source-git / systemd

Clone
Source Code
GIT

5a1761 resolved: Recover missing PrivateTmp=yes and ProtectSystem=strict

1 file Authored by HATAYAMA Daisuke 4 years ago, Committed by Packit Service 4 years ago,
raw patch tree parent
1 file changed. 2 lines added. 0 lines removed.
units/systemd-resolved.service.in
file modified
+2 -0 
    resolved: Recover missing PrivateTmp=yes and ProtectSystem=strict
    
    Since the commit b61e8046ebcb28225423fc0073183d68d4c577c4,
    systemd-resolved.service often fails to start with the following message:
    
        Failed at step NAMESPACE spawning /usr/bin/mount: Read-only file system
    
    This is because dropping DynamicUser=yes dropped implicit PrivateTmp=yes and
    also implicit After=systemd-tmpfiles-setup.service, and thus
    systemd-resolved.service can start before systemd-remount-fs.service. As a
    result, mount operations associated with PrivateDevices= can be performed to
    still read-only filesystems.
    
    To fix this issue, it's better to recover PrivateTmp=yes and
    ProtectSystem=strict just as the upstream commit
    62fb7e80fcc45a1530ed58a84980be8cfafa9b3e (Revert "resolve: enable DynamicUser=
    for systemd-resolved.service").
    
    Resolves: #1810869
    
    patch_name: 0344-resolved-Recover-missing-PrivateTmp-yes-and-ProtectS.patch
    present_in_specfile: true
    location_in_specfile: 344
    squash_commits: true
file modified
+2 -0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation