mirror of
https://github.com/systemd/systemd.git
synced 2024-12-27 07:22:31 +03:00
40fb9eebbc
Inb6033b7060
support was added to create {/etc|/run}/credstore{|.encrypted} via tmpfiles.d with perms 0000. These perms are so restrictive that not even root can access them unless it has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time In24039e1207
support was added to create /etc/credstore with perm 0700 from meson.build at build time. This patch makes unifies the two parts: 1. creates both /etc/credstore *and* /etc/credstore.encrypted in both places (the build system still won't create them in /run/, since that's pointless since not shipped, and the runtime won't create the dirs below /usr/lib/, since that's not generically writable anyway). 2. Both at runtime and at build time we'll create the dirs with mode 0700. This is easier for packaging tools to handle since they generally react pretty negatively on dirs they can't enumerate.
14 lines
473 B
Plaintext
14 lines
473 B
Plaintext
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
# See tmpfiles.d(5) for details
|
|
|
|
d /etc/credstore 0700 root root
|
|
d /etc/credstore.encrypted 0700 root root
|
|
z /run/credstore 0700 root root
|
|
z /run/credstore.encrypted 0700 root root
|