diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-08-26 16:39:04 +0200 |
---|---|---|
committer | Djalal Harouni <tixxdz@opendz.org> | 2016-09-25 10:52:57 +0200 |
commit | ba128bb809cc59ca60db65f0c09bd7f48876fa83 (patch) | |
tree | 23f06555364d0088541890e3e185d8367a2b7577 /TODO | |
parent | 1ecdba149bab8346b611e2ccacfe66e58a7b863c (diff) |
execute: filter low-level I/O syscalls if PrivateDevices= is set
If device access is restricted via PrivateDevices=, let's also block the
various low-level I/O syscalls at the same time, so that we know that the
minimal set of devices in our virtualized /dev are really everything the unit
can access.
Diffstat (limited to 'TODO')
0 files changed, 0 insertions, 0 deletions