picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

man: document that ProtectSystem= also covers /boot

Browse source
This commit is contained in:
Lennart Poettering 2015-01-27 02:19:33 +01:00
parent 297d563de4
commit c51cbfdcc7
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
man/systemd.exec.xml
View file

@ -1064,13 +1064,14 @@
argument or argument or
<literal>full</literal>. If true, <literal>full</literal>. If true,
mounts the <filename>/usr</filename> mounts the <filename>/usr</filename>
directory read-only for processes and <filename>/boot</filename>
directories read-only for processes
invoked by this unit. If set to invoked by this unit. If set to
<literal>full</literal>, the <literal>full</literal>, the
<filename>/etc</filename> directory is mounted <filename>/etc</filename> directory is
read-only, too. This setting ensures mounted read-only, too. This setting
that any modification of the vendor ensures that any modification of the
supplied operating system (and vendor supplied operating system (and
optionally its configuration) is optionally its configuration) is
prohibited for the service. It is prohibited for the service. It is
recommended to enable this setting for recommended to enable this setting for