X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=3f27d13c38201471e5ee2f2a9c76ce3eac931d8b;hb=623538c3125fd0174513e4ef5b0e6163f4ea41ef;hp=11ad7f6605df0d92da9f7505ebc4c609b34082e6;hpb=7f8aa67131cfc03ddcbd31c0420754864fc122f0;p=elogind.git diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 11ad7f660..3f27d13c3 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -340,9 +340,14 @@ The files listed with this directive will be read shortly before - the process is executed. Settings from - these files override settings made - with + the process is executed (more + specifically, after all + processes from a previous unit state + terminated. This means you can + generate these files in one unit + state, and read it with this option in + the next). Settings from these files + override settings made with Environment=. If the same variable is set twice from these files, the files will be read in @@ -840,7 +845,7 @@ processes via /tmp or /var/tmp - impossible. If this is enabled all + impossible. If this is enabled, all temporary files created by a service in these directories will be removed after the service is stopped. Defaults @@ -1017,7 +1022,7 @@ AppArmorProfile= - Take a profile name as argument. + Takes a profile name as argument. The process executed by the unit will switch to this profile when started. Profiles must already be loaded in the kernel, or the unit will fail. @@ -1199,22 +1204,22 @@ (which creates connected AF_UNIX sockets only) are unaffected. Note that this option has no effect on - 32bit x86 and is ignored (but works + 32-bit x86 and is ignored (but works correctly on x86-64). If running in user mode and this option is used, NoNewPrivileges=yes - is implied. By default no + is implied. By default, no restriction applies, all address families are accessible to processes. If assigned the empty - string any previous list changes are + string, any previous list changes are undone. Use this option to limit exposure of processes to remote systems, in particular via exotic network protocols. Note that in most - cases the local + cases, the local AF_UNIX address family should be included in the configured whitelist as it is @@ -1234,8 +1239,8 @@ processes. Takes one of x86 and x86-64. This is - useful when running 32bit services on - a 64bit host system. If not specified + useful when running 32-bit services on + a 64-bit host system. If not specified, the personality is left unmodified and thus reflects the personality of the host system's @@ -1247,14 +1252,14 @@ RuntimeDirectoryMode= Takes a list of - directory names. If set one or more + directory names. If set, one or more directories by the specified names will be created below /run (for system services) or below $XDG_RUNTIME_DIR (for user services) when the unit is - started and removed when the unit is + started, and removed when the unit is stopped. The directories will have the access mode specified in RuntimeDirectoryMode=, @@ -1270,7 +1275,7 @@ /, i.e. must refer to simple directories to create or remove. This is particularly useful - for unpriviliges daemons that cannot + for unprivileged daemons that cannot create runtime directories in /run due to lack of privileges, and to make sure the @@ -1422,7 +1427,7 @@ systemd.setenv= (see systemd1). Additional variables may also be set through PAM, - c.f. pam_env8. + cf. pam_env8.