mirror of
https://github.com/morgan9e/systemd
synced 2026-04-15 00:47:10 +09:00
units: restrict hugepages fs a bit
suid binaries and device nodes should not be placed there, hence forbid it. Of all the API VFS we mount from PID 1 or via a unit file this one is the only one where we didn't add MS_NODEV/MS_NOSUID. Let's address that, since there's really no reason why device nodes or suid binaries would be placed in hugetlbfs.
This commit is contained in:
Lennart Poettering
committed by
Yu Watanabe
Yu Watanabe
parent
a02287eab3
commit
e76b3d4ed2
@@ -21,3 +21,4 @@ ConditionVirtualization=!private-users
|
||||
What=hugetlbfs
|
||||
Where=/dev/hugepages
|
||||
Type=hugetlbfs
|
||||
Options=nosuid,nodev
|
||||
|
||||
Reference in New Issue
Block a user