diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:35:19 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:35:19 +0000 |
commit | b7e8d5af06ee840cc48217ca4629cf28aeeb3c50 (patch) | |
tree | 6aa8dc840b085de50db46e2ad0725eae248fef02 /debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch | |
parent | Adding upstream version 252.22. (diff) | |
download | systemd-debian.tar.xz systemd-debian.zip |
Adding debian version 252.22-1~deb12u1.debian/252.22-1_deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch')
-rw-r--r-- | debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch new file mode 100644 index 0000000..574f44d --- /dev/null +++ b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch @@ -0,0 +1,42 @@ +From: Michael Biebl <biebl@debian.org> +Date: Fri, 5 Sep 2014 01:15:16 +0200 +Subject: Make /run/lock tmpfs an API fs + +The /run/lock directory is world-writable in Debian due to historic +reasons. To avoid user processes filling up /run, we mount a separate +tmpfs for /run/lock. As this directory needs to be available during +early boot, we make it an API fs. + +Drop it from tmpfiles.d/legacy.conf to not clobber the permissions. + +Closes: #751392 +--- + src/shared/mount-setup.c | 2 ++ + tmpfiles.d/legacy.conf.in | 1 - + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c +index 6882b62..c54e632 100644 +--- a/src/shared/mount-setup.c ++++ b/src/shared/mount-setup.c +@@ -86,6 +86,8 @@ static const MountPoint mount_table[] = { + #endif + { "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, ++ { "tmpfs", "/run/lock", "tmpfs", "mode=1777,size=5242880", MS_NOSUID|MS_NOEXEC|MS_NODEV, ++ NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate,memory_recursiveprot", MS_NOSUID|MS_NOEXEC|MS_NODEV, + cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE }, + { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV, +diff --git a/tmpfiles.d/legacy.conf.in b/tmpfiles.d/legacy.conf.in +index 4f2c0d7..fb1d6bf 100644 +--- a/tmpfiles.d/legacy.conf.in ++++ b/tmpfiles.d/legacy.conf.in +@@ -10,7 +10,6 @@ + # These files are considered legacy and are unnecessary on legacy-free + # systems. + +-d /run/lock 0755 root root - + L /var/lock - - - - ../run/lock + {% if CREATE_LOG_DIRS %} + L /var/log/README - - - - ../..{{DOC_DIR}}/README.logs |