1 files changed, 30 insertions, 13 deletions

diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
index 0c0c91608a..18b7bf8f6a 100644
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@@ -3,6 +3,8 @@
 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
 
 <!--
+  SPDX-License-Identifier: LGPL-2.1+
+
   This file is part of systemd.
 
   Copyright 2013 Zbigniew Jędrzejewski-Szmek
@@ -120,10 +122,6 @@
         <varlistentry>
           <term><option>CPU</option></term>
           <listitem>
-            <para>Due to the lack of consensus in the kernel community, the CPU controller support on the unified
-            control group hierarchy requires out-of-tree kernel patches. See <ulink
-            url="https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git/tree/Documentation/cgroup-v2-cpu.txt?h=cgroup-v2-cpu">cgroup-v2-cpu.txt</ulink>.</para>
-
             <para><varname>CPUWeight=</varname> and <varname>StartupCPUWeight=</varname> replace
             <varname>CPUShares=</varname> and <varname>StartupCPUShares=</varname>, respectively.</para>
 
@@ -142,7 +140,7 @@
         <varlistentry>
           <term><option>IO</option></term>
           <listitem>
-            <para><varname>IO</varname> prefixed settings are superset of and replace <varname>BlockIO</varname>
+            <para><varname>IO</varname> prefixed settings are a superset of and replace <varname>BlockIO</varname>
             prefixed ones. On unified hierarchy, IO resource control also applies to buffered writes.</para>
           </listitem>
         </varlistentry>
@@ -500,7 +498,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><varname>IPAddressAllow=<replaceable>ADDDRESS[/PREFIXLENGTH]…</replaceable></varname></term>
+        <term><varname>IPAddressAllow=<replaceable>ADDRESS[/PREFIXLENGTH]…</replaceable></varname></term>
         <term><varname>IPAddressDeny=<replaceable>ADDRESS[/PREFIXLENGTH]…</replaceable></varname></term>
 
         <listitem>
@@ -711,13 +709,32 @@
         <term><varname>Delegate=</varname></term>
 
         <listitem>
-          <para>Turns on delegation of further resource control
-          partitioning to processes of the unit. For unprivileged
-          services (i.e. those using the <varname>User=</varname>
-          setting), this allows processes to create a subhierarchy
-          beneath its control group path. For privileged services and
-          scopes, this ensures the processes will have all control
-          group controllers enabled.</para>
+          <para>Turns on delegation of further resource control partitioning to processes of the unit. Units where this
+          is enabled may create and manage their own private subhierarchy of control groups below the control group of
+          the unit itself. For unprivileged services (i.e. those using the <varname>User=</varname> setting) the unit's
+          control group will be made accessible to the relevant user. When enabled the service manager will refrain
+          from manipulating control groups or moving processes below the unit's control group, so that a clear concept
+          of ownership is established: the control group tree above the unit's control group (i.e. towards the root
+          control group) is owned and managed by the service manager of the host, while the control group tree below
+          the unit's control group is owned and managed by the unit itself. Takes either a boolean argument or a list
+          of control group controller names. If true, delegation is turned on, and all supported controllers are
+          enabled for the unit, making them available to the unit's processes for management. If false, delegation is
+          turned off entirely (and no additional controllers are enabled). If set to a list of controllers, delegation
+          is turned on, and the specified controllers are enabled for the unit. Note that additional controllers than
+          the ones specified might be made available as well, depending on configuration of the containing slice unit
+          or other units contained in it. Note that assigning the empty string will enable delegation, but reset the
+          list of controllers, all assignments prior to this will have no effect.  Defaults to false.</para>
+
+          <para>Note that controller delegation to less privileged code is only safe on the unified control group
+          hierarchy. Accordingly, access to the specified controllers will not be granted to unprivileged services on
+          the legacy hierarchy, even when requested.</para>
+
+          <para>The following controller names may be specified: <option>cpu</option>, <option>cpuacct</option>,
+          <option>io</option>, <option>blkio</option>, <option>memory</option>, <option>devices</option>,
+          <option>pids</option>. Not all of these controllers are available on all kernels however, and some are
+          specific to the unified hierarchy while others are specific to the legacy hierarchy. Also note that the
+          kernel might support further controllers, which aren't covered here yet as delegation is either not supported
+          at all for them or not defined cleanly.</para>
         </listitem>
       </varlistentry>