X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;ds=sidebyside;f=man%2Fsystemd.exec.xml;h=f1bcf9b7bd645f2931fe96699db04ce833c4d947;hb=8fcf784dffba1ca24c2790b96c18dd689d4981fb;hp=413d81d330f1e6f93fc0f07512284786c6a626ef;hpb=4298d0b5128326621c8f537107c4c8b459490721;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 413d81d33..f1bcf9b7b 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1010,8 +1010,8 @@
SystemCallFilter=
- Takes a space-separated
- list of system call
+ Takes a
+ space-separated list of system call
names. If this setting is used, all
system calls executed by the unit
processes except for the listed ones
@@ -1023,12 +1023,13 @@
the effect is inverted: only the
listed system calls will result in
immediate process termination
- (blacklisting). If this option is used,
+ (blacklisting). If running in user
+ mode and this option is used,
NoNewPrivileges=yes
- is implied. This feature makes use of
- the Secure Computing Mode 2 interfaces
- of the kernel ('seccomp filtering')
- and is useful for enforcing a minimal
+ is implied. This feature makes use of the
+ Secure Computing Mode 2 interfaces of
+ the kernel ('seccomp filtering') and
+ is useful for enforcing a minimal
sandboxing environment. Note that the
execve,
rt_sigreturn,
@@ -1096,28 +1097,31 @@
x86,
x86-64,
x32,
- arm as well as the
- special identifier
- native. Only system
- calls of the specified architectures
- will be permitted to processes of this
- unit. This is an effective way to
- disable compatibility with non-native
- architectures for processes, for
- example to prohibit execution of
- 32-bit x86 binaries on 64-bit x86-64
- systems. The special
+ arm as well as
+ the special identifier
+ native. Only
+ system calls of the specified
+ architectures will be permitted to
+ processes of this unit. This is an
+ effective way to disable compatibility
+ with non-native architectures for
+ processes, for example to prohibit
+ execution of 32-bit x86 binaries on
+ 64-bit x86-64 systems. The special
native identifier
implicitly maps to the native
architecture of the system (or more
strictly: to the architecture the
- system manager is compiled for). Note
- that setting this option to a
- non-empty list implies that
- native is included
- too. By default, this option is set to
- the empty list, i.e. no architecture
- system call filtering is
+ system manager is compiled for). If
+ running in user mode and this option
+ is used,
+ NoNewPrivileges=yes
+ is implied. Note that setting this
+ option to a non-empty list implies
+ that native is
+ included too. By default, this option
+ is set to the empty list, i.e. no
+ architecture system call filtering is
applied.
@@ -1149,7 +1153,10 @@
sockets only) are unaffected. Note
that this option has no effect on
32bit x86 and is ignored (but works
- correctly on x86-64). By default no
+ correctly on x86-64). If running in user
+ mode and this option is used,
+ NoNewPrivileges=yes
+ is implied. By default no
restriction applies, all address
families are accessible to
processes. If assigned the empty
@@ -1188,6 +1195,46 @@
kernel.
+
+ RuntimeDirectory=
+ RuntimeDirectoryMode=
+
+ Takes a list of
+ directory names. If set one or more
+ directories by the specified names
+ will be created below
+ /run (for system
+ services) or below
+ $XDG_RUNTIME_DIR
+ (for user services) when the unit is
+ started and removed when the unit is
+ stopped. The directories will have the
+ access mode specified in
+ RuntimeDirectoryMode=,
+ and will be owned by the user and
+ group specified in
+ User= and
+ Group=. Use this to
+ manage one or more runtime directories
+ of the unit and bind their lifetime to
+ the daemon runtime. The specified
+ directory names must be relative, and
+ may not include a
+ /, i.e. must refer
+ to simple directories to create or
+ remove. This is particularly useful
+ for unpriviliges daemons that cannot
+ create runtime directories in
+ /run due to lack
+ of privileges, and to make sure the
+ runtime directory is cleaned up
+ automatically after use. For runtime
+ directories that require more complex
+ or different configuration or lifetime
+ guarantees, please consider using
+ tmpfiles.d5.
+
+
@@ -1345,6 +1392,7 @@
systemd.kill5,
systemd.resource-control5,
systemd.directives7,
+ tmpfiles.d5,
exec3