diff options
Diffstat (limited to 'man/systemd.service.xml')
| -rw-r--r-- | man/systemd.service.xml | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/man/systemd.service.xml b/man/systemd.service.xml index e8be2ff468..665128ee77 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -1141,7 +1141,18 @@ fully stopped and no job is queued or being executed for it. If this option is used, <varname>NotifyAccess=</varname> (see above) should be set to open access to the notification socket provided by systemd. If <varname>NotifyAccess=</varname> is not set, it will be implicitly set to - <option>main</option>.</para></listitem> + <option>main</option>.</para> + + <para>The <command>fdstore</command> command of + <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> + may be used to list the current contents of a service's file descriptor store.</para> + + <para>Note that the service manager will only pass file descriptors contained in the file descriptor + store to the service's own processes, never to other clients via IPC or similar. However, it does + allow unprivileged clients to query the list of currently open file descriptors of a + service. Sensitive data may hence be safely placed inside the referenced files, but should not be + attached to the metadata (e.g. included in filenames) of the stored file + descriptors.</para></listitem> </varlistentry> <varlistentry> |