mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
man: document that various sandboxing settings are not available in --user services
This is brief and doesn't go into detail, but should at least indicate to those searching for it that some stuff is not available. Fixes: #9870
This commit is contained in:
parent
48e6dd3763
commit
d287820dec
@ -759,6 +759,11 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
||||
<varname>RestrictRealtime=</varname> has no effect on systems that lack support for SECCOMP system call filtering,
|
||||
or in containers where support for this is turned off.</para>
|
||||
|
||||
<para>Also note that some sandboxing functionality is generally not available in user services (i.e. services run
|
||||
by the per-user service manager). Specifically, the various settings requiring file system namespacing support
|
||||
(such as <varname>ProtectSystem=</varname>) are not available, as the underlying kernel functionality is only
|
||||
accessible to privileged processes.</para>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
|
Loading…
Reference in New Issue
Block a user