- argument. If true, mounts the
- <filename>/usr</filename> and
- <filename>/boot</filename> directories
- read-only for processes invoked by
- this unit. This setting ensures that
- any modification of the vendor
- supplied operating system is
+ argument or
+ <literal>full</literal>. If true,
+ mounts the <filename>/usr</filename>
+ directory read-only for processes
+ invoked by this unit. If set to
+ <literal>full</literal>, the
+ <filename>/etc</filename> directory is mounted
+ read-only, too. This setting ensures
+ that any modification of the vendor
+ supplied operating system (and
+ optionally its configuration) is