shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-08 08:58:27 +03:00
Code

man: document that ReadOnlyPaths= doesn't affect ability to connect to AF_UNIX

Browse Source 
Fixes: #23470
This commit is contained in:
Lennart Poettering 2024-04-22 13:02:08 +02:00
parent c104d7a74e
commit fef46ffb5b
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
man/systemd.exec.xml
View File

@ -1383,6 +1383,11 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
accessible to privileged processes. However, most namespacing settings, that will not work on their own in user
services, will work when used in conjunction with <varname>PrivateUsers=</varname><option>true</option>.</para>
<para>Note that the various options that turn directories read-only (such as
<varname>ProtectSystem=</varname>, <varname>ReadOnlyPaths=</varname>, …) do not affect the ability for
programs to connect to and communicate with <constant>AF_UNIX</constant> sockets in these
directores. These options cannot be used to lock down access to IPC services hence.</para>
<variablelist class='unit-directives'>
<varlistentry>