summaryrefslogtreecommitdiff
path: root/man/systemd.exec.xml
diff options
context:
space:
mode:
authorKees Cook <kees@outflux.net>2016-11-03 18:26:59 -0600
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-11-03 20:26:59 -0400
commitd974f949f10d6945e1abe9bc6525e676bc515928 (patch)
treec6a6d7937efcfd885aff312015a61ee428e1109c /man/systemd.exec.xml
parente2df6e90b239cbc1d14f5e63a9ba3abb08a2e787 (diff)
doc: clarify NoNewPrivileges (#4562)
Setting no_new_privs does not stop UID changes, but rather blocks gaining privileges through execve(). Also fixes a small typo.
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r--man/systemd.exec.xml8
1 files changed, 4 insertions, 4 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 3c350df11f..ea889c9cf3 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1235,13 +1235,13 @@
<term><varname>NoNewPrivileges=</varname></term>
<listitem><para>Takes a boolean argument. If true, ensures that the service
- process and all its children can never gain new privileges. This option is more
- powerful than the respective secure bits flags (see above), as it also prohibits
- UID changes of any kind. This is the simplest and most effective way to ensure that
+ process and all its children can never gain new privileges through
+ <function>execve</function> (e.g. via setuid or setgid bits, or filesystem
+ capabilities). This is the simplest and most effective way to ensure that
a process and its children can never elevate privileges again. Defaults to false,
but in the user manager instance certain settings force
<varname>NoNewPrivileges=yes</varname>, ignoring the value of this setting.
- Those is the case when <varname>SystemCallFilter=</varname>,
+ This is the case when <varname>SystemCallFilter=</varname>,
<varname>SystemCallArchitectures=</varname>,
<varname>RestrictAddressFamilies=</varname>,
<varname>PrivateDevices=</varname>,