projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aa6dc3e) | patch
Mount all fs nosuid when NoNewPrivileges=yes
authorTopi Miettinen <toiwoton@gmail.com>
Fri, 22 Jan 2021 15:14:50 +0000 (17:14 +0200)
committerLennart Poettering <lennart@poettering.net>
Wed, 26 May 2021 15:42:39 +0000 (17:42 +0200)
commitd8e3c31bd8e307c8defc759424298175aa0f7001
tree620d60e2dadc2e7d4cc19a74c39c1373f6259d64tree | snapshot
parentaa6dc3ec337b04308a5dfe3b962fa88088b2c82ecommit | diff
Mount all fs nosuid when NoNewPrivileges=yes

When `NoNewPrivileges=yes`, the service shouldn't have a need for any
setuid/setgid programs, so in case there will be a new mount namespace anyway,
mount the file systems with MS_NOSUID.
man/systemd.exec.xml diff | blob | history
src/core/execute.c diff | blob | history
src/core/namespace.c diff | blob | history
src/core/namespace.h diff | blob | history
https://github.com/systemd/systemd.git