]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e9c88a6)
portable: set PrivateTmp=yes in trusted profile too
authorLuca Boccassi <bluca@debian.org>
Tue, 26 Jul 2022 16:41:51 +0000 (17:41 +0100)
committerLuca Boccassi <luca.boccassi@gmail.com>
Tue, 26 Jul 2022 22:18:12 +0000 (23:18 +0100)
When running on images you don't want to modify the /tmp
directory even if it's writable, and often it will just
be read-only. Set PrivateTmp=yes.

Fixes https://github.com/systemd/systemd/issues/23592

src/portable/profile/trusted/service.conf patch | blob | blame | history

diff --git a/src/portable/profile/trusted/service.conf b/src/portable/profile/trusted/service.conf
index 9a6af70b93989a73dbcd903a5ecd578402e8caae..04deeb2262e1696141b430bd19d01343be3bd49b 100644 (file)
--- a/src/portable/profile/trusted/service.conf
+++ b/src/portable/profile/trusted/service.conf
@@ -1,7 +1,8 @@
-# The "trusted" profile for services, i.e. no restrictions are applied
+# The "trusted" profile for services, i.e. no restrictions are applied apart from a private /tmp
 
 [Service]
 MountAPIVFS=yes
+PrivateTmp=yes
 BindPaths=/run
 BindReadOnlyPaths=/etc/machine-id
 BindReadOnlyPaths=/etc/resolv.conf
Unnamed repository; edit this file 'description' to name the repository.