[systemd-devel] ReadOnlyDirectories and new mounts
Reindl Harald
h.reindl at thelounge.net
Mon Apr 11 21:11:05 UTC 2016
Am 11.04.2016 um 21:22 schrieb Yuriy M. Kaminskiy:
> I have long-running service with tight restrictions:
>
> ReadOnlyDirectories=/
> ReadWriteDirectories=-/proc
> ReadWriteDirectories=-/var/lib/foobar
> ReadWriteDirectories=-/var/log/foobar
> ReadWriteDirectories=-/var/run
>
> I mounted some new directory on main system, and noticed that
> newly-mounted directories have read-write permissions inside service
> mount namespace
expected behavior like explained in the documentation
the same applies for "ReadOnlyDirectories=-/whatever" when the folder
appears after the service was started
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160411/247d15c0/attachment.sig>
More information about the systemd-devel
mailing list