]> git.ipfire.org Git - thirdparty/systemd.git/commit - man/systemd.exec.xml
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: db5310c) | patch
man: note that cgroup-based sandboxing is not bypassed by '+'
authorLuca Boccassi <bluca@debian.org>
Sun, 15 Jan 2023 18:54:16 +0000 (18:54 +0000)
committerLuca Boccassi <luca.boccassi@gmail.com>
Wed, 18 Jan 2023 17:59:43 +0000 (17:59 +0000)
commitf2af682cd6308f9b26035b83063e6aa8593e468c
treedaae756d5864fc7978122d242752087be2b1ca82tree | snapshot
parentdb5310cfc19b5c7bd6aca840d652ee7d9b1ea649commit | diff
man: note that cgroup-based sandboxing is not bypassed by '+'

DeviceAllow= and others are applied to the whole cgroup via bpf, so
using '+' on an Exec line will not bypass them. Explain this in the
manpage.

Fixes https://github.com/systemd/systemd/issues/26035
man/cgroup-sandboxing.xml [new file with mode: 0644] blob
man/systemd.exec.xml diff | blob | blame | history
man/systemd.resource-control.xml diff | blob | blame | history
man/systemd.service.xml diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.