seccomp: add helper call to add all secondary archs to a seccomp filter

[elogind.git] / man / systemd.exec.xml

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 252992bc600e1516c020ca74c211894060aa4b51..e82e1f59f0ec87d6fa4c56849175558c6177aef8 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1050,14 +1050,6 @@
                                 <function>write</function> will be
                                 removed from the set.)
                                 </para></listitem>
-
-                                <para>Note that setting
-                                <varname>SystemCallFilter=</varname>
-                                implies a
-                                <varname>SystemCallArchitectures=</varname>
-                                setting of <literal>native</literal>
-                                (see below), unless that option is
-                                configured otherwise.</para>
                         </varlistentry>
 
                         <varlistentry>
@@ -1099,8 +1091,8 @@
                                 unit. This is an effective way to
                                 disable compatibility with non-native
                                 architectures for processes, for
-                                example to prohibit execution of 32-bit
-                                x86 binaries on 64-bit x86-64
+                                example to prohibit execution of
+                                32-bit x86 binaries on 64-bit x86-64
                                 systems. The special
                                 <literal>native</literal> identifier
                                 implicitly maps to the native
@@ -1112,14 +1104,8 @@
                                 <literal>native</literal> is included
                                 too. By default, this option is set to
                                 the empty list, i.e. no architecture
-                                system call filtering is applied. Note
-                                that configuring a system call filter
-                                with
-                                <varname>SystemCallFilter=</varname>
-                                (above) implies a
-                                <literal>native</literal> architecture
-                                list, unless configured
-                                otherwise.</para></listitem>
+                                system call filtering is
+                                applied.</para></listitem>
                         </varlistentry>
 
                 </variablelist>