diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-08-25 16:12:46 +0200 |
---|---|---|
committer | Djalal Harouni <tixxdz@opendz.org> | 2016-09-25 10:42:18 +0200 |
commit | 63bb64a056113d4be5fefb16604accf08c8c204a (patch) | |
tree | de25d811ab238a0d1ad3509ffb2ffd7a1f897259 /man/systemd.nspawn.xml | |
parent | 3f815163ff8fdcdbd329680580df36f94e15325d (diff) |
core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1
Let's make sure that services that use DynamicUser=1 cannot leave files in the
file system should the system accidentally have a world-writable directory
somewhere.
This effectively ensures that directories need to be whitelisted rather than
blacklisted for access when DynamicUser=1 is set.
Diffstat (limited to 'man/systemd.nspawn.xml')
0 files changed, 0 insertions, 0 deletions