[systemd-devel] [PATCH] Apply ProtectSystem to non-merged /usr directories

Reindl Harald h.reindl at thelounge.net
Tue Oct 21 05:59:36 PDT 2014


Am 21.10.2014 um 14:38 schrieb Simon McVittie:
> On 21/10/14 13:03, Christian Seiler wrote:
>> That is definitely a good point. Also note that /lib32 is not included
>> in the patch...
>
> lib64 is part of the Linux/x86_64 platform ABI (the exact path
> /lib64/ld-linux-x86-64.so.2 is hard-coded into every Linux/x86_64
> executable) so it cannot be considered legacy. Is there a Linux ABI
> where /lib32 has the same status? If not, then its priority is rather lower

it don't matter

after UsrMove: lib64 -> usr/lib64
so the protection of /usr works as expected

if some disto invents other dirs -> the same logic
if some distro don't follow that structure -> no protection

they can do the following in their unit-files
"ProtectSystem" is nothing more than a nice addition
"ReadOnlyDirectories" works even on old systemd versions

ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/lib64
ReadOnlyDirectories=/lib32

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20141021/e846ba29/attachment.sig>


More information about the systemd-devel mailing list