X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=cf6ab1778e7b5334cb7303dc4ab3940b6313c81b;hb=490d99e9bf949a855ff9183465f2c265777a3272;hp=291178679da85b533c35aca108e08edd52a26094;hpb=e06c73cc91e02a1a3dffdb0976fef754f1109e74;p=elogind.git
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 291178679..cf6ab1778 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -44,7 +44,7 @@
systemd.exec
- systemd execution environment configuration
+ Execution environment configuration
@@ -1043,20 +1043,13 @@
,
or
, which
- control whether namespaces set up with
- ReadWriteDirectories=,
- ReadOnlyDirectories=
- and
- InaccessibleDirectories=
- receive or propagate new mounts
- from/to the main namespace. See
+ control whether the file system
+ namespace set up for this unit's
+ processes will receive or propagate
+ new mounts. See
mount1
- for details. Defaults to
- , i.e. the new
- namespace will both receive new mount
- points from the main namespace as well
- as propagate new mounts to
- it.
+ for details. Default to
+ .
@@ -1091,6 +1084,54 @@
shell pipelines.
+
+ NoNewPrivileges=
+
+ Takes a boolean
+ argument. If true ensures that the
+ service process and all its children
+ can never gain new privileges. This
+ option is more powerful than the respective
+ secure bits flags (see above), as it
+ also prohibits UID changes of any
+ kind. This is the simplest, most
+ effective way to ensure that a process
+ and its children can never elevate
+ privileges again.
+
+
+
+ SystemCallFilter=
+
+ Takes a space
+ separated list of system call
+ names. If this setting is used all
+ system calls executed by the unit
+ process except for the listed ones
+ will result in immediate process
+ termination with the SIGSYS signal
+ (whitelisting). If the first character
+ of the list is ~
+ the effect is inverted: only the
+ listed system calls will result in
+ immediate process termination
+ (blacklisting). If this option is used
+ NoNewPrivileges=yes
+ is implied. This feature makes use of
+ the Secure Computing Mode 2 interfaces
+ of the kernel ('seccomp filtering')
+ and is useful for enforcing a minimal
+ sandboxing environment. Note that the
+ execve,
+ rt_sigreturn,
+ sigreturn,
+ exit_group,
+ exit system calls
+ are implicitly whitelisted and don't
+ need to be listed
+ explicitly.
+
+
@@ -1104,7 +1145,8 @@
systemd.service5,
systemd.socket5,
systemd.swap5,
- systemd.mount5
+ systemd.mount5,
+ systemd.kill5