From: Djalal Harouni <tixxdz@opendz.org>
Date: Sat, 8 Oct 2016 15:48:35 +0000 (+0200)
Subject: doc: minor hint about InaccessiblePaths= in regard of ProtectKernelTunables=
X-Git-Tag: v234~963^2~4
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ac246d9868bd476297e2702e0a7ef52294f9cfa8;p=platform%2Fupstream%2Fsystemd.git

doc: minor hint about InaccessiblePaths= in regard of ProtectKernelTunables=
---

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c46c0f6..4a68695 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1046,7 +1046,10 @@
         boot-time, with the <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
         mechanism. Almost no services need to write to these at runtime; it is hence recommended to turn this on for
         most services. For this setting the same restrictions regarding mount propagation and privileges apply as for
-        <varname>ReadOnlyPaths=</varname> and related calls, see above. Defaults to off.</para></listitem>
+        <varname>ReadOnlyPaths=</varname> and related calls, see above. Defaults to off.
+        Note that this option does not prevent kernel tuning through IPC interfaces and exeternal programs. However
+        <varname>InaccessiblePaths=</varname> can be used to make some IPC file system objects
+        inaccessible.</para></listitem>
       </varlistentry>
 
       <varlistentry>