mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-26 19:53:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

sysupdated: Permit mount namespaces

Browse Source 
dissect-image tries to use mount namespaces to dissect images without
polluting the host mounts. This change allows it to do that.
This commit is contained in:
Adrian Vovk 2024-11-06 13:17:04 -05:00
parent a509603b2e
commit 31616d00ef
No known key found for this signature in database
GPG Key ID: 90A7B546533E15FB
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
units/systemd-sysupdated.service.in
View File

@ -21,7 +21,7 @@ NoNewPrivileges=yes
MemoryDenyWriteExecute=yes
ProtectHostname=yes
RestrictRealtime=yes
RestrictNamespaces=net
RestrictNamespaces=net mnt
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallFilter=@system-service @mount
SystemCallErrorNumber=EPERM