X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=cc5442d45cf17be9b0c29051533cbf2428a44403;hb=6fc27667950fe153033f0f49cb5b57e8954c3e54;hp=c5bb55c556b3abc065917dc8890cba3694113e88;hpb=5331194c120520579eede9dba4bd9c3329629601;p=elogind.git

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c5bb55c55..cc5442d45 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -777,8 +777,8 @@
                                 <term><varname>ReadOnlyDirectories=</varname></term>
                                 <term><varname>InaccessibleDirectories=</varname></term>
 
-                                <listitem><para>Sets up a new
-                                file system namespace for executed
+                                <listitem><para>Sets up a new file
+                                system namespace for executed
                                 processes. These options may be used
                                 to limit access a process might have
                                 to the main file system
@@ -799,16 +799,14 @@
                                 processes inside the namespace. Note
                                 that restricting access with these
                                 options does not extend to submounts
-                                of a directory. You must list
-                                submounts separately in these settings
-                                to ensure the same limited
-                                access. These options may be specified
+                                of a directory that are created later
+                                on. These options may be specified
                                 more than once in which case all
                                 directories listed will have limited
                                 access from within the namespace. If
                                 the empty string is assigned to this
-                                option, the specific list is reset, and
-                                all prior assignments have no
+                                option, the specific list is reset,
+                                and all prior assignments have no
                                 effect.</para>
                                 <para>Paths in
                                 <varname>ReadOnlyDirectories=</varname>
@@ -943,8 +941,8 @@
                                 mounts the <filename>/usr</filename>
                                 directory read-only for processes
                                 invoked by this unit. If set to
-                                <literal>full</literal> the
-                                <filename>/etc</filename> is mounted
+                                <literal>full</literal>, the
+                                <filename>/etc</filename> directory is mounted
                                 read-only, too. This setting ensures
                                 that any modification of the vendor
                                 supplied operating system (and
@@ -954,7 +952,7 @@
                                 all long-running services, unless they
                                 are involved with system updates or
                                 need to modify the operating system in
-                                other ways. Note however, that
+                                other ways. Note however that
                                 processes retaining the CAP_SYS_ADMIN
                                 capability can undo the effect of this
                                 setting. This setting is hence
@@ -976,7 +974,7 @@
                                 <filename>/run/user</filename> are
                                 made inaccessible and empty for
                                 processes invoked by this unit. If set
-                                to <literal>read-only</literal> the
+                                to <literal>read-only</literal>, the
                                 two directores are made read-only
                                 instead. It is recommended to enable
                                 this setting for all long-running
@@ -984,7 +982,7 @@
                                 ones), to ensure they cannot get access
                                 to private user data, unless the
                                 services actually require access to
-                                the user's private data. Note however,
+                                the user's private data. Note however
                                 that processes retaining the
                                 CAP_SYS_ADMIN capability can undo the
                                 effect of this setting. This setting