From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 7 Aug 2017 09:02:47 +0000 (+0900)
Subject: man: DynamicUser= does not imply PrivateDevices= (#6510)
X-Git-Tag: v235~262
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2d35b79cdc65952a71b768f4fc0e2134a47e0294;p=thirdparty%2Fsystemd.git

man: DynamicUser= does not imply PrivateDevices= (#6510)

Follow-up for effbd6d2eadb61bd236d118afc7901940c4c6b37.
---

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index b074331dd59..b3495c97857 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1079,12 +1079,10 @@
         services which shall be able to install mount points in the main mount namespace. The new <filename>/dev</filename>
         will be mounted read-only and 'noexec'. The latter may break old programs which try to set up executable memory by
         using <citerefentry><refentrytitle>mmap</refentrytitle><manvolnum>2</manvolnum></citerefentry> of
-        <filename>/dev/zero</filename> instead of using <constant>MAP_ANON</constant>. This setting is implied if
-        <varname>DynamicUser=</varname> is set. For this setting the same restrictions regarding mount propagation and
-        privileges apply as for <varname>ReadOnlyPaths=</varname> and related calls, see above.
+        <filename>/dev/zero</filename> instead of using <constant>MAP_ANON</constant>. For this setting the same restrictions
+        regarding mount propagation and privileges apply as for <varname>ReadOnlyPaths=</varname> and related calls, see above.
         If turned on and if running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant>
-        capability (e.g. setting <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname>
-        is implied.
+        capability (e.g. setting <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname> is implied.
         </para>
 
         <para>Note that the implementation of this setting might be impossible (for example if mount namespaces