Re: bind-mount of /run/systemd for chrooted bind9/named

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Jul 10, 2023 at 12:11:01PM +0200, Lennart Poettering wrote:
> ProtectHome= protects /home/, nothing else. Hence you can use it, and
> it should not collide with bind's use of the home dir, because it's
> not in /home.
> 
> Actually, correcting myself: use ReadOnlyBindPaths= for this. clients
> cann still connect to sockets on read-only fs just fine, but you take
> the privs away to chmod() or chown() the inode that way. So you get
> another line of defense that way.

Thank you, all my questions are answered for the time being. Your help
is appreciated.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux