morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

portable: Set DelegateNamespaces=no for all portable profiles

Browse Source 
We don't want to delegate any namespaces to portable services, so
let's explicitly set DelegateNamespaces=no in the portable profiles.
This commit is contained in:
Daan De Meyer
2025-03-06 14:17:14 +01:00
parent 11b982053b
commit e533610375
3 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/portable/profile/default/service.conf
View File

@@ -24,6 +24,7 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
DelegateNamespaces=no
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native

1
src/portable/profile/nonetwork/service.conf
View File

@@ -22,6 +22,7 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
DelegateNamespaces=no
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native

1
src/portable/profile/strict/service.conf
View File

@@ -20,6 +20,7 @@ NoNewPrivileges=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictNamespaces=yes
DelegateNamespaces=no
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native