Am 11.04.2016 um 21:22 schrieb Yuriy M. Kaminskiy:
I have long-running service with tight restrictions:
ReadOnlyDirectories=/
ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/lib/foobar
ReadWriteDirectories=-/var/log/foobar
ReadWriteDirectories=-/var/run
I mounted some new directory on main system, and noticed that
newly-mounted directories have read-write permissions inside service
mount namespace
expected behavior like explained in the documentationthe same applies for "ReadOnlyDirectories=-/whatever" when the folder appears after the service was started
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
