X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=b338899d81f7bc0665dba7350e747ebab7638bb4;hb=02cd084db7b50a45a76bcdfe03668061bf7c79d6;hp=6d0113f5cceef5f8766ff17f3a9feee375df5119;hpb=67826132adfdf626413f08fb664debd4a7ec35b7;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 6d0113f5c..b338899d8 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -250,7 +250,7 @@
processes. Takes a space-separated
list of CPU indices. This option may
be specified more than once in which
- case the specificed CPU affinity masks
+ case the specified CPU affinity masks
are merged. If the empty string is
assigned, the mask is reset, all
assignments prior to this will have no
@@ -572,15 +572,19 @@
SyslogIdentifier=Sets the process name
- to prefix log lines sent to syslog or
- the kernel log buffer with. If not set,
- defaults to the process name of the
- executed process. This option is only
- useful when
+ to prefix log lines sent to the
+ logging system or the kernel log
+ buffer with. If not set, defaults to
+ the process name of the executed
+ process. This option is only useful
+ when
StandardOutput= or
StandardError= are
- set to or
- .
+ set to ,
+ or
+ (or to the same
+ settings in combination with
+ ).
SyslogFacility=
@@ -704,14 +708,95 @@
LimitNICE=LimitRTPRIO=LimitRTTIME=
- These settings control
- various resource limits for executed
- processes. See
+ These settings set both
+ soft and hard limits of various resources for
+ executed processes. See
setrlimit2
for details. Use the string
infinity to
configure no limit on a specific
resource.
+
+
@@ -776,20 +861,22 @@
SecureBits=Controls the secure
- bits set for the executed process. See
- capabilities7
- for details. Takes a list of strings:
+ bits set for the executed process.
+ Takes a space-separated combination of
+ options from the following list:
,
,
,
,
- and/or
+ , and
. This
option may appear more than once in
- which case the secure bits are
- ORed. If the empty string is assigned
- to this option, the bits are reset to
- 0.
+ which case the secure bits are ORed.
+ If the empty string is assigned to
+ this option, the bits are reset to 0.
+ See capabilities7
+ for details.
@@ -806,7 +893,7 @@
attached to the executed file. Due to
that
CapabilityBoundingSet=
- is probably the much more useful
+ is probably a much more useful
setting.
@@ -1109,7 +1196,7 @@
process. If set, this will override
the automated domain
transition. However, the policy still
- needs to autorize the transition. This
+ needs to authorize the transition. This
directive is ignored if SELinux is
disabled. If prefixed by
-, all errors will
@@ -1131,6 +1218,35 @@
+
+ SmackProcessLabel=
+
+ Takes a
+ security
+ label as argument. The process
+ executed by the unit will be started
+ under this label and SMACK will decide
+ whether the processes is allowed to
+ run or not based on it. The process
+ will continue to run under the label
+ specified here unless the executable
+ has its own
+ label, in
+ which case the process will transition
+ to run under that label. When not
+ specified, the label that systemd is
+ running under is used. This directive
+ is ignored if SMACK is
+ disabled.
+
+ The value may be prefixed by
+ -, in which case
+ all errors will be ignored. An empty
+ value may be specified to unset
+ previous assignments.
+
+
+
IgnoreSIGPIPE=
@@ -1405,7 +1521,7 @@
$PATHColon-separated list
- of directiories to use when launching
+ of directories to use when launching
executables. Systemd uses a fixed
value of
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.