temporary files created by a service
in these directories will be removed
after the service is stopped. Defaults
temporary files created by a service
in these directories will be removed
after the service is stopped. Defaults
correctly on x86-64). If running in user
mode and this option is used,
<varname>NoNewPrivileges=yes</varname>
correctly on x86-64). If running in user
mode and this option is used,
<varname>NoNewPrivileges=yes</varname>
restriction applies, all address
families are accessible to
processes. If assigned the empty
restriction applies, all address
families are accessible to
processes. If assigned the empty
undone.</para>
<para>Use this option to limit
exposure of processes to remote
systems, in particular via exotic
network protocols. Note that in most
undone.</para>
<para>Use this option to limit
exposure of processes to remote
systems, in particular via exotic
network protocols. Note that in most
<constant>AF_UNIX</constant> address
family should be included in the
configured whitelist as it is
<constant>AF_UNIX</constant> address
family should be included in the
configured whitelist as it is
<constant>x86</constant> and
<constant>x86-64</constant>. This is
useful when running 32-bit services on
<constant>x86</constant> and
<constant>x86-64</constant>. This is
useful when running 32-bit services on
directories by the specified names
will be created below
<filename>/run</filename> (for system
services) or below
<varname>$XDG_RUNTIME_DIR</varname>
(for user services) when the unit is
directories by the specified names
will be created below
<filename>/run</filename> (for system
services) or below
<varname>$XDG_RUNTIME_DIR</varname>
(for user services) when the unit is
stopped. The directories will have the
access mode specified in
<varname>RuntimeDirectoryMode=</varname>,
stopped. The directories will have the
access mode specified in
<varname>RuntimeDirectoryMode=</varname>,