projects / ostree.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 391ad0e) | patch
finalize-staged: Add ProtectHome=yes and ReadOnlyPaths=/etc
authorColin Walters <walters@verbum.org>
Wed, 22 Apr 2020 14:26:23 +0000 (14:26 +0000)
committerColin Walters <walters@verbum.org>
Wed, 22 Apr 2020 14:28:33 +0000 (14:28 +0000)
commit47a3096ab8130e7306069faefeba9c02e5171d3c
treeede05126d9a1686603308084282c3824c1ff7e93tree | snapshot
parent391ad0ec214ac4065348165ee2d88c3fdb50bf82commit | diff
finalize-staged: Add ProtectHome=yes and ReadOnlyPaths=/etc

Same motivation as
https://github.com/coreos/rpm-ostree/pull/2060

I tried `InaccessiblePaths=/var` first and was very sad to find
out we have one tiny exception that breaks it.  Otherwise it'd
be so elegant.  Maybe in the future we split out that one thing
to a separate `ostree-finalized-stage-var.service` that's just
`ExecStart=/bin/rm -vf /var/.updated` and is otherwise
`ProtectSystem=strict` etc.
src/boot/ostree-finalize-staged.service diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.