diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-03-18 17:58:19 +0100 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-03-18 17:58:19 +0100 | 
| commit | f1660f96f59dad860d39f148c3a747050d112763 (patch) | |
| tree | 6a56a7202c056b889acdd51fe3eccc0d155dceae | |
| parent | 45aee6d67ad62a651720f22e67273a692014f948 (diff) | |
core: drop CAP_MKNOD when PrivateDevices= is set
| -rw-r--r-- | man/systemd.exec.xml | 7 | ||||
| -rw-r--r-- | src/core/unit.c | 3 | 
2 files changed, 8 insertions, 2 deletions
| diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index f1bcf9b7bd..90d36f9b57 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -908,8 +908,11 @@                                  <filename>/dev/sda</filename>. This is                                  useful to securely turn off physical                                  device access by the executed -                                process. Defaults to -                                false.</para></listitem> +                                process. Defaults to false. Note that +                                enabling this option implies that +                                <constant>CAP_MKNOD</constant> is +                                removed from the capability bounding +                                set for the unit.</para></listitem>                          </varlistentry>                          <varlistentry> diff --git a/src/core/unit.c b/src/core/unit.c index 4fb0d9caaa..20b139d31b 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -2830,6 +2830,9 @@ int unit_exec_context_patch_defaults(Unit *u, ExecContext *c) {               !set_isempty(c->address_families)))                  c->no_new_privileges = true; +        if (c->private_devices) +                c->capability_bounding_set_drop |= (uint64_t) 1ULL << (uint64_t) CAP_MKNOD; +          return 0;  } | 
