chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
cef3566
)
man: say that SecureBits= are space separated
author
Zbigniew Jędrzejewski-Szmek
<zbyszek@in.waw.pl>
Sat, 4 Oct 2014 01:06:52 +0000
(21:06 -0400)
committer
Zbigniew Jędrzejewski-Szmek
<zbyszek@in.waw.pl>
Sat, 4 Oct 2014 01:06:52 +0000
(21:06 -0400)
man/systemd.exec.xml
patch
|
blob
|
history
diff --git
a/man/systemd.exec.xml
b/man/systemd.exec.xml
index 6d0113f5cceef5f8766ff17f3a9feee375df5119..939983fb7e33bb721bc26d16b2a462d4635ddbcf 100644
(file)
--- a/
man/systemd.exec.xml
+++ b/
man/systemd.exec.xml
@@
-776,20
+776,22
@@
<varlistentry>
<term><varname>SecureBits=</varname></term>
<listitem><para>Controls the secure
<varlistentry>
<term><varname>SecureBits=</varname></term>
<listitem><para>Controls the secure
- bits set for the executed process.
See
- <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
-
for details. Takes a list of strings
:
+ bits set for the executed process.
+ Takes a space-separated combination of
+
options from the following list
:
<option>keep-caps</option>,
<option>keep-caps-locked</option>,
<option>no-setuid-fixup</option>,
<option>no-setuid-fixup-locked</option>,
<option>keep-caps</option>,
<option>keep-caps-locked</option>,
<option>no-setuid-fixup</option>,
<option>no-setuid-fixup-locked</option>,
- <option>noroot</option>
and/or
+ <option>noroot</option>
, and
<option>noroot-locked</option>. This
option may appear more than once in
<option>noroot-locked</option>. This
option may appear more than once in
- which case the secure bits are
- ORed. If the empty string is assigned
- to this option, the bits are reset to
- 0.</para></listitem>
+ which case the secure bits are ORed.
+ If the empty string is assigned to
+ this option, the bits are reset to 0.
+ See <citerefentry
+ project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for details.</para></listitem>
</varlistentry>
<varlistentry>
</varlistentry>
<varlistentry>
@@
-806,7
+808,7
@@
attached to the executed file. Due to
that
<varname>CapabilityBoundingSet=</varname>
attached to the executed file. Due to
that
<varname>CapabilityBoundingSet=</varname>
- is probably
the
much more useful
+ is probably
a
much more useful
setting.</para></listitem>
</varlistentry>
setting.</para></listitem>
</varlistentry>