Bug#931753: DefaultDependencies=no ignores PrivateTmp=yes, but honors its implied RequiresMountsFor=

Trent W. Buck trentbuck at gmail.com
Sun Jul 14 04:00:20 BST 2019


Michael Biebl wrote:
> Am 10.07.19 um 07:12 schrieb Trent W. Buck:
> 
> > "systemd-analyze security systemd-resolved" claims for that
> > PrivateTmp= "does not apply", though it clearly does.
> 
> I guess this is the essence of the bug report then and the bug report
> should be retitled something like this:
> 
> systemd-analyze security incorrectly claims that PrivateTmp=yes does not
> apply to services using DefaultDependencies=no
> 
> Did I get you correctly?

I think so, yes.
I didn't understand at first, and maybe I still don't.

I think PrivateTmp=yes can be used for units with DefaultDependencies=no,
but not for units that are needed (directly or indirectly) to mount /var/tmp or /tmp.

Maybe a quick fix is to change

    Service runs in special boot phase, option does not apply

to

    Service runs in special boot phase, option is not recommended



More information about the Pkg-systemd-maintainers mailing list