X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=0747d0e1f974265d9f8f39392a4b1e1335fad4fb;hp=af103ff14c12f18943106903372b33fba170aa58;hb=9f5ecdb0b11557be41c065f460bb22ab52bb0034;hpb=8257df2767fe2eb535fb83966d92f3074c522150
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index af103ff14..0747d0e1f 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -572,15 +572,19 @@
SyslogIdentifier=Sets the process name
- to prefix log lines sent to syslog or
- the kernel log buffer with. If not set,
- defaults to the process name of the
- executed process. This option is only
- useful when
+ to prefix log lines sent to the
+ logging system or the kernel log
+ buffer with. If not set, defaults to
+ the process name of the executed
+ process. This option is only useful
+ when
StandardOutput= or
StandardError= are
- set to or
- .
+ set to ,
+ or
+ (or to the same
+ settings in combination with
+ ).
SyslogFacility=
@@ -776,20 +780,22 @@
SecureBits=Controls the secure
- bits set for the executed process. See
- capabilities7
- for details. Takes a list of strings:
+ bits set for the executed process.
+ Takes a space-separated combination of
+ options from the following list:
,
,
,
,
- and/or
+ , and
. This
option may appear more than once in
- which case the secure bits are
- ORed. If the empty string is assigned
- to this option, the bits are reset to
- 0.
+ which case the secure bits are ORed.
+ If the empty string is assigned to
+ this option, the bits are reset to 0.
+ See capabilities7
+ for details.
@@ -806,7 +812,7 @@
attached to the executed file. Due to
that
CapabilityBoundingSet=
- is probably the much more useful
+ is probably a much more useful
setting.
@@ -1059,7 +1065,7 @@
namespace. Note that
means that file
systems mounted on the host might stay
- mounted continously in the unit's
+ mounted continuously in the unit's
namespace, and thus keep the device
busy. Note that the file system
namespace related options
@@ -1131,6 +1137,35 @@
+
+ SmackProcessLabel=
+
+ Takes a
+ security
+ label as argument. The process
+ executed by the unit will be started
+ under this label and SMACK will decide
+ whether the processes is allowed to
+ run or not based on it. The process
+ will continue to run under the label
+ specified here unless the executable
+ has its own
+ label, in
+ which case the process will transition
+ to run under that label. When not
+ specified, the label that systemd is
+ running under is used. This directive
+ is ignored if SMACK is
+ disabled.
+
+ The value may be prefixed by
+ -, in which case
+ all errors will be ignored. An empty
+ value may be specified to unset
+ previous assignments.
+
+
+
IgnoreSIGPIPE=
@@ -1533,7 +1568,7 @@
See Alsosystemd1,
- systemctl8,
+ systemctl1,
journalctl8,
systemd.unit5,
systemd.service5,