variables is reset, all prior
assignments have no effect.
Variable expansion is not performed
- inside the strings, and $ has no special
- meaning.
+ inside the strings, however, specifier
+ expansion is possible. $ character has
+ no special meaning.
If you need to assign a value containing spaces
to a variable, use double quotes (")
for the assignment.</para>
separated list of capability names as
read by
<citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- e.g. <literal>CAP_SYS_ADMIN
- CAP_DAC_OVERRIDE
- CAP_SYS_PTRACE</literal>.
+ e.g. <constant>CAP_SYS_ADMIN</constant>,
+ <constant>CAP_DAC_OVERRIDE</constant>,
+ <constant>CAP_SYS_PTRACE</constant>.
Capabilities listed will be included
in the bounding set, all others are
removed. If the list of capabilities
space-separated list of cgroup
identifiers. A cgroup identifier is
formatted like
- <filename>cpu:/foo/bar</filename>,
+ <filename noindex='true'>cpu:/foo/bar</filename>,
where "cpu" indicates the kernel
control group controller used, and
- <filename>/foo/bar</filename> is the
+ <filename noindex='true'>/foo/bar</filename> is the
control group path. The controller
name and ":" may be omitted in which
case the named systemd control group
<term><varname>InaccessibleDirectories=</varname></term>
<listitem><para>Sets up a new
- file-system name space for executed
+ file system namespace for executed
processes. These options may be used
to limit access a process might have
- to the main file-system
+ to the main file system
hierarchy. Each setting takes a
space-separated list of absolute
directory paths. Directories listed in
system calls executed by the unit
process except for the listed ones
will result in immediate process
- termination with the SIGSYS signal
+ termination with the
+ <constant>SIGSYS</constant> signal
(whitelisting). If the first character
of the list is <literal>~</literal>
the effect is inverted: only the
~ianmdlvl / elogind.git / blobdiff