summaryrefslogtreecommitdiff
path: root/src/shared/apparmor-util.h
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-08-25 16:12:46 +0200
committerDjalal Harouni <tixxdz@opendz.org>2016-09-25 10:42:18 +0200
commit63bb64a056113d4be5fefb16604accf08c8c204a (patch)
treede25d811ab238a0d1ad3509ffb2ffd7a1f897259 /src/shared/apparmor-util.h
parent3f815163ff8fdcdbd329680580df36f94e15325d (diff)
core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1
Let's make sure that services that use DynamicUser=1 cannot leave files in the file system should the system accidentally have a world-writable directory somewhere. This effectively ensures that directories need to be whitelisted rather than blacklisted for access when DynamicUser=1 is set.
Diffstat (limited to 'src/shared/apparmor-util.h')
0 files changed, 0 insertions, 0 deletions