execute: filter low-level I/O syscalls if PrivateDevices= is set - ~lukeshu/systemd - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Lennart Poettering <lennart@poettering.net>	2016-08-26 16:39:04 +0200
committer	Djalal Harouni <tixxdz@opendz.org>	2016-09-25 10:52:57 +0200
commit	ba128bb809cc59ca60db65f0c09bd7f48876fa83 (patch)
tree	23f06555364d0088541890e3e185d8367a2b7577 /TODO
parent	1ecdba149bab8346b611e2ccacfe66e58a7b863c (diff)

execute: filter low-level I/O syscalls if PrivateDevices= is set

If device access is restricted via PrivateDevices=, let's also block the various low-level I/O syscalls at the same time, so that we know that the minimal set of devices in our virtualized /dev are really everything the unit can access.

Diffstat (limited to 'TODO')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: