X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=7ab9b5c1ed6824c07d6a71158af87c45ad7ac33b;hb=5d5e98eb8c859d5a85fe6cd5e3cc433bd8a096ba;hp=c04db12e3bee1479fec8ac5be741de551934df4e;hpb=34511ca7b166b0e89d08ff9870b0cf2624a7815f;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c04db12e3..7ab9b5c1e 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -471,7 +471,7 @@
TTYVTDisallocate=
- If the the terminal
+ If the terminal
device specified with
TTYPath= is a
virtual console terminal try to
@@ -806,7 +806,7 @@
Set a specific control
group attribute for executed
- processes, and (if needed) add the the
+ processes, and (if needed) add the
executed processes to a cgroup in the
hierarchy of the controller the
attribute belongs to. Takes two
@@ -1043,26 +1043,19 @@
,
or
, which
- control whether namespaces set up with
- ReadWriteDirectories=,
- ReadOnlyDirectories=
- and
- InaccessibleDirectories=
- receive or propagate new mounts
- from/to the main namespace. See
+ control whether the file system
+ namespace set up for this unit's
+ processes will receive or propagate
+ new mounts. See
mount1
- for details. Defaults to
- , i.e. the new
- namespace will both receive new mount
- points from the main namespace as well
- as propagate new mounts to
- it.
+ for details. Default to
+ .UtmpIdentifier=
- Takes a a four
+ Takes a four
character identifier string for an
utmp/wtmp entry for this service. This
should only be set for services such
@@ -1091,6 +1084,54 @@
shell pipelines.
+
+ NoNewPrivileges=
+
+ Takes a boolean
+ argument. If true ensures that the
+ service process and all its children
+ can never gain new privileges. This
+ option is more powerful than the respective
+ secure bits flags (see above), as it
+ also prohibits UID changes of any
+ kind. This is the simplest, most
+ effective way to ensure that a process
+ and its children can never elevate
+ privileges again.
+
+
+
+ SystemCallFilter=
+
+ Takes a space
+ separated list of system call
+ names. If this setting is used all
+ system calls executed by the unit
+ process except for the listed ones
+ will result in immediate process
+ termination with the SIGSYS signal
+ (whitelisting). If the first character
+ of the list is ~
+ the effect is inverted: only the
+ listed system calls will result in
+ immediate process termination
+ (blacklisting). If this option is used
+ NoNewPrivileges=yes
+ is implied. This feature makes use of
+ the Secure Computing Mode 2 interfaces
+ of the kernel ('seccomp filtering')
+ and is useful for enforcing a minimal
+ sandboxing environment. Note that the
+ execve,
+ rt_sigreturn,
+ sigreturn,
+ exit_group,
+ exit system calls
+ are implicitly whitelisted and don't
+ need to be listed
+ explicitly.
+
+
@@ -1104,7 +1145,8 @@
systemd.service5,
systemd.socket5,
systemd.swap5,
- systemd.mount5
+ systemd.mount5,
+ systemd.kill5