_stack_soft_hard(lim, lim).

pub fn stdin(self, spec: InputSpec) -> Self

Controls where file descriptor 0 (STDIN) of the executed processes is connected to.

Read InputSpec and StandardInput= in systemd.exec(5) for details.

The default is InputSpec::null().

pub fn stdout(self, spec: OutputSpec) -> Self

Controls where file descriptor 1 (STDOUT) of the executed processes is connected to.

Read OutputSpec and StandardOutput= in systemd.exec(5) for details.

The default depends on system configuration.

pub fn stderr(self, spec: OutputSpec) -> Self

Controls where file descriptor 2 (STDERR) of the executed processes is connected to.

Read OutputSpec and StandardError= in systemd.exec(5) for details.

The default depends on system configuration.

pub fn current_dir<P: AsRef<str>>(self, path: P) -> Self

Sets the working directory for executed processes.

Read WorkingDirectory= in systemd.exec(5) for details.

This setting is unavailable with the feature systemd_227 disabled.

pub fn protect_proc(self, x: ProtectProc) -> Self

Read ProtectProc for details.

This setting will be unavailable if the feature systemd_247 is disabled.

pub fn slice<S: AsRef<str>>(self, slice: S) -> Self

Put the transient service into a slice.

Read Slice= in systemd.resource-control(5) for details.

pub fn private_users(self) -> Self

Sets up a new user namespace for the executed processes and configures a minimal user and group mapping.

Read PrivateUsers= in systemd.exec(5) for details.

This setting is unavailable with the feature systemd_232 disabled.

pub fn timeout_stop(self, d: Duration) -> Self

Configure the time to wait for the service itself to stop. If the service doesn’t terminate in the specified time, it will be forcibly terminated by SIGKILL.

A Duration exceeding u64::MAX microseconds is trimmed to u64::MAX microseconds silently.

Read TimeoutStopSec= in systemd.service(5) for details.

This setting will be unavailable with the feature systemd_188 disabled.

pub fn cpu_schedule(self, cpu_sched: CpuScheduling) -> Self

Specify CPU scheduling policy and real-time priority. See CpuScheduling for details.

pub fn joins_namespace_of<S: AsRef<str>>(self, unit: S) -> Self

See the same /tmp/, /var/tmp/, IPC namespace, and network namespace as one unit that is already started and specified with this setting. If this setting is used multiple times and the specified units are started but not sharing their namespace, then it is not defined which namespace is joined. Note that this setting only has an effect if Self::private_network, Self::private_ipc, and/or Identity::dynamic is in effect for both this unit and the unit whose namespace is joined.

Read JoinsNamespaceOf= in systemd.unit(5) for details.

This setting is unavailable with the feature systemd_227 disabled.

pub async fn start<'a>(self) -> Result<StartedRun<'a>>

Start the transient service.