mirror of
https://github.com/systemd/systemd.git
synced 2024-12-21 13:34:21 +03:00
sysupdated: Permit mount namespaces
dissect-image tries to use mount namespaces to dissect images without polluting the host mounts. This change allows it to do that.
This commit is contained in:
parent
a509603b2e
commit
31616d00ef
@ -21,7 +21,7 @@ NoNewPrivileges=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
ProtectHostname=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictNamespaces=net
|
||||
RestrictNamespaces=net mnt
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
SystemCallFilter=@system-service @mount
|
||||
SystemCallErrorNumber=EPERM
|
||||
|
Loading…
Reference in New Issue
Block a user