projects / platform / upstream / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3c7df46)
tizen: mount /run/user/UID with noexec 01/272801/1 accepted/tizen/unified/20220328.131541 accepted/tizen/unified/20220420.135441 submit/tizen/20220325.021552 submit/tizen/20220419.035135 submit/tizen/20220419.072132
authorKarol Lewandowski <k.lewandowsk@samsung.com>
Thu, 24 Mar 2022 16:03:56 +0000 (17:03 +0100)
committerKarol Lewandowski <k.lewandowsk@samsung.com>
Thu, 24 Mar 2022 18:27:23 +0000 (19:27 +0100)
There is no point in having /run/user/UID mounted with exec, especially
that /run itself is mounted with noexec.

Change-Id: I16d46c3f3103205edf81764ca479ee0a569f90f7

src/login/user-runtime-dir.c patch | blob | history

diff --git a/src/login/user-runtime-dir.c b/src/login/user-runtime-dir.c
index 049999a..558f569 100644 (file)
--- a/src/login/user-runtime-dir.c
+++ b/src/login/user-runtime-dir.c
@@ -102,7 +102,7 @@ static int user_mkdir_runtime_path(
 
                 (void) mkdir_label(runtime_path, 0700);
 
-                r = mount("tmpfs", runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, options);
+                r = mount("tmpfs", runtime_path, "tmpfs", MS_NODEV|MS_NOSUID|MS_NOEXEC, options);
                 if (r < 0) {
                         if (!IN_SET(errno, EPERM, EACCES)) {
                                 r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", runtime_path);
Domain: System / System Framework;