X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=7f97ca035d2be3d049b9466b81142d8f0e060564;hb=ac45f971a12280de55b834a65237f72dcacfc099;hp=a9e54cb03b1d573368dc3feb371212238a5c00d7;hpb=6db2742802b70938f0f2d373110ed734d4fb9813;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index a9e54cb03..7f97ca035 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -248,7 +248,7 @@
Controls the CPU
affinity of the executed
processes. Takes a space-separated
- list of CPU indexes. This option may
+ list of CPU indices. This option may
be specified more than once in which
case the specificed CPU affinity masks
are merged. If the empty string is
@@ -1033,7 +1033,7 @@
If you specify both types of
this option (i.e. whitelisting and
- blacklisting) the first encountered
+ blacklisting), the first encountered
will take precedence and will dictate
the default action (termination or
approval of a system call). Then the
@@ -1041,23 +1041,15 @@
add or delete the listed system calls
from the set of the filtered system
calls, depending of its type and the
- default action (e.g. You have started
+ default action. (For example, if you have started
with a whitelisting of
read and
- write and right
+ write, and right
after it add a blacklisting of
write, then
write will be
- removed from the set).
+ removed from the set.)
-
- Note that setting
- SystemCallFilter=
- implies a
- SystemCallArchitectures=
- setting of native
- (see below), unless that option is
- configured otherwise.
@@ -1071,11 +1063,11 @@
is triggered, instead of terminating
the process immediately. Takes an
error name such as
- EPERM,
- EACCES or
- EUCLEAN. When this
+ EPERM,
+ EACCES or
+ EUCLEAN. When this
setting is not used, or when the empty
- string is assigned the process will be
+ string is assigned, the process will be
terminated immediately when the filter
is triggered.
@@ -1088,40 +1080,51 @@
identifiers to include in the system
call filter. The known architecture
identifiers are
- x86,
- x86-64,
- x32,
- arm as well as the
+ x86,
+ x86-64,
+ x32,
+ arm as well as the
special identifier
- native. Only system
+ native. Only system
calls of the specified architectures
will be permitted to processes of this
unit. This is an effective way to
disable compatibility with non-native
architectures for processes, for
- example to prohibit execution of 32bit
- x86 binaries on 64bit x86-64
+ example to prohibit execution of
+ 32-bit x86 binaries on 64-bit x86-64
systems. The special
- native identifier
+ native identifier
implicitly maps to the native
architecture of the system (or more
strictly: to the architecture the
system manager is compiled for). Note
that setting this option to a
non-empty list implies that
- native is included
- too. By default this option is set to
+ native is included
+ too. By default, this option is set to
the empty list, i.e. no architecture
- system call filtering is applied. Note
- that configuring a system call filter
- with
- SystemCallFilter=
- (above) implies a
- native architecture
- list, unless configured
- otherwise.
+ system call filtering is
+ applied.
+
+ Personality=
+
+ Controls which
+ kernel architecture
+ uname2
+ shall report, when invoked by unit
+ processes. Takes one of
+ x86 and
+ x86-64. This is
+ useful when running 32bit services on
+ a 64bit host system. If not specified
+ the personality is left unmodified and
+ thus reflects the personality of the
+ host system's
+ kernel.
+