From 877dce40cb0d06ad6b66b4cb81310e2b52e3d9d9 Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Sat, 20 Jan 2018 00:47:27 +0100 Subject: [PATCH] man: make clear that accessing network and mounting filesystems is not supported in udev rules (#7916) These restrictions are implied by systemd options used for systemd-udevd.service, i.e. MountFlags=slave and IPAddressDeny=any. However, there are users out there getting tripped by this, so let's make things clear in the man page so the actual restrictions we implement by default have better visibility. --- man/udev.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/man/udev.xml b/man/udev.xml index 7b42d2326b..8e58ead0ba 100644 --- a/man/udev.xml +++ b/man/udev.xml @@ -465,6 +465,9 @@ Starting daemons or other long-running processes is not appropriate for udev; the forked processes, detached or not, will be unconditionally killed after the event handling has finished. + Note that running programs that access the network or mount/unmount + filesystems is not allowed inside of udev rules, due to the default sandbox + that is enforced on systemd-udevd.service.