diff options
author | Lennart Poettering <lennart@poettering.net> | 2023-03-27 18:16:03 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-03-29 19:09:10 +0200 |
commit | 5f43c97cd24b25f846d005eccd7837a2cd279230 (patch) | |
tree | e5e87e70e647b676fc81bb4d434a3e24071108d7 /man/systemd.service.xml | |
parent | pid1: add DumpFileDescriptorStore() bus call that returns fdstore content info (diff) | |
download | systemd-5f43c97cd24b25f846d005eccd7837a2cd279230.tar.xz systemd-5f43c97cd24b25f846d005eccd7837a2cd279230.zip |
analyze: add new fdstore verb
Diffstat (limited to 'man/systemd.service.xml')
-rw-r--r-- | man/systemd.service.xml | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/man/systemd.service.xml b/man/systemd.service.xml index e8be2ff468..665128ee77 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -1141,7 +1141,18 @@ fully stopped and no job is queued or being executed for it. If this option is used, <varname>NotifyAccess=</varname> (see above) should be set to open access to the notification socket provided by systemd. If <varname>NotifyAccess=</varname> is not set, it will be implicitly set to - <option>main</option>.</para></listitem> + <option>main</option>.</para> + + <para>The <command>fdstore</command> command of + <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> + may be used to list the current contents of a service's file descriptor store.</para> + + <para>Note that the service manager will only pass file descriptors contained in the file descriptor + store to the service's own processes, never to other clients via IPC or similar. However, it does + allow unprivileged clients to query the list of currently open file descriptors of a + service. Sensitive data may hence be safely placed inside the referenced files, but should not be + attached to the metadata (e.g. included in filenames) of the stored file + descriptors.</para></listitem> </varlistentry> <varlistentry> |