summaryrefslogtreecommitdiff
path: root/man/systemd.exec.xml
diff options
context:
space:
mode:
authorDjalal Harouni <tixxdz@opendz.org>2016-10-08 17:48:35 +0200
committerDjalal Harouni <tixxdz@opendz.org>2016-10-12 13:52:40 +0200
commitac246d9868bd476297e2702e0a7ef52294f9cfa8 (patch)
tree46f3c7d2dffd6ce05c922e07f5a8e9b664c89ba8 /man/systemd.exec.xml
parent625d8769fa6394a302b024eaee45043e6eb0c87a (diff)
doc: minor hint about InaccessiblePaths= in regard of ProtectKernelTunables=
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r--man/systemd.exec.xml5
1 files changed, 4 insertions, 1 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c46c0f6dd8..4a68695348 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1046,7 +1046,10 @@
boot-time, with the <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
mechanism. Almost no services need to write to these at runtime; it is hence recommended to turn this on for
most services. For this setting the same restrictions regarding mount propagation and privileges apply as for
- <varname>ReadOnlyPaths=</varname> and related calls, see above. Defaults to off.</para></listitem>
+ <varname>ReadOnlyPaths=</varname> and related calls, see above. Defaults to off.
+ Note that this option does not prevent kernel tuning through IPC interfaces and exeternal programs. However
+ <varname>InaccessiblePaths=</varname> can be used to make some IPC file system objects
+ inaccessible.</para></listitem>
</varlistentry>
<varlistentry>