From 74388c2d11acd9b638e33e09c7a99a9bc2c6292b Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sat, 22 Oct 2016 23:41:45 -0400 Subject: man: document the default value of NoNewPrivileges= Fixes #4329. --- man/systemd.exec.xml | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'man/systemd.exec.xml') diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index dbe4594730..6a26f3c133 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1234,13 +1234,22 @@ NoNewPrivileges= - Takes a boolean argument. If true, ensures - that the service process and all its children can never gain - new privileges. This option is more powerful than the - respective secure bits flags (see above), as it also prohibits - UID changes of any kind. This is the simplest, most effective - way to ensure that a process and its children can never - elevate privileges again. + Takes a boolean argument. If true, ensures that the service + process and all its children can never gain new privileges. This option is more + powerful than the respective secure bits flags (see above), as it also prohibits + UID changes of any kind. This is the simplest and most effective way to ensure that + a process and its children can never elevate privileges again. Defaults to false, + but in the user manager instance certain settings force + NoNewPrivileges=yes, ignoring the value of this setting. + Those is the case when SystemCallFilter=, + SystemCallArchitectures=, + RestrictAddressFamilies=, + PrivateDevices=, + ProtectKernelTunables=, + ProtectKernelModules=, + MemoryDenyWriteExecute=, or + RestrictRealtime= are specified. + -- cgit v1.2.3-54-g00ecf