diff options
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd-nspawn.xml | 2 | ||||
| -rw-r--r-- | man/systemd.exec.xml | 26 |
2 files changed, 23 insertions, 5 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 490c6c2cd5..6a0d21f0a5 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -155,7 +155,7 @@ </varlistentry> <varlistentry> - <term><option>--no-net</option></term> + <term><option>--private-network</option></term> <listitem><para>Turn off networking in the container. This makes all network diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 99a91b3dfa..d28417da1c 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -783,9 +783,9 @@ <term><varname>PrivateTmp=</varname></term> <listitem><para>Takes a boolean - argument. If true sets up a new - namespace for the executed processes - and mounts a private + argument. If true sets up a new file + system namespace for the executed + processes and mounts a private <filename>/tmp</filename> directory inside it, that is not shared by processes outside of the @@ -794,7 +794,25 @@ process, but makes sharing between processes via <filename>/tmp</filename> - impossible. Defaults to false.</para></listitem> + impossible. Defaults to + false.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>PrivateNetwork=</varname></term> + + <listitem><para>Takes a boolean + argument. If true sets up a new + network namespace for the executed + processes and configures only the + loopback network device + <literal>lo</literal> inside it. No + other network devices will be + available to the executed process. + This is useful to securely turn off + network access by the executed + process. Defaults to + false.</para></listitem> </varlistentry> <varlistentry> |