1 files changed, 16 insertions, 2 deletions

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index bb38ea2467..e594dc1b0c 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -132,8 +132,22 @@
         the <function>chroot()</function> jail. Note that setting this parameter might result in additional
         dependencies to be added to the unit (see above).</para>
 
-        <para>The <varname>PrivateUsers=</varname> setting is particularly useful in conjunction with
-        <varname>RootDirectory=</varname>. For details, see below.</para></listitem>
+        <para>The <varname>MountAPIVFS=</varname> and <varname>PrivateUsers=</varname> settings are particularly useful
+        in conjunction with <varname>RootDirectory=</varname>. For details, see below.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>MountAPIVFS=</varname></term>
+
+        <listitem><para>Takes a boolean argument. If on, a private mount namespace for the unit's processes is created
+        and the API file systems <filename>/proc</filename>, <filename>/sys</filename> and <filename>/dev</filename>
+        will be mounted inside of it, unless they are already mounted. Note that this option has no effect unless used
+        in conjunction with <varname>RootDirectory=</varname> as these three mounts are generally mounted in the host
+        anyway, and unless the root directory is changed the private mount namespace will be a 1:1 copy of the host's,
+        and include these three mounts. Note that the <filename>/dev</filename> file system of the host is bind mounted
+        if this option is used without <varname>PrivateDevices=</varname>. To run the service with a private, minimal
+        version of <filename>/dev/</filename>, combine this option with
+        <varname>PrivateDevices=</varname>.</para></listitem>
       </varlistentry>
 
       <varlistentry>