diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-11-19 11:58:45 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-11-19 11:58:45 +0100 |
commit | a6fabe384d8b2fc880c3649b4c0e7bda357fb91b (patch) | |
tree | faa84e7e3f9a245193e2e1b1c77e57e37c495d46 /man/systemd.exec.xml | |
parent | f56e7bfe2b330798f8421b5e081ad8ea79af8216 (diff) | |
download | systemd-a6fabe384d8b2fc880c3649b4c0e7bda357fb91b.tar.gz |
man: add link to kernel docs about no_new_privs
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r-- | man/systemd.exec.xml | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index d043555860..0aa0552f06 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1448,7 +1448,11 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> <varname>RestrictAddressFamilies=</varname>, <varname>RestrictNamespaces=</varname>, <varname>PrivateDevices=</varname>, <varname>ProtectKernelTunables=</varname>, <varname>ProtectKernelModules=</varname>, <varname>MemoryDenyWriteExecute=</varname>, or - <varname>RestrictRealtime=</varname> are specified.</para></listitem> + <varname>RestrictRealtime=</varname> are specified.</para> + + <para>Also see + <ulink url="https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html">No New Privileges Flag</ulink>. + </para></listitem> </varlistentry> <varlistentry> |