1SYSTEMD.SOCKET(5) systemd.socket SYSTEMD.SOCKET(5)
2
6 systemd.socket - Socket unit configuration
7
9 socket.socket
10
12 A unit configuration file whose name ends in ".socket" encodes
13 information about an IPC or network socket or a file system FIFO
14 controlled and supervised by systemd, for socket-based activation.
15 This man page lists the configuration options specific to this unit
17 type. See systemd.unit(5) for the common options of all unit
18 configuration files. The common configuration items are configured in
19 the generic [Unit] and [Install] sections. The socket specific
20 configuration options are configured in the [Socket] section.
21 Additional options are listed in systemd.exec(5), which define the
23 execution environment the ExecStartPre=, ExecStartPost=, ExecStopPre=
24 and ExecStopPost= commands are executed in, and in systemd.kill(5),
25 which define the way the processes are terminated, and in
26 systemd.resource-control(5), which configure resource control settings
27 for the processes of the socket.
28 For each socket unit, a matching service unit must exist, describing
30 the service to start on incoming traffic on the socket (see
31 systemd.service(5) for more information about .service units). The name
32 of the .service unit is by default the same as the name of the .socket
33 unit, but can be altered with the Service= option described below.
34 Depending on the setting of the Accept= option described below, this
35 .service unit must either be named like the .socket unit, but with the
36 suffix replaced, unless overridden with Service=; or it must be a
37 template unit named the same way. Example: a socket file foo.socket
38 needs a matching service foo.service if Accept=no is set. If Accept=yes
39 is set, a service template foo@.service must exist from which services
40 are instantiated for each incoming connection.
41 No implicit WantedBy= or RequiredBy= dependency from the socket to the
43 service is added. This means that the service may be started without
44 the socket, in which case it must be able to open sockets by itself. To
45 prevent this, an explicit Requires= dependency may be added.
46 Socket units may be used to implement on-demand starting of services,
48 as well as parallelized starting of services. See the blog stories
49 linked at the end for an introduction.
50 Note that the daemon software configured for socket activation with
52 socket units needs to be able to accept sockets from systemd, either
53 via systemd's native socket passing interface (see sd_listen_fds(3) for
54 details about the precise protocol used and the order in which the file
55 descriptors are passed) or via traditional inetd(8)-style socket
56 passing (i.e. sockets passed in via standard input and output, using
57 StandardInput=socket in the service file).
58 All network sockets allocated through .socket units are allocated in
60 the host's network namespace (see network_namespaces(7)). This does not
61 mean however that the service activated by a configured socket unit has
62 to be part of the host's network namespace as well. It is supported and
63 even good practice to run services in their own network namespace (for
64 example through PrivateNetwork=, see systemd.exec(5)), receiving only
65 the sockets configured through socket-activation from the host's
66 namespace. In such a set-up communication within the host's network
67 namespace is only permitted through the activation sockets passed in
68 while all sockets allocated from the service code itself will be
69 associated with the service's own namespace, and thus possibly subject
70 to a a much more restrictive configuration.
71
73 Implicit Dependencies
74 The following dependencies are implicitly added:
75 • Socket units automatically gain a Before= dependency on the service
77 units they activate.
78 • Socket units referring to file system paths (such as AF_UNIX
80 sockets or FIFOs) implicitly gain Requires= and After= dependencies
81 on all mount units necessary to access those paths.
82 • Socket units using the BindToDevice= setting automatically gain a
84 BindsTo= and After= dependency on the device unit encapsulating the
85 specified network interface.
86 Additional implicit dependencies may be added as result of execution
88 and resource control parameters as documented in systemd.exec(5) and
89 systemd.resource-control(5).
90 Default Dependencies
92 The following dependencies are added unless DefaultDependencies=no is
93 set:
94 • Socket units automatically gain a Before= dependency on
96 sockets.target.
97 • Socket units automatically gain a pair of After= and Requires=
99 dependency on sysinit.target, and a pair of Before= and Conflicts=
100 dependencies on shutdown.target. These dependencies ensure that the
101 socket unit is started before normal services at boot, and is
102 stopped on shutdown. Only sockets involved with early boot or late
103 system shutdown should disable DefaultDependencies= option.
104
106 Socket files must include a [Socket] section, which carries information
107 about the socket or FIFO it supervises. A number of options that may be
108 used in this section are shared with other unit types. These options
109 are documented in systemd.exec(5) and systemd.kill(5). The options
110 specific to the [Socket] section of socket units are the following:
111 ListenStream=, ListenDatagram=, ListenSequentialPacket=
113 Specifies an address to listen on for a stream (SOCK_STREAM),
114 datagram (SOCK_DGRAM), or sequential packet (SOCK_SEQPACKET)
115 socket, respectively. The address can be written in various
116 formats:
117 If the address starts with a slash ("/"), it is read as file system
119 socket in the AF_UNIX socket family.
120 If the address starts with an at symbol ("@"), it is read as
122 abstract namespace socket in the AF_UNIX family. The "@" is
123 replaced with a NUL character before binding. For details, see
124 unix(7).
125 If the address string is a single number, it is read as port number
127 to listen on via IPv6. Depending on the value of BindIPv6Only= (see
128 below) this might result in the service being available via both
129 IPv6 and IPv4 (default) or just via IPv6.
130 If the address string is a string in the format "v.w.x.y:z", it is
132 interpreted as IPv4 address v.w.x.y and port z.
133 If the address string is a string in the format "[x]:y", it is
135 interpreted as IPv6 address x and port y. An optional interface
136 scope (interface name or number) may be specified after a "%"
137 symbol: "[x]:y%dev". Interface scopes are only useful with
138 link-local addresses, because the kernel ignores them in other
139 cases. Note that if an address is specified as IPv6, it might still
140 make the service available via IPv4 too, depending on the
141 BindIPv6Only= setting (see below).
142 If the address string is a string in the format "vsock:x:y", it is
144 read as CID x on a port y address in the AF_VSOCK family. The CID
145 is a unique 32-bit integer identifier in AF_VSOCK analogous to an
146 IP address. Specifying the CID is optional, and may be set to the
147 empty string.
148 Note that SOCK_SEQPACKET (i.e. ListenSequentialPacket=) is only
150 available for AF_UNIX sockets. SOCK_STREAM (i.e. ListenStream=)
151 when used for IP sockets refers to TCP sockets, SOCK_DGRAM (i.e.
152 ListenDatagram=) to UDP.
153 These options may be specified more than once, in which case
155 incoming traffic on any of the sockets will trigger service
156 activation, and all listed sockets will be passed to the service,
157 regardless of whether there is incoming traffic on them or not. If
158 the empty string is assigned to any of these options, the list of
159 addresses to listen on is reset, all prior uses of any of these
160 options will have no effect.
161 It is also possible to have more than one socket unit for the same
163 service when using Service=, and the service will receive all the
164 sockets configured in all the socket units. Sockets configured in
165 one unit are passed in the order of configuration, but no ordering
166 between socket units is specified.
167 If an IP address is used here, it is often desirable to listen on
169 it before the interface it is configured on is up and running, and
170 even regardless of whether it will be up and running at any point.
171 To deal with this, it is recommended to set the FreeBind= option
172 described below.
173 ListenFIFO=
175 Specifies a file system FIFO (see fifo(7) for details) to listen
176 on. This expects an absolute file system path as argument. Behavior
177 otherwise is very similar to the ListenDatagram= directive above.
178 ListenSpecial=
180 Specifies a special file in the file system to listen on. This
181 expects an absolute file system path as argument. Behavior
182 otherwise is very similar to the ListenFIFO= directive above. Use
183 this to open character device nodes as well as special files in
184 /proc/ and /sys/.
185 ListenNetlink=
187 Specifies a Netlink family to create a socket for to listen on.
188 This expects a short string referring to the AF_NETLINK family name
189 (such as audit or kobject-uevent) as argument, optionally suffixed
190 by a whitespace followed by a multicast group integer. Behavior
191 otherwise is very similar to the ListenDatagram= directive above.
192 ListenMessageQueue=
194 Specifies a POSIX message queue name to listen on (see
195 mq_overview(7) for details). This expects a valid message queue
196 name (i.e. beginning with "/"). Behavior otherwise is very similar
197 to the ListenFIFO= directive above. On Linux message queue
198 descriptors are actually file descriptors and can be inherited
199 between processes.
200 ListenUSBFunction=
202 Specifies a USB FunctionFS[1] endpoints location to listen on, for
203 implementation of USB gadget functions. This expects an absolute
204 file system path of a FunctionFS mount point as the argument.
205 Behavior otherwise is very similar to the ListenFIFO= directive
206 above. Use this to open the FunctionFS endpoint ep0. When using
207 this option, the activated service has to have the
208 USBFunctionDescriptors= and USBFunctionStrings= options set.
209 SocketProtocol=
211 Takes one of udplite or sctp. The socket will use the UDP-Lite
212 (IPPROTO_UDPLITE) or SCTP (IPPROTO_SCTP) protocol, respectively.
213 BindIPv6Only=
215 Takes one of default, both or ipv6-only. Controls the IPV6_V6ONLY
216 socket option (see ipv6(7) for details). If both, IPv6 sockets
217 bound will be accessible via both IPv4 and IPv6. If ipv6-only, they
218 will be accessible via IPv6 only. If default (which is the default,
219 surprise!), the system wide default setting is used, as controlled
220 by /proc/sys/net/ipv6/bindv6only, which in turn defaults to the
221 equivalent of both.
222 Backlog=
224 Takes an unsigned integer argument. Specifies the number of
225 connections to queue that have not been accepted yet. This setting
226 matters only for stream and sequential packet sockets. See
227 listen(2) for details. Defaults to SOMAXCONN (128).
228 BindToDevice=
230 Specifies a network interface name to bind this socket to. If set,
231 traffic will only be accepted from the specified network
232 interfaces. This controls the SO_BINDTODEVICE socket option (see
233 socket(7) for details). If this option is used, an implicit
234 dependency from this socket unit on the network interface device
235 unit is created (see systemd.device(5)). Note that setting this
236 parameter might result in additional dependencies to be added to
237 the unit (see above).
238 SocketUser=, SocketGroup=
240 Takes a UNIX user/group name. When specified, all AF_UNIX sockets
241 and FIFO nodes in the file system are owned by the specified user
242 and group. If unset (the default), the nodes are owned by the root
243 user/group (if run in system context) or the invoking user/group
244 (if run in user context). If only a user is specified but no group,
245 then the group is derived from the user's default group.
246 SocketMode=
248 If listening on a file system socket or FIFO, this option specifies
249 the file system access mode used when creating the file node. Takes
250 an access mode in octal notation. Defaults to 0666.
251 DirectoryMode=
253 If listening on a file system socket or FIFO, the parent
254 directories are automatically created if needed. This option
255 specifies the file system access mode used when creating these
256 directories. Takes an access mode in octal notation. Defaults to
257 0755.
258 Accept=
260 Takes a boolean argument. If yes, a service instance is spawned for
261 each incoming connection and only the connection socket is passed
262 to it. If no, all listening sockets themselves are passed to the
263 started service unit, and only one service unit is spawned for all
264 connections (also see above). This value is ignored for datagram
265 sockets and FIFOs where a single service unit unconditionally
266 handles all incoming traffic. Defaults to no. For performance
267 reasons, it is recommended to write new daemons only in a way that
268 is suitable for Accept=no. A daemon listening on an AF_UNIX socket
269 may, but does not need to, call close(2) on the received socket
270 before exiting. However, it must not unlink the socket from a file
271 system. It should not invoke shutdown(2) on sockets it got with
272 Accept=no, but it may do so for sockets it got with Accept=yes set.
273 Setting Accept=yes is mostly useful to allow daemons designed for
274 usage with inetd(8) to work unmodified with systemd socket
275 activation.
276 For IPv4 and IPv6 connections, the REMOTE_ADDR environment variable
278 will contain the remote IP address, and REMOTE_PORT will contain
279 the remote port. This is the same as the format used by CGI. For
280 SOCK_RAW, the port is the IP protocol.
281 Writable=
283 Takes a boolean argument. May only be used in conjunction with
284 ListenSpecial=. If true, the specified special file is opened in
285 read-write mode, if false, in read-only mode. Defaults to false.
286 FlushPending=
288 Takes a boolean argument. May only be used when Accept=no. If yes,
289 the socket's buffers are cleared after the triggered service
290 exited. This causes any pending data to be flushed and any pending
291 incoming connections to be rejected. If no, the socket's buffers
292 won't be cleared, permitting the service to handle any pending
293 connections after restart, which is the usually expected behaviour.
294 Defaults to no.
295 MaxConnections=
297 The maximum number of connections to simultaneously run services
298 instances for, when Accept=yes is set. If more concurrent
299 connections are coming in, they will be refused until at least one
300 existing connection is terminated. This setting has no effect on
301 sockets configured with Accept=no or datagram sockets. Defaults to
302 64.
303 MaxConnectionsPerSource=
305 The maximum number of connections for a service per source IP
306 address. This is very similar to the MaxConnections= directive
307 above. Disabled by default.
308 KeepAlive=
310 Takes a boolean argument. If true, the TCP/IP stack will send a
311 keep alive message after 2h (depending on the configuration of
312 /proc/sys/net/ipv4/tcp_keepalive_time) for all TCP streams accepted
313 on this socket. This controls the SO_KEEPALIVE socket option (see
314 socket(7) and the TCP Keepalive HOWTO[2] for details.) Defaults to
315 false.
316 KeepAliveTimeSec=
318 Takes time (in seconds) as argument. The connection needs to remain
319 idle before TCP starts sending keepalive probes. This controls the
320 TCP_KEEPIDLE socket option (see socket(7) and the TCP Keepalive
321 HOWTO[2] for details.) Defaults value is 7200 seconds (2 hours).
322 KeepAliveIntervalSec=
324 Takes time (in seconds) as argument between individual keepalive
325 probes, if the socket option SO_KEEPALIVE has been set on this
326 socket. This controls the TCP_KEEPINTVL socket option (see
327 socket(7) and the TCP Keepalive HOWTO[2] for details.) Defaults
328 value is 75 seconds.
329 KeepAliveProbes=
331 Takes an integer as argument. It is the number of unacknowledged
332 probes to send before considering the connection dead and notifying
333 the application layer. This controls the TCP_KEEPCNT socket option
334 (see socket(7) and the TCP Keepalive HOWTO[2] for details.)
335 Defaults value is 9.
336 NoDelay=
338 Takes a boolean argument. TCP Nagle's algorithm works by combining
339 a number of small outgoing messages, and sending them all at once.
340 This controls the TCP_NODELAY socket option (see tcp(7)). Defaults
341 to false.
342 Priority=
344 Takes an integer argument controlling the priority for all traffic
345 sent from this socket. This controls the SO_PRIORITY socket option
346 (see socket(7) for details.).
347 DeferAcceptSec=
349 Takes time (in seconds) as argument. If set, the listening process
350 will be awakened only when data arrives on the socket, and not
351 immediately when connection is established. When this option is
352 set, the TCP_DEFER_ACCEPT socket option will be used (see tcp(7)),
353 and the kernel will ignore initial ACK packets without any data.
354 The argument specifies the approximate amount of time the kernel
355 should wait for incoming data before falling back to the normal
356 behavior of honoring empty ACK packets. This option is beneficial
357 for protocols where the client sends the data first (e.g. HTTP, in
358 contrast to SMTP), because the server process will not be woken up
359 unnecessarily before it can take any action.
360 If the client also uses the TCP_DEFER_ACCEPT option, the latency of
362 the initial connection may be reduced, because the kernel will send
363 data in the final packet establishing the connection (the third
364 packet in the "three-way handshake").
365 Disabled by default.
367 ReceiveBuffer=, SendBuffer=
369 Takes an integer argument controlling the receive or send buffer
370 sizes of this socket, respectively. This controls the SO_RCVBUF and
371 SO_SNDBUF socket options (see socket(7) for details.). The usual
372 suffixes K, M, G are supported and are understood to the base of
373 1024.
374 IPTOS=
376 Takes an integer argument controlling the IP Type-Of-Service field
377 for packets generated from this socket. This controls the IP_TOS
378 socket option (see ip(7) for details.). Either a numeric string or
379 one of low-delay, throughput, reliability or low-cost may be
380 specified.
381 IPTTL=
383 Takes an integer argument controlling the IPv4 Time-To-Live/IPv6
384 Hop-Count field for packets generated from this socket. This sets
385 the IP_TTL/IPV6_UNICAST_HOPS socket options (see ip(7) and ipv6(7)
386 for details.)
387 Mark=
389 Takes an integer value. Controls the firewall mark of packets
390 generated by this socket. This can be used in the firewall logic to
391 filter packets from this socket. This sets the SO_MARK socket
392 option. See iptables(8) for details.
393 ReusePort=
395 Takes a boolean value. If true, allows multiple bind(2)s to this
396 TCP or UDP port. This controls the SO_REUSEPORT socket option. See
397 socket(7) for details.
398 SmackLabel=, SmackLabelIPIn=, SmackLabelIPOut=
400 Takes a string value. Controls the extended attributes
401 "security.SMACK64", "security.SMACK64IPIN" and
402 "security.SMACK64IPOUT", respectively, i.e. the security label of
403 the FIFO, or the security label for the incoming or outgoing
404 connections of the socket, respectively. See Smack.txt[3] for
405 details.
406 SELinuxContextFromNet=
408 Takes a boolean argument. When true, systemd will attempt to figure
409 out the SELinux label used for the instantiated service from the
410 information handed by the peer over the network. Note that only the
411 security level is used from the information provided by the peer.
412 Other parts of the resulting SELinux context originate from either
413 the target binary that is effectively triggered by socket unit or
414 from the value of the SELinuxContext= option. This configuration
415 option only affects sockets with Accept= mode set to "yes". Also
416 note that this option is useful only when MLS/MCS SELinux policy is
417 deployed. Defaults to "false".
418 PipeSize=
420 Takes a size in bytes. Controls the pipe buffer size of FIFOs
421 configured in this socket unit. See fcntl(2) for details. The usual
422 suffixes K, M, G are supported and are understood to the base of
423 1024.
424 MessageQueueMaxMessages=, MessageQueueMessageSize=
426 These two settings take integer values and control the mq_maxmsg
427 field or the mq_msgsize field, respectively, when creating the
428 message queue. Note that either none or both of these variables
429 need to be set. See mq_setattr(3) for details.
430 FreeBind=
432 Takes a boolean value. Controls whether the socket can be bound to
433 non-local IP addresses. This is useful to configure sockets
434 listening on specific IP addresses before those IP addresses are
435 successfully configured on a network interface. This sets the
436 IP_FREEBIND/IPV6_FREEBIND socket option. For robustness reasons it
437 is recommended to use this option whenever you bind a socket to a
438 specific IP address. Defaults to false.
439 Transparent=
441 Takes a boolean value. Controls the IP_TRANSPARENT/IPV6_TRANSPARENT
442 socket option. Defaults to false.
443 Broadcast=
445 Takes a boolean value. This controls the SO_BROADCAST socket
446 option, which allows broadcast datagrams to be sent from this
447 socket. Defaults to false.
448 PassCredentials=
450 Takes a boolean value. This controls the SO_PASSCRED socket option,
451 which allows AF_UNIX sockets to receive the credentials of the
452 sending process in an ancillary message. Defaults to false.
453 PassSecurity=
455 Takes a boolean value. This controls the SO_PASSSEC socket option,
456 which allows AF_UNIX sockets to receive the security context of the
457 sending process in an ancillary message. Defaults to false.
458 PassPacketInfo=
460 Takes a boolean value. This controls the IP_PKTINFO,
461 IPV6_RECVPKTINFO, NETLINK_PKTINFO or PACKET_AUXDATA socket options,
462 which enable reception of additional per-packet metadata as
463 ancillary message, on AF_INET, AF_INET6, AF_UNIX and AF_PACKET
464 sockets. Defaults to false.
465 Timestamping=
467 Takes one of "off", "us" (alias: "usec", "µs") or "ns" (alias:
468 "nsec"). This controls the SO_TIMESTAMP or SO_TIMESTAMPNS socket
469 options, and enables whether ingress network traffic shall carry
470 timestamping metadata. Defaults to off.
471 TCPCongestion=
473 Takes a string value. Controls the TCP congestion algorithm used by
474 this socket. Should be one of "westwood", "veno", "cubic", "lp" or
475 any other available algorithm supported by the IP stack. This
476 setting applies only to stream sockets.
477 ExecStartPre=, ExecStartPost=
479 Takes one or more command lines, which are executed before or after
480 the listening sockets/FIFOs are created and bound, respectively.
481 The first token of the command line must be an absolute filename,
482 then followed by arguments for the process. Multiple command lines
483 may be specified following the same scheme as used for
484 ExecStartPre= of service unit files.
485 ExecStopPre=, ExecStopPost=
487 Additional commands that are executed before or after the listening
488 sockets/FIFOs are closed and removed, respectively. Multiple
489 command lines may be specified following the same scheme as used
490 for ExecStartPre= of service unit files.
491 TimeoutSec=
493 Configures the time to wait for the commands specified in
494 ExecStartPre=, ExecStartPost=, ExecStopPre= and ExecStopPost= to
495 finish. If a command does not exit within the configured time, the
496 socket will be considered failed and be shut down again. All
497 commands still running will be terminated forcibly via SIGTERM, and
498 after another delay of this time with SIGKILL. (See KillMode= in
499 systemd.kill(5).) Takes a unit-less value in seconds, or a time
500 span value such as "5min 20s". Pass "0" to disable the timeout
501 logic. Defaults to DefaultTimeoutStartSec= from the manager
502 configuration file (see systemd-system.conf(5)).
503 Service=
505 Specifies the service unit name to activate on incoming traffic.
506 This setting is only allowed for sockets with Accept=no. It
507 defaults to the service that bears the same name as the socket
508 (with the suffix replaced). In most cases, it should not be
509 necessary to use this option. Note that setting this parameter
510 might result in additional dependencies to be added to the unit
511 (see above).
512 RemoveOnStop=
514 Takes a boolean argument. If enabled, any file nodes created by
515 this socket unit are removed when it is stopped. This applies to
516 AF_UNIX sockets in the file system, POSIX message queues, FIFOs, as
517 well as any symlinks to them configured with Symlinks=. Normally,
518 it should not be necessary to use this option, and is not
519 recommended as services might continue to run after the socket unit
520 has been terminated and it should still be possible to communicate
521 with them via their file system node. Defaults to off.
522 Symlinks=
524 Takes a list of file system paths. The specified paths will be
525 created as symlinks to the AF_UNIX socket path or FIFO path of this
526 socket unit. If this setting is used, only one AF_UNIX socket in
527 the file system or one FIFO may be configured for the socket unit.
528 Use this option to manage one or more symlinked alias names for a
529 socket, binding their lifecycle together. Note that if creation of
530 a symlink fails this is not considered fatal for the socket unit,
531 and the socket unit may still start. If an empty string is
532 assigned, the list of paths is reset. Defaults to an empty list.
533 FileDescriptorName=
535 Assigns a name to all file descriptors this socket unit
536 encapsulates. This is useful to help activated services identify
537 specific file descriptors, if multiple fds are passed. Services may
538 use the sd_listen_fds_with_names(3) call to acquire the names
539 configured for the received file descriptors. Names may contain any
540 ASCII character, but must exclude control characters and ":", and
541 must be at most 255 characters in length. If this setting is not
542 used, the file descriptor name defaults to the name of the socket
543 unit, including its .socket suffix.
544 TriggerLimitIntervalSec=, TriggerLimitBurst=
546 Configures a limit on how often this socket unit my be activated
547 within a specific time interval. The TriggerLimitIntervalSec= may
548 be used to configure the length of the time interval in the usual
549 time units "us", "ms", "s", "min", "h", ... and defaults to 2s (See
550 systemd.time(7) for details on the various time units understood).
551 The TriggerLimitBurst= setting takes a positive integer value and
552 specifies the number of permitted activations per time interval,
553 and defaults to 200 for Accept=yes sockets (thus by default
554 permitting 200 activations per 2s), and 20 otherwise (20
555 activations per 2s). Set either to 0 to disable any form of trigger
556 rate limiting. If the limit is hit, the socket unit is placed into
557 a failure mode, and will not be connectible anymore until
558 restarted. Note that this limit is enforced before the service
559 activation is enqueued.
560 Check systemd.exec(5) and systemd.kill(5) for more settings.
562
564 systemd(1), systemctl(1), systemd-system.conf(5), systemd.unit(5),
565 systemd.exec(5), systemd.kill(5), systemd.resource-control(5),
566 systemd.service(5), systemd.directives(7), sd_listen_fds(3),
567 sd_listen_fds_with_names(3)
568 For more extensive descriptions see the "systemd for Developers"
570 series: Socket Activation[4], Socket Activation, part II[5], Converting
571 inetd Services[6], Socket Activated Internet Services and OS
572 Containers[7].
573
575 1. USB FunctionFS
576 https://www.kernel.org/doc/Documentation/usb/functionfs.txt
577 2. TCP Keepalive HOWTO
579 http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/
580 3. Smack.txt
582 https://www.kernel.org/doc/Documentation/security/Smack.txt
583 4. Socket Activation
585 http://0pointer.de/blog/projects/socket-activation.html
586 5. Socket Activation, part II
588 http://0pointer.de/blog/projects/socket-activation2.html
589 6. Converting inetd Services
591 http://0pointer.de/blog/projects/inetd.html
592 7. Socket Activated Internet Services and OS Containers
594 http://0pointer.de/blog/projects/socket-activated-containers.html
595systemd 248 SYSTEMD.SOCKET(5)