[libvirt] [PATCH] libvirtd: Enable private /tmp under systemd.

Eric Blake eblake at redhat.com
Mon Feb 6 21:15:33 UTC 2012


The last intentional use of /tmp by libvirt was patched in
commit bd6083c9b; we can add an extra measure of security
by explicitly requesting that libvirtd's /tmp is not visible
to arbitrary users.  See https://bugzilla.redhat.com/782474

* daemon/libvirtd.service.in (Service): Enable PrivateTmp.
---
 daemon/libvirtd.service.in |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in
index 8f2458a..cf68440 100644
--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -17,6 +17,7 @@ ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 # Override the maximum number of opened files
 #LimitNOFILE=2048
+PrivateTmp=true

 [Install]
 WantedBy=multi-user.target
-- 
1.7.7.6




More information about the libvir-list mailing list