diff options
author | Darrick J. Wong <darrick.wong@oracle.com> | 2018-04-12 10:34:11 -0500 |
---|---|---|
committer | Eric Sandeen <sandeen@redhat.com> | 2018-04-12 10:34:11 -0500 |
commit | e4e022f9db759b5e45ff08974b12e050d5f4f769 (patch) | |
tree | cefd5e933c73b86f15e86b134b9948af3e0d73c3 | |
parent | 3dd91472fd17dfbe7b431e9518f0659fb175602e (diff) | |
download | xfsprogs-dev-e4e022f9db759b5e45ff08974b12e050d5f4f769.tar.gz |
xfs_scrub: disable private /tmp for scrub service
Don't make /tmp private when invoking xfs_scrub as a service, because
/tmp might contain or itself be an xfs filesystem mountpoint.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
-rw-r--r-- | scrub/xfs_scrub@.service.in | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/scrub/xfs_scrub@.service.in b/scrub/xfs_scrub@.service.in index c14f8138fd..56acea6712 100644 --- a/scrub/xfs_scrub@.service.in +++ b/scrub/xfs_scrub@.service.in @@ -9,7 +9,8 @@ WorkingDirectory=%I PrivateNetwork=true ProtectSystem=full ProtectHome=read-only -PrivateTmp=yes +# Disable private /tmp just in case %i is a path under /tmp. +PrivateTmp=no AmbientCapabilities=CAP_SYS_ADMIN CAP_FOWNER CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_SYS_RAWIO NoNewPrivileges=yes User=nobody |