service: Enable ProtectHome=true

We have no business accessing `/var/roothome` or `/var/home`. In general the ostree design clearly avoids touching those, but since systemd offers us easy tools to toggle on protection, let's use them. In the future it'd be nice to do something like using `DynamicUser=yes` for the main service, and have a system `rpm-ostreed-transaction.service` that runs privileged but as a subprocess.
2020-11-14 15:08:53 +00:00 · 2020-11-14 15:08:53 +00:00 · 341ec7d044
commit 341ec7d044
parent a76ddf0cef
1 changed files with 7 additions and 0 deletions
--- a/src/daemon/rpm-ostreed.service.in
+++ b/src/daemon/rpm-ostreed.service.in
@ -8,6 +8,13 @@ Type=dbus
 BusName=org.projectatomic.rpmostree1
 # To use the read-only sysroot bits
 MountFlags=slave
+# We have no business accessing /var/roothome or /var/home.  In general
+# the ostree design clearly avoids touching those, but since systemd offers
+# us easy tools to toggle on protection, let's use them.  In the future
+# it'd be nice to do something like using DynamicUser=yes for the main service,
+# and have a system rpm-ostreed-transaction.service that runs privileged
+# but as a subprocess.
+ProtectHome=true
 NotifyAccess=main
@SYSTEMD_ENVIRON@
 ExecStart=@bindir@/rpm-ostree start-daemon