git.ipfire.org Git - thirdparty/systemd.git/commit

]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/core/dbus-execute.c

projects / thirdparty / systemd.git / commit

author	Alessandro Puccetti <alessandro@kinvolk.io>
	Wed, 6 Jul 2016 07:48:58 +0000 (09:48 +0200)
committer	Alessandro Puccetti <alessandro@kinvolk.io>
	Tue, 19 Jul 2016 15:22:02 +0000 (17:22 +0200)
commit	c4b41707462a74eb7008e8d12a0b4d0a0c09bff4
tree	ff6991bfe6b79f53d501c061792cc428a8a38910	tree \| snapshot
parent	14eb41b2a45f0ab56b06054c7bc40c3613b23e82	commit \| diff

namespace: unify limit behavior on non-directory paths

Despite the name, `Read{Write,Only}Directories=` already allows for
regular file paths to be masked. This commit adds the same behavior
to `InaccessibleDirectories=` and makes it explicit in the doc.
This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}`
{dile,device}nodes and mounts on the appropriate one the paths specified
in `InacessibleDirectories=`.

Based on Luca's patch from https://github.com/systemd/systemd/pull/3327

man/systemd.exec.xml		diff \| blob \| blame \| history
src/basic/mount-util.c		diff \| blob \| blame \| history
src/basic/mount-util.h		diff \| blob \| blame \| history
src/core/dbus-execute.c		diff \| blob \| blame \| history
src/core/mount-setup.c		diff \| blob \| blame \| history
src/core/namespace.c		diff \| blob \| blame \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom