From: Ansgar Burchardt <ansgar@debian.org>
Date: Thu, 24 Jul 2014 17:38:07 +0000 (+0200)
Subject: Include additional directories in ProtectSystem
X-Git-Tag: v238~41^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F8294%2Fhead;p=thirdparty%2Fsystemd.git

Include additional directories in ProtectSystem
---

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 5d092488bd4..876faa7f558 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -148,6 +148,12 @@ static const MountEntry protect_system_yes_table[] = {
         { "/usr",                READONLY,     false },
         { "/boot",               READONLY,     true  },
         { "/efi",                READONLY,     true  },
+#if HAVE_SPLIT_USR
+        { "/lib",                READONLY,     true  },
+        { "/lib64",              READONLY,     true  },
+        { "/bin",                READONLY,     true  },
+        { "/sbin",               READONLY,     true  },
+#endif
 };
 
 /* ProtectSystem=full includes ProtectSystem=yes */
@@ -156,6 +162,12 @@ static const MountEntry protect_system_full_table[] = {
         { "/boot",               READONLY,     true  },
         { "/efi",                READONLY,     true  },
         { "/etc",                READONLY,     false },
+#if HAVE_SPLIT_USR
+        { "/lib",                READONLY,     true  },
+        { "/lib64",              READONLY,     true  },
+        { "/bin",                READONLY,     true  },
+        { "/sbin",               READONLY,     true  },
+#endif
 };
 
 /*