[systemd-devel] systemd-tmpfiles, unsafe path transitions
Adrian Vovk
adrianvovk at gmail.com
Fri Mar 28 02:22:24 UTC 2025
Hello,
Isn't there UID mapping support for this purpose? For that specific NFS
mount, you could map whatever UID it is to UID 0
Best,
Adrian
On Thu, Mar 27, 2025, 15:03 James Muir (jamesmui) <jamesmui at cisco.com>
wrote:
> > > Is there a conf option or an environment variable I can use to disable
> the unsafe path transition check?
>
> >
>
> > No there is not. It's a security hole what you are doing there...
>
> >
>
> > > Failing that, is there a way I can change the ownership
> systemd-tmpfiles sees?
>
> >
>
> > Why not just fix the ownership of the root inode? i.e. actually fix
>
> > the original problem that causes the message to show?
>
>
>
> The root filesystem is mounted read-only because the nfs server only
> allows read-only exports (i.e. "ro").
>
>
>
> So, "chown root:root /" does not work on the client.
>
>
>
> And on the server, I do not have root access.
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250327/dac8137e/attachment.htm>
More information about the systemd-devel
mailing list