X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=e1193d2d55c64288cf106209bb430218035e984b;hb=ab060556a9e1ebb2744719a29985e40919101a22;hp=291178679da85b533c35aca108e08edd52a26094;hpb=e06c73cc91e02a1a3dffdb0976fef754f1109e74;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 291178679..e1193d2d5 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -44,7 +44,7 @@
systemd.exec
- systemd execution environment configuration
+ Execution environment configuration
@@ -1091,6 +1091,54 @@
shell pipelines.
+
+ NoNewPrivileges=
+
+ Takes a boolean
+ argument. If true ensures that the
+ service process and all its children
+ can never gain new privileges. This
+ option is more powerful than the respective
+ secure bits flags (see above), as it
+ also prohibits UID changes of any
+ kind. This is the simplest, most
+ effective way to ensure that a process
+ and its children can never elevate
+ privileges again.
+
+
+
+ SystemCallFilter=
+
+ Takes a space
+ separated list of system call
+ names. If this setting is used all
+ system calls executed by the unit
+ process except for the listed ones
+ will result in immediate process
+ termination with the SIGSYS signal
+ (whitelisting). If the first character
+ of the list is ~
+ the effect is inverted: only the
+ listed system calls will result in
+ immediate process termination
+ (blacklisting). If this option is used
+ NoNewPrivileges=yes
+ is implied. This feature makes use of
+ the Secure Computing Mode 2 interfaces
+ of the kernel ('seccomp filtering')
+ and is useful for enforcing a minimal
+ sandboxing environment. Note that the
+ execve,
+ rt_sigreturn,
+ sigreturn,
+ exit_group,
+ exit system calls
+ are implicitly whitelisted and don't
+ need to be listed
+ explicitly.
+
+
@@ -1104,7 +1152,8 @@
systemd.service5,
systemd.socket5,
systemd.swap5,
- systemd.mount5
+ systemd.mount5,
+ systemd.kill5