[Kimchi-devel] [PATCH] [Kimchi] Do not use systemd private tmp dir
Jose Ricardo Ziviani
joserz at linux.vnet.ibm.com
Wed Apr 27 20:43:01 UTC 2016
- systemd improves daemon security by creating an isolated tmp
directory, however it breaks programs that are not yet
aware and, in Kimchi particular case, all directories created
under tmp are randomized, meaning that a possible attacker
cannot easily guess which file/dir will be created beforehand.
https://access.redhat.com/blogs/766093/posts/1976243
Signed-off-by: Jose Ricardo Ziviani <joserz at linux.vnet.ibm.com>
---
contrib/kimchid.service.fedora | 2 +-
contrib/kimchid.service.ubuntu | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/contrib/kimchid.service.fedora b/contrib/kimchid.service.fedora
index cd8e137..d7b10d2 100644
--- a/contrib/kimchid.service.fedora
+++ b/contrib/kimchid.service.fedora
@@ -4,4 +4,4 @@ After=libvirtd.service wokd.service
[Service]
Nice=0
-PrivateTmp=yes
+PrivateTmp=no
diff --git a/contrib/kimchid.service.ubuntu b/contrib/kimchid.service.ubuntu
index 1c7d63f..f865987 100644
--- a/contrib/kimchid.service.ubuntu
+++ b/contrib/kimchid.service.ubuntu
@@ -4,4 +4,4 @@ After=libvirt-bin.service wokd.service
[Service]
Nice=0
-PrivateTmp=yes
+PrivateTmp=no
--
2.7.4
More information about the Kimchi-devel
mailing list