diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 2d0e6772ce..eeac195a39 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1152,7 +1152,9 @@ BindReadOnlyPaths=/var/lib/systemd
prohibited (whitelisting). By prepending the list with a single tilde character (~) the
effect may be inverted: only the listed namespace types will be made inaccessible, all unlisted ones are
permitted (blacklisting). If the empty string is assigned, the default namespace restrictions are applied,
- which is equivalent to false. Internally, this setting limits access to the
+ which is equivalent to false. This option may appear more than once, in which case the namespace types are
+ merged by OR, or by AND if the lines are prefixed with
+ ~ (see examples below). Internally, this setting limits access to the
unshare2,
clone2 and
setns2 system calls, taking
@@ -1162,7 +1164,16 @@ BindReadOnlyPaths=/var/lib/systemd
supported on x86, x86-64, mips, mips-le, mips64, mips64-le, mips64-n32, mips64-le-n32, ppc64, ppc64-le, s390
and s390x, and enforces no restrictions on other architectures. If running in user mode, or in system mode, but
without the CAP_SYS_ADMIN capability (e.g. setting User=),
- NoNewPrivileges=yes is implied.
+ NoNewPrivileges=yes is implied.
+
+ Example: if a unit has the following,
+ RestrictNamespaces=cgroup ipc
+RestrictNamespaces=cgroup net
+ then cgroup, ipc, and net are set.
+ If the second line is prefixed with ~, e.g.,
+ RestrictNamespaces=cgroup ipc
+RestrictNamespaces=~cgroup net
+ then, only ipc is set.