core: document 'DefaultRestrictSUIDSGID'

diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index 23c422df807257eda1c413a3ec30462136f60640..164cfee1ed963cf43fea13bb0178c513406e79b2 100644 (file)
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -547,6 +547,17 @@
 
         <xi:include href="version-info.xml" xpointer="v252"/></listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term><varname>DefaultRestrictSUIDSGID=</varname></term>
+
+        <listitem><para>Takes a boolean argument. This is used as a default for units
+        which lack an explicit definition for <varname>RestrictSUIDSGID=</varname>.
+        See <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+        for the details.</para>
+
+        <xi:include href="version-info.xml" xpointer="v258"/></listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 813ea0231384d2b182db12095f5287f38d65a4df..b583668f1d661eff7636a737005e20b40067941b 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -2626,7 +2626,11 @@ RestrictNamespaces=~cgroup net</programlisting>
         programs that actually require them. Note that this restricts marking of any type of file system
         object with these bits, including both regular files and directories (where the SGID is a different
         meaning than for files, see documentation). This option is implied if <varname>DynamicUser=</varname>
-        is enabled. Defaults to off.</para>
+        is enabled.</para>
+
+        <para>In other cases, this setting defaults to the value set with <varname>DefaultRestrictSUIDSGID=</varname> in
+        <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, which
+        defaults to off.</para>
 
         <xi:include href="version-info.xml" xpointer="v242"/></listitem>
       </varlistentry>