Bug#931753: DefaultDependencies=no ignores PrivateTmp=yes, but honors its implied RequiresMountsFor=
Trent W. Buck
trentbuck at gmail.com
Sun Jul 14 04:00:20 BST 2019
Michael Biebl wrote:
> Am 10.07.19 um 07:12 schrieb Trent W. Buck:
>
> > "systemd-analyze security systemd-resolved" claims for that
> > PrivateTmp= "does not apply", though it clearly does.
>
> I guess this is the essence of the bug report then and the bug report
> should be retitled something like this:
>
> systemd-analyze security incorrectly claims that PrivateTmp=yes does not
> apply to services using DefaultDependencies=no
>
> Did I get you correctly?
I think so, yes.
I didn't understand at first, and maybe I still don't.
I think PrivateTmp=yes can be used for units with DefaultDependencies=no,
but not for units that are needed (directly or indirectly) to mount /var/tmp or /tmp.
Maybe a quick fix is to change
Service runs in special boot phase, option does not apply
to
Service runs in special boot phase, option is not recommended
More information about the Pkg-systemd-maintainers
mailing list