From b71173709651102081c9d8c6d6e3d2a6ef5cf17e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 5 Nov 2024 13:33:53 +0100
Subject: [PATCH] man: document that PrivateTmp= is unaffected by
 ProtectSystem=strict

Fixes: #33130
---
 man/systemd.exec.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index ac17ab65a4..a955f767e4 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1433,6 +1433,10 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
         set. This setting cannot ensure protection in all cases. In general it has the same limitations as
         <varname>ReadOnlyPaths=</varname>, see below. Defaults to off.</para>
 
+        <para>Note that if <varname>ProtectSystem=</varname> is set to <literal>strict</literal> and
+        <varname>PrivateTmp=</varname> is enabled, then <filename>/tmp/</filename> and
+        <filename>/var/tmp/</filename> will be writable.</para>
+
         <xi:include href="version-info.xml" xpointer="v214"/></listitem>
       </varlistentry>
 
-- 
2.25.1