summaryrefslogtreecommitdiff
path: root/man/sd_watchdog_enabled.xml
diff options
context:
space:
mode:
authorMartin Pitt <martin.pitt@ubuntu.com>2014-11-20 14:37:08 +0100
committerLennart Poettering <lennart@poettering.net>2014-11-21 00:34:26 +0100
commit797e7a51cdfb23fa1b90b0a0ea2d5c1c83a739e1 (patch)
treef4efc0322171aa6da9a87a390af2110b28c1ca02 /man/sd_watchdog_enabled.xml
parent1fc5560911a7e9e8cf2993e17e1f0a001e148809 (diff)
tmpfiles.d: Create /var/lib/containers
Create /var/lib/containers so that it exists with an appropriate mode. We want 0700 by default so that users on the host aren't able to call suid root binaries in the container. This becomes a security issue if a user can enter a container as root, create a suid root binary, and call that from the host. (This assumes that containers are caged by mandatory access control or are started as user).
Diffstat (limited to 'man/sd_watchdog_enabled.xml')
0 files changed, 0 insertions, 0 deletions