tag | 5a7886c4fde182d10aaa5e1c4e35f7fac8633ef2 | |
---|---|---|
tagger | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | Wed Sep 02 12:12:15 2020 +0200 |
object | dc2e82af332b39a2dc615b5f29220df22dfe4e77 |
systemd-stable v246.4 -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXCUbX8VOsvgPQHqqxUyjNs/rVX4FAl9Pb/8ACgkQxUyjNs/r VX40xA/+LpwwLyPLMQ8AhCO6Gd3BkGKuH9TsrTlJDCIwIHrpulQImrvIPsbB8EWx do7axaQw8TqV5yemsjJVqX9iilNiyQ2RrNwkYWOA+QkKyqz8IwZAguhnUaMEFbSb AmfHLidt9IE2gM8AeONZ5cL9v2QMQig5c/dM2rKfsz5NU//PhJMLZ3ZyURn/0+SY wczFRikKRP3V6QOyaMmPmOM88m2Us20N1wRTWvhN4rhmzoI8t3jkMjFEjGHQhPdu +ypFQPjvTh99fs3BBBVhvbtA/k0Vf4YuBTioRSL9fZ7cV30rkPf135bjRDWTZc93 zCEtcjE6YusD7O1EYbpm0/kt6qgzsNZ4inlW6oba2QYI0Llp3PWrUKooYJJ9XWqx xYh/LTOUzqTkSZPTx+509kSqxZUEwuX6LBQSR1LF7LCBKdFDHgqJLqyh4GWbplsz sw5ODaChJ3i0nctgEWDR5vDdvWWsg2obG8ZxtOhYgWhQU7MAtjkJ/PhIlIWW6FW+ 74aP2LyUTlISJasPFQQkmEVnjXZRkJlUAGCnBOkSCjUZBVsIA4kRb7jB1lO9kk5H 9qLWXw/qvkSWauP+p0j7NcbRC2Xn1aCi8xgE1HKaAWXI2u5AaGh81BGDng8Neekb BxSQ7msRe8XypU9L9K9f5HGilL5N+5tbszhE5m7j7eLA7bMp5hs= =E8+h -----END PGP SIGNATURE-----
commit | dc2e82af332b39a2dc615b5f29220df22dfe4e77 | [log] [download] |
---|---|---|
author | Lennart Poettering <lennart@poettering.net> | Wed Aug 19 17:42:33 2020 +0200 |
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | Wed Sep 02 11:49:08 2020 +0200 |
tree | 916da1703823c3214b467dcb65c1614311afa667 | |
parent | 0b3c497347028bbcc3c6f911967c205b6d0f275f [diff] |
core: create per-user inaccessible node from the service manager Previously, we'd create them from user-runtime-dir@.service. That has one benefit: since this service runs privileged, we can create the full set of device nodes. It has one major drawback though: it security-wise problematic to create files/directories in directories as privileged user in directories owned by unprivileged users, since they can use symlinks to redirect what we want to do. As a general rule we hence avoid this logic: only unpriv code should populate unpriv directories. Hence, let's move this code to an appropriate place in the service manager. This means we lose the inaccessible block device node, but since there's already a fallback in place, this shouldn't be too bad. (cherry picked from commit 3242980582d501ec2adbcc0f794c7161056812e8)
System and Service Manager
Most documentation is available on systemd's web site.
Assorted, older, general information about systemd can be found in the systemd Wiki.
Information about build requirements is provided in the README file.
Consult our NEWS file for information about what's new in the most recent systemd versions.
Please see the Hacking guide for information on how to hack on systemd and test your modifications.
Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.
When preparing patches for systemd, please follow our Coding Style Guidelines.
If you are looking for support, please contact our mailing list or join our IRC channel.
Stable branches with backported patches are available in the stable repo.