From: Grimmauld Date: Tue, 8 Jul 2025 19:39:06 +0000 (+0200) Subject: core: document 'DefaultRestrictSUIDSGID' X-Git-Tag: v258-rc1~128^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F38126%2Fhead;p=thirdparty%2Fsystemd.git core: document 'DefaultRestrictSUIDSGID' --- diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml index 23c422df807..164cfee1ed9 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml @@ -547,6 +547,17 @@ + + + DefaultRestrictSUIDSGID= + + Takes a boolean argument. This is used as a default for units + which lack an explicit definition for RestrictSUIDSGID=. + See systemd.exec5 + for the details. + + + diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 813ea023138..b583668f1d6 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -2626,7 +2626,11 @@ RestrictNamespaces=~cgroup net programs that actually require them. Note that this restricts marking of any type of file system object with these bits, including both regular files and directories (where the SGID is a different meaning than for files, see documentation). This option is implied if DynamicUser= - is enabled. Defaults to off. + is enabled. + + In other cases, this setting defaults to the value set with DefaultRestrictSUIDSGID= in + systemd-system.conf5, which + defaults to off.