Michael Biebl wrote:
> Am 10.07.19 um 07:12 schrieb Trent W. Buck:
>
> > "systemd-analyze security systemd-resolved" claims for that
> > PrivateTmp= "does not apply", though it clearly does.
>
> I guess this is the essence of the bug report then and the bug report
> should be retitled something like this:
>
> systemd-analyze security incorrectly claims that PrivateTmp=yes does not
> apply to services using DefaultDependencies=no
>
> Did I get you correctly?
I think so, yes.
I didn't understand at first, and maybe I still don't.
I think PrivateTmp=yes can be used for units with DefaultDependencies=no,
but not for units that are needed (directly or indirectly) to mount /var/tmp or
/tmp.
Maybe a quick fix is to change
Service runs in special boot phase, option does not apply
to
Service runs in special boot phase, option is not recommended
