]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 64e82c1) | patch
namespace: when DynamicUser=1 is set, mount StateDirectory= bind mounts "nosuid" 12106/head
authorLennart Poettering <lennart@poettering.net>
Mon, 25 Mar 2019 18:29:26 +0000 (19:29 +0100)
committerLennart Poettering <lennart@poettering.net>
Mon, 25 Mar 2019 18:57:15 +0000 (19:57 +0100)
commit9ce4e4b0f6088c494bfd29f4d7f7d3866839f933
tree44ec1ef901ee14999746448849199144f641d7b7tree | snapshot
parent64e82c1976ebab0c7788149da42e5193e9ca2dfbcommit | diff
namespace: when DynamicUser=1 is set, mount StateDirectory= bind mounts "nosuid"

Add even more suid/sgid protection to DynamicUser= envionments: the
state directories we bind mount from the host will now have the nosuid
flag set, to disable the effect of nosuid on them.
src/core/execute.c diff | blob | blame | history
src/core/namespace.c diff | blob | blame | history
src/core/namespace.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.