shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-12 08:58:20 +03:00
Code

portable: set PrivateTmp=yes in trusted profile too

Browse Source 
When running on images you don't want to modify the /tmp
directory even if it's writable, and often it will just
be read-only. Set PrivateTmp=yes.

Fixes https://github.com/systemd/systemd/issues/23592

(cherry picked from commit f2d26cd89b195e53f184387f1a5b97a98512c82a)
(cherry picked from commit 6e111d2811b12e67879e66fc9fdf39cc96977681)
This commit is contained in:
Luca Boccassi 2022-07-26 17:41:51 +01:00 committed by Zbigniew Jędrzejewski-Szmek
parent 40cdad3506
commit 74c33f69bb
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/portable/profile/trusted/service.conf
View File

@ -1,7 +1,8 @@
# The "trusted" profile for services, i.e. no restrictions are applied
# The "trusted" profile for services, i.e. no restrictions are applied apart from a private /tmp
[Service]
MountAPIVFS=yes
PrivateTmp=yes
BindPaths=/run
BindReadOnlyPaths=/etc/machine-id
BindReadOnlyPaths=/etc/resolv.conf