man: document that with RuntimeDirecoryPreserve= dirs are under /run/private/

author Luca Boccassi <luca.boccassi@gmail.com>

Mon, 16 Mar 2026 18:45:58 +0000 (18:45 +0000)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Mon, 16 Mar 2026 19:26:33 +0000 (20:26 +0100)
author Luca Boccassi <luca.boccassi@gmail.com>
Mon, 16 Mar 2026 18:45:58 +0000 (18:45 +0000)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 16 Mar 2026 19:26:33 +0000 (20:26 +0100)
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml

index 093cd2780b65e8ea3ecae94f1a3aa5ba3a426bcf..48bec7361bde1cba4d969d6a9b46a5d94bac7402 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1773,6 +1773,15 @@ StateDirectory=aaa/bbb ccc</programlisting>
          <literal>tmpfs</literal>, then for system services the directories specified in
          <varname>RuntimeDirectory=</varname> are removed when the system is rebooted.</para>
  
+        <para>If <varname>DynamicUser=</varname> is used together with
+        <varname>RuntimeDirectoryPreserve=</varname> set to values other than <option>no</option>, the logic
+        is slightly altered: the <varname>RuntimeDirectory=</varname> directories are created below
+        <filename>/run/private/</filename>, which is a host directory made inaccessible to unprivileged
+        users, which ensures that access to these directories cannot be gained through dynamic user ID
+        recycling. Symbolic links are created to hide this difference in behaviour. Both from the
+        perspective of the host and from inside the unit, the relevant directories hence always appear
+        directly below <filename>/run/</filename>.</para>
+
          <xi:include href="version-info.xml" xpointer="v235"/></listitem>
        </varlistentry>
author	Luca Boccassi <luca.boccassi@gmail.com>
	Mon, 16 Mar 2026 18:45:58 +0000 (18:45 +0000)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 16 Mar 2026 19:26:33 +0000 (20:26 +0100)