man: document that PrivateTmp= is unaffected by ProtectSystem=strict

author Lennart Poettering <lennart@poettering.net>

Tue, 5 Nov 2024 12:33:53 +0000 (13:33 +0100)

committer Lennart Poettering <lennart@poettering.net>

Tue, 5 Nov 2024 21:57:51 +0000 (22:57 +0100)
author Lennart Poettering <lennart@poettering.net>
Tue, 5 Nov 2024 12:33:53 +0000 (13:33 +0100)
committer Lennart Poettering <lennart@poettering.net>
Tue, 5 Nov 2024 21:57:51 +0000 (22:57 +0100)
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml

index ac17ab65a4b3ff7b35600f64d555497d9c9b24dd..a955f767e41c1bffc994664b7732378e9eb06e3c 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1433,6 +1433,10 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
          set. This setting cannot ensure protection in all cases. In general it has the same limitations as
          <varname>ReadOnlyPaths=</varname>, see below. Defaults to off.</para>
  
+        <para>Note that if <varname>ProtectSystem=</varname> is set to <literal>strict</literal> and
+        <varname>PrivateTmp=</varname> is enabled, then <filename>/tmp/</filename> and
+        <filename>/var/tmp/</filename> will be writable.</para>
+
          <xi:include href="version-info.xml" xpointer="v214"/></listitem>
        </varlistentry>
author	Lennart Poettering <lennart@poettering.net>
	Tue, 5 Nov 2024 12:33:53 +0000 (13:33 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 5 Nov 2024 21:57:51 +0000 (22:57 +0100)