X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=3491d877d163dba17c68366819666d2bb514382d;hb=0bc62352805b98cebe5debb12a5d45adfc0c66d1;hp=219733be3783218bad29d5190775ab3b2537f508;hpb=5430f7f2bc7330f3088b894166bf3524a067e3d8;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 219733be3..3491d877d 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -44,7 +44,7 @@
systemd.exec
- systemd execution environment configuration
+ Execution environment configuration
@@ -75,7 +75,7 @@
for more information on the specific unit
configuration files. The execution specific
configuration options are configured in the [Service],
- [Socket], [Mount] resp. [Swap] section, depending on the unit
+ [Socket], [Mount], or [Swap] sections, depending on the unit
type.
@@ -89,8 +89,12 @@
Takes an absolute
directory path. Sets the working
- directory for executed
- processes.
+ directory for executed processes. If
+ not set defaults to the root directory
+ when systemd is running as a system
+ instance and the respective user's
+ home directory if run as
+ user.
@@ -113,10 +117,10 @@
Group=Sets the Unix user
- resp. group the processes are executed
- as. Takes a single user resp. group
+ or group that the processes are executed
+ as, respectively. Takes a single user or group
name or ID as argument. If no group is
- set the default group of the user is
+ set, the default group of the user is
chosen.
@@ -467,7 +471,7 @@
TTYVTDisallocate=
- If the the terminal
+ If the terminal
device specified with
TTYPath= is a
virtual console terminal try to
@@ -551,7 +555,7 @@
prefixes may be disabled with
SyslogLevelPrefix=,
see below. For details see
- sd-daemon7.
+ sd-daemon3.
Defaults to
.
@@ -573,7 +577,7 @@
these prefixes is disabled and the
logged lines are passed on as-is. For
details about this prefixing see
- sd-daemon7.
+ sd-daemon3.
Defaults to true.
@@ -581,16 +585,17 @@
TimerSlackNSec=Sets the timer slack
in nanoseconds for the executed
- processes. The timer slack controls the
- accuracy of wake-ups triggered by
+ processes. The timer slack controls
+ the accuracy of wake-ups triggered by
timers. See
prctl2
for more information. Note that in
contrast to most other time span
definitions this parameter takes an
- integer value in nano-seconds and does
- not understand any other
- units.
+ integer value in nano-seconds if no
+ unit is specified. The usual time
+ units are understood
+ too.
@@ -678,17 +683,17 @@
is prefixed with ~ all but the listed
capabilities will be included, the
effect of the assignment
- inverted. Note that this option does
- not actually set or unset any
- capabilities in the effective,
- permitted or inherited capability
- sets. That's what
- Capabilities= is
- for. If this option is not used the
+ inverted. Note that this option also
+ effects the respective capabilities in
+ the effective, permitted and
+ inheritable capability sets, on top of
+ what Capabilities=
+ does. If this option is not used the
capability bounding set is not
modified on process execution, hence
no limits on the capabilities of the
- process are enforced.
+ process are
+ enforced.
@@ -801,7 +806,7 @@
Set a specific control
group attribute for executed
- processes, and (if needed) add the the
+ processes, and (if needed) add the
executed processes to a cgroup in the
hierarchy of the controller the
attribute belongs to. Takes two
@@ -863,8 +868,8 @@
the value is suffixed with K, M, G or
T the specified memory size is parsed
as Kilobytes, Megabytes, Gigabytes,
- resp. Terabytes (to the base
- 1024). This controls the
+ or Terabytes (to the base
+ 1024), respectively. This controls the
memory.limit_in_bytes
and
memory.soft_limit_in_bytes
@@ -884,9 +889,9 @@
path (such as
/dev/null)
followed by a combination of r, w, m
- to control reading, writing resp.
+ to control reading, writing, or
creating of the specific device node
- by the unit. This controls the
+ by the unit, respectively. This controls the
devices.allow
and
devices.deny
@@ -930,27 +935,27 @@
BlockIOWriteBandwidth=Set the per-device
- overall block IO bandwith limit for
+ overall block IO bandwidth limit for
the executed processes. Takes a space
separated pair of a file path and a
- bandwith value (in bytes per second)
+ bandwidth value (in bytes per second)
to specify the device specific
bandwidth. The file path may be
specified as path to a block device
node or as any other file in which
case the backing block device of the
file system of the file is determined.
- If the bandwith is suffixed with K, M,
- G, or T the specified bandwith is
+ If the bandwidth is suffixed with K, M,
+ G, or T the specified bandwidth is
parsed as Kilobytes, Megabytes,
- Gigabytes, resp. Terabytes (Example:
+ Gigabytes, or Terabytes, respectively (Example:
"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
5M"). This controls the
blkio.read_bps_device
and
blkio.write_bps_device
control group attributes. Use this
- option multiple times to set bandwith
+ option multiple times to set bandwidth
limits for multiple devices. For
details about these control group
attributes see shared,
or
, which
- control whether namespaces set up with
- ReadWriteDirectories=,
- ReadOnlyDirectories=
- and
- InaccessibleDirectories=
- receive or propagate new mounts
- from/to the main namespace. See
+ control whether the file system
+ namespace set up for this unit's
+ processes will receive or propagate
+ new mounts. See
mount1
- for details. Defaults to
- , i.e. the new
- namespace will both receive new mount
- points from the main namespace as well
- as propagate new mounts to
- it.
+ for details. Default to
+ .UtmpIdentifier=
- Takes a a four
+ Takes a four
character identifier string for an
utmp/wtmp entry for this service. This
should only be set for services such
@@ -1086,6 +1084,54 @@
shell pipelines.
+
+ NoNewPrivileges=
+
+ Takes a boolean
+ argument. If true ensures that the
+ service process and all its children
+ can never gain new privileges. This
+ option is more powerful than the respective
+ secure bits flags (see above), as it
+ also prohibits UID changes of any
+ kind. This is the simplest, most
+ effective way to ensure that a process
+ and its children can never elevate
+ privileges again.
+
+
+
+ SystemCallFilter=
+
+ Takes a space
+ separated list of system call
+ names. If this setting is used all
+ system calls executed by the unit
+ process except for the listed ones
+ will result in immediate process
+ termination with the SIGSYS signal
+ (whitelisting). If the first character
+ of the list is ~
+ the effect is inverted: only the
+ listed system calls will result in
+ immediate process termination
+ (blacklisting). If this option is used
+ NoNewPrivileges=yes
+ is implied. This feature makes use of
+ the Secure Computing Mode 2 interfaces
+ of the kernel ('seccomp filtering')
+ and is useful for enforcing a minimal
+ sandboxing environment. Note that the
+ execve,
+ rt_sigreturn,
+ sigreturn,
+ exit_group,
+ exit system calls
+ are implicitly whitelisted and don't
+ need to be listed
+ explicitly.
+
+
@@ -1099,7 +1145,8 @@
systemd.service5,
systemd.socket5,
systemd.swap5,
- systemd.mount5
+ systemd.mount5,
+ systemd.kill5