summaryrefslogtreecommitdiffstats
path: root/man/system-or-user-ns.xml (follow)
Commit message (Collapse)AuthorAgeFilesLines
* man: fix indentationDavid Tardon2023-12-261-8/+8
|
* man: add required <title>David Tardon2023-12-251-0/+1
|
* man: match doctype and root elementDavid Tardon2023-12-241-1/+1
|
* user units: implicitly enable PrivateUsers= when sandboxing options are setLuca Boccassi2023-04-131-2/+6
| | | | | | | | | | | | | | | Enabling these options when not running as root requires a user namespace, so implicitly enable PrivateUsers=. This has a side effect as it changes which users are visible to the unit. However until now these options did not work at all for user units, and in practice just a handful of user units in Fedora, Debian and Ubuntu mistakenly used them (and they have been all fixed since). This fixes the long-standing confusing issue that the user and system units take the same options but the behaviour is wildly (and sometimes silently) different depending on which is which, with user units requiring manually specifiying PrivateUsers= in order for sandboxing options to actually work and not be silently ignored.
* man/system-or-user-ns.xml: explicitly refer to `PrivateUsers=` optionAnsgar Burchardt2022-07-181-2/+2
| | | | | | | It is not clear what "unprivileged user namespaces are available" means. It could mean either that they are only usable, that is, enabled in the kernel, or they have been enabled for the specific service. Referring to the `PrivateUsers=` options makes it clear that the latter is meant.
* Add tests and documentation for all remaining sandboxing in user managerLuca Boccassi2022-03-181-0/+16