man: document that ProtectSystem= also covers /boot

[elogind.git] / man / systemd.exec.xml

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index b338899d81f7bc0665dba7350e747ebab7638bb4..cbaec9f13b6d022d176872fd3ba970f8d0a8c455 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1064,13 +1064,14 @@
                                 argument or
                                 <literal>full</literal>. If true,
                                 mounts the <filename>/usr</filename>
-                                directory read-only for processes
+                                and <filename>/boot</filename>
+                                directories read-only for processes
                                 invoked by this unit. If set to
                                 <literal>full</literal>, the
-                                <filename>/etc</filename> directory is mounted
-                                read-only, too. This setting ensures
-                                that any modification of the vendor
-                                supplied operating system (and
+                                <filename>/etc</filename> directory is
+                                mounted read-only, too. This setting
+                                ensures that any modification of the
+                                vendor supplied operating system (and
                                 optionally its configuration) is
                                 prohibited for the service. It is
                                 recommended to enable this setting for