X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=22f076870f6f777ca3cbedf70e70d24b916c1471;hb=2bcc2523711e69e6daa744641e56ed8b78646676;hp=f47826ce4ae6a278d069be3bd847ff166789c23f;hpb=c2c13f2df42e0691aecabe3979ea81cd7faa35c7;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index f47826ce4..22f076870 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -340,9 +340,14 @@
The files listed with this
directive will be read shortly before
- the process is executed. Settings from
- these files override settings made
- with
+ the process is executed (more
+ specifically, after all
+ processes from a previous unit state
+ terminated. This means you can
+ generate these files in one unit
+ state, and read it with this option in
+ the next). Settings from these files
+ override settings made with
Environment=. If
the same variable is set twice from
these files, the files will be read in
@@ -686,31 +691,6 @@
for details.
-
- TCPWrapName=
- If this is a
- socket-activated service, this sets the
- tcpwrap service name to check the
- permission for the current connection
- with. This is only useful in
- conjunction with socket-activated
- services, and stream sockets (TCP) in
- particular. It has no effect on other
- socket types (e.g. datagram/UDP) and
- on processes unrelated to socket-based
- activation. If the tcpwrap
- verification fails, daemon start-up
- will fail and the connection is
- terminated. See
- tcpd8
- for details. Note that this option may
- be used to do access control checks
- only. Shell commands and commands
- described in
- hosts_options5
- are not supported.
-
-
CapabilityBoundingSet=
@@ -865,7 +845,7 @@
processes via
/tmp or
/var/tmp
- impossible. If this is enabled all
+ impossible. If this is enabled, all
temporary files created by a service
in these directories will be removed
after the service is stopped. Defaults
@@ -1042,7 +1022,7 @@
AppArmorProfile=
- Take a profile name as argument.
+ Takes a profile name as argument.
The process executed by the unit will switch to
this profile when started. Profiles must already
be loaded in the kernel, or the unit will fail.
@@ -1224,22 +1204,22 @@
(which creates connected AF_UNIX
sockets only) are unaffected. Note
that this option has no effect on
- 32bit x86 and is ignored (but works
+ 32-bit x86 and is ignored (but works
correctly on x86-64). If running in user
mode and this option is used,
NoNewPrivileges=yes
- is implied. By default no
+ is implied. By default, no
restriction applies, all address
families are accessible to
processes. If assigned the empty
- string any previous list changes are
+ string, any previous list changes are
undone.
Use this option to limit
exposure of processes to remote
systems, in particular via exotic
network protocols. Note that in most
- cases the local
+ cases, the local
AF_UNIX address
family should be included in the
configured whitelist as it is
@@ -1259,8 +1239,8 @@
processes. Takes one of
x86 and
x86-64. This is
- useful when running 32bit services on
- a 64bit host system. If not specified
+ useful when running 32-bit services on
+ a 64-bit host system. If not specified,
the personality is left unmodified and
thus reflects the personality of the
host system's
@@ -1272,14 +1252,14 @@
RuntimeDirectoryMode=
Takes a list of
- directory names. If set one or more
+ directory names. If set, one or more
directories by the specified names
will be created below
/run (for system
services) or below
$XDG_RUNTIME_DIR
(for user services) when the unit is
- started and removed when the unit is
+ started, and removed when the unit is
stopped. The directories will have the
access mode specified in
RuntimeDirectoryMode=,
@@ -1447,7 +1427,7 @@
systemd.setenv= (see
systemd1). Additional
variables may also be set through PAM,
- c.f. pam_env8.
+ cf. pam_env8.