projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 453cb5d) | patch
core: verify WorkingDirectory= is outside of API VFS only under mount namespacing
authorMike Yuan <me@yhndnzj.com>
Sun, 23 Jun 2024 16:12:33 +0000 (18:12 +0200)
committerMike Yuan <me@yhndnzj.com>
Mon, 24 Jun 2024 14:01:07 +0000 (16:01 +0200)
commit276bd392ecdd6febaeac82e7d6f46a035826f98d
tree287470f002aaa64d3f38b29ee2906b8eb773ac6atree | snapshot
parent453cb5d01e587ff6d9fa426397c0d1b858f8f832commit | diff
core: verify WorkingDirectory= is outside of API VFS only under mount namespacing

The purpose of the check is to prevent leaking API VFS fds
from host into a mount namespace/container. When mountns
is not used at all, the check is pointless and causes
inconvenience. E.g. file managers might need to be spawned
under those directories, and they surely won't run in mountns.

Suggested in https://github.com/systemd/systemd/pull/33454#issuecomment-2186351467
Fixes #33361
src/core/dbus-execute.c diff | blob | history
src/core/load-fragment.c diff | blob | history
src/core/unit.c diff | blob | history
https://github.com/systemd/systemd.git