projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3f81516) | patch
core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1
authorLennart Poettering <lennart@poettering.net>
Thu, 25 Aug 2016 14:12:46 +0000 (16:12 +0200)
committerDjalal Harouni <tixxdz@opendz.org>
Sun, 25 Sep 2016 08:42:18 +0000 (10:42 +0200)
commit63bb64a056113d4be5fefb16604accf08c8c204a
treede25d811ab238a0d1ad3509ffb2ffd7a1f897259tree | snapshot
parent3f815163ff8fdcdbd329680580df36f94e15325dcommit | diff
core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1

Let's make sure that services that use DynamicUser=1 cannot leave files in the
file system should the system accidentally have a world-writable directory
somewhere.

This effectively ensures that directories need to be whitelisted rather than
blacklisted for access when DynamicUser=1 is set.
man/systemd.exec.xml diff | blob | history
src/core/unit.c diff | blob | history
Domain: System / System Framework;