diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-01-27 02:19:33 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-01-27 02:19:33 +0100 |
commit | c51cbfdcc7f38438553e4c2c60499f6aea7cc504 (patch) | |
tree | 4e8aadf21c483a747b0ea167bed6a9a2e2389942 | |
parent | 297d563de43167f21510061d2de55979a4d65ac4 (diff) |
man: document that ProtectSystem= also covers /boot
-rw-r--r-- | man/systemd.exec.xml | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index b338899d81..cbaec9f13b 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1064,13 +1064,14 @@ argument or <literal>full</literal>. If true, mounts the <filename>/usr</filename> - directory read-only for processes + and <filename>/boot</filename> + directories read-only for processes invoked by this unit. If set to <literal>full</literal>, the - <filename>/etc</filename> directory is mounted - read-only, too. This setting ensures - that any modification of the vendor - supplied operating system (and + <filename>/etc</filename> directory is + mounted read-only, too. This setting + ensures that any modification of the + vendor supplied operating system (and optionally its configuration) is prohibited for the service. It is recommended to enable this setting for |