mirror of
https://github.com/systemd/systemd.git
synced 2024-11-02 19:21:53 +03:00
797e7a51cd
Create /var/lib/containers so that it exists with an appropriate mode. We want 0700 by default so that users on the host aren't able to call suid root binaries in the container. This becomes a security issue if a user can enter a container as root, create a suid root binary, and call that from the host. (This assumes that containers are caged by mandatory access control or are started as user).
24 lines
565 B
Plaintext
24 lines
565 B
Plaintext
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
# See tmpfiles.d(5) for details
|
|
|
|
d /var 0755 - - -
|
|
|
|
L /var/run - - - - ../run
|
|
|
|
d /var/log 0755 - - -
|
|
f /var/log/wtmp 0664 root utmp -
|
|
f /var/log/btmp 0600 root utmp -
|
|
|
|
d /var/cache 0755 - - -
|
|
|
|
d /var/lib 0755 - - -
|
|
d /var/lib/containers 0700 - - -
|
|
|
|
d /var/spool 0755 - - -
|