summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolas Braud-Santoni <nicolas@braud-santoni.eu>2016-04-17 14:22:17 +0200
committerLennart Poettering <lennart@poettering.net>2016-04-17 14:22:17 +0200
commitb50a16af8e3c353703d55f117077fcf60b8081e8 (patch)
treeec1a6748f6d9e8d87e3d2c468d16e6f61afc69e9
parentcacf980ed44a28e276a6cc7f8fc41f991e2ab354 (diff)
man: systemd.exec: Clarify InaccessibleDirectories (#3048) (#3048)
-rw-r--r--man/systemd.exec.xml9
1 files changed, 6 insertions, 3 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 3e1a2cb224..4ed62dbada 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -859,9 +859,12 @@
reading only, writing will be refused even if the usual file
access controls would permit this. Directories listed in
<varname>InaccessibleDirectories=</varname> will be made
- inaccessible for processes inside the namespace. Note that
- restricting access with these options does not extend to
- submounts of a directory that are created later on. These
+ inaccessible for processes inside the namespace, and may not
+ countain any other mountpoints, including those specified by
+ <varname>ReadWriteDirectories=</varname> or
+ <varname>ReadOnlyDirectories=</varname>.
+ Note that restricting access with these options does not extend
+ to submounts of a directory that are created later on. These
options may be specified more than once, in which case all
directories listed will have limited access from within the
namespace. If the empty string is assigned to this option, the