PR#13: post: Neuter all systemd PrivateTmp= and Protect(Home|System) - fedora-atomic

fedora-atomic

#13 post: Neuter all systemd PrivateTmp= and Protect(Home|System)

Closed 7 years ago by walters. Opened 7 years ago by walters.

systemd-privatetmp into f25

post: Neuter all systemd PrivateTmp= and Protect(Home|System)

Colin Walters • 7 years ago

82cdd1f

treecompose-post.sh

file modified

		`@@ -5,6 +5,9 @@`
		`# Work around https://bugzilla.redhat.com/show_bug.cgi?id=1265295`
		`echo 'Storage=persistent' >> /etc/systemd/journald.conf`

		`+ # Work around https://github.com/systemd/systemd/issues/4082`
		`+ find /usr/lib/systemd/system/ -type f -exec sed -i -e '/^PrivateTmp=/d' -e '/^Protect$Home\\|System$=/d' {} \;`
		`+`
		`# See: https://bugzilla.redhat.com/show_bug.cgi?id=1051816`
		`KEEPLANG=en_US`
		`find /usr/share/locale -mindepth 1 -maxdepth 1 -type d -not -name "${KEEPLANG}" -exec rm -rf {} +`

walters commented 7 years ago

See https://github.com/systemd/systemd/issues/4082 for the root
of this (mounts not following symlinks).

For Protect(Home|System), for the most part this is unnecessary
with ostree (we already have a ro bind mount over /usr). And
unfortunately it doesn't cover /sysroot.

Anyways, at some point we'll revisit the systemd Protect*, but
for now let's have the current system boot.