X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=f4caccdd23ada352ab2f8c36c50c888a252aa7cc;hb=a020c2a01368c47f32a0a1688d739275fb3c1a0a;hp=207592dda70c7c42198d167b4a480edc4098b726;hpb=613b411c947635136637f8cdd66b94512f761eab;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 207592dda..f4caccdd2 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -295,9 +295,11 @@
for the assignment.
Example:
- Environment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"
+ Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"
gives three variables VAR1,
- VAR2, VAR3.
+ VAR2, VAR3
+ with the values word1 word2,
+ word3, $word 5 6.
@@ -847,7 +849,7 @@
processes and mounts private
/tmp and
/var/tmp
- directories inside it, that are not
+ directories inside it that is not
shared by processes outside of the
namespace. This is useful to secure
access to temporary files of the
@@ -857,7 +859,7 @@
/var/tmp
impossible. All temporary data created
by service will be removed after
- service is stopped. Defaults to
+ the service is stopped. Defaults to
false. Note that it is possible to run
two or more units within the same
private /tmp and
@@ -892,6 +894,24 @@
for details.
+
+ PrivateDevices=
+
+ Takes a boolean
+ argument. If true, sets up a new /dev
+ namespace for the executed processes
+ and only adds API pseudo devices such
+ as /dev/null,
+ /dev/zero or
+ /dev/random to
+ it, but no physical devices such as
+ /dev/sda. This is
+ useful to securely turn off physical
+ device access by the executed
+ process. Defaults to
+ false.
+
+
MountFlags=
@@ -930,6 +950,23 @@
this service.
+
+ SELinuxContext=
+
+ Set the SELinux
+ security context of the executed
+ process. If set, this will override
+ the automated domain
+ transition. However, the policy still
+ needs to autorize the transition. This
+ directive is ignored if SELinux is
+ disabled. If prefixed by
+ -, all errors will
+ be ignored. See
+ setexeccon3
+ for details.
+
+
IgnoreSIGPIPE=