What is Nostr?
scy /
npub15pc…hvce
2024-06-21 15:17:41

scy on Nostr: TIL about #systemd's TemporaryFileSystem, ProtectSystem, ProtectHome, ...

TIL about #systemd's TemporaryFileSystem, ProtectSystem, ProtectHome, InaccessiblePaths, ReadOnlyPaths and a bunch more related options, which allow you to easily set up a #chroot style environment for a service, simply by defining what directories it should have access to right there in the unit file.

Depending on what you need, you can use an allowlist-based approach using TemporaryFileSystem & ReadWritePaths, or a blocklist-based one with InaccessiblePaths.

https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html

#Linux
Author Public Key
npub15pc5vt5kqgr60g389gl4n5zzuktz8wezz76klym9ew3puy3p8clqckhvce