diff options
| author | Andres Beltran <abeltran@microsoft.com> | 2024-08-06 01:43:29 +0200 |
|---|---|---|
| committer | Andres Beltran <abeltran@microsoft.com> | 2024-11-01 19:45:28 +0100 |
| commit | eae5127246b380bac9fedffeca8966d18d2b3344 (patch) | |
| tree | 8eb23e0fa9744beac70f243f2dfc102f3af33faf /man | |
| parent | namespace-util: add util function to check if id-mapped mounts are supported ... (diff) | |
| download | systemd-eae5127246b380bac9fedffeca8966d18d2b3344.tar.xz systemd-eae5127246b380bac9fedffeca8966d18d2b3344.zip | |
core: add id-mapped mount support for Exec directories
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd.exec.xml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index d5f85ed85c..30a926c9a0 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1476,6 +1476,13 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> below the locations defined in the following table. Also, the corresponding environment variable will be defined with the full paths of the directories. If multiple directories are set, then in the environment variable the paths are concatenated with colon (<literal>:</literal>).</para> + + <para>If <varname>DynamicUser=</varname> is used, and if the kernel version supports + <ulink url="https://lwn.net/Articles/896255/">id-mapped mounts</ulink>, the specified directories will + be owned by "nobody" in the host namespace and will be mapped to (and will be owned by) the service's + UID/GID in its own namespace. For backward compatibility, existing directories created without id-mapped + mounts will be kept untouched.</para> + <table> <title>Automatic directory creation and environment variables</title> <tgroup cols='4'> |