man: LockPersonality= implies NoNewPrivileges=

2025-01-11 05:17:44 +03:00 · 2017-12-19 12:48:54 +09:00 · 2017-12-19 12:48:54 +09:00 · 69b528832a
commit 69b528832a
parent bf0e0a4df2
1 changed files with 2 additions and 1 deletions
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@ -381,7 +381,8 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
        <varname>SystemCallArchitectures=</varname>, <varname>RestrictAddressFamilies=</varname>,
        <varname>RestrictNamespaces=</varname>, <varname>PrivateDevices=</varname>,
        <varname>ProtectKernelTunables=</varname>, <varname>ProtectKernelModules=</varname>,
-        <varname>MemoryDenyWriteExecute=</varname>, or <varname>RestrictRealtime=</varname> are specified. Also see
+        <varname>MemoryDenyWriteExecute=</varname>, <varname>RestrictRealtime=</varname>, or
+        <varname>LockPersonality=</varname> are specified. Also see
        <ulink url="https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html">No New Privileges
        Flag</ulink>.  </para></listitem>
      </varlistentry>