Michael Biebl wrote: > Am 10.07.19 um 07:12 schrieb Trent W. Buck: > > > "systemd-analyze security systemd-resolved" claims for that > > PrivateTmp= "does not apply", though it clearly does. > > I guess this is the essence of the bug report then and the bug report > should be retitled something like this: > > systemd-analyze security incorrectly claims that PrivateTmp=yes does not > apply to services using DefaultDependencies=no > > Did I get you correctly?
I think so, yes. I didn't understand at first, and maybe I still don't. I think PrivateTmp=yes can be used for units with DefaultDependencies=no, but not for units that are needed (directly or indirectly) to mount /var/tmp or /tmp. Maybe a quick fix is to change Service runs in special boot phase, option does not apply to Service runs in special boot phase, option is not recommended