|
|
2aacef |
From 711aca5f4820c2345489136cbbde7428d9f9da1b Mon Sep 17 00:00:00 2001
|
|
|
aa0848 |
From: Jan Synacek <jsynacek@redhat.com>
|
|
|
aa0848 |
Date: Tue, 15 May 2018 09:24:20 +0200
|
|
|
aa0848 |
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
|
|
|
aa0848 |
|
|
|
aa0848 |
Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
|
|
|
aa0848 |
adds an After relationship.
|
|
|
aa0848 |
|
|
|
aa0848 |
RHEL-only
|
|
|
aa0848 |
|
|
|
2aacef |
Related: #2138081
|
|
|
aa0848 |
---
|
|
|
aa0848 |
src/core/unit.c | 7 +------
|
|
|
aa0848 |
units/basic.target | 3 ++-
|
|
|
aa0848 |
2 files changed, 3 insertions(+), 7 deletions(-)
|
|
|
aa0848 |
|
|
|
aa0848 |
diff --git a/src/core/unit.c b/src/core/unit.c
|
|
|
2aacef |
index d08c73613b..1fad0b0ac8 100644
|
|
|
aa0848 |
--- a/src/core/unit.c
|
|
|
aa0848 |
+++ b/src/core/unit.c
|
|
|
2aacef |
@@ -1301,12 +1301,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
|
|
|
aa0848 |
}
|
|
|
aa0848 |
|
|
|
aa0848 |
if (c->private_tmp) {
|
|
|
aa0848 |
-
|
|
|
aa0848 |
- /* FIXME: for now we make a special case for /tmp and add a weak dependency on
|
|
|
aa0848 |
- * tmp.mount so /tmp being masked is supported. However there's no reason to treat
|
|
|
aa0848 |
- * /tmp specifically and masking other mount units should be handled more
|
|
|
aa0848 |
- * gracefully too, see PR#16894. */
|
|
|
aa0848 |
- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
|
|
|
aa0848 |
+ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
|
|
|
aa0848 |
if (r < 0)
|
|
|
aa0848 |
return r;
|
|
|
aa0848 |
|
|
|
aa0848 |
diff --git a/units/basic.target b/units/basic.target
|
|
|
aa0848 |
index d8cdd5ac14..9eae0782a2 100644
|
|
|
aa0848 |
--- a/units/basic.target
|
|
|
aa0848 |
+++ b/units/basic.target
|
|
|
aa0848 |
@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount
|
|
|
aa0848 |
# require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as
|
|
|
aa0848 |
# we support that unit being masked, and this should not be considered an error.
|
|
|
aa0848 |
RequiresMountsFor=/var /var/tmp
|
|
|
aa0848 |
-Wants=tmp.mount
|
|
|
aa0848 |
+# RHEL-only: Disable /tmp on tmpfs.
|
|
|
aa0848 |
+#Wants=tmp.mount
|