summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-03-18 17:58:19 +0100
committerLennart Poettering <lennart@poettering.net>2014-03-18 17:58:19 +0100
commitf1660f96f59dad860d39f148c3a747050d112763 (patch)
tree6a56a7202c056b889acdd51fe3eccc0d155dceae /man
parent45aee6d67ad62a651720f22e67273a692014f948 (diff)
core: drop CAP_MKNOD when PrivateDevices= is set
Diffstat (limited to 'man')
-rw-r--r--man/systemd.exec.xml7
1 files changed, 5 insertions, 2 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index f1bcf9b7bd..90d36f9b57 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -908,8 +908,11 @@
<filename>/dev/sda</filename>. This is
useful to securely turn off physical
device access by the executed
- process. Defaults to
- false.</para></listitem>
+ process. Defaults to false. Note that
+ enabling this option implies that
+ <constant>CAP_MKNOD</constant> is
+ removed from the capability bounding
+ set for the unit.</para></listitem>
</varlistentry>
<varlistentry>