variables is reset, all prior
assignments have no effect.
Variable expansion is not performed
- inside the strings, and $ has no special
- meaning.
+ inside the strings, however, specifier
+ expansion is possible. $ character has
+ no special meaning.
If you need to assign a value containing spaces
to a variable, use double quotes (")
for the assignment.</para>
separated list of capability names as
read by
<citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- e.g. <literal>CAP_SYS_ADMIN
- CAP_DAC_OVERRIDE
- CAP_SYS_PTRACE</literal>.
+ e.g. <constant>CAP_SYS_ADMIN</constant>,
+ <constant>CAP_DAC_OVERRIDE</constant>,
+ <constant>CAP_SYS_PTRACE</constant>.
Capabilities listed will be included
in the bounding set, all others are
removed. If the list of capabilities
<term><varname>InaccessibleDirectories=</varname></term>
<listitem><para>Sets up a new
- file-system name space for executed
+ file system namespace for executed
processes. These options may be used
to limit access a process might have
- to the main file-system
+ to the main file system
hierarchy. Each setting takes a
space-separated list of absolute
directory paths. Directories listed in
system calls executed by the unit
process except for the listed ones
will result in immediate process
- termination with the SIGSYS signal
+ termination with the
+ <constant>SIGSYS</constant> signal
(whitelisting). If the first character
of the list is <literal>~</literal>
the effect is inverted: only the