Merge pull request #7388 from keszybz/doc-tweak

Add link to kernel docs about no_new_privs and drop note about CPU controller
2017-11-19 17:50:35 +01:00 · 2017-11-19 17:50:35 +01:00 · 5c856d1e6c
parent d3590acede c12ad58c41
commit 5c856d1e6c
2 changed files with 6 additions and 6 deletions
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@ -1448,7 +1448,11 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
        <varname>RestrictAddressFamilies=</varname>, <varname>RestrictNamespaces=</varname>,
        <varname>PrivateDevices=</varname>, <varname>ProtectKernelTunables=</varname>,
        <varname>ProtectKernelModules=</varname>, <varname>MemoryDenyWriteExecute=</varname>, or
-        <varname>RestrictRealtime=</varname> are specified.</para></listitem>
+        <varname>RestrictRealtime=</varname> are specified.</para>
+
+        <para>Also see
+        <ulink url="https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html">No New Privileges Flag</ulink>.
+        </para></listitem>
      </varlistentry>

      <varlistentry>
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@ -120,10 +120,6 @@
        <varlistentry>
          <term><option>CPU</option></term>
          <listitem>
-            <para>Due to the lack of consensus in the kernel community, the CPU controller support on the unified
-            control group hierarchy requires out-of-tree kernel patches. See <ulink
-            url="https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git/tree/Documentation/cgroup-v2-cpu.txt?h=cgroup-v2-cpu">cgroup-v2-cpu.txt</ulink>.</para>
-
            <para><varname>CPUWeight=</varname> and <varname>StartupCPUWeight=</varname> replace
            <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>, respectively.</para>

@ -142,7 +138,7 @@
        <varlistentry>
          <term><option>IO</option></term>
          <listitem>
-            <para><varname>IO</varname> prefixed settings are superset of and replace <varname>BlockIO</varname>
+            <para><varname>IO</varname> prefixed settings are a superset of and replace <varname>BlockIO</varname>
            prefixed ones. On unified hierarchy, IO resource control also applies to buffered writes.</para>
          </listitem>
        </varlistentry>