]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0e551b0)
portable: drop explicit PrivateTmp=yes from profiles 32724/head
authorLuca Boccassi <bluca@debian.org>
Wed, 8 May 2024 19:16:05 +0000 (20:16 +0100)
committerLuca Boccassi <bluca@debian.org>
Mon, 17 Jun 2024 16:05:55 +0000 (17:05 +0100)
It is already implied by DynamicUser=yes if not set, but dropping it
allows users to instead define TemporaryFileSystem=/tmp/ /var/tmp/
in their portable services, which has fewer side effects.

src/portable/profile/default/service.conf patch | blob | blame | history
src/portable/profile/nonetwork/service.conf patch | blob | blame | history
src/portable/profile/strict/service.conf patch | blob | blame | history

diff --git a/src/portable/profile/default/service.conf b/src/portable/profile/default/service.conf
index 5c447d664174b037163df051d6adb27ca1f88c62..d2551ef8c8a89623e588661bd11d1cf8f7511e9b 100644 (file)
--- a/src/portable/profile/default/service.conf
+++ b/src/portable/profile/default/service.conf
@@ -12,7 +12,6 @@ CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER
        CAP_FSETID CAP_IPC_LOCK CAP_IPC_OWNER CAP_KILL CAP_MKNOD CAP_NET_ADMIN \
        CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_SETGID CAP_SETPCAP \
        CAP_SETUID CAP_SYS_ADMIN CAP_SYS_CHROOT CAP_SYS_NICE CAP_SYS_RESOURCE
-PrivateTmp=yes
 PrivateDevices=yes
 PrivateUsers=yes
 ProtectSystem=strict
diff --git a/src/portable/profile/nonetwork/service.conf b/src/portable/profile/nonetwork/service.conf
index cd7f75c2e3a26fab95c92e32376faf9fa004e09e..83e4770e7877e75718179242c9f15368fbd354d2 100644 (file)
--- a/src/portable/profile/nonetwork/service.conf
+++ b/src/portable/profile/nonetwork/service.conf
@@ -10,7 +10,6 @@ RemoveIPC=yes
 CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER \
        CAP_FSETID CAP_IPC_LOCK CAP_IPC_OWNER CAP_KILL CAP_MKNOD CAP_SETGID CAP_SETPCAP \
        CAP_SETUID CAP_SYS_ADMIN CAP_SYS_CHROOT CAP_SYS_NICE CAP_SYS_RESOURCE
-PrivateTmp=yes
 PrivateDevices=yes
 PrivateUsers=yes
 ProtectSystem=strict
diff --git a/src/portable/profile/strict/service.conf b/src/portable/profile/strict/service.conf
index f924e1096f39874f6c8302a8960b31434129dff8..bb877c517d1ab7d62cec73bb9d8f5c5077c8c56c 100644 (file)
--- a/src/portable/profile/strict/service.conf
+++ b/src/portable/profile/strict/service.conf
@@ -7,7 +7,6 @@ BindReadOnlyPaths=/etc/machine-id
 DynamicUser=yes
 RemoveIPC=yes
 CapabilityBoundingSet=
-PrivateTmp=yes
 PrivateDevices=yes
 PrivateUsers=yes
 ProtectSystem=strict
Unnamed repository; edit this file 'description' to name the repository.