service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces

author: Lennart Poettering <lennart@poettering.net> 2013-11-27 20:23:18 +0100
committer: Lennart Poettering <lennart@poettering.net> 2013-11-27 20:28:48 +0100
commit: 613b411c947635136637f8cdd66b94512f761eab (patch)
tree: 5e0713345af39de99409d2193be93ae9e760e1d2 /man/systemd.exec.xml
parent: df41776d66b5b7467a5cf9c719b97b66d6534c8c (diff)
1 files changed, 22 insertions, 8 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 8c44071d53..207592dda7 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -846,9 +846,9 @@
                                 system namespace for the executed
                                 processes and mounts private
                                 <filename>/tmp</filename> and
-                                <filename>/var/tmp</filename> directories
-                                inside it, that are not shared by
-                                processes outside of the
+                                <filename>/var/tmp</filename>
+                                directories inside it, that are not
+                                shared by processes outside of the
                                 namespace. This is useful to secure
                                 access to temporary files of the
                                 process, but makes sharing between
@@ -856,9 +856,17 @@
                                 <filename>/tmp</filename> or
                                 <filename>/var/tmp</filename>
                                 impossible. All temporary data created
-                                by service will be removed after service
-                                is stopped. Defaults to
-                                false.</para></listitem>
+                                by service will be removed after
+                                service is stopped. Defaults to
+                                false. Note that it is possible to run
+                                two or more units within the same
+                                private <filename>/tmp</filename> and
+                                <filename>/var/tmp</filename>
+                                namespace by using the
+                                <varname>JoinsNamespaceOf=</varname>
+                                directive, see
+                                <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
@@ -874,8 +882,14 @@
                                 available to the executed process.
                                 This is useful to securely turn off
                                 network access by the executed
-                                process. Defaults to
-                                false.</para></listitem>
+                                process. Defaults to false. Note that
+                                it is possible to run two or more
+                                units within the same private network
+                                namespace by using the
+                                <varname>JoinsNamespaceOf=</varname>
+                                directive, see
+                                <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
author	Lennart Poettering <lennart@poettering.net>	2013-11-27 20:23:18 +0100
committer	Lennart Poettering <lennart@poettering.net>	2013-11-27 20:28:48 +0100
commit	613b411c947635136637f8cdd66b94512f761eab (patch)
tree	5e0713345af39de99409d2193be93ae9e760e1d2 /man/systemd.exec.xml
parent	df41776d66b5b7467a5cf9c719b97b66d6534c8c (diff)