man: add link to kernel docs about no_new_privs

author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2017-11-19 11:58:45 +0100
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2017-11-19 11:58:45 +0100
commit: a6fabe384d8b2fc880c3649b4c0e7bda357fb91b (patch)
tree: faa84e7e3f9a245193e2e1b1c77e57e37c495d46
parent: f56e7bfe2b330798f8421b5e081ad8ea79af8216 (diff)
download: systemd-a6fabe384d8b2fc880c3649b4c0e7bda357fb91b.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index d043555860..0aa0552f06 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1448,7 +1448,11 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
         <varname>RestrictAddressFamilies=</varname>, <varname>RestrictNamespaces=</varname>,
         <varname>PrivateDevices=</varname>, <varname>ProtectKernelTunables=</varname>,
         <varname>ProtectKernelModules=</varname>, <varname>MemoryDenyWriteExecute=</varname>, or
-        <varname>RestrictRealtime=</varname> are specified.</para></listitem>
+        <varname>RestrictRealtime=</varname> are specified.</para>
+
+        <para>Also see
+        <ulink url="https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html">No New Privileges Flag</ulink>.
+        </para></listitem>
       </varlistentry>
 
       <varlistentry>
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2017-11-19 11:58:45 +0100
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2017-11-19 11:58:45 +0100
commit	a6fabe384d8b2fc880c3649b4c0e7bda357fb91b (patch)
tree	faa84e7e3f9a245193e2e1b1c77e57e37c495d46
parent	f56e7bfe2b330798f8421b5e081ad8ea79af8216 (diff)
download	systemd-a6fabe384d8b2fc880c3649b4c0e7bda357fb91b.tar.gz