]> git.ipfire.org Git - thirdparty/systemd.git/commit - NEWS
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 62aa292) | patch
core: imply NNP and SUID/SGID restriction for DynamicUser=yes service
authorLennart Poettering <lennart@poettering.net>
Wed, 20 Mar 2019 19:19:38 +0000 (20:19 +0100)
committerLennart Poettering <lennart@poettering.net>
Tue, 2 Apr 2019 14:56:48 +0000 (16:56 +0200)
commitbf65b7e0c9fc215897b676ab9a7c9d1c688143ba
tree906348e2120baa73531e774cf98eb1c5bbbc0c62tree | snapshot
parent62aa29247c3d74bcec0607c347f2be23cd90675dcommit | diff
core: imply NNP and SUID/SGID restriction for DynamicUser=yes service

Let's be safe, rather than sorry. This way DynamicUser=yes services can
neither take benefit of, nor create SUID/SGID binaries.

Given that DynamicUser= is a recent addition only we should be able to
get away with turning this on, even though this is strictly speaking a
binary compatibility breakage.
NEWS diff | blob | blame | history
man/systemd.exec.xml diff | blob | blame | history
src/core/unit.c diff | blob | blame | history
units/systemd-journal-gatewayd.service.in diff | blob | blame | history
units/systemd-journal-upload.service.in diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.