X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=0747d0e1f974265d9f8f39392a4b1e1335fad4fb;hp=af103ff14c12f18943106903372b33fba170aa58;hb=9f5ecdb0b11557be41c065f460bb22ab52bb0034;hpb=8257df2767fe2eb535fb83966d92f3074c522150

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index af103ff14..0747d0e1f 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -572,15 +572,19 @@
                         <varlistentry>
                                 <term><varname>SyslogIdentifier=</varname></term>
                                 <listitem><para>Sets the process name
-                                to prefix log lines sent to syslog or
-                                the kernel log buffer with. If not set,
-                                defaults to the process name of the
-                                executed process. This option is only
-                                useful when
+                                to prefix log lines sent to the
+                                logging system or the kernel log
+                                buffer with. If not set, defaults to
+                                the process name of the executed
+                                process. This option is only useful
+                                when
                                 <varname>StandardOutput=</varname> or
                                 <varname>StandardError=</varname> are
-                                set to <option>syslog</option> or
-                                <option>kmsg</option>.</para></listitem>
+                                set to <option>syslog</option>,
+                                <option>journal</option> or
+                                <option>kmsg</option> (or to the same
+                                settings in combination with
+                                <option>+console</option>).</para></listitem>
                         </varlistentry>
                         <varlistentry>
                                 <term><varname>SyslogFacility=</varname></term>
@@ -776,20 +780,22 @@
                         <varlistentry>
                                 <term><varname>SecureBits=</varname></term>
                                 <listitem><para>Controls the secure
-                                bits set for the executed process. See
-                                <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
-                                for details. Takes a list of strings:
+                                bits set for the executed process.
+                                Takes a space-separated combination of
+                                options from the following list:
                                 <option>keep-caps</option>,
                                 <option>keep-caps-locked</option>,
                                 <option>no-setuid-fixup</option>,
                                 <option>no-setuid-fixup-locked</option>,
-                                <option>noroot</option> and/or
+                                <option>noroot</option>, and
                                 <option>noroot-locked</option>. This
                                 option may appear more than once in
-                                which case the secure bits are
-                                ORed. If the empty string is assigned
-                                to this option, the bits are reset to
-                                0.</para></listitem>
+                                which case the secure bits are ORed.
+                                If the empty string is assigned to
+                                this option, the bits are reset to 0.
+                                See <citerefentry
+                                project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+                                for details.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
@@ -806,7 +812,7 @@
                                 attached to the executed file. Due to
                                 that
                                 <varname>CapabilityBoundingSet=</varname>
-                                is probably the much more useful
+                                is probably a much more useful
                                 setting.</para></listitem>
                         </varlistentry>
 
@@ -1059,7 +1065,7 @@
                                 namespace. Note that
                                 <option>slave</option> means that file
                                 systems mounted on the host might stay
-                                mounted continously in the unit's
+                                mounted continuously in the unit's
                                 namespace, and thus keep the device
                                 busy. Note that the file system
                                 namespace related options
@@ -1131,6 +1137,35 @@
                                 </para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><varname>SmackProcessLabel=</varname></term>
+
+                                <listitem><para>Takes a
+                                <option>SMACK64</option> security
+                                label as argument. The process
+                                executed by the unit will be started
+                                under this label and SMACK will decide
+                                whether the processes is allowed to
+                                run or not based on it. The process
+                                will continue to run under the label
+                                specified here unless the executable
+                                has its own
+                                <option>SMACK64EXEC</option> label, in
+                                which case the process will transition
+                                to run under that label. When not
+                                specified, the label that systemd is
+                                running under is used. This directive
+                                is ignored if SMACK is
+                                disabled.</para>
+
+                                <para>The value may be prefixed by
+                                <literal>-</literal>, in which case
+                                all errors will be ignored. An empty
+                                value may be specified to unset
+                                previous assignments.</para>
+                                </listitem>
+                        </varlistentry>
+
                         <varlistentry>
                                 <term><varname>IgnoreSIGPIPE=</varname></term>
 
@@ -1533,7 +1568,7 @@
                   <title>See Also</title>
                   <para>
                           <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
-                          <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+                          <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                           <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
                           <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
                           <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,