summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-01-27 02:19:33 +0100
committerLennart Poettering <lennart@poettering.net>2015-01-27 02:19:33 +0100
commitc51cbfdcc7f38438553e4c2c60499f6aea7cc504 (patch)
tree4e8aadf21c483a747b0ea167bed6a9a2e2389942
parent297d563de43167f21510061d2de55979a4d65ac4 (diff)
man: document that ProtectSystem= also covers /boot
-rw-r--r--man/systemd.exec.xml11
1 files changed, 6 insertions, 5 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index b338899d81..cbaec9f13b 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1064,13 +1064,14 @@
argument or
<literal>full</literal>. If true,
mounts the <filename>/usr</filename>
- directory read-only for processes
+ and <filename>/boot</filename>
+ directories read-only for processes
invoked by this unit. If set to
<literal>full</literal>, the
- <filename>/etc</filename> directory is mounted
- read-only, too. This setting ensures
- that any modification of the vendor
- supplied operating system (and
+ <filename>/etc</filename> directory is
+ mounted read-only, too. This setting
+ ensures that any modification of the
+ vendor supplied operating system (and
optionally its configuration) is
prohibited for the service. It is
recommended to enable this setting for