summaryrefslogtreecommitdiff
path: root/shell-completion/bash/systemd-nspawn
diff options
context:
space:
mode:
authorDjalal Harouni <tixxdz@opendz.org>2016-10-12 14:11:16 +0200
committerDjalal Harouni <tixxdz@opendz.org>2016-10-12 14:11:16 +0200
commitc575770b75b6cd15684fbacd249147bf5fd6ead7 (patch)
tree1dbde008e50d9ab2780168dd26ead86a762959dc /shell-completion/bash/systemd-nspawn
parentac246d9868bd476297e2702e0a7ef52294f9cfa8 (diff)
core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules=
Lets go further and make /lib/modules/ inaccessible for services that do not have business with modules, this is a minor improvment but it may help on setups with custom modules and they are limited... in regard of kernel auto-load feature. This change introduce NameSpaceInfo struct which we may embed later inside ExecContext but for now lets just reduce the argument number to setup_namespace() and merge ProtectKernelModules feature.
Diffstat (limited to 'shell-completion/bash/systemd-nspawn')
0 files changed, 0 insertions, 0 deletions