systemd-system.conf, systemd-user.conf — System and session service manager configuration file
/etc/systemd/system.conf
/etc/systemd/user.conf
When run as system instance systemd reads the
                configuration file system.conf,
                otherwise user.conf. These
                configuration files contain a few settings controlling
                basic manager operations.
All options are configured in the
                [Manager] section:
LogLevel=, LogTarget=, LogColor=, LogLocation=, DumpCore=yes, CrashShell=no, ShowStatus=yes, CrashChVT=1, DefaultStandardOutput=journal, DefaultStandardError=inherit¶Configures various parameters of basic manager operation. These options may be overridden by the respective command line arguments. See systemd(1) for details about these command line arguments.
CPUAffinity=¶Configures the initial CPU affinity for the init process. Takes a space-separated list of CPU indexes.
DefaultControllers=cpu¶Configures in which
                                control group hierarchies to create
                                per-service cgroups automatically, in
                                addition to the
                                name=systemd named
                                hierarchy. Defaults to
                                cpu. Takes a space
                                separated list of controller
                                names. Pass the empty string to ensure
                                that systemd does not touch any
                                hierarchies but its own.
Note that the default value of 'cpu' will make realtime scheduling unavailable to system services. See My Service Can't Get Realtime! for more information.
JoinControllers=cpu,cpuacct,cpuset net_cls,netprio¶Configures controllers that shall be mounted in a single hierarchy. By default systemd will mount all controllers which are enabled in the kernel in individual hierarchies, with the exception of those listed in this setting. Takes a space separated list of comma separated controller names, in order to allow multiple joined hierarchies. Defaults to 'cpu,cpuacct'. Pass an empty string to ensure that systemd mounts all controllers in separate hierarchies.
Note that this option is only applied once, at very early boot. If you use an initial RAM disk (initrd) that uses systemd it might hence be necessary to rebuild the initrd if this option is changed, and make sure the new configuration file is included in it. Otherwise the initrd might mount the controller hierarchies in a different configuration than intended, and the main system cannot remount them anymore.
RuntimeWatchdogSec=, ShutdownWatchdogSec=¶Configure the hardware
                                watchdog at runtime and at
                                reboot. Takes a timeout value in
                                seconds (or in other time units if
                                suffixed with ms,
                                min,
                                h,
                                d,
                                w). If
                                RuntimeWatchdogSec=
                                is set to a non-zero value the
                                watchdog hardware
                                (/dev/watchdog)
                                will be programmed to automatically
                                reboot the system if it is not
                                contacted within the specified timeout
                                interval. The system manager will
                                ensure to contact it at least once in
                                half the specified timeout
                                interval. This feature requires a
                                hardware watchdog device to be
                                present, as it is commonly the case in
                                embedded and server systems. Not all
                                hardware watchdogs allow configuration
                                of the reboot timeout, in which case
                                the closest available timeout is
                                picked. ShutdownWatchdogSec=
                                may be used to configure the hardware
                                watchdog when the system is asked to
                                reboot. It works as a safety net to
                                ensure that the reboot takes place
                                even if a clean reboot attempt times
                                out. By default
                                RuntimeWatchdogSec=
                                defaults to 0 (off), and
                                ShutdownWatchdogSec=
                                to 10min. These settings have no
                                effect if a hardware watchdog is not
                                available.
CapabilityBoundingSet=¶Controls which
                                capabilities to include in the
                                capability bounding set for PID 1 and
                                its children. See
                                capabilities(7)
                                for details. Takes a whitespace
                                separated list of capability names as
                                read by
                                cap_from_name(3).
                                Capabilities listed will be included
                                in the bounding set, all others are
                                removed. If the list of capabilities
                                is prefixed with ~ all but the listed
                                capabilities will be included, the
                                effect of the assignment
                                inverted. Note that this option also
                                affects the respective capabilities in
                                the effective, permitted and
                                inheritable capability sets. The
                                capability bounding set may also be
                                individually configured for units
                                using the
                                CapabilityBoundingSet=
                                directive for units, but note that
                                capabilities dropped for PID 1 cannot
                                be regained in individual units, they
                                are lost for good.
TimerSlackNSec=¶Sets the timer slack
                                in nanoseconds for PID 1 which is then
                                inherited to all executed processes,
                                unless overridden individually, for
                                example with the
                                TimerSlackNSec=
                                setting in service units (for details
                                see
                                systemd.exec(5)). The
                                timer slack controls the accuracy of
                                wake-ups triggered by timers. See
                                prctl(2)
                                for more information. Note that in
                                contrast to most other time span
                                definitions this parameter takes an
                                integer value in nano-seconds if no
                                unit is specified. The usual time
                                units are understood
                                too.
DefaultLimitCPU=, DefaultLimitFSIZE=, DefaultLimitDATA=, DefaultLimitSTACK=, DefaultLimitCORE=, DefaultLimitRSS=, DefaultLimitNOFILE=, DefaultLimitAS=, DefaultLimitNPROC=, DefaultLimitMEMLOCK=, DefaultLimitLOCKS=, DefaultLimitSIGPENDING=, DefaultLimitMSGQUEUE=, DefaultLimitNICE=, DefaultLimitRTPRIO=, DefaultLimitRTTIME=¶These settings control
                                various default resource limits for
                                units. See
                                setrlimit(2)
                                for details. Use the string
                                infinity to
                                configure no limit on a specific
                                resource. These settings may be
                                overridden in individual units
                                using the corresponding LimitXXX=
                                directives. Note that these resource
                                limits are only defaults for units,
                                they are not applied to PID 1
                                itself.