projects / platform / upstream / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 48449f4)
mount-setup: change bpf mount mode to 0700 (#8334)
authorLennart Poettering <lennart@poettering.net>
Fri, 2 Mar 2018 11:55:24 +0000 (12:55 +0100)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Fri, 2 Mar 2018 11:55:24 +0000 (12:55 +0100)
After discussing with the kernel folks, we agreed to default to 0700 for
this. Better safe than sorry.

src/core/mount-setup.c patch | blob | history

diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index d050dcc..536c17b 100644 (file)
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -118,7 +118,7 @@ static const MountPoint mount_table[] = {
         { "efivarfs",    "/sys/firmware/efi/efivars", "efivarfs",   NULL,                      MS_NOSUID|MS_NOEXEC|MS_NODEV,
           is_efi_boot,   MNT_NONE                   },
 #endif
-        { "bpf",         "/sys/fs/bpf",               "bpf",        NULL,                      MS_NOSUID|MS_NOEXEC|MS_NODEV,
+        { "bpf",         "/sys/fs/bpf",               "bpf",        "mode=700",                MS_NOSUID|MS_NOEXEC|MS_NODEV,
           NULL,          MNT_NONE,                  },
 };
 
Domain: System / System Framework;