core: introduce ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs mount options

Kernel 5.8 gained a hidepid= implementation that is truly per procfs, which allows us to mount a distinct once into every unit, with individual hidepid= settings. Let's expose this via two new settings: ProtectProc= (wrapping hidpid=) and ProcSubset= (wrapping subset=). Replaces: #11670
author: Lennart Poettering <lennart@poettering.net> 2020-08-06 12:51:50 +0200
committer: Lennart Poettering <lennart@poettering.net> 2020-08-24 20:11:02 +0200
commit: 4e39995371738b04d98d27b0d34ea8fe09ec9fab (patch)
tree: 5f2a9679dccb2ecc78af8ae5d2c1c8ab0d3817eb /docs/TRANSIENT-SETTINGS.md
parent: namespace: assert() first, use second (diff)
download: systemd-4e39995371738b04d98d27b0d34ea8fe09ec9fab.tar.xz
systemd-4e39995371738b04d98d27b0d34ea8fe09ec9fab.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/docs/TRANSIENT-SETTINGS.md b/docs/TRANSIENT-SETTINGS.md
index 19944d08b8..2c0aea07da 100644
--- a/docs/TRANSIENT-SETTINGS.md
+++ b/docs/TRANSIENT-SETTINGS.md
@@ -151,6 +151,8 @@ All execution-related settings are available for transient units.
 ✓ TimerSlackNSec=
 ✓ NoNewPrivileges=
 ✓ KeyringMode=
+✓ ProtectProc=
+✓ ProcSubset=
 ✓ SystemCallFilter=
 ✓ SystemCallArchitectures=
 ✓ SystemCallErrorNumber=
author	Lennart Poettering <lennart@poettering.net>	2020-08-06 12:51:50 +0200
committer	Lennart Poettering <lennart@poettering.net>	2020-08-24 20:11:02 +0200
commit	4e39995371738b04d98d27b0d34ea8fe09ec9fab (patch)
tree	5f2a9679dccb2ecc78af8ae5d2c1c8ab0d3817eb /docs/TRANSIENT-SETTINGS.md
parent	namespace: assert() first, use second (diff)
download	systemd-4e39995371738b04d98d27b0d34ea8fe09ec9fab.tar.xz systemd-4e39995371738b04d98d27b0d34ea8fe09ec9fab.zip