diff options
author | Lennart Poettering <lennart@poettering.net> | 2018-02-20 08:53:34 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-02-20 08:53:34 +0100 |
commit | 00f5ad93b5c3c0e09e6d135a6a82ac53fd97ceca (patch) | |
tree | 33a7a23f7db162d8ccebc0d584a9bf67cae344a7 /man | |
parent | 6f58ff2325c22ca02a2450ce5b95f88c04b1c537 (diff) | |
download | systemd-00f5ad93b5c3c0e09e6d135a6a82ac53fd97ceca.tar.gz |
core: change KeyringMode= to "shared" by default for non-service units in the system manager (#8172)
Before this change all unit types would default to "private" in the
system service manager and "inherit" to in the user service manager.
With this change this is slightly altered: non-service units of the
system service manager are now run with KeyringMode=shared. This appears
to be the more appropriate choice as isolation is not as desirable for
mount tools, which regularly consume key material. After all mounts are
a shared resource themselves as they appear system-wide hence it makes a
lot of sense to share their key material too.
Fixes: #8159
Diffstat (limited to 'man')
-rw-r--r-- | man/systemd.exec.xml | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index f01599f656..d4dc2843ec 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -631,8 +631,8 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> processes. In this modes multiple units running processes under the same user ID may share key material. Unless <option>inherit</option> is selected the unique invocation ID for the unit (see below) is added as a protected key by the name <literal>invocation_id</literal> to the newly created session keyring. Defaults to - <option>private</option> for the system service manager and to <option>inherit</option> for the user service - manager.</para></listitem> + <option>private</option> for services of the system service manager and to <option>inherit</option> for + non-service units and for services of the user service manager.</para></listitem> </varlistentry> <varlistentry> |