From: Zbigniew Jędrzejewski-Szmek Date: Sun, 23 Oct 2016 03:41:45 +0000 (-0400) Subject: man: document the default value of NoNewPrivileges= X-Git-Tag: v232~24^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=74388c2d11acd9b638e33e09c7a99a9bc2c6292b;p=thirdparty%2Fsystemd.git man: document the default value of NoNewPrivileges= Fixes #4329. --- diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index dbe4594730a..6a26f3c1336 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1234,13 +1234,22 @@ NoNewPrivileges= - Takes a boolean argument. If true, ensures - that the service process and all its children can never gain - new privileges. This option is more powerful than the - respective secure bits flags (see above), as it also prohibits - UID changes of any kind. This is the simplest, most effective - way to ensure that a process and its children can never - elevate privileges again. + Takes a boolean argument. If true, ensures that the service + process and all its children can never gain new privileges. This option is more + powerful than the respective secure bits flags (see above), as it also prohibits + UID changes of any kind. This is the simplest and most effective way to ensure that + a process and its children can never elevate privileges again. Defaults to false, + but in the user manager instance certain settings force + NoNewPrivileges=yes, ignoring the value of this setting. + Those is the case when SystemCallFilter=, + SystemCallArchitectures=, + RestrictAddressFamilies=, + PrivateDevices=, + ProtectKernelTunables=, + ProtectKernelModules=, + MemoryDenyWriteExecute=, or + RestrictRealtime= are specified. +