picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Include additional directories in ProtectSystem

This commit is contained in:
Ansgar Burchardt 2014-07-24 19:38:07 +02:00 committed by Felipe Sateler
parent f6de1b02fe
commit 7486f305cd
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/core/namespace.c
View File

@ -148,6 +148,12 @@ static const MountEntry protect_system_yes_table[] = {
{ "/usr", READONLY, false },
{ "/boot", READONLY, true },
{ "/efi", READONLY, true },
#if HAVE_SPLIT_USR
{ "/lib", READONLY, true },
{ "/lib64", READONLY, true },
{ "/bin", READONLY, true },
{ "/sbin", READONLY, true },
#endif
};
/* ProtectSystem=full includes ProtectSystem=yes */
@ -156,6 +162,12 @@ static const MountEntry protect_system_full_table[] = {
{ "/boot", READONLY, true },
{ "/efi", READONLY, true },
{ "/etc", READONLY, false },
#if HAVE_SPLIT_USR
{ "/lib", READONLY, true },
{ "/lib64", READONLY, true },
{ "/bin", READONLY, true },
{ "/sbin", READONLY, true },
#endif
};
/*