diff options
author | Jan Synacek <jsynacek@redhat.com> | 2018-05-15 09:24:20 +0200 |
---|---|---|
committer | The Plumber <50238977+systemd-rhel-bot@users.noreply.github.com> | 2021-08-06 12:23:28 +0200 |
commit | d77095927682f5a6921d3825256743eb8f5e6e1b (patch) | |
tree | f00dd53d8eeab67ac794e3689abba449d27777bf | |
parent | ddf558cda4afe6b81586887bcbb8d0ea376c7e71 (diff) | |
download | systemd-d77095927682f5a6921d3825256743eb8f5e6e1b.tar.gz |
Avoid /tmp being mounted as tmpfs without the user's will
Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
adds an After relationship.
RHEL-only
Resolves: #1959826
(cherry picked from commit f58c5ced373c2532b5cc44ba2e0c3a28b41472f2)
-rw-r--r-- | src/core/unit.c | 7 | ||||
-rw-r--r-- | units/basic.target | 3 |
2 files changed, 3 insertions, 7 deletions
diff --git a/src/core/unit.c b/src/core/unit.c index 30afd5a776..d9cd0c229a 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -1266,12 +1266,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { } if (c->private_tmp) { - - /* FIXME: for now we make a special case for /tmp and add a weak dependency on - * tmp.mount so /tmp being masked is supported. However there's no reason to treat - * /tmp specifically and masking other mount units should be handled more - * gracefully too, see PR#16894. */ - r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE); + r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE); if (r < 0) return r; diff --git a/units/basic.target b/units/basic.target index d8cdd5ac14..9eae0782a2 100644 --- a/units/basic.target +++ b/units/basic.target @@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount # require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as # we support that unit being masked, and this should not be considered an error. RequiresMountsFor=/var /var/tmp -Wants=tmp.mount +# RHEL-only: Disable /tmp on tmpfs. +#Wants=tmp.mount |