man/systemd.exec: list inaccessible files for ProtectKernelTunables

man/systemd.exec.xml

@@ -2022,8 +2022,9 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
         <filename>/proc/sys/</filename>, <filename>/sys/</filename>, <filename>/proc/sysrq-trigger</filename>,
         <filename>/proc/latency_stats</filename>, <filename>/proc/acpi</filename>,
         <filename>/proc/timer_stats</filename>, <filename>/proc/fs</filename> and <filename>/proc/irq</filename> will
-        be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at
+        be made read-only and <filename>/proc/kallsyms</filename> as well as <filename>/proc/kcore</filename> will be
-        boot-time, for example with the
+        inaccessible to all processes of the unit.
+        Usually, tunable kernel variables should be initialized only at boot-time, for example with the
         <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> mechanism. Few
         services need to write to these at runtime; it is hence recommended to turn this on for most services. For this
         setting the same restrictions regarding mount propagation and privileges apply as for