152484
From c9ca30a1debbdf24ab6fcbe1aa1ec7ac5f222cb4 Mon Sep 17 00:00:00 2001
4295f9
From: Jan Synacek <jsynacek@redhat.com>
4295f9
Date: Tue, 15 May 2018 09:24:20 +0200
4295f9
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
4295f9
4295f9
Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
4295f9
adds an After relationship.
4295f9
4295f9
RHEL-only
4295f9
4295f9
Resolves: #1959826
4295f9
---
4295f9
 src/core/unit.c    | 7 +------
4295f9
 units/basic.target | 3 ++-
4295f9
 2 files changed, 3 insertions(+), 7 deletions(-)
4295f9
4295f9
diff --git a/src/core/unit.c b/src/core/unit.c
152484
index b1f1f5c82c..3a8251e2b8 100644
4295f9
--- a/src/core/unit.c
4295f9
+++ b/src/core/unit.c
152484
@@ -1280,12 +1280,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
4295f9
         }
4295f9
 
4295f9
         if (c->private_tmp) {
4295f9
-
4295f9
-                /* FIXME: for now we make a special case for /tmp and add a weak dependency on
4295f9
-                 * tmp.mount so /tmp being masked is supported. However there's no reason to treat
4295f9
-                 * /tmp specifically and masking other mount units should be handled more
4295f9
-                 * gracefully too, see PR#16894. */
4295f9
-                r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
4295f9
+                r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
4295f9
                 if (r < 0)
4295f9
                         return r;
4295f9
 
4295f9
diff --git a/units/basic.target b/units/basic.target
4295f9
index d8cdd5ac14..9eae0782a2 100644
4295f9
--- a/units/basic.target
4295f9
+++ b/units/basic.target
4295f9
@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount
4295f9
 # require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as
4295f9
 # we support that unit being masked, and this should not be considered an error.
4295f9
 RequiresMountsFor=/var /var/tmp
4295f9
-Wants=tmp.mount
4295f9
+# RHEL-only: Disable /tmp on tmpfs.
4295f9
+#Wants=tmp.mount