X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd.service.xml;h=a82dfb2c86496c11eb14f702ec0ece5c7f16b62a;hb=631b9deefbef76c5f69b165f33cb46690c938c95;hp=8b17f857ceb7b1403a9d452a58a97848b5b8c269;hpb=f07756bfe25c64119704c93a634162d6c88b5c89;p=elogind.git
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 8b17f857c..a82dfb2c8 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -307,6 +307,46 @@
+
+ BusPolicy=
+
+ If specfied, a custom kdbus
+ endpoint will be created and installed as the
+ default bus node for the service. Such a custom
+ endpoint can hold an own set of policy rules
+ that are enforced on top of the bus-wide ones.
+ The custom endpoint is named after the service
+ it was created for, and its node will be
+ bind-mounted over the default bus node
+ location, so the service can only access the
+ bus through its own endpoint. Note that custom
+ bus endpoints default to a 'deny all' policy.
+ Hence, if at least one
+ BusPolicy= directive is
+ given, you have to make sure to add explicit
+ rules for everything the service should be able
+ to do.
+ The value of this directive is comprised
+ of two parts; the bus name, and a verb to
+ specify to granted access, which is one of
+ ,
+ or
+ .
+ implies
+ , and
+ implies both and
+ .
+ If multiple access levels are specified for the
+ same bus name, the most powerful one takes
+ effect.
+
+ Examples:
+ BusPolicy=org.freedesktop.systemd1 talk
+ BusPolicy=org.foo.bar see
+ This option is only available on kdbus enabled systems.
+
+
+
ExecStart=Commands with their
@@ -1236,7 +1276,7 @@ ExecStart=/bin/echo $ONE $TWO ${TWO}
See Alsosystemd1,
- systemctl8,
+ systemctl1,
systemd.unit5,
systemd.exec5,
systemd.resource-control5,