diff options
author | Martin Pitt <martin.pitt@ubuntu.com> | 2014-11-20 14:37:08 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-11-21 00:34:26 +0100 |
commit | 797e7a51cdfb23fa1b90b0a0ea2d5c1c83a739e1 (patch) | |
tree | f4efc0322171aa6da9a87a390af2110b28c1ca02 /man/sd_watchdog_enabled.xml | |
parent | 1fc5560911a7e9e8cf2993e17e1f0a001e148809 (diff) |
tmpfiles.d: Create /var/lib/containers
Create /var/lib/containers so that it exists with an appropriate mode. We want
0700 by default so that users on the host aren't able to call suid root
binaries in the container. This becomes a security issue if a user can enter a
container as root, create a suid root binary, and call that from the host.
(This assumes that containers are caged by mandatory access control or are
started as user).
Diffstat (limited to 'man/sd_watchdog_enabled.xml')
0 files changed, 0 insertions, 0 deletions