doc: clarify NoNewPrivileges (#4562)
Setting no_new_privs does not stop UID changes, but rather blocks gaining privileges through execve(). Also fixes a small typo.
This commit is contained in:
parent
e2df6e90b2
commit
d974f949f1
|
@ -1235,13 +1235,13 @@
|
||||||
<term><varname>NoNewPrivileges=</varname></term>
|
<term><varname>NoNewPrivileges=</varname></term>
|
||||||
|
|
||||||
<listitem><para>Takes a boolean argument. If true, ensures that the service
|
<listitem><para>Takes a boolean argument. If true, ensures that the service
|
||||||
process and all its children can never gain new privileges. This option is more
|
process and all its children can never gain new privileges through
|
||||||
powerful than the respective secure bits flags (see above), as it also prohibits
|
<function>execve</function> (e.g. via setuid or setgid bits, or filesystem
|
||||||
UID changes of any kind. This is the simplest and most effective way to ensure that
|
capabilities). This is the simplest and most effective way to ensure that
|
||||||
a process and its children can never elevate privileges again. Defaults to false,
|
a process and its children can never elevate privileges again. Defaults to false,
|
||||||
but in the user manager instance certain settings force
|
but in the user manager instance certain settings force
|
||||||
<varname>NoNewPrivileges=yes</varname>, ignoring the value of this setting.
|
<varname>NoNewPrivileges=yes</varname>, ignoring the value of this setting.
|
||||||
Those is the case when <varname>SystemCallFilter=</varname>,
|
This is the case when <varname>SystemCallFilter=</varname>,
|
||||||
<varname>SystemCallArchitectures=</varname>,
|
<varname>SystemCallArchitectures=</varname>,
|
||||||
<varname>RestrictAddressFamilies=</varname>,
|
<varname>RestrictAddressFamilies=</varname>,
|
||||||
<varname>PrivateDevices=</varname>,
|
<varname>PrivateDevices=</varname>,
|
||||||
|
|
Loading…
Reference in a new issue