diff options
| author |   Alan Jenkins <alan.christopher.jenkins@gmail.com> | 2018-01-31 15:39:13 +0000 |
|---|---|---|
| committer | Alan Jenkins <alan.christopher.jenkins@gmail.com> | 2018-01-31 15:39:13 +0000 |
| commit | 62a0680bf2cf010c899da65b561bdf07a148f763 (patch) | |
| tree | 9a8c80df17bc0de49045df32f573a56e483a4a6c /man/systemd.exec.xml | |
| parent | Merge pull request #8030 from keszybz/another-news-update (diff) | |
| download | systemd-62a0680bf2cf010c899da65b561bdf07a148f763.tar.gz systemd-62a0680bf2cf010c899da65b561bdf07a148f763.tar.bz2 systemd-62a0680bf2cf010c899da65b561bdf07a148f763.zip | |
man: systemd.exec: cleanup "only X will be permitted" ... "but X=X+1"
> Only system calls of the *specified* architectures will be permitted to
> processes of this unit.
(my emphasis)
> Note that setting this option to a non-empty list implies that
> native is included too.
Attempting to use "implies" in the later sentence, in a way that
contradicts the very clear meaning of the earlier sentence... it's too
much.
Diffstat (limited to 'man/systemd.exec.xml')
| -rw-r--r-- | man/systemd.exec.xml | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 2f62f1cd6..fc3b9ffd1 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1429,15 +1429,15 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> filter. The known architecture identifiers are the same as for <varname>ConditionArchitecture=</varname> described in <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>, as well as <constant>x32</constant>, <constant>mips64-n32</constant>, <constant>mips64-le-n32</constant>, and - the special identifier <constant>native</constant>. Only system calls of the specified architectures will be - permitted to processes of this unit. This is an effective way to disable compatibility with non-native - architectures for processes, for example to prohibit execution of 32-bit x86 binaries on 64-bit x86-64 - systems. The special <constant>native</constant> identifier implicitly maps to the native architecture of the - system (or more strictly: to the architecture the system manager is compiled for). If running in user mode, or - in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting - <varname>User=nobody</varname>), <varname>NoNewPrivileges=yes</varname> is implied. Note that setting this - option to a non-empty list implies that <constant>native</constant> is included too. By default, this option is - set to the empty list, i.e. no system call architecture filtering is applied.</para> + the special identifier <constant>native</constant>. If this setting is used, processes of this unit will only + be permitted to call native system calls, and system calls of the specified architectures. This is an + effective way to disable compatibility with non-native architectures for processes, for example to prohibit + execution of 32-bit x86 binaries on 64-bit x86-64 systems. The special <constant>native</constant> identifier + implicitly maps to the native architecture of the system (or more precisely: to the architecture the system + manager is compiled for). If running in user mode, or in system mode, but without the + <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting <varname>User=nobody</varname>), + <varname>NoNewPrivileges=yes</varname> is implied. By default, this option is set to the empty list, i.e. no + system call architecture filtering is applied.</para> <para>Note that system call filtering is not equally effective on all architectures. For example, on x86 filtering of network socket-related calls is not possible, due to ABI limitations — a limitation that x86-64 |