summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-07-19 21:17:49 +0200
committerGitHub <noreply@github.com>2016-07-19 21:17:49 +0200
commit069a92c6581a2ee4fc0f0f9430f54412e6e3026b (patch)
tree02fb11f404687d06d5c7a5792c7e425604f16c30 /man
parent4526e15d064c77a61cf79c595c3384effd66d31b (diff)
parent2a624c36e646e9ef8d204a506b12e7dbd380e111 (diff)
Merge pull request #3685 from kinvolk/alessandro/inaccessible-paths
namespace: unify limit behavior on non-directory paths
Diffstat (limited to 'man')
-rw-r--r--man/systemd.exec.xml40
1 files changed, 21 insertions, 19 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index ed02666daf..49fea98a95 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -848,38 +848,40 @@
</varlistentry>
<varlistentry>
- <term><varname>ReadWriteDirectories=</varname></term>
- <term><varname>ReadOnlyDirectories=</varname></term>
- <term><varname>InaccessibleDirectories=</varname></term>
+ <term><varname>ReadWritePaths=</varname></term>
+ <term><varname>ReadOnlyPaths=</varname></term>
+ <term><varname>InaccessiblePaths=</varname></term>
<listitem><para>Sets up a new file system namespace for
executed processes. These options may be used to limit access
a process might have to the main file system hierarchy. Each
- setting takes a space-separated list of directory paths relative to
+ setting takes a space-separated list of paths relative to
the host's root directory (i.e. the system running the service manager).
- Directories listed in
- <varname>ReadWriteDirectories=</varname> are accessible from
+ Note that if entries contain symlinks, they are resolved from the host's root directory as well.
+ Entries (files or directories) listed in
+ <varname>ReadWritePaths=</varname> are accessible from
within the namespace with the same access rights as from
- outside. Directories listed in
- <varname>ReadOnlyDirectories=</varname> are accessible for
+ outside. Entries listed in
+ <varname>ReadOnlyPaths=</varname> are accessible for
reading only, writing will be refused even if the usual file
- access controls would permit this. Directories listed in
- <varname>InaccessibleDirectories=</varname> will be made
+ access controls would permit this. Entries listed in
+ <varname>InaccessiblePaths=</varname> will be made
inaccessible for processes inside the namespace, and may not
countain any other mountpoints, including those specified by
- <varname>ReadWriteDirectories=</varname> or
- <varname>ReadOnlyDirectories=</varname>.
+ <varname>ReadWritePaths=</varname> or
+ <varname>ReadOnlyPaths=</varname>.
Note that restricting access with these options does not extend
- to submounts of a directory that are created later on. These
+ to submounts of a directory that are created later on.
+ Non-directory paths can be specified as well. These
options may be specified more than once, in which case all
- directories listed will have limited access from within the
+ paths listed will have limited access from within the
namespace. If the empty string is assigned to this option, the
specific list is reset, and all prior assignments have no
effect.</para>
<para>Paths in
- <varname>ReadOnlyDirectories=</varname>
+ <varname>ReadOnlyPaths=</varname>
and
- <varname>InaccessibleDirectories=</varname>
+ <varname>InaccessiblePaths=</varname>
may be prefixed with
<literal>-</literal>, in which case
they will be ignored when they do not
@@ -1034,9 +1036,9 @@
<varname>PrivateDevices=</varname>,
<varname>ProtectSystem=</varname>,
<varname>ProtectHome=</varname>,
- <varname>ReadOnlyDirectories=</varname>,
- <varname>InaccessibleDirectories=</varname> and
- <varname>ReadWriteDirectories=</varname>) require that mount
+ <varname>ReadOnlyPaths=</varname>,
+ <varname>InaccessiblePaths=</varname> and
+ <varname>ReadWritePaths=</varname>) require that mount
and unmount propagation from the unit's file system namespace
is disabled, and hence downgrade <option>shared</option> to
<option>slave</option>. </para></listitem>