]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/nspawn/nspawn.c
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d7942fe) | patch
nspawn: lock down access to notify socket a bit
authorLennart Poettering <lennart@poettering.net>
Fri, 5 Jan 2024 15:41:24 +0000 (16:41 +0100)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Sat, 6 Jan 2024 02:21:00 +0000 (11:21 +0900)
commit6db53d20f5833570488aef2ae27489bbfdfd3f41
tree0a417bea951baf77899ba396e2114b3afd5a3169tree | snapshot
parentd7942fe5fc197d1eb77986b5c73b5c36d82e141ecommit | diff
nspawn: lock down access to notify socket a bit

On Linux only the "w" access bit is necessary to connect to an AF_UNIX
socket, hence let's only set that and nothing else, to limit exposure.

Just paranoia.
src/nspawn/nspawn.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.