]> git.ipfire.org Git - thirdparty/systemd.git/commit - man/systemd.exec.xml
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1d450bd) | patch
man: improve documentation on seccomp regarding alternative ABIs
authorLennart Poettering <lennart@poettering.net>
Thu, 9 Feb 2017 17:27:02 +0000 (18:27 +0100)
committerLennart Poettering <lennart@poettering.net>
Thu, 9 Feb 2017 17:42:17 +0000 (18:42 +0100)
commit0b8fab97cfb58aa5dd948915f1b897eeba86e7ae
treee5892d1e31c0c98ec5cad2d7762bd2a1c9f86ef9tree | snapshot
parent1d450bda706abedb6724cc2c0f834ebc1686309fcommit | diff
man: improve documentation on seccomp regarding alternative ABIs

Let's clarify that RestrictAddressFamilies= and MemoryDenyWriteExecute=
are only fully effective if non-native system call architectures are
disabled, since they otherwise may be used to circumvent the filters, as
the filters aren't equally effective on all ABIs.

Fixes: #5277
man/systemd.exec.xml diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.