spec: Mention that Containers1 confined connections can't BecomeMonitor

Signed-off-by: Simon McVittie <smcv@collabora.com>
2026-05-07 17:58:39 +02:00 · 2024-10-01 18:15:37 +01:00 · 2024-10-01 18:15:37 +01:00 · 69cd3eb652
commit 69cd3eb652
parent 4012eb96db
1 changed files with 6 additions and 1 deletions
--- a/doc/dbus-specification.xml
+++ b/doc/dbus-specification.xml
@ -8252,7 +8252,12 @@
          monitor connections<footnote>
            <para>
              In the reference implementation,
-              the default configuration is that each user (identified by
+              the default configuration is that connections to a
+              container server managed by
+              <link linkend="message-bus-containers-interface">the
+                Containers1 interface</link>
+              are not privileged and cannot become a monitor;
+              otherwise, each user (identified by
              numeric user ID) may monitor their own session bus,
              and the root user (user ID zero) may monitor the
              system bus.