diff options
| author | Evgeny Vereshchagin <evvers@ya.ru> | 2017-02-09 03:31:22 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-02-09 03:31:22 +0300 |
| commit | 52a4aafb4dd178afae5ce8ceadd852233cac10f3 (patch) | |
| tree | f1a0176cacb9f730e9d774d5467c391a18231996 /man/systemd.exec.xml | |
| parent | 2026e39b2d2f9a2951cdf72be53fde1f2dac4c63 (diff) | |
| parent | b8076e3d06dd93664969c774444b74be69d15d23 (diff) | |
Merge pull request #5270 from poettering/seccomp-namespace-fix
swap seccomp filter params on s390
Diffstat (limited to 'man/systemd.exec.xml')
| -rw-r--r-- | man/systemd.exec.xml | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index fd47b0a20a..e7e5d6b0c7 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1554,11 +1554,10 @@ <citerefentry><refentrytitle>setns</refentrytitle><manvolnum>2</manvolnum></citerefentry> system calls, taking the specified flags parameters into account. Note that — if this option is used — in addition to restricting creation and switching of the specified types of namespaces (or all of them, if true) access to the - <function>setns()</function> system call with a zero flags parameter is prohibited. - If running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant> - capability (e.g. setting <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname> - is implied. - </para></listitem> + <function>setns()</function> system call with a zero flags parameter is prohibited. This setting is only + supported on x86, x86-64, s390 and s390x, and enforces no restrictions on other architectures. If running in user + mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting + <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname> is implied. </para></listitem> </varlistentry> <varlistentry> |