chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
seccomp: add helper call to add all secondary archs to a seccomp filter
[elogind.git]
/
man
/
systemd.exec.xml
diff --git
a/man/systemd.exec.xml
b/man/systemd.exec.xml
index 01356e4c459ac9b1b01874cb313331a0f6d3c53e..e82e1f59f0ec87d6fa4c56849175558c6177aef8 100644
(file)
--- a/
man/systemd.exec.xml
+++ b/
man/systemd.exec.xml
@@
-248,7
+248,7
@@
<listitem><para>Controls the CPU
affinity of the executed
processes. Takes a space-separated
<listitem><para>Controls the CPU
affinity of the executed
processes. Takes a space-separated
- list of CPU ind
ex
es. This option may
+ list of CPU ind
ic
es. This option may
be specified more than once in which
case the specificed CPU affinity masks
are merged. If the empty string is
be specified more than once in which
case the specificed CPU affinity masks
are merged. If the empty string is
@@
-472,9
+472,9
@@
<varlistentry>
<term><varname>StandardError=</varname></term>
<listitem><para>Controls where file
<varlistentry>
<term><varname>StandardError=</varname></term>
<listitem><para>Controls where file
- descriptor 2 (
STDERR) of the executed
- processes is connected to. The
- available options are identical to
+ descriptor 2 (
standard error) of the
+ executed processes is connected to.
+
The
available options are identical to
those of
<varname>StandardOutput=</varname>,
with one exception: if set to
those of
<varname>StandardOutput=</varname>,
with one exception: if set to
@@
-491,8
+491,8
@@
<varlistentry>
<term><varname>TTYPath=</varname></term>
<listitem><para>Sets the terminal
<varlistentry>
<term><varname>TTYPath=</varname></term>
<listitem><para>Sets the terminal
- device node to use if standard input,
- o
utput or stder
r are connected to a
+ device node to use if standard input,
output,
+ o
r erro
r are connected to a
TTY (see above). Defaults to
<filename>/dev/console</filename>.</para></listitem>
</varlistentry>
TTY (see above). Defaults to
<filename>/dev/console</filename>.</para></listitem>
</varlistentry>
@@
-1033,7
+1033,7
@@
<para>If you specify both types of
this option (i.e. whitelisting and
<para>If you specify both types of
this option (i.e. whitelisting and
- blacklisting) the first encountered
+ blacklisting)
,
the first encountered
will take precedence and will dictate
the default action (termination or
approval of a system call). Then the
will take precedence and will dictate
the default action (termination or
approval of a system call). Then the
@@
-1041,23
+1041,15
@@
add or delete the listed system calls
from the set of the filtered system
calls, depending of its type and the
add or delete the listed system calls
from the set of the filtered system
calls, depending of its type and the
- default action
(e.g. Y
ou have started
+ default action
. (For example, if y
ou have started
with a whitelisting of
<function>read</function> and
with a whitelisting of
<function>read</function> and
- <function>write</function> and right
+ <function>write</function>
,
and right
after it add a blacklisting of
<function>write</function>, then
<function>write</function> will be
after it add a blacklisting of
<function>write</function>, then
<function>write</function> will be
- removed from the set
).
+ removed from the set
.)
</para></listitem>
</para></listitem>
-
- <para>Note that setting
- <varname>SystemCallFilter=</varname>
- implies a
- <varname>SystemCallArchitectures=</varname>
- setting of <literal>native</literal>
- (see below), unless that option is
- configured otherwise.</para>
</varlistentry>
<varlistentry>
</varlistentry>
<varlistentry>
@@
-1075,7
+1067,7
@@
<literal>EACCES</literal> or
<literal>EUCLEAN</literal>. When this
setting is not used, or when the empty
<literal>EACCES</literal> or
<literal>EUCLEAN</literal>. When this
setting is not used, or when the empty
- string is assigned the process will be
+ string is assigned
,
the process will be
terminated immediately when the filter
is triggered.</para></listitem>
</varlistentry>
terminated immediately when the filter
is triggered.</para></listitem>
</varlistentry>
@@
-1099,8
+1091,8
@@
unit. This is an effective way to
disable compatibility with non-native
architectures for processes, for
unit. This is an effective way to
disable compatibility with non-native
architectures for processes, for
- example to prohibit execution of
32bit
-
x86 binaries on 64
bit x86-64
+ example to prohibit execution of
+
32-bit x86 binaries on 64-
bit x86-64
systems. The special
<literal>native</literal> identifier
implicitly maps to the native
systems. The special
<literal>native</literal> identifier
implicitly maps to the native
@@
-1110,16
+1102,10
@@
that setting this option to a
non-empty list implies that
<literal>native</literal> is included
that setting this option to a
non-empty list implies that
<literal>native</literal> is included
- too. By default this option is set to
+ too. By default
,
this option is set to
the empty list, i.e. no architecture
the empty list, i.e. no architecture
- system call filtering is applied. Note
- that configuring a system call filter
- with
- <varname>SystemCallFilter=</varname>
- (above) implies a
- <literal>native</literal> architecture
- list, unless configured
- otherwise.</para></listitem>
+ system call filtering is
+ applied.</para></listitem>
</varlistentry>
</variablelist>
</varlistentry>
</variablelist>
~ianmdlvl / elogind.git / blobdiff