Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | man: note that cgroup-based sandboxing is not bypassed by '+' | Luca Boccassi | 2023-01-18 | 1 | -0/+16 |
DeviceAllow= and others are applied to the whole cgroup via bpf, so using '+' on an Exec line will not bypass them. Explain this in the manpage. Fixes https://github.com/systemd/systemd/issues/26035 |