shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-08-30 05:50:12 +03:00
Code Activity

portable: set PrivateTmp=yes in trusted profile too

Browse Source 
When running on images you don't want to modify the /tmp
directory even if it's writable, and often it will just
be read-only. Set PrivateTmp=yes.

Fixes https://github.com/systemd/systemd/issues/23592

(cherry picked from commit f2d26cd89b)
(cherry picked from commit 6e111d2811)
This commit is contained in:
Luca Boccassi
2022-07-26 17:41:51 +01:00
committed by Zbigniew Jędrzejewski-Szmek
parent 40cdad3506
commit 74c33f69bb
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/portable/profile/trusted/service.conf
View File

@ -1,7 +1,8 @@
# The "trusted" profile for services, i.e. no restrictions are applied
# The "trusted" profile for services, i.e. no restrictions are applied apart from a private /tmp
[Service]
MountAPIVFS=yes
PrivateTmp=yes
BindPaths=/run
BindReadOnlyPaths=/etc/machine-id
BindReadOnlyPaths=/etc/resolv.conf