X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=7eaf52bc5bd59571a924cb613a67103d32dd623a;hb=bd390ae7c75dc5bb0e151e6fd2f7156998ed710f;hp=ba4e808ddd2af6345bdfa7159176b23acaf181ca;hpb=43638332c4236ac2db44b0524ea5ade4f918e602;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index ba4e808dd..7eaf52bc5 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -295,9 +295,11 @@
for the assignment.
Example:
- Environment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"
+ Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"
gives three variables VAR1,
- VAR2, VAR3.
+ VAR2, VAR3
+ with the values word1 word2,
+ word3, $word 5 6.
@@ -846,9 +848,9 @@
system namespace for the executed
processes and mounts private
/tmp and
- /var/tmp directories
- inside it, that are not shared by
- processes outside of the
+ /var/tmp
+ directories inside it that is not
+ shared by processes outside of the
namespace. This is useful to secure
access to temporary files of the
process, but makes sharing between
@@ -856,9 +858,17 @@
/tmp or
/var/tmp
impossible. All temporary data created
- by service will be removed after service
- is stopped. Defaults to
- false.
+ by service will be removed after
+ the service is stopped. Defaults to
+ false. Note that it is possible to run
+ two or more units within the same
+ private /tmp and
+ /var/tmp
+ namespace by using the
+ JoinsNamespaceOf=
+ directive, see
+ systemd.unit5
+ for details.
@@ -874,6 +884,30 @@
available to the executed process.
This is useful to securely turn off
network access by the executed
+ process. Defaults to false. Note that
+ it is possible to run two or more
+ units within the same private network
+ namespace by using the
+ JoinsNamespaceOf=
+ directive, see
+ systemd.unit5
+ for details.
+
+
+
+ PrivateDevices=
+
+ Takes a boolean
+ argument. If true, sets up a new /dev
+ namespace for the executed processes
+ and only adds API pseudo devices such
+ as /dev/null,
+ /dev/zero or
+ /dev/random to
+ it, but no physical devices such as
+ /dev/sda. This is
+ useful to securely turn off physical
+ device access by the executed
process. Defaults to
false.
@@ -1021,10 +1055,13 @@
$USER
+ $LOGNAME
$HOME
+ $SHELL
- User name and home
- directory. Set for the units which
+ User name (twice), home
+ directory, and the login shell.
+ The variables are set for the units that
have User= set,
which includes user
systemd instances.
@@ -1050,14 +1087,14 @@
$XDG_VTNR
The identifier of the
- session, and the seat name, and
+ session, the seat name, and
virtual terminal of the session. Set
by
pam_systemd8
for login sessions.
$XDG_SEAT and
- $XDG_VTNR will be
- only set when attached to a seat and a
+ $XDG_VTNR will
+ only be set when attached to a seat and a
tty.
@@ -1080,6 +1117,20 @@
sd_listen_fds3.
+
+
+ $TERM
+
+ Terminal type, set
+ only for units connected to a terminal
+ (StandardInput=tty,
+ StandardOutput=tty,
+ or
+ StandardError=tty).
+ See
+ termcap5.
+
+
Additional variables may be configured by the
@@ -1108,7 +1159,7 @@
systemd.swap5,
systemd.mount5,
systemd.kill5,
- systemd.cgroup5,
+ systemd.resource-control5,
systemd.directives7,
exec3