From 67497cedb2f732b3445ecdc0d09b881f9c69f852 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 16 Sep 2024 20:18:34 +0200
Subject: Merging upstream version 256.2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 man/systemd.exec.xml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'man/systemd.exec.xml')

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 56eb6af..21527f7 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -2021,8 +2021,9 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
         <filename>/proc/sys/</filename>, <filename>/sys/</filename>, <filename>/proc/sysrq-trigger</filename>,
         <filename>/proc/latency_stats</filename>, <filename>/proc/acpi</filename>,
         <filename>/proc/timer_stats</filename>, <filename>/proc/fs</filename> and <filename>/proc/irq</filename> will
-        be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at
-        boot-time, for example with the
+        be made read-only and <filename>/proc/kallsyms</filename> as well as <filename>/proc/kcore</filename> will be
+        inaccessible to all processes of the unit.
+        Usually, tunable kernel variables should be initialized only at boot-time, for example with the
         <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> mechanism. Few
         services need to write to these at runtime; it is hence recommended to turn this on for most services. For this
         setting the same restrictions regarding mount propagation and privileges apply as for
-- 
cgit v1.2.3