diff options
author | Nicolas Braud-Santoni <nicolas@braud-santoni.eu> | 2016-04-17 14:22:17 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-04-17 14:22:17 +0200 |
commit | b50a16af8e3c353703d55f117077fcf60b8081e8 (patch) | |
tree | ec1a6748f6d9e8d87e3d2c468d16e6f61afc69e9 /man/systemd.exec.xml | |
parent | cacf980ed44a28e276a6cc7f8fc41f991e2ab354 (diff) |
man: systemd.exec: Clarify InaccessibleDirectories (#3048) (#3048)
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r-- | man/systemd.exec.xml | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 3e1a2cb224..4ed62dbada 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -859,9 +859,12 @@ reading only, writing will be refused even if the usual file access controls would permit this. Directories listed in <varname>InaccessibleDirectories=</varname> will be made - inaccessible for processes inside the namespace. Note that - restricting access with these options does not extend to - submounts of a directory that are created later on. These + inaccessible for processes inside the namespace, and may not + countain any other mountpoints, including those specified by + <varname>ReadWriteDirectories=</varname> or + <varname>ReadOnlyDirectories=</varname>. + Note that restricting access with these options does not extend + to submounts of a directory that are created later on. These options may be specified more than once, in which case all directories listed will have limited access from within the namespace. If the empty string is assigned to this option, the |