X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd.exec.xml;h=6e55d8dfcf87c62b279bcf4a07dd6f83bbfd0fe5;hp=8d3b3da22e4ad5aa746cf4b59d42b82f5ff9f634;hb=b9a0e0106833ac595f860897038953c3e39cd355;hpb=cb07866b1b7c11e687a322d70dd9f9d73bbbe488
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 8d3b3da22..6e55d8dfc 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -44,7 +44,7 @@
systemd.exec
- systemd execution environment configuration
+ Execution environment configuration
@@ -89,8 +89,12 @@
Takes an absolute
directory path. Sets the working
- directory for executed
- processes.
+ directory for executed processes. If
+ not set defaults to the root directory
+ when systemd is running as a system
+ instance and the respective user's
+ home directory if run as
+ user.
@@ -931,18 +935,18 @@
BlockIOWriteBandwidth=
Set the per-device
- overall block IO bandwith limit for
+ overall block IO bandwidth limit for
the executed processes. Takes a space
separated pair of a file path and a
- bandwith value (in bytes per second)
+ bandwidth value (in bytes per second)
to specify the device specific
bandwidth. The file path may be
specified as path to a block device
node or as any other file in which
case the backing block device of the
file system of the file is determined.
- If the bandwith is suffixed with K, M,
- G, or T the specified bandwith is
+ If the bandwidth is suffixed with K, M,
+ G, or T the specified bandwidth is
parsed as Kilobytes, Megabytes,
Gigabytes, resp. Terabytes (Example:
"/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0
@@ -951,7 +955,7 @@
and
blkio.write_bps_device
control group attributes. Use this
- option multiple times to set bandwith
+ option multiple times to set bandwidth
limits for multiple devices. For
details about these control group
attributes see
+
+ NoNewPrivileges=
+
+ Takes a boolean
+ argument. If true ensures that the
+ service process and all its children
+ can never gain new privileges. This
+ option is more powerful than the respective
+ secure bits flags (see above), as it
+ also prohibits UID changes of any
+ kind. This is the simplest, most
+ effective way to ensure that a process
+ and its children can never elevate
+ privileges again.
+
+
+
+ SystemCallFilter=
+
+ Takes a space
+ separated list of system call
+ names. If this setting is used all
+ system calls executed by the unit
+ process except for the listed ones
+ will result in immediate process
+ termination with the SIGSYS signal
+ (whitelisting). If the first character
+ of the list is ~
+ the effect is inverted: only the
+ listed system calls will result in
+ immediate process termination
+ (blacklisting). If this option is used
+ NoNewPrivileges=yes
+ is implied. This feature makes use of
+ the Secure Computing Mode 2 interfaces
+ of the kernel ('seccomp filtering')
+ and is useful for enforcing a minimal
+ sandboxing environment. Note that the
+ execve,
+ rt_sigreturn,
+ sigreturn,
+ exit_group,
+ exit system calls
+ are implicitly whitelisted and don't
+ need to be listed
+ explicitly.
+
+