diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 3c350df11f..ea889c9cf3 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1235,13 +1235,13 @@
NoNewPrivileges=
Takes a boolean argument. If true, ensures that the service
- process and all its children can never gain new privileges. This option is more
- powerful than the respective secure bits flags (see above), as it also prohibits
- UID changes of any kind. This is the simplest and most effective way to ensure that
+ process and all its children can never gain new privileges through
+ execve (e.g. via setuid or setgid bits, or filesystem
+ capabilities). This is the simplest and most effective way to ensure that
a process and its children can never elevate privileges again. Defaults to false,
but in the user manager instance certain settings force
NoNewPrivileges=yes, ignoring the value of this setting.
- Those is the case when SystemCallFilter=,
+ This is the case when SystemCallFilter=,
SystemCallArchitectures=,
RestrictAddressFamilies=,
PrivateDevices=,