diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-16 18:18:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-16 18:18:14 +0000 |
| commit | 67c5de60daa85b91fa68be4157e248fa31e75316 (patch) | |
| tree | 7d567f3360f705ac21600343ef7f7cea645a9222 /man/systemd.exec.xml | |
| parent | Adding upstream version 256.1. (diff) | |
| download | systemd-06a0a2fdeaf41892705cfec541146336e3c21087.tar.xz systemd-06a0a2fdeaf41892705cfec541146336e3c21087.zip | |
Adding upstream version 256.2.upstream/256.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/systemd.exec.xml')
| -rw-r--r-- | man/systemd.exec.xml | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 56eb6af..21527f7 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -2021,8 +2021,9 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting> <filename>/proc/sys/</filename>, <filename>/sys/</filename>, <filename>/proc/sysrq-trigger</filename>, <filename>/proc/latency_stats</filename>, <filename>/proc/acpi</filename>, <filename>/proc/timer_stats</filename>, <filename>/proc/fs</filename> and <filename>/proc/irq</filename> will - be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at - boot-time, for example with the + be made read-only and <filename>/proc/kallsyms</filename> as well as <filename>/proc/kcore</filename> will be + inaccessible to all processes of the unit. + Usually, tunable kernel variables should be initialized only at boot-time, for example with the <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> mechanism. Few services need to write to these at runtime; it is hence recommended to turn this on for most services. For this setting the same restrictions regarding mount propagation and privileges apply as for |