shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-30 10:50:15 +03:00
Code

units: use PrivateTmp=disconnected instead of 'yes' if DefaultDependencies=no

Browse Source 
Avoids subtle race conditions such as the one described at
#35582.

Fixes #35582
This commit is contained in:
Luca Boccassi 2024-12-12 11:48:52 +00:00 committed by Mike Yuan
parent 9fdf10604b
commit 1ca315be00
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
units/systemd-coredump@.service.in
View File

@ -26,7 +26,7 @@ NoNewPrivileges=yes
OOMScoreAdjust=500
PrivateDevices=yes
PrivateNetwork=yes
PrivateTmp=yes
PrivateTmp=disconnected
ProtectControlGroups=yes
ProtectHome=read-only
ProtectHostname=yes

2
units/systemd-oomd.service.in
View File

@ -37,7 +37,7 @@ MemoryLow=64M
NoNewPrivileges=yes
OOMScoreAdjust=-900
PrivateDevices=yes
PrivateTmp=yes
PrivateTmp=disconnected
ProtectClock=yes
ProtectHome=yes
ProtectHostname=yes

2
units/systemd-resolved.service.in
View File

@ -29,7 +29,7 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateTmp=disconnected
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes

2
units/systemd-timesyncd.service.in
View File

@ -31,7 +31,7 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateTmp=disconnected
ProtectProc=invisible
ProtectControlGroups=yes
ProtectHome=yes