[systemd-devel] Mount options for $XDG_RUNTIME_DIR
Leonid Isaev
lisaev at umail.iu.edu
Mon Mar 17 16:04:29 PDT 2014
Hi,
Currently, XDG_RUNTIME_DIR=/run/user/<UID> is mounted with rather
permissive, hardcoded mount options (or at least I couldn't find a documented
way of changing them). Specifically, a user is allowed to execute things from
his $XDG_RUNTIME_DIR. This effectively negates admin's ability to constrain
users, e.g. by mounting /home as noexec (I have seen this done in some
environments).
Is there a need to allow execution from $XDG_RUNTIME_DIR? And how
should one configure its mount options?
Thanks,
--
Leonid Isaev
GPG key fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140317/26cf6de7/attachment.sig>
More information about the systemd-devel
mailing list