mirror of
https://github.com/systemd/systemd
synced 2024-10-02 22:37:25 +00:00
units: set nodev,nosuid,noexec flags for various secondary API VFS
A couple of API VFS we mount via .mount units. Let's set the three flags for those too, just in case. This is just paranoia, nothing else, but shouldn't hurt.
This commit is contained in:
parent
60a3e982f4
commit
5cb02182fd
|
@ -20,3 +20,4 @@ ConditionCapability=CAP_SYS_ADMIN
|
|||
What=mqueue
|
||||
Where=/dev/mqueue
|
||||
Type=mqueue
|
||||
Options=nosuid,nodev,noexec
|
||||
|
|
|
@ -17,3 +17,4 @@ DefaultDependencies=no
|
|||
What=binfmt_misc
|
||||
Where=/proc/sys/fs/binfmt_misc
|
||||
Type=binfmt_misc
|
||||
Options=nosuid,nodev,noexec
|
||||
|
|
|
@ -22,3 +22,4 @@ Before=sysinit.target
|
|||
What=fusectl
|
||||
Where=/sys/fs/fuse/connections
|
||||
Type=fusectl
|
||||
Options=nosuid,nodev,noexec
|
||||
|
|
|
@ -21,3 +21,4 @@ Before=sysinit.target
|
|||
What=configfs
|
||||
Where=/sys/kernel/config
|
||||
Type=configfs
|
||||
Options=nosuid,nodev,noexec
|
||||
|
|
|
@ -20,3 +20,4 @@ Before=sysinit.target
|
|||
What=debugfs
|
||||
Where=/sys/kernel/debug
|
||||
Type=debugfs
|
||||
Options=nosuid,nodev,noexec
|
||||
|
|
Loading…
Reference in a new issue