From 69cd3eb652c116f1cee152c2f9e3fa51e21515c1 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Tue, 1 Oct 2024 18:15:37 +0100
Subject: [PATCH] spec: Mention that Containers1 confined connections can't
 BecomeMonitor

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 doc/dbus-specification.xml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml
index 5523693d..7c6a7e71 100644
--- a/doc/dbus-specification.xml
+++ b/doc/dbus-specification.xml
@@ -8252,7 +8252,12 @@
           monitor connections<footnote>
             <para>
               In the reference implementation,
-              the default configuration is that each user (identified by
+              the default configuration is that connections to a
+              container server managed by
+              <link linkend="message-bus-containers-interface">the
+                Containers1 interface</link>
+              are not privileged and cannot become a monitor;
+              otherwise, each user (identified by
               numeric user ID) may monitor their own session bus,
               and the root user (user ID zero) may monitor the
               system bus.