doc: minor hint about InaccessiblePaths= in regard of ProtectKernelTunables=

author Djalal Harouni <tixxdz@opendz.org>

Sat, 8 Oct 2016 15:48:35 +0000 (17:48 +0200)

committer Djalal Harouni <tixxdz@opendz.org>

Wed, 12 Oct 2016 11:52:40 +0000 (13:52 +0200)
author Djalal Harouni <tixxdz@opendz.org>
Sat, 8 Oct 2016 15:48:35 +0000 (17:48 +0200)
committer Djalal Harouni <tixxdz@opendz.org>
Wed, 12 Oct 2016 11:52:40 +0000 (13:52 +0200)
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml

index c46c0f6..4a68695 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1046,7 +1046,10 @@
          boot-time, with the <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
          mechanism. Almost no services need to write to these at runtime; it is hence recommended to turn this on for
          most services. For this setting the same restrictions regarding mount propagation and privileges apply as for
-        <varname>ReadOnlyPaths=</varname> and related calls, see above. Defaults to off.</para></listitem>
+        <varname>ReadOnlyPaths=</varname> and related calls, see above. Defaults to off.
+        Note that this option does not prevent kernel tuning through IPC interfaces and exeternal programs. However
+        <varname>InaccessiblePaths=</varname> can be used to make some IPC file system objects
+        inaccessible.</para></listitem>
        </varlistentry>
  
        <varlistentry>
author	Djalal Harouni <tixxdz@opendz.org>
	Sat, 8 Oct 2016 15:48:35 +0000 (17:48 +0200)
committer	Djalal Harouni <tixxdz@opendz.org>
	Wed, 12 Oct 2016 11:52:40 +0000 (13:52 +0200)