diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 9798a8d999..c2c36d55e4 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -58,7 +58,7 @@
CacheDirectory=, LogsDirectory= or
ConfigurationDirectory= set automatically gain dependencies of type
Requires= and After= on all mount units required to access the specified
- paths. This is equivalent to having them listed explicitly in
+ paths. This is equivalent to having them listed explicitly in
RequiresMountsFor=.
Similarly, units with PrivateTmp= enabled automatically get mount
@@ -113,7 +113,7 @@
system instance and the respective user's home directory if run as user. If the setting is prefixed with the
- character, a missing working directory is not considered fatal. If
RootDirectory=/RootImage= is not set, then
- WorkingDirectory= is relative to the root of the system running the service manager. Note
+ WorkingDirectory= is relative to the root of the system running the service manager. Note
that setting this parameter might result in additional dependencies to be added to the unit (see
above).
@@ -357,7 +357,7 @@
is used. In this case the source path refers to a path on the host file system, while the destination path
refers to a path below the root directory of the unit.
- Note that the destination directory must exist or systemd must be able to create it. Thus, it
+ Note that the destination directory must exist or systemd must be able to create it. Thus, it
is not possible to use those options for mount points nested underneath paths specified in
InaccessiblePaths=, or under /home/ and other protected
directories if ProtectHome=yes is
@@ -390,7 +390,7 @@
paths. If the empty string is assigned, the entire list of mount paths defined prior to this is
reset.
- Note that the destination directory must exist or systemd must be able to create it. Thus, it
+ Note that the destination directory must exist or systemd must be able to create it. Thus, it
is not possible to use those options for mount points nested underneath paths specified in
InaccessiblePaths=, or under /home/ and other protected
directories if ProtectHome=yes is specified.
@@ -553,7 +553,7 @@
that the static user with the name already exists. Similarly, if Group= is
specified and the static user with the name exists, then it is required that the static group with
the name already exists. Dynamic users/groups are allocated from the UID/GID range 61184…65519. It is
- recommended to avoid this range for regular system or login users. At any point in time each UID/GID
+ recommended to avoid this range for regular system or login users. At any point in time each UID/GID
from this range is only assigned to zero or one dynamically allocated users/groups in use. However,
UID/GIDs are recycled after a unit is terminated. Care should be taken that any processes running as
part of a unit for which dynamic users/groups are enabled do not leave files or directories owned by
@@ -650,7 +650,7 @@
once, in which case the bounding sets are merged by OR, or by
AND if the lines are prefixed with ~ (see below). If the
empty string is assigned to this option, the bounding set is reset to the empty capability set, and
- all prior settings have no effect. If set to ~ (without any further argument),
+ all prior settings have no effect. If set to ~ (without any further argument),
the bounding set is reset to the full set of available capabilities, also undoing any previous
settings. This does not affect commands prefixed with +.
@@ -663,7 +663,7 @@
CapabilityBoundingSet=CAP_A CAP_B
CapabilityBoundingSet=CAP_B CAP_C
then CAP_A, CAP_B, and
- CAP_C are set. If the second line is prefixed with
+ CAP_C are set. If the second line is prefixed with
~, e.g.,
CapabilityBoundingSet=CAP_A CAP_B
CapabilityBoundingSet=~CAP_B CAP_C
@@ -676,15 +676,15 @@ CapabilityBoundingSet=~CAP_B CAP_C
Controls which capabilities to include in the ambient capability set for the executed
process. Takes a whitespace-separated list of capability names, e.g. CAP_SYS_ADMIN,
CAP_DAC_OVERRIDE, CAP_SYS_PTRACE. This option may appear more than
- once in which case the ambient capability sets are merged (see the above examples in
+ once, in which case the ambient capability sets are merged (see the above examples in
CapabilityBoundingSet=). If the list of capabilities is prefixed with ~,
all but the listed capabilities will be included, the effect of the assignment inverted. If the empty string is
assigned to this option, the ambient capability set is reset to the empty capability set, and all prior
- settings have no effect. If set to ~ (without any further argument), the ambient capability
+ settings have no effect. If set to ~ (without any further argument), the ambient capability
set is reset to the full set of available capabilities, also undoing any previous settings. Note that adding
- capabilities to ambient capability set adds them to the process's inherited capability set.
+ capabilities to the ambient capability set adds them to the process's inherited capability set.
Ambient capability sets are useful if you want to execute a process as a non-privileged user but still want to
- give it some capabilities. Note that in this case option keep-caps is automatically added
+ give it some capabilities. Note that in this case option keep-caps is automatically added
to SecureBits= to retain the capabilities over the user
change. AmbientCapabilities= does not affect commands prefixed with
+.
@@ -705,7 +705,7 @@ CapabilityBoundingSet=~CAP_B CAP_C
children can never gain new privileges through execve() (e.g. via setuid or
setgid bits, or filesystem capabilities). This is the simplest and most effective way to ensure that
a process and its children can never elevate privileges again. Defaults to false, but certain
- settings override this and ignore the value of this setting. This is the case when
+ settings override this and ignore the value of this setting. This is the case when
DynamicUser=,
LockPersonality=,
MemoryDenyWriteExecute=,
@@ -735,9 +735,9 @@ CapabilityBoundingSet=~CAP_B CAP_C
Controls the secure bits set for the executed process. Takes a space-separated combination of
options from the following list: , ,
, , , and
- . This option may appear more than once, in which case the secure bits are
+ . This option may appear more than once, in which case the secure bits are
ORed. If the empty string is assigned to this option, the bits are reset to 0. This does not affect commands
- prefixed with +. See +. See capabilities7 for
details.
@@ -760,7 +760,7 @@ CapabilityBoundingSet=~CAP_B CAP_C
ignored if SELinux is disabled. If prefixed by -, failing to set the SELinux
security context will be ignored, but it's still possible that the subsequent
execve() may fail if the policy doesn't allow the transition for the
- non-overridden context. This does not affect commands prefixed with +. See
+ non-overridden context. This does not affect commands prefixed with +. See
setexeccon3
for details.
@@ -1047,7 +1047,7 @@ CapabilityBoundingSet=~CAP_B CAP_C
normally at 0.
Use the OOMPolicy= setting of service units to configure how the service
- manager shall react to the kernel OOM killer or systemd-oomd terminating a process of the service. See
+ manager shall react to the kernel OOM killer or systemd-oomd terminating a process of the service. See
systemd.service5
for details.
@@ -1233,7 +1233,7 @@ CapabilityBoundingSet=~CAP_B CAP_C
/proc/ and /sys/ (protect these directories using
PrivateDevices=, ProtectKernelTunables=,
ProtectControlGroups=). This setting ensures that any modification of the vendor-supplied
- operating system (and optionally its configuration, and local mounts) is prohibited for the service. It is
+ operating system (and optionally its configuration, and local mounts) is prohibited for the service. It is
recommended to enable this setting for all long-running services, unless they are involved with system updates
or need to modify the operating system in other ways. If this option is used,
ReadWritePaths= may be used to exclude specific directories from being made read-only. This
@@ -1420,7 +1420,7 @@ StateDirectory=aaa/bbb ccc
Specifies the access mode of the directories specified in RuntimeDirectory=,
StateDirectory=, CacheDirectory=, LogsDirectory=, or
- ConfigurationDirectory=, respectively, as an octal number. Defaults to
+ ConfigurationDirectory=, respectively, as an octal number. Defaults to
0755. See "Permissions" in path_resolution7 for a
discussion of the meaning of permission bits.
@@ -1429,7 +1429,7 @@ StateDirectory=aaa/bbb ccc
RuntimeDirectoryPreserve=
- Takes a boolean argument or . If set to (the
+ Takes a boolean argument or . If set to (the
default), the directories specified in RuntimeDirectory= are always removed when the service
stops. If set to the directories are preserved when the service is both automatically
and manually restarted. Here, the automatic restart means the operation specified in
@@ -1560,7 +1560,7 @@ BindReadOnlyPaths=/var/lib/systemd
false. It is possible to run two or more units within the same private /tmp/ and
/var/tmp/ namespace by using the JoinsNamespaceOf= directive,
see systemd.unit5
- for details. This setting is implied if DynamicUser= is set. For this setting the
+ for details. This setting is implied if DynamicUser= is set. For this setting, the
same restrictions regarding mount propagation and privileges apply as for
ReadOnlyPaths= and related calls, see above. Enabling this setting has the side
effect of adding Requires= and After= dependencies on all mount
@@ -1814,7 +1814,7 @@ BindReadOnlyPaths=/var/lib/systemd
removes CAP_SYS_MODULE from the capability bounding set for the unit, and installs a
system call filter to block module system calls, also /usr/lib/modules is made
inaccessible. For this setting the same restrictions regarding mount propagation and privileges apply as for
- ReadOnlyPaths= and related calls, see above. Note that limited automatic module loading due
+ ReadOnlyPaths= and related calls, see above. Note that limited automatic module loading due
to user configuration or kernel mapping tables might still happen as side effect of requested user operations,
both privileged and unprivileged. To disable module auto-load feature please see
sysctl.d5
@@ -1925,7 +1925,7 @@ RestrictFileSystems=~ext4
RestrictFileSystems=ext4
then only access to tmpfs is denied.
- As the number of possible filesystems is large, predefined sets of filesystems are provided. A set
+ As the number of possible filesystems is large, predefined sets of filesystems are provided. A set
starts with @ character, followed by name of the set.
@@ -2010,7 +2010,7 @@ RestrictFileSystems=ext4
setns2 system calls, taking
the specified flags parameters into account. Note that — if this option is used — in addition to restricting
creation and switching of the specified types of namespaces (or all of them, if true) access to the
- setns() system call with a zero flags parameter is prohibited. This setting is only
+ setns() system call with a zero flags parameter is prohibited. This setting is only
supported on x86, x86-64, mips, mips-le, mips64, mips64-le, mips64-n32, mips64-le-n32, ppc64, ppc64-le, s390
and s390x, and enforces no restrictions on other architectures. If running in user mode, or in system mode, but
without the CAP_SYS_ADMIN capability (e.g. setting User=),
@@ -2043,7 +2043,7 @@ RestrictNamespaces=~cgroup net
Takes a boolean argument. If set, attempts to create memory mappings that are writable and
executable at the same time, or to change existing memory mappings to become executable, or mapping shared
- memory segments as executable are prohibited. Specifically, a system call filter is added that rejects
+ memory segments as executable, are prohibited. Specifically, a system call filter is added that rejects
mmap2 system calls with both
PROT_EXEC and PROT_WRITE set,
mprotect2 or
@@ -2055,7 +2055,7 @@ RestrictNamespaces=~cgroup net
"trampoline" feature of various C compilers. This option improves service security, as it makes harder for
software exploits to change running code dynamically. However, the protection can be circumvented, if
the service can write to a filesystem, which is not mounted with noexec (such as
- /dev/shm), or it can use memfd_create(). This can be
+ /dev/shm), or it can use memfd_create(). This can be
prevented by making such file systems inaccessible to the service
(e.g. InaccessiblePaths=/dev/shm) and installing further system call filters
(SystemCallFilter=~memfd_create). Note that this feature is fully available on
@@ -2092,7 +2092,7 @@ RestrictNamespaces=~cgroup net
project='man-pages'>inode7). If
running in user mode, or in system mode, but without the CAP_SYS_ADMIN
capability (e.g. setting User=), NoNewPrivileges=yes is
- implied. As the SUID/SGID bits are mechanisms to elevate privileges, and allows users to acquire the
+ implied. As the SUID/SGID bits are mechanisms to elevate privileges, and allow users to acquire the
identity of other users, it is recommended to restrict creation of SUID/SGID files to the few
programs that actually require them. Note that this restricts marking of any type of file system
object with these bits, including both regular files and directories (where the SGID is a different
@@ -2202,7 +2202,7 @@ RestrictNamespaces=~cgroup net
full list). This value will be returned when a deny-listed system call is triggered, instead of
terminating the processes immediately. Special setting kill can be used to
explicitly specify killing. This value takes precedence over the one given in
- SystemCallErrorNumber=, see below. If running in user mode, or in system mode,
+ SystemCallErrorNumber=, see below. If running in user mode, or in system mode,
but without the CAP_SYS_ADMIN capability (e.g. setting
User=), NoNewPrivileges=yes is implied. This feature
makes use of the Secure Computing Mode 2 interfaces of the kernel ('seccomp filtering') and is useful
@@ -2227,7 +2227,7 @@ RestrictNamespaces=~cgroup net
might be necessary to temporarily disable system call filters in order to simplify debugging of such
failures.
- If you specify both types of this option (i.e. allow-listing and deny-listing), the first
+ If you specify both types of this option (i.e. allow-listing and deny-listing), the first
encountered will take precedence and will dictate the default action (termination or approval of a
system call). Then the next occurrences of this option will add or delete the listed system calls
from the set of the filtered system calls, depending of its type and the default action. (For
@@ -2235,7 +2235,7 @@ RestrictNamespaces=~cgroup net
write(), and right after it add a deny list rule for write(),
then write() will be removed from the set.)
- As the number of possible system calls is large, predefined sets of system calls are provided. A set
+ As the number of possible system calls is large, predefined sets of system calls are provided. A set
starts with @ character, followed by name of the set.
@@ -2423,7 +2423,7 @@ SystemCallErrorNumber=EPERM
filter. The known architecture identifiers are the same as for ConditionArchitecture=
described in systemd.unit5,
as well as x32, mips64-n32, mips64-le-n32, and
- the special identifier native. The special identifier native
+ the special identifier native. The special identifier native
implicitly maps to the native architecture of the system (or more precisely: to the architecture the system
manager is compiled for). If running in user mode, or in system mode, but without the
CAP_SYS_ADMIN capability (e.g. setting User=),
@@ -2519,7 +2519,7 @@ SystemCallErrorNumber=EPERM
EnvironmentFile=Similar to Environment= but reads the environment variables from a text file.
- The text file should contain newline-separated variable assignments. Empty lines, lines without an
+ The text file should contain newline-separated variable assignments. Empty lines, lines without an
= separator, or lines starting with ; or # will be
ignored, which may be used for commenting. The file must be UTF-8 encoded. Valid characters are unicode scalar values other than
have no effect.The files listed with this directive will be read shortly before the process is executed (more
- specifically, after all processes from a previous unit state terminated. This means you can generate these
- files in one unit state, and read it with this option in the next. The files are read from the file
+ specifically, after all processes from a previous unit state terminated. This means you can generate these
+ files in one unit state, and read it with this option in the next. The files are read from the file
system of the service manager, before any file system changes like bind mounts take place).Settings from these files override settings made with Environment=. If the same
@@ -2673,12 +2673,12 @@ SystemCallErrorNumber=EPERM
daemon.The option connects standard input to a specific,
- named file descriptor provided by a socket unit. The name may be specified as part of this option, following a
- : character (e.g. fd:foobar). If no name is specified, the name
+ named file descriptor provided by a socket unit. The name may be specified as part of this option, following a
+ : character (e.g. fd:foobar). If no name is specified, the name
stdin is implied (i.e. fd is equivalent to fd:stdin).
At least one socket unit defining the specified name must be provided via the Sockets=
- option, and the file descriptor name may differ from the name of its containing socket unit. If multiple
- matches are found, the first one will be used. See FileDescriptorName= in
+ option, and the file descriptor name may differ from the name of its containing socket unit. If multiple
+ matches are found, the first one will be used. See FileDescriptorName= in
systemd.socket5 for more
details about named file descriptors and their ordering.
@@ -2754,7 +2754,7 @@ SystemCallErrorNumber=EPERM
semantics are similar to the same option of StandardInput=, see above.
The option connects standard output to a
- specific, named file descriptor provided by a socket unit. A name may be specified as part of this
+ specific, named file descriptor provided by a socket unit. A name may be specified as part of this
option, following a : character
(e.g. fd:foobar). If no name is specified, the name
stdout is implied (i.e. fd is equivalent to
@@ -2930,7 +2930,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
Sets the process name ("syslog tag") to prefix log lines sent to
the logging system or the kernel log buffer with. If not set, defaults to the process name of the
- executed process. This option is only useful when StandardOutput= or
+ executed process. This option is only useful when StandardOutput= or
StandardError= are set to or (or to
the same settings in combination with ) and only applies to log messages
written to stdout or stderr.
@@ -2996,7 +2996,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
TTYReset=Reset the terminal device specified with TTYPath= before and after
- execution. Defaults to no.
+ execution. Defaults to no.