diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-16 18:18:34 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-16 18:18:34 +0000 |
| commit | 67497cedb2f732b3445ecdc0d09b881f9c69f852 (patch) | |
| tree | b7197679acca419c7ddc0300873e19141d5fae3e /man/systemd.exec.xml | |
| parent | Adding debian version 256.1-2. (diff) | |
| download | systemd-67497cedb2f732b3445ecdc0d09b881f9c69f852.tar.xz systemd-67497cedb2f732b3445ecdc0d09b881f9c69f852.zip | |
Merging upstream version 256.2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/systemd.exec.xml')
| -rw-r--r-- | man/systemd.exec.xml | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 56eb6af..21527f7 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -2021,8 +2021,9 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting> <filename>/proc/sys/</filename>, <filename>/sys/</filename>, <filename>/proc/sysrq-trigger</filename>, <filename>/proc/latency_stats</filename>, <filename>/proc/acpi</filename>, <filename>/proc/timer_stats</filename>, <filename>/proc/fs</filename> and <filename>/proc/irq</filename> will - be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at - boot-time, for example with the + be made read-only and <filename>/proc/kallsyms</filename> as well as <filename>/proc/kcore</filename> will be + inaccessible to all processes of the unit. + Usually, tunable kernel variables should be initialized only at boot-time, for example with the <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> mechanism. Few services need to write to these at runtime; it is hence recommended to turn this on for most services. For this setting the same restrictions regarding mount propagation and privileges apply as for |