man: systemd.exec: cleanup "only X will be permitted" ... "but X=X+1"

> Only system calls of the *specified* architectures will be permitted to
> processes of this unit.

(my emphasis)

> Note that setting this option to a non-empty list implies that
> native is included too.

Attempting to use "implies" in the later sentence, in a way that
contradicts the very clear meaning of the earlier sentence... it's too
much.

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 2f62f1cd6b3fa469d8459bb1d17b1579ac25b2e5..fc3b9ffd16ba3a102a90e268a1ea786ef429c16e 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1429,15 +1429,15 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
         filter. The known architecture identifiers are the same as for <varname>ConditionArchitecture=</varname>
         described in <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
         as well as <constant>x32</constant>, <constant>mips64-n32</constant>, <constant>mips64-le-n32</constant>, and
-        the special identifier <constant>native</constant>. Only system calls of the specified architectures will be
-        permitted to processes of this unit. This is an effective way to disable compatibility with non-native
-        architectures for processes, for example to prohibit execution of 32-bit x86 binaries on 64-bit x86-64
-        systems. The special <constant>native</constant> identifier implicitly maps to the native architecture of the
-        system (or more strictly: to the architecture the system manager is compiled for). If running in user mode, or
-        in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting
-        <varname>User=nobody</varname>), <varname>NoNewPrivileges=yes</varname> is implied. Note that setting this
-        option to a non-empty list implies that <constant>native</constant> is included too. By default, this option is
-        set to the empty list, i.e. no system call architecture filtering is applied.</para>
+        the special identifier <constant>native</constant>. If this setting is used, processes of this unit will only
+        be permitted to call native system calls, and system calls of the specified architectures. This is an
+        effective way to disable compatibility with non-native architectures for processes, for example to prohibit
+        execution of 32-bit x86 binaries on 64-bit x86-64 systems. The special <constant>native</constant> identifier
+        implicitly maps to the native architecture of the system (or more precisely: to the architecture the system
+        manager is compiled for). If running in user mode, or in system mode, but without the
+        <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting <varname>User=nobody</varname>),
+        <varname>NoNewPrivileges=yes</varname> is implied. By default, this option is set to the empty list, i.e. no
+        system call architecture filtering is applied.</para>
 
         <para>Note that system call filtering is not equally effective on all architectures. For example, on x86
         filtering of network socket-related calls is not possible, due to ABI limitations — a limitation that x86-64