mirror of
https://github.com/systemd/systemd.git
synced 2024-12-27 07:22:31 +03:00
e76b3d4ed2
suid binaries and device nodes should not be placed there, hence forbid it. Of all the API VFS we mount from PID 1 or via a unit file this one is the only one where we didn't add MS_NODEV/MS_NOSUID. Let's address that, since there's really no reason why device nodes or suid binaries would be placed in hugetlbfs.
25 lines
775 B
SYSTEMD
25 lines
775 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Huge Pages File System
|
|
Documentation=https://docs.kernel.org/admin-guide/mm/hugetlbpage.html
|
|
Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
|
|
DefaultDependencies=no
|
|
Before=sysinit.target
|
|
ConditionPathExists=/sys/kernel/mm/hugepages
|
|
ConditionCapability=CAP_SYS_ADMIN
|
|
ConditionVirtualization=!private-users
|
|
|
|
[Mount]
|
|
What=hugetlbfs
|
|
Where=/dev/hugepages
|
|
Type=hugetlbfs
|
|
Options=nosuid,nodev
|