From f1660f96f59dad860d39f148c3a747050d112763 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 18 Mar 2014 17:58:19 +0100
Subject: core: drop CAP_MKNOD when PrivateDevices= is set

---
 man/systemd.exec.xml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'man')

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index f1bcf9b7bd..90d36f9b57 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -908,8 +908,11 @@
                                 <filename>/dev/sda</filename>. This is
                                 useful to securely turn off physical
                                 device access by the executed
-                                process. Defaults to
-                                false.</para></listitem>
+                                process. Defaults to false. Note that
+                                enabling this option implies that
+                                <constant>CAP_MKNOD</constant> is
+                                removed from the capability bounding
+                                set for the unit.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
-- 
cgit v1.2.3-54-g00ecf