main: add configuration option to alter capability bounding set for PID 1

[elogind.git] / man / systemd.exec.xml

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 219733be3783218bad29d5190775ab3b2537f508..0dc2ed48b5dbd85141dd03e8a5e6972bbf546767 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -678,17 +678,17 @@
                                 is prefixed with ~ all but the listed
                                 capabilities will be included, the
                                 effect of the assignment
-                                inverted. Note that this option does
-                                not actually set or unset any
-                                capabilities in the effective,
-                                permitted or inherited capability
-                                sets. That's what
-                                <varname>Capabilities=</varname> is
-                                for. If this option is not used the
+                                inverted. Note that this option also
+                                effects the respective capabilities in
+                                the effective, permitted and
+                                inheritable capability sets, on top of
+                                what <varname>Capabilities=</varname>
+                                does. If this option is not used the
                                 capability bounding set is not
                                 modified on process execution, hence
                                 no limits on the capabilities of the
-                                process are enforced.</para></listitem>
+                                process are
+                                enforced.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>