diff options
author | Mike Yuan <me@yhndnzj.com> | 2023-04-13 00:14:30 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-13 00:14:30 +0800 |
commit | 7581da99a104f31e49ea679eb352cb46a3a19383 (patch) | |
tree | 525edb61b3d9ca4bc806da1d1b1847b7bfaf807d /man | |
parent | 5a9e2dff473fe9c18f1425fd18ed7c16881b6997 (diff) | |
parent | 4f25844a4bc5e20a0c734be6cdd605ed680c7d44 (diff) | |
download | systemd-7581da99a104f31e49ea679eb352cb46a3a19383.tar.gz |
Merge pull request #27229 from poettering/dissect-policy-confext
dissect: follow-up for image policy merge
Diffstat (limited to 'man')
-rw-r--r-- | man/systemd-sysext.xml | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/man/systemd-sysext.xml b/man/systemd-sysext.xml index a257fa73bc..6e164077e2 100644 --- a/man/systemd-sysext.xml +++ b/man/systemd-sysext.xml @@ -281,11 +281,13 @@ <listitem><para>Takes an image policy string as argument, as per <citerefentry><refentrytitle>systemd.image-policy</refentrytitle><manvolnum>7</manvolnum></citerefentry>. The policy is enforced when operating on system extension disk images. If not specified defaults to - <literal>root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent</literal>, - i.e. only the root and <filename>/usr/</filename> file systems in the image are used. When run in the - initrd and operating on a system extension image stored in the <filename>/.extra/sysext/</filename> - directory a slightly stricter policy is used by default: - <literal>root=signed+absent:usr=signed+absent</literal>, see above for details.</para></listitem> + <literal>root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent</literal> + for system extensions, i.e. only the root and <filename>/usr/</filename> file systems in the image + are used. For configuration extensions defaults to + <literal>root=verity+signed+encrypted+unprotected+absent</literal>. When run in the initrd and + operating on a system extension image stored in the <filename>/.extra/sysext/</filename> directory a + slightly stricter policy is used by default: <literal>root=signed+absent:usr=signed+absent</literal>, + see above for details.</para></listitem> </varlistentry> <xi:include href="standard-options.xml" xpointer="no-pager" /> |