chiark / gitweb /
man: document that ProtectSystem= also covers /boot
authorLennart Poettering <lennart@poettering.net>
Tue, 27 Jan 2015 01:19:33 +0000 (02:19 +0100)
committerLennart Poettering <lennart@poettering.net>
Tue, 27 Jan 2015 01:19:33 +0000 (02:19 +0100)
man/systemd.exec.xml

index b338899..cbaec9f 100644 (file)
                                 argument or
                                 <literal>full</literal>. If true,
                                 mounts the <filename>/usr</filename>
-                                directory read-only for processes
+                                and <filename>/boot</filename>
+                                directories read-only for processes
                                 invoked by this unit. If set to
                                 <literal>full</literal>, the
-                                <filename>/etc</filename> directory is mounted
-                                read-only, too. This setting ensures
-                                that any modification of the vendor
-                                supplied operating system (and
+                                <filename>/etc</filename> directory is
+                                mounted read-only, too. This setting
+                                ensures that any modification of the
+                                vendor supplied operating system (and
                                 optionally its configuration) is
                                 prohibited for the service. It is
                                 recommended to enable this setting for