projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a2979bb) | patch
core: do not imply PrivateTmp with DynamicUser, create a private tmpfs instead
authorLuca Boccassi <bluca@debian.org>
Wed, 8 May 2024 19:12:57 +0000 (20:12 +0100)
committerLuca Boccassi <bluca@debian.org>
Mon, 17 Jun 2024 16:05:55 +0000 (17:05 +0100)
commit0e551b04efb911d38b586cca1a6a462c87a2cb1b
tree56e0e90964cdc2c99010de60745bcc4806ed13bbtree | snapshot
parenta2979bb842d47befcc4200f1d786767ef0fb23eccommit | diff
core: do not imply PrivateTmp with DynamicUser, create a private tmpfs instead

DynamicUser= enables PrivateTmp= implicitly to avoid files owned by reusable uids
leaking into the host. Change it to instead create a fully private tmpfs instance
instead, which also ensures the same result, since it has less impactful semantics
with respect to PrivateTmp=yes, which links the mount namespace to the host's /tmp
instead. If a user specifies PrivateTmp manually, let the existing behaviour
unchanged to ensure backward compatibility is not broken.
15 files changed:
man/systemd.exec.xml diff | blob | history
src/core/dbus-execute.c diff | blob | history
src/core/dbus-util.c diff | blob | history
src/core/dbus-util.h diff | blob | history
src/core/exec-invoke.c diff | blob | history
src/core/execute-serialize.c diff | blob | history
src/core/execute.c diff | blob | history
src/core/execute.h diff | blob | history
src/core/load-fragment-gperf.gperf.in diff | blob | history
src/core/load-fragment.c diff | blob | history
src/core/load-fragment.h diff | blob | history
src/core/namespace.c diff | blob | history
src/core/namespace.h diff | blob | history
src/core/unit.c diff | blob | history
test/units/TEST-07-PID1.exec-context.sh diff | blob | history
https://github.com/systemd/systemd.git