5 files changed, 27 insertions, 10 deletions

diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 86cdb4e124..7e87865ba8 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -595,9 +595,8 @@
         order to trigger an orderly shutdown of the
         container. Defaults to SIGRTMIN+3 if <option>--boot</option>
         is used (on systemd-compatible init systems SIGRTMIN+3
-        triggers an orderly shutdown). Takes a signal name like
-        <literal>SIGHUP</literal>, <literal>SIGTERM</literal> or
-        similar as argument.</para></listitem>
+        triggers an orderly shutdown). For a list of valid signals, see
+        <citerefentry project='man-pages'><refentrytitle>signal</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para></listitem>
       </varlistentry>
 
       <varlistentry>
diff --git a/man/systemd-sysv-generator.xml b/man/systemd-sysv-generator.xml
index bb5cc55e9f..2353eb3efe 100644
--- a/man/systemd-sysv-generator.xml
+++ b/man/systemd-sysv-generator.xml
@@ -77,7 +77,7 @@
     which correspond to runlevels for which the script is
     enabled.</para>
 
-    <para><command>systemd</command> does not supports SysV scripts as
+    <para><command>systemd</command> does not support SysV scripts as
     part of early boot, so all wrapper units are ordered after
     <filename>basic.target</filename>.</para>
 
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c1f47e84e6..3e1a2cb224 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1155,7 +1155,9 @@
         first character of the list is <literal>~</literal>, the
         effect is inverted: only the listed system calls will result
         in immediate process termination (blacklisting). If running in
-        user mode and this option is used,
+        user mode, or in system mode, but without the
+        <constant>CAP_SYS_ADMIN</constant> capabiblity (e.g. setting
+        <varname>User=nobody</varname>),
         <varname>NoNewPrivileges=yes</varname> is implied. This
         feature makes use of the Secure Computing Mode 2 interfaces of
         the kernel ('seccomp filtering') and is useful for enforcing a
@@ -1214,8 +1216,10 @@
         systems. The special <constant>native</constant> identifier
         implicitly maps to the native architecture of the system (or
         more strictly: to the architecture the system manager is
-        compiled for). If running in user mode and this option is
-        used, <varname>NoNewPrivileges=yes</varname> is implied. Note
+        compiled for). If running in user mode, or in system mode,
+        but without the <constant>CAP_SYS_ADMIN</constant>
+        capabiblity (e.g. setting <varname>User=nobody</varname>),
+        <varname>NoNewPrivileges=yes</varname> is implied. Note
         that setting this option to a non-empty list implies that
         <constant>native</constant> is included too. By default, this
         option is set to the empty list, i.e. no architecture system
@@ -1244,8 +1248,10 @@
         <function>socketpair()</function> (which creates connected
         AF_UNIX sockets only) are unaffected. Note that this option
         has no effect on 32-bit x86 and is ignored (but works
-        correctly on x86-64). If running in user mode and this option
-        is used, <varname>NoNewPrivileges=yes</varname> is implied. By
+        correctly on x86-64). If running in user mode, or in system
+        mode, but without the <constant>CAP_SYS_ADMIN</constant>
+        capabiblity (e.g. setting <varname>User=nobody</varname>),
+        <varname>NoNewPrivileges=yes</varname> is implied. By
         default, no restriction applies, all address families are
         accessible to processes. If assigned the empty string, any
         previous list changes are undone.</para>
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 752a15a4e0..f2e715cf6f 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -272,7 +272,7 @@
             <para>An IPv6 address with the top 64 bits unset. When set, indicates the
             64-bit interface part of SLAAC IPv6 addresses for this link. Note that
             the token is only ever used for SLAAC, and not for DHCPv6 addresses, even
-            in the case DHCP is requested by router advertisment. By default, the
+            in the case DHCP is requested by router advertisement. By default, the
             token is autogenerated.</para>
           </listitem>
         </varlistentry>
diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml
index c07a4b0243..5ec878512a 100644
--- a/man/systemd.nspawn.xml
+++ b/man/systemd.nspawn.xml
@@ -224,6 +224,18 @@
       </varlistentry>
 
       <varlistentry>
+        <term><option>KillSignal=</option></term>
+
+        <listitem><para>Specify the process signal to send to the
+        container's PID 1 when nspawn itself receives SIGTERM, in
+        order to trigger an orderly shutdown of the container.
+        Defaults to SIGRTMIN+3 if <option>Boot=</option> is used
+        (on systemd-compatible init systems SIGRTMIN+3 triggers an
+        orderly shutdown). For a list of valid signals, see
+        <citerefentry project='man-pages'><refentrytitle>signal</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><varname>Personality=</varname></term>
 
         <listitem><para>Configures the kernel personality for the