core: don't include /boot in effect of ProtectSystem=
This would otherwise unconditionally trigger any /boot autofs mount, which we probably should avoid. ProtectSystem= will now only cover /usr and (optionally) /etc, both of which cannot be autofs anyway. ProtectHome will continue to cover /run/user and /home. The former cannot be autofs either. /home could be, however is frequently enough used (unlikey /boot) so that it isn't too problematic to simply trigger it unconditionally via ProtectHome=.
This commit is contained in:
Lennart Poettering
parent
3900e5fdff
commit
5331194c12
|
|
@ -941,8 +941,7 @@
|
|||
argument or
|
||||
<literal>full</literal>. If true,
|
||||
mounts the <filename>/usr</filename>
|
||||
and <filename>/boot</filename>
|
||||
directories read-only for processes
|
||||
directory read-only for processes
|
||||
invoked by this unit. If set to
|
||||
<literal>full</literal> the
|
||||
<filename>/etc</filename> is mounted
|
||||
|
|
|
|||
|
|
@ -357,7 +357,7 @@ int setup_namespace(
|
|||
strv_length(inaccessible_dirs) +
|
||||
private_dev +
|
||||
(protect_home != PROTECT_HOME_NO ? 2 : 0) +
|
||||
(protect_system != PROTECT_SYSTEM_NO ? 2 : 0) +
|
||||
(protect_system != PROTECT_SYSTEM_NO ? 1 : 0) +
|
||||
(protect_system == PROTECT_SYSTEM_FULL ? 1 : 0);
|
||||
|
||||
if (n > 0) {
|
||||
|
|
@ -399,7 +399,7 @@ int setup_namespace(
|
|||
}
|
||||
|
||||
if (protect_system != PROTECT_SYSTEM_NO) {
|
||||
r = append_mounts(&m, protect_system == PROTECT_SYSTEM_FULL ? STRV_MAKE("/usr", "/etc", "-/boot") : STRV_MAKE("/usr", "-/boot"), READONLY);
|
||||
r = append_mounts(&m, protect_system == PROTECT_SYSTEM_FULL ? STRV_MAKE("/usr", "/etc") : STRV_MAKE("/usr"), READONLY);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue