core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules= - systemd

diff options

author	Djalal Harouni <tixxdz@opendz.org>	2016-10-12 14:11:16 +0200
committer	Djalal Harouni <tixxdz@opendz.org>	2016-10-12 14:11:16 +0200
commit	c575770b75b6cd15684fbacd249147bf5fd6ead7 (patch)
tree	1dbde008e50d9ab2780168dd26ead86a762959dc /src/test/test-socket-util.c
parent	doc: minor hint about InaccessiblePaths= in regard of ProtectKernelTunables= (diff)
download	systemd-c575770b75b6cd15684fbacd249147bf5fd6ead7.tar.xz systemd-c575770b75b6cd15684fbacd249147bf5fd6ead7.zip

core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules=

Lets go further and make /lib/modules/ inaccessible for services that do not have business with modules, this is a minor improvment but it may help on setups with custom modules and they are limited... in regard of kernel auto-load feature. This change introduce NameSpaceInfo struct which we may embed later inside ExecContext but for now lets just reduce the argument number to setup_namespace() and merge ProtectKernelModules feature.

Diffstat (limited to 'src/test/test-socket-util.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: