[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] libvirtd: Enable private /tmp under systemd.



The last intentional use of /tmp by libvirt was patched in
commit bd6083c9b; we can add an extra measure of security
by explicitly requesting that libvirtd's /tmp is not visible
to arbitrary users.  See https://bugzilla.redhat.com/782474

* daemon/libvirtd.service.in (Service): Enable PrivateTmp.
---
 daemon/libvirtd.service.in |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in
index 8f2458a..cf68440 100644
--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -17,6 +17,7 @@ ExecStart= sbindir@/libvirtd $LIBVIRTD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 # Override the maximum number of opened files
 #LimitNOFILE=2048
+PrivateTmp=true

 [Install]
 WantedBy=multi-user.target
-- 
1.7.7.6


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]