diff options
author | Alessandro Puccetti <alessandro@kinvolk.io> | 2016-07-07 11:17:00 +0200 |
---|---|---|
committer | Alessandro Puccetti <alessandro@kinvolk.io> | 2016-07-19 17:22:02 +0200 |
commit | 2a624c36e646e9ef8d204a506b12e7dbd380e111 (patch) | |
tree | fd204cc43e90cac6000d4351cacae00372c4a97d /man/systemd.exec.xml | |
parent | c4b41707462a74eb7008e8d12a0b4d0a0c09bff4 (diff) |
doc,core: Read{Write,Only}Paths= and InaccessiblePaths=
This patch renames Read{Write,Only}Directories= and InaccessibleDirectories=
to Read{Write,Only}Paths= and InaccessiblePaths=, previous names are kept
as aliases but they are not advertised in the documentation.
Renamed variables:
`read_write_dirs` --> `read_write_paths`
`read_only_dirs` --> `read_only_paths`
`inaccessible_dirs` --> `inaccessible_paths`
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r-- | man/systemd.exec.xml | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index e982333434..49fea98a95 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -848,9 +848,9 @@ </varlistentry> <varlistentry> - <term><varname>ReadWriteDirectories=</varname></term> - <term><varname>ReadOnlyDirectories=</varname></term> - <term><varname>InaccessibleDirectories=</varname></term> + <term><varname>ReadWritePaths=</varname></term> + <term><varname>ReadOnlyPaths=</varname></term> + <term><varname>InaccessiblePaths=</varname></term> <listitem><para>Sets up a new file system namespace for executed processes. These options may be used to limit access @@ -858,18 +858,18 @@ setting takes a space-separated list of paths relative to the host's root directory (i.e. the system running the service manager). Note that if entries contain symlinks, they are resolved from the host's root directory as well. - Entries (files or directories) listed in - <varname>ReadWriteDirectories=</varname> are accessible from + Entries (files or directories) listed in + <varname>ReadWritePaths=</varname> are accessible from within the namespace with the same access rights as from outside. Entries listed in - <varname>ReadOnlyDirectories=</varname> are accessible for + <varname>ReadOnlyPaths=</varname> are accessible for reading only, writing will be refused even if the usual file access controls would permit this. Entries listed in - <varname>InaccessibleDirectories=</varname> will be made + <varname>InaccessiblePaths=</varname> will be made inaccessible for processes inside the namespace, and may not countain any other mountpoints, including those specified by - <varname>ReadWriteDirectories=</varname> or - <varname>ReadOnlyDirectories=</varname>. + <varname>ReadWritePaths=</varname> or + <varname>ReadOnlyPaths=</varname>. Note that restricting access with these options does not extend to submounts of a directory that are created later on. Non-directory paths can be specified as well. These @@ -879,9 +879,9 @@ specific list is reset, and all prior assignments have no effect.</para> <para>Paths in - <varname>ReadOnlyDirectories=</varname> + <varname>ReadOnlyPaths=</varname> and - <varname>InaccessibleDirectories=</varname> + <varname>InaccessiblePaths=</varname> may be prefixed with <literal>-</literal>, in which case they will be ignored when they do not @@ -1036,9 +1036,9 @@ <varname>PrivateDevices=</varname>, <varname>ProtectSystem=</varname>, <varname>ProtectHome=</varname>, - <varname>ReadOnlyDirectories=</varname>, - <varname>InaccessibleDirectories=</varname> and - <varname>ReadWriteDirectories=</varname>) require that mount + <varname>ReadOnlyPaths=</varname>, + <varname>InaccessiblePaths=</varname> and + <varname>ReadWritePaths=</varname>) require that mount and unmount propagation from the unit's file system namespace is disabled, and hence downgrade <option>shared</option> to <option>slave</option>. </para></listitem> |