chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move x-systemd-device.timeout handling from core to fstab-generator
[elogind.git] / man / systemd.exec.xml
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index d426ac0899a4b146d1967a24f3c9b18018de2fa0..cc5442d45cf17be9b0c29051533cbf2428a44403 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -777,8 +777,8 @@
                                 <term><varname>ReadOnlyDirectories=</varname></term>
                                 <term><varname>InaccessibleDirectories=</varname></term>
 
                                 <term><varname>ReadOnlyDirectories=</varname></term>
                                 <term><varname>InaccessibleDirectories=</varname></term>
 
-                                <listitem><para>Sets up a new
-                                file system namespace for executed
+                                <listitem><para>Sets up a new file
+                                system namespace for executed
                                 processes. These options may be used
                                 to limit access a process might have
                                 to the main file system
                                 processes. These options may be used
                                 to limit access a process might have
                                 to the main file system
@@ -799,16 +799,14 @@
                                 processes inside the namespace. Note
                                 that restricting access with these
                                 options does not extend to submounts
                                 processes inside the namespace. Note
                                 that restricting access with these
                                 options does not extend to submounts
-                                of a directory. You must list
-                                submounts separately in these settings
-                                to ensure the same limited
-                                access. These options may be specified
+                                of a directory that are created later
+                                on. These options may be specified
                                 more than once in which case all
                                 directories listed will have limited
                                 access from within the namespace. If
                                 the empty string is assigned to this
                                 more than once in which case all
                                 directories listed will have limited
                                 access from within the namespace. If
                                 the empty string is assigned to this
-                                option, the specific list is reset, and
-                                all prior assignments have no
+                                option, the specific list is reset,
+                                and all prior assignments have no
                                 effect.</para>
                                 <para>Paths in
                                 <varname>ReadOnlyDirectories=</varname>
                                 effect.</para>
                                 <para>Paths in
                                 <varname>ReadOnlyDirectories=</varname>
@@ -941,11 +939,10 @@
                                 argument or
                                 <literal>full</literal>. If true,
                                 mounts the <filename>/usr</filename>
                                 argument or
                                 <literal>full</literal>. If true,
                                 mounts the <filename>/usr</filename>
-                                and <filename>/boot</filename>
-                                directories read-only for processes
+                                directory read-only for processes
                                 invoked by this unit. If set to
                                 invoked by this unit. If set to
-                                <literal>full</literal> the
-                                <filename>/etc</filename> is mounted
+                                <literal>full</literal>, the
+                                <filename>/etc</filename> directory is mounted
                                 read-only, too. This setting ensures
                                 that any modification of the vendor
                                 supplied operating system (and
                                 read-only, too. This setting ensures
                                 that any modification of the vendor
                                 supplied operating system (and
@@ -955,7 +952,7 @@
                                 all long-running services, unless they
                                 are involved with system updates or
                                 need to modify the operating system in
                                 all long-running services, unless they
                                 are involved with system updates or
                                 need to modify the operating system in
-                                other ways. Note however, that
+                                other ways. Note however that
                                 processes retaining the CAP_SYS_ADMIN
                                 capability can undo the effect of this
                                 setting. This setting is hence
                                 processes retaining the CAP_SYS_ADMIN
                                 capability can undo the effect of this
                                 setting. This setting is hence
@@ -977,7 +974,7 @@
                                 <filename>/run/user</filename> are
                                 made inaccessible and empty for
                                 processes invoked by this unit. If set
                                 <filename>/run/user</filename> are
                                 made inaccessible and empty for
                                 processes invoked by this unit. If set
-                                to <literal>read-only</literal> the
+                                to <literal>read-only</literal>, the
                                 two directores are made read-only
                                 instead. It is recommended to enable
                                 this setting for all long-running
                                 two directores are made read-only
                                 instead. It is recommended to enable
                                 this setting for all long-running
@@ -985,7 +982,7 @@
                                 ones), to ensure they cannot get access
                                 to private user data, unless the
                                 services actually require access to
                                 ones), to ensure they cannot get access
                                 to private user data, unless the
                                 services actually require access to
-                                the user's private data. Note however,
+                                the user's private data. Note however
                                 that processes retaining the
                                 CAP_SYS_ADMIN capability can undo the
                                 effect of this setting. This setting
                                 that processes retaining the
                                 CAP_SYS_ADMIN capability can undo the
                                 effect of this setting. This setting
Unnamed repository; edit this file 'description' to name the repository.