commit 9f87783018ca824019413132e099f696af9e44d3
parent 146da0d33300e8200537fb9b73ce1985a338f746
Author: Laurent Bercot <ska-skaware@skarnet.org>
Date: Sun, 23 Apr 2023 01:43:54 +0000
Add systemd unit conversion guide page
Signed-off-by: Laurent Bercot <ska@appnovation.com>
Diffstat:
1 file changed, 1399 insertions(+), 0 deletions(-)
diff --git a/doc/unit-conversion.html b/doc/unit-conversion.html
@@ -0,0 +1,1399 @@
+<html>
+ <head>
+ <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <meta http-equiv="Content-Language" content="en" />
+ <title>s6: how to convert systemd unit files to an s6 installation</title>
+ <meta name="Description" content="s6: how to convert systemd unit files to an s6 installation" />
+ <meta name="Keywords" content="s6 systemd unit files configuration conversion porting" />
+ <!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> -->
+ </head>
+<body>
+
+<p>
+<a href="index.html">s6</a><br />
+<a href="//skarnet.org/software/">Software</a><br />
+<a href="//skarnet.org/">skarnet.org</a>
+</p>
+
+<h1> How to convert systemd unit files to an s6 installation </h1>
+
+<p>
+ Converting a set of services managed by <a href="https://systemd.io/">systemd</a>
+to a set of services managed by <a href="index.html">s6</a> is
+a recurring question on our support channels, and having an automated conversion tool
+parsing a set of <a href="https://man7.org/linux/man-pages/man5/systemd.unit.5.html">systemd
+unit files</a> and outputting a set of <a href="servicedir.html">s6
+service directories</a> or
+<a href="//skarnet.org/software/s6-rc/s6-rc-compile.html#source">s6-rc service
+definition directories</a> would be extremely useful to people who want to migrate to
+s6 but have an existing base of services running under systemd.
+</p>
+
+<p>
+ Unfortunately, automating such a conversion is extremely difficult. The main
+reason for this is that systemd and s6 are architectured in very different ways:
+how they view a set of services, how they modelize a machine, what kind of solution
+they bring to a given problem, and the extent of what they're supposed to manage
+— there are few similarities between how systemd and s6 operate. As a
+consequence, the way systemd maps a set of services into unit files is not
+isomorphic to the way s6 does, so translating a setup between systemd and s6
+requires intelligence. It is not possible to write an automated tool that converts
+a set of services accurately and idiomatically without doing a full, deep system
+analysis - and writing such a tool would be a huge undertaking.
+</p>
+
+<p>
+ Fortunately, in practice, most unit files only use a small subset of all the
+theoretically supported directives: most services that run under systemd can be
+converted to run under s6 without too much trouble. So, depending on the exact
+nature of the set of services, it may be possible to write a reasonable converter,
+that is limited in what it supports but does not require a full understanding
+of systemd or s6.
+</p>
+
+<p>
+ This document targets people who think about writing a tool to automatically
+convert a set of unit files to a set of s6 services and are trying to assess
+its feasability and difficulty. We analyze all the directives that may appear
+in a unit file for their services, and rate the difficulty of translating the
+directive, i.e. the amount of complexity that would need to go into the
+converter tool if that directive were to be supported.
+</p>
+
+<p>
+ We rate difficulty on a scale from <strong>0</strong> to <strong>10</strong>.
+A <strong>0</strong> means that the directive is irrelevant to s6 and can
+be ignored. A <strong>1</strong> means that there is a straightforward,
+one-for-one way of translating the systemd directive into s6 parlance. A
+<strong>10</strong> means that the directive is so systemd-specific that it
+is impossible to express it on an s6 system and the unit file cannot be
+converted as is. A <strong>9</strong> means that it is theoretically possible
+to convert, given infinite time and manpower to write a tool that analyzes
+the systemd-managed system holistically and outputs an equivalent system
+managed by s6, but in practice nobody's ever going to write such a tool.
+</p>
+
+<hr />
+
+<ul>
+ <li>
+ <a href="#by-directive">All the directives listed by the order in the
+systemd documentation, with their difficulty</a>
+ <ul>
+ <li> <a href="#systemd.unit">in systemd.unit(5)</a>
+ <ul>
+ <li> <a href="#unit-section"><tt>[Unit]</tt> section</a> </li>
+ <li> <a href="#install-section"><tt>[Install]</tt> section</a> </li>
+ </ul>
+ </li>
+ <li> <a href="#systemd.service">in systemd.service(5)</a>
+ <ul>
+ <li> <a href="#service-section"><tt>[Service]</tt> section</a> </li>
+ </ul>
+ </li>
+ <li> <a href="#systemd.exec">in systemd.exec(5)</a>
+ <ul>
+ <li> <a href="#systemd.exec-paths">Paths</a> </li>
+ <li> <a href="#systemd.exec-identity">User/group identity</a> </li>
+ <li> <a href="#systemd.exec-security">Security</a> </li>
+ <li> <a href="#systemd.exec-mandatoryac">Mandatory access control</a> </li>
+ <li> <a href="#systemd.exec-properties">Process properties</a> </li>
+ <li> <a href="#systemd.exec-scheduling">Scheduling</a> </li>
+ <li> <a href="#systemd.exec-sandboxing">Sandboxing</a> </li>
+ <li> <a href="#systemd.exec-filtering">System call filtering</a> </li>
+ <li> <a href="#systemd.exec-environment">Environment</a> </li>
+ <li> <a href="#systemd.exec-logging">Logging and standard input/output</a> </li>
+ <li> <a href="#systemd.exec-credentials">Credentials</a> </li>
+ <li> <a href="#systemd.exec-sysv">System V compatibility</a> </li>
+ </ul>
+ </li>
+ <li> <a href="#systemd.kill">in systemd.kill(5)</a> </li>
+ </ul>
+ </li>
+ <li>
+ <a href="#by-difficulty">All the directives listed by their difficulty</a>
+ <ul>
+ <li> <a href="#difficulty-0">0</a> </li>
+ <li> <a href="#difficulty-1">1</a> </li>
+ <li> <a href="#difficulty-2">2</a> </li>
+ <li> <a href="#difficulty-3">3</a> </li>
+ <li> <a href="#difficulty-4">4</a> </li>
+ <li> <a href="#difficulty-5">5</a> </li>
+ <li> <a href="#difficulty-6">6</a> </li>
+ <li> <a href="#difficulty-7">7</a> </li>
+ <li> <a href="#difficulty-8">8</a> </li>
+ <li> <a href="#difficulty-9">9</a> </li>
+ <li> <a href="#difficulty-10">10</a> </li>
+ </ul>
+ </li>
+</ul>
+
+<hr />
+
+<h2 id="by-directive"> Difficulty by directive </h2>
+
+<p>
+ Use this section to answer the question: "I have this directive in my unit file,
+how hard would it be to write a converter tool that processes this file?"
+</p>
+
+<h3 id="systemd.unit">
+ Directives documented in <a href="https://man7.org/linux/man-pages/man5/systemd.unit.5.html">systemd.unit(5)</a>
+</h3>
+
+<h4 id="unit-section">
+ <tt>[Unit]</tt> section
+</h4>
+
+<ul>
+ <li> <tt>Description=</tt> : <strong>0</strong>. </li>
+ <p />
+ <li> <tt>Documentation=</tt> : <strong>0</strong>. </li>
+ <p />
+ <li> <tt>Wants=</tt> : <strong>3</strong>. Dependencies between services
+are implemented via <a href="//skarnet.org/software/s6-rc/">s6-rc</a>; in order
+to implement <tt>Wants=</tt>. the converter needs to target s6-rc, which is a
+reasonable requirement for a complete set of services. However, <tt>Wants=</tt>
+expresses weak dependencies, which are not supported by the current version of
+s6-rc, so the exact nature of the dependency needs to be checked by hand. </li>
+ <p />
+ <li> <tt>Requires=</tt> : <strong>2</strong>. The converter needs to
+target <a href="//skarnet.org/software/s6-rc/">s6-rc</a>, but <tt>Requires=</tt>
+dependencies map well to the s6-rc dependency model. </li>
+ <p />
+ <li> <tt>Requisite=</tt> : <strong>3</strong>. systemd supports a lot of
+weird types of dependencies that the current version of s6-rc does not (by
+design). </li>
+ <p />
+ <li> <tt>BindsTo=</tt> : <strong>3</strong>. Same. </li>
+ <p />
+ <li> <tt>PartOf=</tt> : <strong>3</strong>. Same. </li>
+ <p />
+ <li> <tt>Upholds=</tt> : <strong>0</strong>. In s6, services are upheld by
+the supervisor, not by other services. </li>
+ <p />
+ <li> <tt>Conflicts=</tt> : <strong>5</strong>. There are no negative
+dependencies in the s6 world, and a converter tool would have to implement it
+on top of the existing system. </li>
+ <p />
+ <li> <tt>Before=</tt> : <strong>2</strong>. systemd loves to have a
+zillion of keywords to express slightly different kinds of dependencies, and
+only a small subset of all the possible combinations are useful. </li>
+ <p />
+ <li> <tt>After=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>OnFailure=</tt> : <strong>5</strong>. Permanent failure is
+a very exceptional state in s6, there are no hooks to do something when
+permanent failure occurs; so a converter would need to add scripting around that. </li>
+ <p />
+ <li> <tt>OnSuccess=</tt> : <strong>2</strong>. These are oneshot
+dependencies. </li>
+ <p />
+ <li> <tt>PropagatesReloadTo=</tt> : <strong>0</strong>. Under s6-rc
+you can either reload a single service or the whole dependency chain that
+starts at the service. Other configurations just make no sense. </li>
+ <p />
+ <li> <tt>ReloadPropagatedFrom=</tt> : <strong>0</strong>. Same. </li>
+ <p />
+ <li> <tt>PropagatesStopTo=</tt> : <strong>0</strong>. Same with stopping
+a single service or a dependency chain of services. </li>
+ <p />
+ <li> <tt>StopPropagatedFrom=</tt> : <strong>0</strong>. Same. </li>
+ <p />
+ <li> <tt>JoinsNamespaceOf=</tt> : <strong>8</strong>. There are no
+native s6 tools to manage namespaces. </li>
+ <p />
+ <li> <tt>RequiresMountsFor=</tt> : <strong>4</strong>. Mounts are
+not handled in a special way in s6, the converter would have to know
+what service mounts what filesystem. </li>
+ <p />
+ <li> <tt>OnFailureJobMode=</tt> : <strong>6</strong>. This is what
+happens when you mix layers. </li>
+ <p />
+ <li> <tt>IgnoreOnIsolate=</tt> : <strong>0</strong>. </li>
+ <p />
+ <li> <tt>StopWhenUnneeded=</tt> : <strong>0</strong>. </li>
+ <p />
+ <li> <tt>RefuseManualStart=</tt> : <strong>4</strong>. Would need
+some scripting around. There's no reason to ever use that directive though. </li>
+ <p />
+ <li> <tt>RefuseManualStop=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>AllowIsolate=</tt> : <strong>0</strong>. </li>
+ <p />
+ <li> <tt>DefaultDependencies=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>CollectMode=</tt> : <strong>0</strong>. </li>
+ <p />
+ <li> <tt>FailureAction=</tt> : <strong>3</strong>. Anything involving
+permanent failure need to be scripted around, because s6 considers that
+it is an extreme state that requires administrator attention and will
+stop making automatic decisions. </li>
+ <p />
+ <li> <tt>SuccessAction=</tt> : <strong>3</strong>. That's a oneshot
+dependency, but systemd doesn't realize that. </li>
+ <p />
+ <li> <tt>FailureActionExitStatus=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>SuccessActionExitStatus=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>JobTimeoutSec=</tt> : <strong>9</strong>. s6 has no
+concept of jobs. </li>
+ <p />
+ <li> <tt>JobRunningTimeoutSec=</tt> : <strong>9</strong>. Same. </li>
+ <p />
+ <li> <tt>JobTimeoutAction=</tt> : <strong>9</strong>. Same. </li>
+ <p />
+ <li> <tt>JobTimeoutRebootArgument=</tt> : <strong>9</strong>. Same. </li>
+ <p />
+ <li> <tt>StartLimitIntervalSec=</tt> : <strong>3</strong>. s6 does
+not limit start rate. It can stop a service that has a high <em>death</em>
+rate: that's the configuration knob that makes sense. That directive can
+be converted to check death interval instead. </li>
+ <p />
+ <li> <tt>StartLimitBurst=</tt> : <strong>3</strong>. Same. </li>
+ <p />
+ <li> <tt>StartLimitAction=</tt> : <strong>3</strong>. Same. </li>
+ <p />
+ <li> <tt>RebootArgument=</tt> : <strong>5</strong>. Any "system mode"
+action such as a reboot has no place in an s6 set of services anyway;
+systemd obviously likes to mix unrelated layers. In the s6 world, the only
+place where a reboot should occur is
+<a href="//skarnet.org/software/s6-linux-init/">s6-linux-init</a>, and the
+related scripting in <tt>rc.init</tt> files. </li>
+ <p />
+ <li> <tt>SourcePath=</tt> : <strong>0</strong>. </li>
+ <p />
+ <li> Conditions and Asserts: <strong>9</strong>. Most of these are tied to the
+global machine state and absolutely not local to a given set of services. And
+even for those that are not, what they do is change the whole service manager's
+behaviour depending on some external dynamic state such as the existence of a
+file in the filesystem — and that is entirely contrary to the s6
+philosophy of making services predictable and reproductble. </li>
+</ul>
+
+<h4 id="install-section">
+ <tt>[Install]</tt> section
+</h4>
+
+<p>
+ Any directive under <tt>[Install]</tt> can be ignored, since it has no
+meaning on the run-time behaviour of the service. So the difficulty is
+<strong>0</strong>. However, an automatic converter would need to
+analyze the whole installed service configuration, e.g. the links in
+<tt>/etc/systemd/system/multi-user.target.wants/</tt>, in order to
+understand the dependencies between services. systemd targets can
+typically be converted into s6-rc bundles.
+</p>
+
+<h3 id="systemd.service">
+ Directives documented in <a href="https://man7.org/linux/man-pages/man5/systemd.service.5.html">systemd.service(5)</a>
+</h3>
+
+<h4 id="service-section">
+ <tt>[Service]</tt> section
+</h4>
+
+<ul>
+ <li> <tt>Type=</tt> : depending on its type, a systemd "service"
+can translate to wildly different things under s6.
+ <ul>
+ <li> <tt>simple</tt> : <strong>1</strong>. </li>
+ <li> <tt>exec</tt> : <strong>1</strong>. </li>
+ <li> <tt>forking</tt> : <strong>2</strong>. This type is strongly discouraged. </li>
+ <li> <tt>oneshot</tt> : <strong>1</strong>. </li>
+ <li> <tt>dbus</tt> : <strong>5</strong>. This type requires implementing dbus
+management programs for s6. </li>
+ <li> <tt>notify</tt> : <strong>7</strong>. This type requires an implementation
+of a compatibility server for
+<a href="https://man7.org/linux/man-pages/man3/sd_notify.3.html"><tt>sd_notify()</tt></a>,
+which is heavily tied to the monolithic systemd architecture and is difficult to support
+in a modular system such as s6. It is much easier to modify the services themselves so
+they use the <a href="notifywhenup.html">s6 readiness
+notification mechanism</a> instead of sd_notify. </li>
+ <li> <tt>idle</tt> : <strong>0</strong>. This type is meaningless under s6 and
+should be treated like <tt>simple</tt>. </li>
+ </ul>
+ </li>
+ <p />
+ <li> <tt>ExitType=</tt> : again, it depends on the value.
+ <ul>
+ <li> <tt>main</tt> : <strong>1</strong>. </li>
+ <li> <tt>cgroup</tt> : <strong>3</strong>. This requires implementing, or
+having access to, command-line cgroup tools. </li>
+ </ul>
+ </li>
+ <p />
+ <li> <tt>RemainAfterExit=</tt> : <strong>0</strong>. </li>
+ <p />
+ <li> <tt>GuessMainPid=</tt> : <strong>0</strong>. But don't use <tt>forking</tt>
+if you can avoid it. </li>
+ <p />
+ <li> <tt>PIDFile=</tt> : <strong>2</strong>. Same. </li>
+ <p />
+ <li> <tt>BusName=</tt> : <strong>5</strong>. Avoid type <tt>dbus</tt> if possible. </li>
+ <p />
+ <li> <tt>ExecStart=</tt> : <strong>2</strong>, with caveats. This is the bread and
+butter of service definitions; all your services will likely have such a directive, and
+the contents of <tt>ExecStart=</tt> will typically go into a run script (for longruns) or
+an up file (for oneshots). However, since systemd hates simplicity, there are a number
+of transformations that have to happen to the command line before it can be used in a
+script, and in particular if the command has a <em>special executable prefix</em>.
+Implementing these has its own difficulty ratings:
+ <ul>
+ <li> <tt>@</tt> : <strong>1</strong>. </li>
+ <li> <tt>-</tt> : <strong>1</strong>. </li>
+ <li> <tt>:</tt> : <strong>2</strong>. </li>
+ <li> <tt>+</tt> : <strong>5</strong>. </li>
+ <li> <tt>!</tt> : <strong>3</strong>. </li>
+ <li> <tt>!!</tt> : <strong>3</strong>. </li>
+ </ul>
+ </li>
+ <p />
+ <li> <tt>ExecStartPre=</tt> : <strong>2</strong>. In order to have a strict
+semantic equivalence with their systemd version, <tt>ExecStartPre=</tt> lines must
+be implemented as s6-rc oneshots, and the whole unit file must be implemented as
+a bundle. </li>
+ <p />
+ <li> <tt>ExecStartPost=</tt> : <strong>2</strong>. Same. </li>
+ <p />
+ <li> <tt>ExecCondition=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>ExecReload=</tt> : <strong>0</strong>. A reloading command that
+does not involve restarting the service does not need the service manager as
+a third-party. systemd cannot help inserting itself where it does not belong. </li>
+ <p />
+ <li> <tt>ExecStop=</tt> : <strong>6</strong>. s6 only supports terminating
+services via signals, so if a service needs a specific command to be stopped,
+the converter needs to target an interface layer on top of s6 with a repository
+of stop commands; such a layer would likely need to be on top of s6-rc as well
+and a lot of complexity would ensue. Fortunately, a huge majority of services
+support termination via signals and it is often easy to avoid relying on
+<tt>ExecStop=</tt>. </li>
+ <p />
+ <li> <tt>ExecStopPost=</tt> : <strong>2</strong>. These are the
+<tt>down</tt> scripts of the <tt>ExecStartPre=</tt> oneshots. </li>
+ <p />
+ <li> <tt>RestartSec=</tt> : <strong>2</strong>. s6 has no setting for that,
+because it aims for maximum uptime; but there are still ways to implement that
+bad idea. </li>
+ <p />
+ <li> <tt>TimeoutStartSec=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>TimeoutStopSec=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>TimeoutAbortSec=</tt> : <strong>7</strong>. This would need a
+watchdog implementation, in the server implementation of <tt>sd_notify()</tt>. </li>
+ <p />
+ <li> <tt>TimeoutSec=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>TimeoutStartFailureMode=</tt> : <strong>0</strong> for
+<tt>terminate</tt> and <tt>kill</tt>, <strong>7</strong> for <tt>abort</tt>. </li>
+ <p />
+ <li> <tt>TimeoutStopFailureMode=</tt> : <strong>0</strong> for
+<tt>terminate</tt> and <tt>kill</tt>, <strong>7</strong> for <tt>abort</tt>. </li>
+ <p />
+ <li> <tt>RuntimeMaxSec=</tt> : <strong>4</strong>. This is the exact
+opposite of what you need a process supervisor for, so s6 does not
+implement it. It is best to run such a process (not a <em>service</em>)
+outside of any kind of supervision framework. </li>
+ <p />
+ <li> <tt>RuntimeRandomizedExtraSec=</tt> : <strong>4</strong>. Same. </li>
+ <p />
+ <li> <tt>WatchdogSec=</tt> : <strong>7</strong>. Requires a watchdog
+implementation in the very specific systemd way. </li>
+ <p />
+ <li> <tt>Restart=</tt> : depends on the value.
+ <ul>
+ <li> <tt>no</tt> : <strong>2</strong>, but why use a process supervisor
+in the first place? </li>
+ <li> <tt>on-success</tt> : <strong>2</strong>. </li>
+ <li> <tt>on-failure</tt> : <strong>2</strong>. </li>
+ <li> <tt>on-abnormal</tt> : <strong>2</strong>. </li>
+ <li> <tt>on-watchdog</tt> : <strong>7</strong>. Again, this requires
+a watchdog implementation. </li>
+ <li> <tt>on-abort</tt> : <strong>2</strong>. </li>
+ <li> <tt>always</tt> : <strong>1</strong>. </li>
+ </ul>
+ </li>
+ <p />
+ <li> <tt>SuccessExitStatus=</tt> : <strong>3</strong>. This can be easily
+scripted, but supporting all the systemd formats is annoying. </li>
+ <p />
+ <li> <tt>RestartPreventExitStatus=</tt> : <strong>1</strong>. This is
+exactly what <a href="s6-permafailon.html">s6-permafailon</a>
+is for. </li>
+ <p />
+ <li> <tt>RestartForceExitStatus=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>RootDirectoryStartOnly=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>NonBlocking=</tt> : <strong>5</strong>. This requires an
+emulation of systemd's socket activation. s6 provides the useful parts of
+it, like a <a href="s6-fdholder-daemon.html">process
+to hold file descriptors</a>, but the systemd-specific API around socket
+activation, <a href="https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html">sd_listen_fds(3)</a>,
+still needs to be implemented. </li>
+ <p />
+ <li> <tt>NotifyAccess=</tt> : <strong>1</strong> if <tt>none</tt>, <strong>7</strong>
+otherwise, because it needs an implementation of <tt>sd_notify()</tt>. </li>
+ <p />
+ <li> <tt>Sockets=</tt> : <strong>5</strong>. Requires an implementation
+of systemd's socket activation. </li>
+ <p />
+ <li> <tt>FileDescriptorStoreMax=</tt> : <strong>7</strong>. Requires an implementation
+of <tt>sd_notify()</tt>; the fd store itself is native to s6. </li>
+ <p />
+ <li> <tt>USBFunctionDescriptors=</tt> : <strong>9</strong>. This is
+low-level machine management, not service management. </li>
+ <p />
+ <li> <tt>USBFunctionStrings=</tt> : <strong>9</strong>. Same. </li>
+ <p />
+ <li> <tt>OOMPolicy=</tt> : <strong>9</strong>. Same. </li>
+</ul>
+
+<h3 id="systemd.exec">
+ Directives documented in <a href="https://man7.org/linux/man-pages/man5/systemd.exec.5.html">systemd.exec(5)</a>
+</h3>
+
+<h4 id="systemd.exec-paths">
+ Paths
+</h4>
+
+<ul>
+ <li> <tt>ExecSearchPath=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>WorkingDirectory=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>RootDirectory=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>RootImage=</tt> : <strong>6</strong>. I am discovering these
+options in real time and shaking my head - systemd still manages to baffle me
+with the amount of gratuitous ad-hoc that went into it. Still, this is
+regular low-level programming for Linux, this is less difficult to implement than
+systemd-specific stuff, that's why it only gets a 6. </li>
+ <p />
+ <li> <tt>RootImageOptions=</tt> : <strong>6</strong>. Same. </li>
+ <p />
+ <li> <tt>RootHash=</tt> : <strong>9</strong>. Please. </li>
+ <p />
+ <li> <tt>RootHashSignature=</tt> : <strong>9</strong>. </li>
+ <p />
+ <li> <tt>RootVerity=</tt> : <strong>9</strong>. </li>
+ <p />
+ <li> <tt>MountAPIVFS=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>ProtectProc=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>ProcSubset=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>BindPaths=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>BindReadOnlyPaths=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>MountImages=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>ExtensionImages=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>ExtensionDirectories=</tt> : <strong>6</strong>. It's a full low-level
+userspace implementation at this point. It's not very <em>complex</em>, the 6 feels
+accurate, but it's a whole lot of work. This is how systemd maintains its
+hegemony: not because it does incredible, awe-inspiring magic, but because it
+substitutes its monolithic self to a whole ecosystem, imposes its own API, and
+locks users in — people who want to smoothly transition away from systemd need
+to implement <em>the whole shtick</em>, which is obviously a huge undertaking, as
+the author of <a href="https://web.archive.org/web/20150516113530/http://uselessd.darknedgy.net/">uselessd</a>
+can confirm. </li>
+</ul>
+
+<h4 id="systemd.exec-identity">
+ User/group identity
+</h4>
+
+<ul>
+ <li> <tt>User=</tt> : <strong>3</strong>. This looks very simple, but is
+treacherous, because <tt>User=</tt> is a mash of two very different features:
+setting users <em>statically</em> (via numeric ID, which don't change meanings
+between two invocations) and setting users <em>dynamically</em> (via user name,
+which needs to be interpreted by
+<a href="https://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwnam.html">getpwnam(3)</a>
+on every invocation of the service. s6 supports both, but since these are two
+different things, the way to do them in s6 is different (statically setting the
+UID and GID variables and calling
+<a href="s6-applyuidgid.html">s6-applyuidgid -U</a>,
+or calling <a href="s6-setuidgid.html">s6-setuidgid</a>).
+This is the exact kind of small detail that makes writing an automatic converter more difficult
+than it should be: the systemd unit file syntax is rife with semantic pitfalls, and managing
+your way across it requires very close attention. </li>
+ <p />
+ <li> <tt>Group=</tt> : <strong>3</strong>. Same. </li>
+ <p />
+ <li> <tt>DynamicUser=</tt> : <strong>5</strong>. Of course this flag has an
+<em>entirely</em> different meaning from setting users statically or dynamically, or
+else it would be too easy to understand. No, this flag is about <em>allocating temporary
+new users</em>, which is a prime example of overengineering. </li>
+ <p />
+ <li> <tt>SupplementaryGroups=</tt> : <strong>1</strong>. Same. </li>
+ <p />
+ <li> <tt>PAMName=</tt> : <strong>4</strong>. Requires PAM command-line
+utilities. </li>
+</ul>
+
+<h4 id="systemd.exec-capabilities">
+ Capabilities
+</h4>
+
+<ul>
+ <li> <tt>CapabilityBoundingSet=</tt> : <strong>4</strong>. This requires
+command-line tools implementing capabilities. </li>
+ <p />
+ <li> <tt>AmbientCapabilities=</tt> : <strong>4</strong>. Same. </li>
+</ul>
+
+<h4 id="systemd.exec-security">
+ Security
+</h4>
+
+<ul>
+ <li> <tt>NoNewPrivileges=</tt> : <strong>4</strong>. Similar to capabilities,
+this requires a command-line tool controlling the Linux-specific
+<a href="https://man7.org/linux/man-pages/man2/prctl.2.html">prctl(2)</a> system
+call. </li>
+ <p />
+ <li> <tt>SecureBits=</tt> : <strong>4</strong>. Same. </li>
+</ul>
+
+<h4 id="systemd.exec-mandatoryac">
+ Mandatory access control
+</h4>
+
+<ul>
+ <li> <tt>SELinuxContext=</tt> : <strong>5</strong>. This requires
+command-line tools managing SELinux. </li>
+ <p />
+ <li> <tt>AppArmorProfile=</tt> : <strong>5</strong>. Same, with AppArmor. </li>
+ <p />
+ <li> <tt>SmackProcessLabel=</tt> : <strong>5</strong>. Same, with SMACK.
+systemd needs to know and understand all the Linux security modules in order
+to interact with them. s6 does not - it expects a service's run script to
+perform all the needed process state changes and controls before executing
+into the daemon. </li>
+</ul>
+
+<h4 id="systemd.exec-properties">
+ Process properties
+</h4>
+
+<ul>
+ <li> <tt>LimitCPU=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LimitFSIZE=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LimitDATA=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LimitSTACK=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LimitCORE=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LimitRSS=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LimitNOFILE=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LimitAS=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LimitNPROC=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LimitMEMLOCK=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LimitLOCKS=</tt> : <strong>2</strong>. This resource limit
+isn't natively supported by
+<a href="//skarnet.org/software/s6/s6-softlimit.html">s6-softlimit</a>, but
+it could appear in a future s6 version - and it's easy to add in any case. </li>
+ <p />
+ <li> <tt>LimitSIGPENDING=</tt> : <strong>2</strong>. Same. </li>
+ <p />
+ <li> <tt>LimitMSGQUEUE=</tt> : <strong>2</strong>. Same. </li>
+ <p />
+ <li> <tt>LimitNICE=</tt> : <strong>2</strong>. Same. </li>
+ <p />
+ <li> <tt>LimitRTPRIO=</tt> : <strong>2</strong>. Same. </li>
+ <p />
+ <li> <tt>LimitRTTIME=</tt> : <strong>2</strong>. Same. </li>
+ <p />
+ <li> <tt>UMask=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>CoredumpFilter=</tt> : <strong>4</strong>. Requires a
+command-line tool around <a href="https://man7.org/linux/man-pages/man2/prctl.2.html">prctl(2)</a>. </li>
+ <p />
+ <li> <tt>KeyringMode=</tt> : <strong>5</strong>. Requires
+interaction with PAM and an understanding of keyrings. Fortunately,
+practically nothing will need that. </li>
+ <p />
+ <li> <tt>OOMScoreAdjust=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>TimerSlackNSec=</tt> : <strong>4</strong>. Requires a
+command-line tool around <a href="https://man7.org/linux/man-pages/man2/prctl.2.html">prctl(2)</a>. </li>
+ <p />
+ <li> <tt>Personality=</tt> : <strong>3</strong>. Requires a
+command-line tool around <a href="https://man7.org/linux/man-pages/man2/personality.2.html">personality(2)</a>. </li>
+ <p />
+ <li> <tt>IgnoreSIGPIPE=</tt> : <strong>2</strong>. </li>
+</ul>
+
+<h4 id="systemd.exec-scheduling">
+ Scheduling
+</h4>
+
+<ul>
+ <li> <tt>Nice=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>CPUSchedulingPolicy=</tt> : <strong>3</strong>. Requires a
+command-line tool around <a href="https://man7.org/linux/man-pages/man2/sched_setscheduler.2.html">sched_setscheduler(2)</a>. </li>
+ <p />
+ <li> <tt>CPUSchedulingPriority=</tt> : <strong>3</strong>. Same. </li>
+ <p />
+ <li> <tt>CPUSchedulingResetOnFork=</tt> : <strong>3</strong>. Same. </li>
+ <p />
+ <li> <tt>CPUAffinity=</tt> : <strong>3</strong>. Requires a
+command-line tool around <a href="https://man7.org/linux/man-pages/man2/sched_setaffinity.2.html">sched_setaffinity(2)</a>. </li>
+ <p />
+ <li> <tt>NUMAPolicy=</tt> : <strong>3</strong>. Requires a
+command-line tool around <a href="https://man7.org/linux/man-pages/man2/set_mempolicy.2.html">set_mempolicy(2)</a>. </li>
+ <p />
+ <li> <tt>NUMAMask=</tt> : <strong>3</strong>. Same. </li>
+ <p />
+ <li> <tt>IOSchedulingClass=</tt> : <strong>3</strong>. Requires a
+command-line tool around <a href="https://man7.org/linux/man-pages/man2/ioprio_set.2.html">ioprio_set(2)</a>. </li>
+ <p />
+ <li> <tt>IOSchedulingPriority=</tt> : <strong>3</strong>. Same. </li>
+</ul>
+
+<h4 id="systemd.exec-sandboxing">
+ Sandboxing
+</h4>
+
+<p>
+ systemd gracefully turns off the sandboxing options on systems that
+do not support the necessary functionality, so all these options can
+be ignored (difficulty <strong>0</strong>) and the services will still
+work. However, in order to actually implementing the sandboxing, it is
+necessary to pair s6 with command-line tools that perform the required
+process state changes by interfacing with namespaces, cgroups, seccomp,
+or any other relevant feature of the Linux kernel, so for all these
+directives the difficulty is somewhere between <strong>2</strong>, if
+the tool already exists, and <strong>8</strong>, if it requires writing
+a full container implementation from scratch. The following numbers are
+only a rough guess.
+</p>
+
+<ul>
+ <li> <tt>ProtectSystem=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>ProtectHome=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>RuntimeDirectory=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>StateDirectory=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>CacheDirectory=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LogsDirectory=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>ConfigurationDirectory=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>RuntimeDirectoryMode=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>StateDirectoryMode=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>CacheDirectoryMode=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>LogsDirectoryMode=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>ConfigurationDirectoryMode=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>RuntimeDirectoryPreserve=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>TimeoutCleanSec=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>ReadWritePaths=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>ReadOnlyPaths=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>InaccessiblePaths=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>ExecPaths=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>NoExecPaths=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>TemporaryFileSystem=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>PrivateTmp=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>PrivateDevices=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>PrivateNetwork=</tt> : <strong>8</strong>. </li>
+ <p />
+ <li> <tt>NetworkNamespacePath=</tt> : <strong>8</strong>. </li>
+ <p />
+ <li> <tt>PrivateIPC=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>IPCNamespacePath=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>PrivateUsers=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>ProtectHostname=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>ProtectClock=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>ProtectKernelTunables=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>ProtectKernelModules=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>ProtectKernelLogs=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>ProtectControlGroups=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>RestrictAddressFamilies=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>RestrictFilesystems=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>RestrictNamespaces=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>LockPersonality=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>MemoryDenyWriteExecute=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>RestrictRealtime=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>RestrictSUIDSGID=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>RemoveIPC=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>PrivateMounts=</tt> : <strong>5</strong>. </li>
+</ul>
+
+<h4 id="systemd.exec-filtering">
+ System call filtering
+</h4>
+
+<ul>
+ <li> <tt>SystemCallFilter=</tt> : <strong>8</strong>. </li>
+ <p />
+ <li> <tt>SystemCallErrorNumber=</tt> : <strong>8</strong>. </li>
+ <p />
+ <li> <tt>SystemCallArchitectures=</tt> : <strong>8</strong>. </li>
+ <p />
+ <li> <tt>SystemCallLog=</tt> : <strong>8</strong>. </li>
+</ul>
+
+<h4 id="systemd.exec-environment">
+ Environment
+</h4>
+
+<ul>
+ <li> <tt>Environment=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>EnvironmentFile=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>PassEnvironment=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>UnsetEnvironment=</tt> : <strong>1</strong>. </li>
+</ul>
+
+<h4 id="systemd.exec-logging">
+ Logging and standard input/output
+</h4>
+
+<ul>
+ <li> <tt>StandardInput=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>StandardOutput=</tt> : <strong>1</strong>, except
+for <tt>journal</tt> which cannot be supported (<strong>10</strong>). </li>
+ <p />
+ <li> <tt>StandardError=</tt> : same. </li>
+ <p />
+ <li> <tt>StandardInputText=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>StandardInputData=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>LogLevelMax=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>LogExtraFields=</tt> : <strong>10</strong>. </li>
+ <p />
+ <li> <tt>LogRateLimitIntervalSec=</tt> : <strong>10</strong>. </li>
+ <p />
+ <li> <tt>LogRateLimitBurst=</tt> : <strong>10</strong>. </li>
+ <p />
+ <li> <tt>LogFilterPatterns=</tt> : <strong>4</strong>. </li>
+ <p />
+ <li> <tt>LogNamespace=</tt> : <strong>10</strong>. </li>
+ <p />
+ <li> <tt>SyslogIdentifier=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>SyslogFacility=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>SyslogLevel=</tt> : <strong>2</strong>. </li>
+ <p />
+ <li> <tt>SyslogLevelPrefix=</tt> : <strong>4</strong>. </li>
+ <p />
+ <li> <tt>TTYPath=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>TTYReset=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>TTYVHangup=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>TTYRows=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>TTYColumns=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>TTYDisallocate=</tt> : <strong>3</strong>. </li>
+ <p />
+</ul>
+
+<h4 id="systemd.exec-credentials">
+ Credentials
+</h4>
+
+<p>
+ systemd implements its own credentials store mechanism, for no obvious
+benefit. The whole credentials system needs to be reimplemented outside
+of systemd in order for credentials-related directives to be supported
+by s6. Consequently, all these directives are rated <strong>6</strong>.
+</p>
+
+<h4 id="systemd.exec-sysv">
+ System V compatibility
+</h4>
+
+<p>
+ The utmp directives can be made significantly easier to implement if the target
+system is using <a href="//skarnet.org/software/utmps/">utmps</a>,
+because the directives then become a single call to
+<a href="//skarnet.org/software/utmps/utmps-write.html">utmps-write</a>
+with the relevant options. If <a href="//skarnet.org/software/utmps/">utmps</a>
+cannot be used, then the utmp calls need to be reimplemented.
+</p>
+
+<ul>
+ <li> <tt>UtmpIdentifier=</tt> : <strong>4</strong>. </li>
+ <p />
+ <li> <tt>UtmpMode=</tt> : <strong>4</strong>. </li>
+</ul>
+
+<h3 id="systemd.kill">
+ Directives documented in <a href="https://man7.org/linux/man-pages/man5/systemd.kill.5.html">systemd.kill(5)</a>
+</h3>
+
+<ul>
+ <li> <tt>KillMode=</tt> : depends on the kill mode.
+<tt>control-group</tt> and <tt>mixed</tt> are <strong>3</strong>,
+because they require cgroup control commands (that can be implemented
+in shell). <tt>process</tt> is <strong>1</strong>. <tt>none</tt> is
+<strong>2</strong>. </li>
+ <p />
+ <li> <tt>KillSignal=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>RestartKillSignal=</tt> : <strong>5</strong>. s6
+doesn't use a different signal for restarting; implementing this
+requires an outer layer. (This is overengineering.) </li>
+ <p />
+ <li> <tt>SendSIGHUP=</tt> : <strong>5</strong>. Same. </li>
+ <p />
+ <li> <tt>SendSIGKILL=</tt> : <strong>1</strong>. </li>
+ <p />
+ <li> <tt>FinalKillSignal=</tt> : <strong>5</strong>. (This
+is <em>absolute</em> overengineering.) </li>
+ <p />
+ <li> <tt>WatchdogSignal=</tt> : <strong>7</strong>. Only meaningful
+with an implementation of systemd's watchdog system. </li>
+</ul>
+
+<h3 id="systemd.resource-control">
+ Directives documented in <a href="https://man7.org/linux/man-pages/man5/systemd.resource-control.5.html">systemd.resource-control(5)</a>
+</h3>
+
+<p>
+ All these directives relate to cgroups, so implementing them means
+having access to at least some cgroups commands (difficulty at least
+<strong>3</strong>. Others are even more involved, requiring tight
+service integration with the system. Generally, seeing these directives
+in your unit files is a bad sign; despite some of them only having
+<strong>3</strong> or <strong>4</strong> listed, we do not recommend
+implementing <a href="https://man7.org/linux/man-pages/man5/systemd.resource-control.5.html">systemd.resource-control(5)</a>
+without having a full holistic view of the system.
+</p>
+
+<ul>
+ <li> <tt>CPUAccounting=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>CPUWeight=</tt> : <strong>4</strong>. </li>
+ <p />
+ <li> <tt>StartupCPUWeight=</tt> : <strong>9</strong>. Involves
+startup and shutdown. </li>
+ <p />
+ <li> <tt>CPUQuota=</tt> : <strong>4</strong>. </li>
+ <p />
+ <li> <tt>CPUQuotaPeriodSec=</tt> : <strong>4</strong>. </li>
+ <p />
+ <li> <tt>AllowedCPUs=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>StartupAllowedCPUs=</tt> : <strong>9</strong>. Involves
+startup and shutdown. </li>
+ <p />
+ <li> <tt>AllowedMemoryNodes=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>StartupAllowedMemoryNodes=</tt> : <strong>9</strong>.
+Involves startup and shutdown. </li>
+ <p />
+ <li> <tt>MemoryAccounting=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>MemoryMin=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>MemoryLow=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>MemoryHigh=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>MemoryMax=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>MemorySwapMax=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>MemoryZSwapMax=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>TasksAccounting=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>TasksMax=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>IOAccounting=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>IOWeight=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>StartupIOWeight=</tt> : <strong>9</strong>. Involves
+startup and shutdown. </li>
+ <p />
+ <li> <tt>IODeviceWeight=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>IOReadBandwidthMax=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>IOWriteBandwidthMax=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>IOReadIOPSMax=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>IOWriteIOPSMax=</tt> : <strong>5</strong>. </li>
+ <p />
+ <li> <tt>IODeviceLatencyTargetSec=</tt> : <strong>4</strong>. </li>
+ <p />
+ <li> <tt>IPAccounting=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>IPAddressAllow=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>IPAddressDeny=</tt> : <strong>7</strong>. </li>
+ <p />
+ <li> <tt>IPIngressFilterPath=</tt> : <strong>8</strong>. </li>
+ <p />
+ <li> <tt>IPEgressFilterPath=</tt> : <strong>8</strong>. </li>
+ <p />
+ <li> <tt>BPFProgram=</tt> : <strong>8</strong>. </li>
+ <p />
+ <li> <tt>SocketBindAllow=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>SocketBindDeny=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>RestrictNetworkInterfaces=</tt> : <strong>4</strong>. </li>
+ <p />
+ <li> <tt>DeviceAllow=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>DevicePolicy=</tt> : <strong>6</strong>. </li>
+ <p />
+ <li> <tt>Slice=</tt> : <strong>9</strong>. Slices are a systemd concept,
+and fully implementing them requires a holistic system analysis. </li>
+ <p />
+ <li> <tt>Delegate=</tt> : <strong>4</strong>. </li>
+ <p />
+ <li> <tt>DisableControllers=</tt> : <strong>3</strong>. </li>
+ <p />
+ <li> <tt>ManagedOOMSwap=</tt> : <strong>8</strong>. Out-of-memory
+management is an entire systemd subsystem; instead of implementing that,
+we recommend provisioning your machines correctly, and freeing up more
+resources for your applications by using s6.
+ <p />
+ <li> <tt>ManagedOOMMemoryPressure=</tt> : <strong>8</strong>. </li>
+ <p />
+ <li> <tt>ManagedOOMMemoryPressureLimit=</tt> : <strong>8</strong>. </li>
+ <p />
+ <li> <tt>ManagedOOMPreference=</tt> : <strong>8</strong>. </li>
+</ul>
+
+
+<h2 id="by-difficulty"> Directives rated by difficulty </h2>
+
+<p>
+ Use this section to answer the question: "If I were to write a converter tool
+from systemd to s6, what subset of the unit file syntax should I focus on
+first?"
+</p>
+
+<p>
+ Take this classification with a grain of salt: for instance, it does not
+make sense to implement an easy directive if it's only used in the context
+of a larger subsystem that's much harder to implement - typically, most
+cgroups-related resource control directives.
+</p>
+
+<h3 id="difficulty-0">
+ Difficulty: 0 — directives that can be ignored
+</h3>
+
+<ul>
+ <li> <tt>Description=</tt> </li>
+ <li> <tt>Documentation=</tt> </li>
+ <li> <tt>Upholds=</tt> </li>
+ <li> <tt>PropagatesReloadTo=</tt> </li>
+ <li> <tt>PropagatesStopTp=</tt> </li>
+ <li> <tt>StopPropagatedFrom=</tt> </li>
+ <li> <tt>IgnoreOnIsolate=</tt> </li>
+ <li> <tt>StopWhenUnneeded=</tt> </li>
+ <li> <tt>AllowIsolate=</tt> </li>
+ <li> <tt>CollectMode=</tt> </li>
+ <li> <tt>SourcePath=</tt> </li>
+ <li> <tt>Type=idle</tt> </li>
+ <li> <tt>RemainAfterExit=</tt> </li>
+ <li> <tt>GuessMainPid=</tt> </li>
+ <li> <tt>ExecReload=</tt> </li>
+ <li> <tt>TimeoutStartFailureMode=</tt> </li>
+ <li> <tt>TimeoutStopFailureMode=</tt> </li>
+</ul>
+
+<h3 id="difficulty-1">
+ Difficulty: 1 — direct functionality mapping
+</h3>
+
+<ul>
+ <li> <tt>RefuseManualStop=</tt> </li>
+ <li> <tt>FailureActionExitStatus=</tt> </li>
+ <li> <tt>SuccessActionExitStatus=</tt> </li>
+ <li> <tt>Type=simple</tt>, <tt>exec</tt> or <tt>oneshot</tt> </li>
+ <li> <tt>ExitType=main</tt> </li>
+ <li> <tt>TimeoutStartSec=</tt> </li>
+ <li> <tt>TimeoutStopSec=</tt> </li>
+ <li> <tt>TimeoutSec=</tt> </li>
+ <li> <tt>Restart=always</tt> </li>
+ <li> <tt>RestartPreventExitStatus=</tt> </li>
+ <li> <tt>NotifyAccess=none</tt> </li>
+ <li> <tt>ExecSearchPath=</tt> </li>
+ <li> <tt>RootDirectory=</tt> </li>
+ <li> <tt>SupplementaryGroups=</tt> </li>
+ <li> <tt>LimitCPU=</tt> </li>
+ <li> <tt>LimitFSIZE=</tt> </li>
+ <li> <tt>LimitDATA=</tt> </li>
+ <li> <tt>LimitSTACK=</tt> </li>
+ <li> <tt>LimitCORE=</tt> </li>
+ <li> <tt>LimitRSS=</tt> </li>
+ <li> <tt>LimitNOFILE=</tt> </li>
+ <li> <tt>LimitAS=</tt> </li>
+ <li> <tt>LimitNPROC=</tt> </li>
+ <li> <tt>LimitMEMLOCK=</tt> </li>
+ <li> <tt>UMask=</tt> </li>
+ <li> <tt>Nice=</tt> </li>
+ <li> <tt>RuntimeDirectory=</tt> </li>
+ <li> <tt>StateDirectory=</tt> </li>
+ <li> <tt>CacheDirectory=</tt> </li>
+ <li> <tt>LogsDirectory=</tt> </li>
+ <li> <tt>ConfigurationDirectory=</tt> </li>
+ <li> <tt>RuntimeDirectoryMode=</tt> </li>
+ <li> <tt>StateDirectoryMode=</tt> </li>
+ <li> <tt>CacheDirectoryMode=</tt> </li>
+ <li> <tt>LogsDirectoryMode=</tt> </li>
+ <li> <tt>ConfigurationDirectoryMode=</tt> </li>
+ <li> <tt>Environment=</tt> </li>
+ <li> <tt>EnvironmentFile=</tt> </li>
+ <li> <tt>PassEnvironment=</tt> </li>
+ <li> <tt>UnsetEnvironment=</tt> </li>
+ <li> <tt>StandardInput=</tt> </li>
+ <li> <tt>StandardOutput=</tt> (except <tt>journal</tt>) </li>
+ <li> <tt>StandardError=</tt> (except <tt>journal</tt>) </li>
+ <li> <tt>TTYPath=</tt> </li>
+ <li> <tt>KillMode=process</tt> </li>
+ <li> <tt>KillSignal=</tt> </li>
+ <li> <tt>SendSIGKILL=</tt> </li>
+</ul>
+
+<h3 id="difficulty-2">
+ Difficulty: 2 — straightforward implementation
+</h3>
+
+<ul>
+ <li> <tt>Requires=</tt> </li>
+ <li> <tt>Before=</tt> </li>
+ <li> <tt>After=</tt> </li>
+ <li> <tt>OnSuccess=</tt> </li>
+ <li> <tt>DefaultDependencies=</tt> </li>
+ <li> <tt>Type=forking</tt> </li>
+ <li> <tt>PIDFile=</tt> </li>
+ <li> <tt>ExecStart=</tt> (omitting some prefixes) </li>
+ <li> <tt>ExecStartPre=</tt> </li>
+ <li> <tt>ExecStartPost=</tt> </li>
+ <li> <tt>ExecCondition=</tt> </li>
+ <li> <tt>ExecStopPost=</tt> </li>
+ <li> <tt>RestartSec=</tt> </li>
+ <li> <tt>Restart=</tt> except <tt>on-watchdog</tt> </li>
+ <li> <tt>RestartForceExitStatus=</tt> </li>
+ <li> <tt>RootDirectoryStartOnly=</tt> </li>
+ <li> <tt>WorkingDirectory=</tt> </li>
+ <li> <tt>LimitLOCKS=</tt> </li>
+ <li> <tt>LimitSIGPENDING=</tt> </li>
+ <li> <tt>LimitMSGQUEUE=</tt> </li>
+ <li> <tt>LimitNICE=</tt> </li>
+ <li> <tt>LimitRTPRIO=</tt> </li>
+ <li> <tt>LimitRTTIME=</tt> </li>
+ <li> <tt>OOMScoreAdjust=</tt> </li>
+ <li> <tt>IgnoreSIGPIPE=</tt> </li>
+ <li> <tt>StandardInputText=</tt> </li>
+ <li> <tt>StandardInputData=</tt> </li>
+ <li> <tt>SyslogIdentifier=</tt> </li>
+ <li> <tt>SyslogFacility=</tt> </li>
+ <li> <tt>SyslogLevel=</tt> </li>
+ <li> <tt>KillMode=none</tt> </li>
+</ul>
+
+<h3 id="difficulty-3">
+ Difficulty: 3 — requires easy additional programming
+</h3>
+
+<ul>
+ <li> <tt>Wants=</tt> </li>
+ <li> <tt>Requisite=</tt> </li>
+ <li> <tt>BindsTo=</tt> </li>
+ <li> <tt>PartOf=</tt> </li>
+ <li> <tt>FailureAction=</tt> </li>
+ <li> <tt>SuccessAction=</tt> </li>
+ <li> <tt>StartLimitIntervalSec=</tt> </li>
+ <li> <tt>StartLimitBurst=</tt> </li>
+ <li> <tt>StartLimitAction=</tt> </li>
+ <li> <tt>ExitType=cgroup</tt> </li>
+ <li> <tt>SuccessExitStatus=</tt> </li>
+ <li> <tt>User=</tt> </li>
+ <li> <tt>Group=</tt> </li>
+ <li> <tt>Personality=</tt> </li>
+ <li> <tt>CPUSchedulingPolicy=</tt> </li>
+ <li> <tt>CPUSchedulingPriority=</tt> </li>
+ <li> <tt>CPUSchedulingResetOnFork=</tt> </li>
+ <li> <tt>CPUAffinity=</tt> </li>
+ <li> <tt>NUMAPolicy=</tt> </li>
+ <li> <tt>NUMAMask=</tt> </li>
+ <li> <tt>IOSchedulingClass=</tt> </li>
+ <li> <tt>IOSchedulingPriority=</tt> </li>
+ <li> <tt>RuntimeDirectoryPreserve=</tt> </li>
+ <li> <tt>TimeoutCleanSec=</tt> </li>
+ <li> <tt>LoglevelMax=</tt> </li>
+ <li> <tt>TTYReset=</tt> </li>
+ <li> <tt>TTYVHangup=</tt> </li>
+ <li> <tt>TTYRows=</tt> </li>
+ <li> <tt>TTYColumns=</tt> </li>
+ <li> <tt>TTYDisallocate=</tt> </li>
+ <li> <tt>KillMode=control-group</tt> and <tt>mixed</tt> </li>
+ <li> <tt>CPUAccounting=</tt> </li>
+ <li> <tt>AllowedCPUs=</tt> </li>
+ <li> <tt>AllowedMemoryNodes=</tt> </li>
+ <li> <tt>MemoryAccounting=</tt> </li>
+ <li> <tt>MemoryMin=</tt> </li>
+ <li> <tt>MemoryLow=</tt> </li>
+ <li> <tt>MemoryHigh=</tt> </li>
+ <li> <tt>MemoryMax=</tt> </li>
+ <li> <tt>MemorySwapMax=</tt> </li>
+ <li> <tt>MemoryZSwapMax=</tt> </li>
+ <li> <tt>TasksAccounting=</tt> </li>
+ <li> <tt>TasksMax=</tt> </li>
+ <li> <tt>IOAccounting=</tt> </li>
+ <li> <tt>IOWeight=</tt> </li>
+ <li> <tt>DisableControllers=</tt> </li>
+</ul>
+
+<h3 id="difficulty-4">
+ Difficulty: 4 — requires medium additional programming
+</h3>
+
+<ul>
+ <li> <tt>RuntimeMaxSec=</tt> </li>
+ <li> <tt>RuntimeRandomizedExtraSec=</tt> </li>
+ <li> <tt>RequiresMountsFor=</tt> </li>
+ <li> <tt>RefuseManualStart=</tt> </li>
+ <li> <tt>PAMName=</tt> </li>
+ <li> <tt>CapabilityBoundingSet=</tt> </li>
+ <li> <tt>AmbientCapabilities=</tt> </li>
+ <li> <tt>NoNewPrivileges=</tt> </li>
+ <li> <tt>SecureBits=</tt> </li>
+ <li> <tt>CoredumpFilter=</tt> </li>
+ <li> <tt>TimerSlackNSec=</tt> </li>
+ <li> <tt>LogFilterPatterns=</tt> </li>
+ <li> <tt>SyslogLevelPrefix=</tt> </li>
+ <li> <tt>UtmpIdentifier=</tt> </li>
+ <li> <tt>UtmpMode=</tt> </li>
+ <li> <tt>CPUWeight=</tt> </li>
+ <li> <tt>CPUQuota=</tt> </li>
+ <li> <tt>CPUQuotaPeriodSec=</tt> </li>
+ <li> <tt>IODeviceLatencyTargetSec=</tt> </li>
+ <li> <tt>RestrictNetworkInterfaces=</tt> </li>
+ <li> <tt>Delegate=</tt> </li>
+</ul>
+
+<h3 id="difficulty-5">
+ Difficulty: 5 — requires complex additional programming
+</h3>
+
+<ul>
+ <li> <tt>Conflicts=</tt> </li>
+ <li> <tt>OnFailure=</tt> </li>
+ <li> <tt>RebootArgument=</tt> </li>
+ <li> <tt>Type=dbus</tt> </li>
+ <li> <tt>BusName=</tt> </li>
+ <li> <tt>NonBlocking=</tt> </li>
+ <li> <tt>Sockets=</tt> </li>
+ <li> <tt>DynamicUser=</tt> </li>
+ <li> <tt>SELinuxContext=</tt> </li>
+ <li> <tt>AppArmorProfile=</tt> </li>
+ <li> <tt>SmackProcessLabel=</tt> </li>
+ <li> <tt>KeyringMode=</tt> </li>
+ <li> <tt>ReadWritePaths=</tt> </li>
+ <li> <tt>ReadOnlyPaths=</tt> </li>
+ <li> <tt>InaccessiblePaths=</tt> </li>
+ <li> <tt>ExecPaths=</tt> </li>
+ <li> <tt>NoExecPaths=</tt> </li>
+ <li> <tt>TemporaryFilesystem=</tt> </li>
+ <li> <tt>PrivateTmp=</tt> </li>
+ <li> <tt>PrivateDevices=</tt> </li>
+ <li> <tt>PrivateIPC=</tt> </li>
+ <li> <tt>IPCNamespacePath=</tt> </li>
+ <li> <tt>PrivateUsers=</tt> </li>
+ <li> <tt>ProtectHostname=</tt> </li>
+ <li> <tt>RemoveIPC=</tt> </li>
+ <li> <tt>PrivateMounts=</tt> </li>
+ <li> <tt>RestartKillSignal=</tt> </li>
+ <li> <tt>SendSIGHUP=</tt> </li>
+ <li> <tt>FinalKillSignal=</tt> </li>
+ <li> <tt>IODeviceWeight=</tt> </li>
+ <li> <tt>IOReadBandwidthMax=</tt> </li>
+ <li> <tt>IOWriteBandwidthMax=</tt> </li>
+ <li> <tt>IOReadIOPSMax=</tt> </li>
+ <li> <tt>IOWriteIOPSMax=</tt> </li>
+</ul>
+
+<h3 id="difficulty-6">
+ Difficulty: 6 — requires a full independent implementation
+of a Linux subsystem and/or a part of the systemd architecture
+</h3>
+
+<ul>
+ <li> <tt>OnFailureJobMode=</tt> </li>
+ <li> <tt>RootImage=</tt> </li>
+ <li> <tt>RootImageOptions=</tt> </li>
+ <li> <tt>MountAPIVFS=</tt> </li>
+ <li> <tt>ProtectProc=</tt> </li>
+ <li> <tt>ProcSubset=</tt> </li>
+ <li> <tt>BindPaths=</tt> </li>
+ <li> <tt>BindReadOnlyPaths=</tt> </li>
+ <li> <tt>MountImages=</tt> </li>
+ <li> <tt>ExtensionImages=</tt> </li>
+ <li> <tt>ExtensionDirectories=</tt> </li>
+ <li> <tt>ProtectSystem=</tt> </li>
+ <li> <tt>ProtectHome=</tt> </li>
+ <li> All <a href="https://man7.org/linux/man-pages/man5/systemd.exec.5.html#CREDENTIALS">credentials-related</a> directives </li>
+ <li> <tt>SocketBindAllow=</tt> </li>
+ <li> <tt>SocketBindDeny=</tt> </li>
+ <li> <tt>DeviceAllow=</tt> </li>
+ <li> <tt>DevicePolicy=</tt> </li>
+</ul>
+
+<h3 id="difficulty-7">
+ Difficulty: 7 — requires a full independent implementation
+of a complex Linux subsystem and/or a significant part of the
+systemd architecture
+</h3>
+
+<ul>
+ <li> <tt>Type=notify</tt> </li>
+ <li> <tt>TimeoutAbortSec=</tt> </li>
+ <li> <tt>TimeoutStartFailureMode=abort</tt> </li>
+ <li> <tt>TimeoutStopFailureMode=abort</tt> </li>
+ <li> <tt>WatchdogSec=</tt> </li>
+ <li> <tt>Restart=on-watchdog</tt> </li>
+ <li> <tt>NotifyAccess=</tt> </li>
+ <li> <tt>FileDescriptorStoreMax=</tt> </li>
+ <li> <tt>ProtectClock=</tt> </li>
+ <li> <tt>ProtectKernelTunables=</tt> </li>
+ <li> <tt>ProtectKernelModules=</tt> </li>
+ <li> <tt>ProtectKernelLogs=</tt> </li>
+ <li> <tt>ProtectControlGroups=</tt> </li>
+ <li> <tt>RestrictAddressFamilies=</tt> </li>
+ <li> <tt>RestrictFilesystems=</tt> </li>
+ <li> <tt>RestrictNamespaces=</tt> </li>
+ <li> <tt>LockPersonality=</tt> </li>
+ <li> <tt>MemoryDenyWriteExecute=</tt> </li>
+ <li> <tt>RestrictRealtime=</tt> </li>
+ <li> <tt>RestrictSUIDSGID=</tt> </li>
+ <li> <tt>WatchdogSignal=</tt> </li>
+ <li> <tt>IPAccounting=</tt> </li>
+ <li> <tt>IPAddressAllow=</tt> </li>
+ <li> <tt>IPAddressDeny=</tt> </li>
+</ul>
+
+<h3 id="difficulty-8">
+ Difficulty: 8 — requires a complete implementation of complex
+Linux-specific tooling
+</h3>
+
+<ul>
+ <li> <tt>JoinsNamespaceOf=</tt> </li>
+ <li> <tt>PrivateNetwork=</tt> </li>
+ <li> <tt>NetworkNamespacePath=</tt> </li>
+ <li> <tt>SystemCallFilter=</tt> </li>
+ <li> <tt>SystemCallErrorNumber=</tt> </li>
+ <li> <tt>SystemCallArchitectures=</tt> </li>
+ <li> <tt>SystemCallLog=</tt> </li>
+ <li> <tt>IPIngressFilterPath=</tt> </li>
+ <li> <tt>IPEgressFilterPath=</tt> </li>
+ <li> <tt>BPFProgram=</tt> </li>
+ <li> <tt>ManagedOOMSwap=</tt> </li>
+ <li> <tt>ManagedOOMMemoryPressure=</tt> </li>
+ <li> <tt>ManagedOOMMemoryPressureLimit=</tt> </li>
+ <li> <tt>ManagedOOMPreference=</tt> </li>
+</ul>
+
+<h3 id="difficulty-9">
+ Difficulty: 9 — requires a full system analysis and remodelization
+</h3>
+
+<ul>
+ <li> <tt>JobTimeoutSec=</tt> </li>
+ <li> <tt>JobRunningTimeoutSec=</tt> </li>
+ <li> <tt>JobTimeoutAction=</tt> </li>
+ <li> <tt>JobTimeoutRebootArgument=</tt> </li>
+ <li> Conditions and Asserts </li>
+ <li> <tt>USBFunctionDescriptors=</tt> </li>
+ <li> <tt>USBFunctionStrings=</tt> </li>
+ <li> <tt>OOMPolicy=</tt> </li>
+ <li> <tt>RootHash=</tt> </li>
+ <li> <tt>RootHashSignature=</tt> </li>
+ <li> <tt>RootVerity=</tt> </li>
+ <li> <tt>StartupCPUWeight=</tt> </li>
+ <li> <tt>StartupAllowedCPUs=</tt> </li>
+ <li> <tt>StartupAllowedMemoryNodes=</tt> </li>
+ <li> <tt>StartupIOWeight=</tt> </li>
+ <li> <tt>Slice=</tt> </li>
+</ul>
+
+<h3 id="difficulty-10">
+ Difficulty: 10 — implementing this basically means reimplementing systemd
+</h3>
+
+<ul>
+ <li> <tt>StandardOutput=journal</tt> </li>
+ <li> <tt>StandardError=journal</tt> </li>
+ <li> <tt>LogExtraFields=</tt> </li>
+ <li> <tt>LogRateLimitIntervalSec=</tt> </li>
+ <li> <tt>LogRateLimitBurst=</tt> </li>
+ <li> <tt>LogNamespace=</tt> </li>
+</ul>
+
+</body>
+</html>