From 0316fb8219bef47a90db3eb8363251f8391d96cd Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Tue, 8 Jul 2025 21:39:06 +0200 Subject: [PATCH] core: document 'DefaultRestrictSUIDSGID' --- man/systemd-system.conf.xml | 11 +++++++++++ man/systemd.exec.xml | 6 +++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml index 23c422df807..164cfee1ed9 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml @@ -547,6 +547,17 @@ + + + DefaultRestrictSUIDSGID= + + Takes a boolean argument. This is used as a default for units + which lack an explicit definition for RestrictSUIDSGID=. + See systemd.exec5 + for the details. + + + diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 813ea023138..b583668f1d6 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -2626,7 +2626,11 @@ RestrictNamespaces=~cgroup net programs that actually require them. Note that this restricts marking of any type of file system object with these bits, including both regular files and directories (where the SGID is a different meaning than for files, see documentation). This option is implied if DynamicUser= - is enabled. Defaults to off. + is enabled. + + In other cases, this setting defaults to the value set with DefaultRestrictSUIDSGID= in + systemd-system.conf5, which + defaults to off. -- 2.47.3