summaryrefslogtreecommitdiff
path: root/rules
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2017-02-12 06:44:46 +0100
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2017-02-12 00:44:46 -0500
commit6818c54ca6663c008fad77d2677c61758c7215f5 (patch)
tree16af39cd1181b044b2968a04a2ff83a74680a115 /rules
parent963e3d8373a94af8093e3ca674452b366c12ac09 (diff)
core: skip ReadOnlyPaths= and other permission-related mounts on PermissionsStartOnly= (#5309)
ReadOnlyPaths=, ProtectHome=, InaccessiblePaths= and ProtectSystem= are about restricting access and little more, hence they should be disabled if PermissionsStartOnly= is used or ExecStart= lines are prefixed with a "+". Do that. (Note that we will still create namespaces and stuff, since that's about a lot more than just permissions. We'll simply disable the effect of the four options mentioned above, but nothing else mount related.) This also adds a test for this, to ensure this works as intended. No documentation updates, as the documentation are already vague enough to support the new behaviour ("If true, the permission-related execution options…"). We could clarify this further, but I think we might want to extend the switches' behaviour a bit more in future, hence leave it at this for now. Fixes: #5308
Diffstat (limited to 'rules')
0 files changed, 0 insertions, 0 deletions