From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> Don't make /tmp private when invoking xfs_scrub as a service, because /tmp might contain or itself be an xfs filesystem mountpoint. Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> --- v2: add a comment explaining why we turned it off --- scrub/xfs_scrub@xxxxxxxxxxx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scrub/xfs_scrub@xxxxxxxxxxx b/scrub/xfs_scrub@xxxxxxxxxxx index c14f813..56acea6 100644 --- a/scrub/xfs_scrub@xxxxxxxxxxx +++ b/scrub/xfs_scrub@xxxxxxxxxxx @@ -9,7 +9,8 @@ WorkingDirectory=%I PrivateNetwork=true ProtectSystem=full ProtectHome=read-only -PrivateTmp=yes +# Disable private /tmp just in case %i is a path under /tmp. +PrivateTmp=no AmbientCapabilities=CAP_SYS_ADMIN CAP_FOWNER CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_SYS_RAWIO NoNewPrivileges=yes User=nobody -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
