From e5a8c8dd120d92909188b682e7a8c2a6a484b605 Mon Sep 17 00:00:00 2001
From: Armin Rigo <arigo@tunes.org>
Date: Wed, 24 Apr 2024 10:41:30 +0200
Subject: [PATCH] Copy the whole explanation

---
 doc/source/using.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/source/using.rst b/doc/source/using.rst
index 277bee3a..0069e376 100644
--- a/doc/source/using.rst
+++ b/doc/source/using.rst
@@ -891,8 +891,9 @@ ffi.callback() and the result is the same.
     - `On Mac OS X,`__ you need to give your application the entitlement
       ``com.apple.security.cs.allow-unsigned-executable-memory``.
 
-    - On Linux, ``systemd`` can install syscall filtering rules on services
-      it supervises; see https://github.com/python-cffi/cffi/issues/73.
+    - On Linux, ``systemd`` installs syscall filtering rules on services
+      it supervises.   The `MemoryDenyWriteExecute=` setting in
+      `systemd.exec(5)` defaults to on, and can quietly block this.
 
     Note also that a cffi fix for this issue was attempted---see
     the ``ffi_closure_alloc`` branch---but was not merged because it