diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index dbe4594730..6a26f3c133 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1234,13 +1234,22 @@
NoNewPrivileges=
- Takes a boolean argument. If true, ensures
- that the service process and all its children can never gain
- new privileges. This option is more powerful than the
- respective secure bits flags (see above), as it also prohibits
- UID changes of any kind. This is the simplest, most effective
- way to ensure that a process and its children can never
- elevate privileges again.
+ Takes a boolean argument. If true, ensures that the service
+ process and all its children can never gain new privileges. This option is more
+ powerful than the respective secure bits flags (see above), as it also prohibits
+ UID changes of any kind. This is the simplest and most effective way to ensure that
+ a process and its children can never elevate privileges again. Defaults to false,
+ but in the user manager instance certain settings force
+ NoNewPrivileges=yes, ignoring the value of this setting.
+ Those is the case when SystemCallFilter=,
+ SystemCallArchitectures=,
+ RestrictAddressFamilies=,
+ PrivateDevices=,
+ ProtectKernelTunables=,
+ ProtectKernelModules=,
+ MemoryDenyWriteExecute=, or
+ RestrictRealtime= are specified.
+