merge #4428 into opencontainers/runc:main

Kir Kolyshkin (2):
  memfd-bind: more specific doc URL
  memfd-bind: fixup systemd unit file and README

LGTMs: rata cyphar

Author: cyphar

contrib/cmd/memfd-bind/README.md

@@ -25,7 +25,7 @@ The provided `[email protected]` file can be used to get systemd to manage
 this daemon. You can supply the path like so:
 
 ```
-% systemctl start memfd-bind@/usr/bin/runc
+% systemctl start memfd-bind@$(systemd-escape -p /usr/bin/runc)
 ```
 
 Thus, there are three ways of protecting against CVE-2019-5736, in order of how

contrib/cmd/memfd-bind/[email protected]

@@ -1,11 +1,11 @@
 [Unit]
-Description=Manage memfd-bind of %I
-Documentation=https://github.com/opencontainers/runc
+Description=Manage memfd-bind of %f
+Documentation=https://github.com/opencontainers/runc/blob/main/contrib/cmd/memfd-bind/README.md
 
 [Service]
 Type=simple
-ExecStart=memfd-bind "%I"
-ExecStop=memfd-bind --cleanup "%I"
+ExecStart=memfd-bind "%f"
+ExecStop=memfd-bind --cleanup "%f"
 
 [Install]
 WantedBy=multi-user.target