diff options
author | Daniel Mack <github@zonque.org> | 2015-07-01 13:45:33 -0400 |
---|---|---|
committer | Daniel Mack <github@zonque.org> | 2015-07-01 13:45:33 -0400 |
commit | 38b541c4f25830af1429f2dc903c81a3c8c1877f (patch) | |
tree | b117c4920fec4f26e8e1e7efc4f6c60db5509aab /man | |
parent | b6b34755339b7ce7181d0986f761ca2af3d5497e (diff) | |
parent | 5833143708733a3fc9e6935922bf11d7d27cb768 (diff) |
Merge pull request #419 from eworm-de/man-protecthome
man: ProtectHome= protects /root as well
Diffstat (limited to 'man')
-rw-r--r-- | man/systemd.exec.xml | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 64877720bc..45a4422dc3 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -858,9 +858,10 @@ <listitem><para>Takes a boolean argument or <literal>read-only</literal>. If true, the directories - <filename>/home</filename> and <filename>/run/user</filename> + <filename>/home</filename>, <filename>/root</filename> and + <filename>/run/user</filename> are made inaccessible and empty for processes invoked by this - unit. If set to <literal>read-only</literal>, the two + unit. If set to <literal>read-only</literal>, the three directories are made read-only instead. It is recommended to enable this setting for all long-running services (in particular network-facing ones), to ensure they cannot get |