1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00

portable: set PrivateTmp=yes in trusted profile too

When running on images you don't want to modify the /tmp
directory even if it's writable, and often it will just
be read-only. Set PrivateTmp=yes.

Fixes https://github.com/systemd/systemd/issues/23592
This commit is contained in:
Luca Boccassi 2022-07-26 17:41:51 +01:00 committed by Luca Boccassi
parent e9c88a608c
commit f2d26cd89b

View File

@ -1,7 +1,8 @@
# The "trusted" profile for services, i.e. no restrictions are applied
# The "trusted" profile for services, i.e. no restrictions are applied apart from a private /tmp
[Service]
MountAPIVFS=yes
PrivateTmp=yes
BindPaths=/run
BindReadOnlyPaths=/etc/machine-id
BindReadOnlyPaths=/etc/resolv.conf