diff options
| author | aszlig <aszlig@nix.build> | 2024-05-13 00:42:48 +0200 |
|---|---|---|
| committer | aszlig <aszlig@nix.build> | 2024-05-13 00:42:48 +0200 |
| commit | 2bb1556bf4b7083d07aec9ff9144634d13fdfeb4 (patch) | |
| tree | 1c99823e29c0e577fbbd096c477010997688ac42 /pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch | |
| parent | 0d793f31de97aeb54a75e4b798f1e8c1fa3138ae (diff) | |
| parent | e4bd1e8f92371efd9b48657cc03b04a755a05f49 (diff) | |
Merge pull request #289593 (confinement + DynamicUser)
This adds support for the systemd ProtectSystem and DynamicUser options
in conjunction with the systemd-confinement module, which has been a
limitation in the initial implementation and so far has thrown assertion
errors whenever those options were enabled.
Thanks to @ju1m, we now no longer need to resort to static users.
Review for this work took a little bit longer since I wanted to be
absolutely sure that we don't introduce any new regressions, which would
involve increasing the attack surface.
In the end however, we even managed to even lower the attack surface
even more since now the confined filesystem root is now read-only even
for the root user.
Diffstat (limited to 'pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch')
0 files changed, 0 insertions, 0 deletions