diff options
Diffstat (limited to 'man/systemd.exec.xml')
| -rw-r--r-- | man/systemd.exec.xml | 60 |
1 files changed, 31 insertions, 29 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index ed02666daf..41ae6e76de 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -146,7 +146,7 @@ <listitem><para>Sets the Unix user or group that the processes are executed as, respectively. Takes a single user or group name or ID as argument. If no group is set, the default group - of the user is chosen. These do not affect commands prefixed with <literal>!</literal>.</para></listitem> + of the user is chosen. These do not affect commands prefixed with <literal>+</literal>.</para></listitem> </varlistentry> <varlistentry> @@ -161,7 +161,7 @@ this one will have no effect. In any way, this option does not override, but extends the list of supplementary groups configured in the system group database for the - user. This does not affect commands prefixed with <literal>!</literal>.</para></listitem> + user. This does not affect commands prefixed with <literal>+</literal>.</para></listitem> </varlistentry> <varlistentry> @@ -796,7 +796,7 @@ empty string is assigned to this option, the bounding set is reset to the empty capability set, and all prior settings have no effect. If set to <literal>~</literal> (without any further argument), the bounding set is reset to the full set of available capabilities, also undoing any previous settings. This does not affect - commands prefixed with <literal>!</literal>.</para></listitem> + commands prefixed with <literal>+</literal>.</para></listitem> </varlistentry> <varlistentry> @@ -826,7 +826,7 @@ Note that in this case option <constant>keep-caps</constant> is automatically added to <varname>SecureBits=</varname> to retain the capabilities over the user change. <varname>AmbientCapabilities=</varname> does not affect - commands prefixed with <literal>!</literal>.</para></listitem> + commands prefixed with <literal>+</literal>.</para></listitem> </varlistentry> <varlistentry> @@ -842,44 +842,46 @@ <option>noroot-locked</option>. This option may appear more than once, in which case the secure bits are ORed. If the empty string is assigned to this option, - the bits are reset to 0. This does not affect commands prefixed with <literal>!</literal>. + the bits are reset to 0. This does not affect commands prefixed with <literal>+</literal>. See <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details.</para></listitem> </varlistentry> <varlistentry> - <term><varname>ReadWriteDirectories=</varname></term> - <term><varname>ReadOnlyDirectories=</varname></term> - <term><varname>InaccessibleDirectories=</varname></term> + <term><varname>ReadWritePaths=</varname></term> + <term><varname>ReadOnlyPaths=</varname></term> + <term><varname>InaccessiblePaths=</varname></term> <listitem><para>Sets up a new file system namespace for executed processes. These options may be used to limit access a process might have to the main file system hierarchy. Each - setting takes a space-separated list of directory paths relative to + setting takes a space-separated list of paths relative to the host's root directory (i.e. the system running the service manager). - Directories listed in - <varname>ReadWriteDirectories=</varname> are accessible from + Note that if entries contain symlinks, they are resolved from the host's root directory as well. + Entries (files or directories) listed in + <varname>ReadWritePaths=</varname> are accessible from within the namespace with the same access rights as from - outside. Directories listed in - <varname>ReadOnlyDirectories=</varname> are accessible for + outside. Entries listed in + <varname>ReadOnlyPaths=</varname> are accessible for reading only, writing will be refused even if the usual file - access controls would permit this. Directories listed in - <varname>InaccessibleDirectories=</varname> will be made + access controls would permit this. Entries listed in + <varname>InaccessiblePaths=</varname> will be made inaccessible for processes inside the namespace, and may not countain any other mountpoints, including those specified by - <varname>ReadWriteDirectories=</varname> or - <varname>ReadOnlyDirectories=</varname>. + <varname>ReadWritePaths=</varname> or + <varname>ReadOnlyPaths=</varname>. Note that restricting access with these options does not extend - to submounts of a directory that are created later on. These + to submounts of a directory that are created later on. + Non-directory paths can be specified as well. These options may be specified more than once, in which case all - directories listed will have limited access from within the + paths listed will have limited access from within the namespace. If the empty string is assigned to this option, the specific list is reset, and all prior assignments have no effect.</para> <para>Paths in - <varname>ReadOnlyDirectories=</varname> + <varname>ReadOnlyPaths=</varname> and - <varname>InaccessibleDirectories=</varname> + <varname>InaccessiblePaths=</varname> may be prefixed with <literal>-</literal>, in which case they will be ignored when they do not @@ -1034,9 +1036,9 @@ <varname>PrivateDevices=</varname>, <varname>ProtectSystem=</varname>, <varname>ProtectHome=</varname>, - <varname>ReadOnlyDirectories=</varname>, - <varname>InaccessibleDirectories=</varname> and - <varname>ReadWriteDirectories=</varname>) require that mount + <varname>ReadOnlyPaths=</varname>, + <varname>InaccessiblePaths=</varname> and + <varname>ReadWritePaths=</varname>) require that mount and unmount propagation from the unit's file system namespace is disabled, and hence downgrade <option>shared</option> to <option>slave</option>. </para></listitem> @@ -1099,7 +1101,7 @@ domain transition. However, the policy still needs to authorize the transition. This directive is ignored if SELinux is disabled. If prefixed by <literal>-</literal>, all errors - will be ignored. This does not affect commands prefixed with <literal>!</literal>. + will be ignored. This does not affect commands prefixed with <literal>+</literal>. See <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry> for details.</para></listitem> </varlistentry> @@ -1112,7 +1114,7 @@ Profiles must already be loaded in the kernel, or the unit will fail. This result in a non operation if AppArmor is not enabled. If prefixed by <literal>-</literal>, all errors will - be ignored. This does not affect commands prefixed with <literal>!</literal>.</para></listitem> + be ignored. This does not affect commands prefixed with <literal>+</literal>.</para></listitem> </varlistentry> <varlistentry> @@ -1132,7 +1134,7 @@ <para>The value may be prefixed by <literal>-</literal>, in which case all errors will be ignored. An empty value may be specified to unset previous assignments. This does not affect - commands prefixed with <literal>!</literal>.</para> + commands prefixed with <literal>+</literal>.</para> </listitem> </varlistentry> @@ -1183,7 +1185,7 @@ listed explicitly. This option may be specified more than once, in which case the filter masks are merged. If the empty string is assigned, the filter is reset, all prior assignments will - have no effect. This does not affect commands prefixed with <literal>!</literal>.</para> + have no effect. This does not affect commands prefixed with <literal>+</literal>.</para> <para>If you specify both types of this option (i.e. whitelisting and blacklisting), the first encountered will @@ -1352,7 +1354,7 @@ family should be included in the configured whitelist as it is frequently used for local communication, including for <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry> - logging. This does not affect commands prefixed with <literal>!</literal>.</para></listitem> + logging. This does not affect commands prefixed with <literal>+</literal>.</para></listitem> </varlistentry> <varlistentry> |