shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Code

sysupdated: Permit mount namespaces

Browse Source 
dissect-image tries to use mount namespaces to dissect images without
polluting the host mounts. This change allows it to do that.
This commit is contained in:
Adrian Vovk 2024-11-06 13:17:04 -05:00
parent a509603b2e
commit 31616d00ef
No known key found for this signature in database
GPG Key ID: 90A7B546533E15FB
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
units/systemd-sysupdated.service.in
View File

@ -21,7 +21,7 @@ NoNewPrivileges=yes
MemoryDenyWriteExecute=yes MemoryDenyWriteExecute=yes
ProtectHostname=yes ProtectHostname=yes
RestrictRealtime=yes RestrictRealtime=yes
RestrictNamespaces=net RestrictNamespaces=net mnt
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallFilter=@system-service @mount SystemCallFilter=@system-service @mount
SystemCallErrorNumber=EPERM SystemCallErrorNumber=EPERM