]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
man: note that sd-tmpfiles/sysusers --root is not a sandboxing feature
authorLuca Boccassi <luca.boccassi@gmail.com>
Thu, 2 Jul 2026 08:10:27 +0000 (09:10 +0100)
committerLuca Boccassi <luca.boccassi@gmail.com>
Thu, 2 Jul 2026 16:02:40 +0000 (17:02 +0100)
This seems to be causing enough confusion that it is worth explicitly
mentioning in the docs

man/systemd-sysusers.xml
man/systemd-tmpfiles.xml

index 5c299169eba0c14c3c238cb10c0b903af3e4456a..c7210d13cc3a246c13526c3fd10d36e0e8ea9a4a 100644 (file)
         <replaceable>root</replaceable> path, including config search
         paths. </para>
 
+        <para>Note that this is not a sandboxing or security feature.
+        <citerefentry><refentrytitle>sysusers.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+        definitions are potentially not processed in a hermetic fashion to the specified root.</para>
+
         <xi:include href="version-info.xml" xpointer="v215"/></listitem>
       </varlistentry>
 
index c48c0653b0dd23efa2d39da139a67ef03698b463..8a4e56cc134c2257e54105d8302cf4b5de96b991 100644 (file)
         or directories below mount points in the OS image operated on that are typically overmounted during
         runtime.</para>
 
+        <para>Note that this is not a sandboxing or security feature.
+        <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+        definitions are potentially not processed in a hermetic fashion to the specified root.</para>
+
         <xi:include href="version-info.xml" xpointer="v212"/></listitem>
       </varlistentry>