[libvirt] [PATCH] libvirtd: Enable private /tmp under systemd.

Eric Blake eblake at redhat.com
Mon Feb 6 21:15:33 UTC 2012

The last intentional use of /tmp by libvirt was patched in
commit bd6083c9b; we can add an extra measure of security
by explicitly requesting that libvirtd's /tmp is not visible
to arbitrary users.  See https://bugzilla.redhat.com/782474

* daemon/libvirtd.service.in (Service): Enable PrivateTmp.
 daemon/libvirtd.service.in |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in
index 8f2458a..cf68440 100644
--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -17,6 +17,7 @@ ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 # Override the maximum number of opened files


More information about the libvir-list mailing list