diff --git a/man/systemd-sleep.conf.xml b/man/systemd-sleep.conf.xml
index f8f1694b57..bdc4c3c193 100644
--- a/man/systemd-sleep.conf.xml
+++ b/man/systemd-sleep.conf.xml
@@ -138,21 +138,24 @@
HibernateMode=
HybridSleepMode=
- The string to be written to
- /sys/power/disk by,
- respectively,
+ The string to be written to /sys/power/disk by, respectively,
systemd-suspend.service8,
- systemd-hibernate.service8, or
+ systemd-hibernate.service8,
+ or
systemd-hybrid-sleep.service8.
- More than one value can be specified by separating
- multiple values with whitespace. They will be tried
- in turn, until one is written without error. If
- neither succeeds, the operation will be aborted.
-
+ More than one value can be specified by separating multiple values with whitespace. They will be
+ tried in turn, until one is written without error. If none of the writes succeed, the operation will
+ be aborted.
- systemd-suspend-then-hibernate.service8
- uses the value of SuspendMode= when suspending and the value of HibernateMode= when hibernating.
-
+ The allowed set of values is determined by the kernel and is shown in the file itself (use
+ cat /sys/power/disk to display). See the
+ kernel documentation for more details.
+
+
+ systemd-suspend-then-hibernate.service8
+ uses the value of SuspendMode= when suspending and the value of
+ HibernateMode= when hibernating.
@@ -160,21 +163,25 @@
HibernateState=
HybridSleepState=
- The string to be written to
- /sys/power/state by,
- respectively,
+ The string to be written to /sys/power/state by, respectively,
systemd-suspend.service8,
- systemd-hibernate.service8, or
+ systemd-hibernate.service8,
+ or
systemd-hybrid-sleep.service8.
- More than one value can be specified by separating
- multiple values with whitespace. They will be tried
- in turn, until one is written without error. If
- neither succeeds, the operation will be aborted.
+ More than one value can be specified by separating multiple values with whitespace. They will be
+ tried in turn, until one is written without error. If none of the writes succeed, the operation will
+ be aborted.
- systemd-suspend-then-hibernate.service8
- uses the value of SuspendState= when suspending and the value of HibernateState= when hibernating.
-
+ The allowed set of values is determined by the kernel and is shown in the file itself (use
+ cat /sys/power/state to display). See the
+ kernel documentation for more details.
+
+
+ systemd-suspend-then-hibernate.service8
+ uses the value of SuspendState= when suspending and the value of
+ HibernateState= when hibernating.
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 45294154db..c1088a3013 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1826,17 +1826,22 @@ BindReadOnlyPaths=/var/lib/systemd
ProtectClock=
- Takes a boolean argument. If set, writes to the hardware clock or system clock will be denied.
- It is recommended to turn this on for most services that do not need modify the clock. Defaults to off. Enabling
- this option removes CAP_SYS_TIME and CAP_WAKE_ALARM from the
- capability bounding set for this unit, installs a system call filter to block calls that can set the
- clock, and DeviceAllow=char-rtc r is implied. This ensures /dev/rtc0,
- /dev/rtc1, etc. are made read-only to the service. See
+ Takes a boolean argument. If set, writes to the hardware clock or system clock will
+ be denied. Defaults to off. Enabling this option removes CAP_SYS_TIME and
+ CAP_WAKE_ALARM from the capability bounding set for this unit, installs a system
+ call filter to block calls that can set the clock, and DeviceAllow=char-rtc r is
+ implied. Note that the system calls are blocked altogether, the filter does not take into account
+ that some of the calls can be used to read the clock state with some parameter combinations.
+ Effectively, /dev/rtc0, /dev/rtc1, etc. are made read-only
+ to the service. See
systemd.resource-control5
- for the details about DeviceAllow=. If this setting is on, but the unit
- doesn't have the CAP_SYS_ADMIN capability (e.g. services for which
+ for the details about DeviceAllow=. If this setting is on, but the unit doesn't
+ have the CAP_SYS_ADMIN capability (e.g. services for which
User= is set), NoNewPrivileges=yes is implied.
+ It is recommended to turn this on for most services that do not need modify the clock or check
+ its state.
+
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index a105b8af39..f691eef25d 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -647,7 +647,7 @@ w- /proc/sys/vm/swappiness - - - - 10
For example:
# Files created and modified, and directories accessed more than
# an hour ago in "/tmp/foo/bar", are subject to time-based cleanup.
-d /tmp/foo/bar - - - - bmA:1h -
+d /tmp/foo/bar - - - bmA:1h -
Note that while the aging algorithm is run an exclusive BSD file lock (see flock2) is