From fe239c7d7d6227209234100f4e0a36dd952a5587 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 20 Jan 2021 22:28:30 +0100 Subject: [PATCH] portabled: update profiles to current semantics MountAPIVFS= implicitly mounts /run as tmpfs now, no need to do this explicitly. The notification socket is now implicitly mounted too, if NotifyAccess= and RootImage=/RootDirectory= are used together. --- src/portable/profile/default/service.conf | 2 -- src/portable/profile/nonetwork/service.conf | 2 -- src/portable/profile/strict/service.conf | 2 -- src/portable/profile/trusted/service.conf | 1 - 4 files changed, 7 deletions(-) diff --git a/src/portable/profile/default/service.conf b/src/portable/profile/default/service.conf index 792be50229e..230aa607810 100644 --- a/src/portable/profile/default/service.conf +++ b/src/portable/profile/default/service.conf @@ -2,8 +2,6 @@ [Service] MountAPIVFS=yes -TemporaryFileSystem=/run -BindReadOnlyPaths=/run/systemd/notify BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout BindReadOnlyPaths=/etc/machine-id BindReadOnlyPaths=/etc/resolv.conf diff --git a/src/portable/profile/nonetwork/service.conf b/src/portable/profile/nonetwork/service.conf index c81cebe03f2..cd7f75c2e3a 100644 --- a/src/portable/profile/nonetwork/service.conf +++ b/src/portable/profile/nonetwork/service.conf @@ -2,8 +2,6 @@ [Service] MountAPIVFS=yes -TemporaryFileSystem=/run -BindReadOnlyPaths=/run/systemd/notify BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout BindReadOnlyPaths=/etc/machine-id BindReadOnlyPaths=/run/dbus/system_bus_socket diff --git a/src/portable/profile/strict/service.conf b/src/portable/profile/strict/service.conf index d10fb5a1e8c..f924e1096f3 100644 --- a/src/portable/profile/strict/service.conf +++ b/src/portable/profile/strict/service.conf @@ -2,8 +2,6 @@ [Service] MountAPIVFS=yes -TemporaryFileSystem=/run -BindReadOnlyPaths=/run/systemd/notify BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout BindReadOnlyPaths=/etc/machine-id DynamicUser=yes diff --git a/src/portable/profile/trusted/service.conf b/src/portable/profile/trusted/service.conf index 9a6af70b939..cb859c4e278 100644 --- a/src/portable/profile/trusted/service.conf +++ b/src/portable/profile/trusted/service.conf @@ -2,6 +2,5 @@ [Service] MountAPIVFS=yes -BindPaths=/run BindReadOnlyPaths=/etc/machine-id BindReadOnlyPaths=/etc/resolv.conf -- 2.47.3