mirror of
https://github.com/systemd/systemd.git
synced 2025-01-26 10:24:17 +08:00
man: systemd.exec: cleanup "only X will be permitted" ... "but X=X+1"
> Only system calls of the *specified* architectures will be permitted to > processes of this unit. (my emphasis) > Note that setting this option to a non-empty list implies that > native is included too. Attempting to use "implies" in the later sentence, in a way that contradicts the very clear meaning of the earlier sentence... it's too much.
This commit is contained in:
parent
46659f7deb
commit
62a0680bf2
@ -1429,15 +1429,15 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
||||
filter. The known architecture identifiers are the same as for <varname>ConditionArchitecture=</varname>
|
||||
described in <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
as well as <constant>x32</constant>, <constant>mips64-n32</constant>, <constant>mips64-le-n32</constant>, and
|
||||
the special identifier <constant>native</constant>. Only system calls of the specified architectures will be
|
||||
permitted to processes of this unit. This is an effective way to disable compatibility with non-native
|
||||
architectures for processes, for example to prohibit execution of 32-bit x86 binaries on 64-bit x86-64
|
||||
systems. The special <constant>native</constant> identifier implicitly maps to the native architecture of the
|
||||
system (or more strictly: to the architecture the system manager is compiled for). If running in user mode, or
|
||||
in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting
|
||||
<varname>User=nobody</varname>), <varname>NoNewPrivileges=yes</varname> is implied. Note that setting this
|
||||
option to a non-empty list implies that <constant>native</constant> is included too. By default, this option is
|
||||
set to the empty list, i.e. no system call architecture filtering is applied.</para>
|
||||
the special identifier <constant>native</constant>. If this setting is used, processes of this unit will only
|
||||
be permitted to call native system calls, and system calls of the specified architectures. This is an
|
||||
effective way to disable compatibility with non-native architectures for processes, for example to prohibit
|
||||
execution of 32-bit x86 binaries on 64-bit x86-64 systems. The special <constant>native</constant> identifier
|
||||
implicitly maps to the native architecture of the system (or more precisely: to the architecture the system
|
||||
manager is compiled for). If running in user mode, or in system mode, but without the
|
||||
<constant>CAP_SYS_ADMIN</constant> capability (e.g. setting <varname>User=nobody</varname>),
|
||||
<varname>NoNewPrivileges=yes</varname> is implied. By default, this option is set to the empty list, i.e. no
|
||||
system call architecture filtering is applied.</para>
|
||||
|
||||
<para>Note that system call filtering is not equally effective on all architectures. For example, on x86
|
||||
filtering of network socket-related calls is not possible, due to ABI limitations — a limitation that x86-64
|
||||
|
Loading…
Reference in New Issue
Block a user