nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

privileged: Don't isolate /var/tmp/ for privileged daemon

Browse Source 
- Files from web service are uploaded to /var/tmp/ directory. They need to
accessible to privileged daemon to that it can move them to a target location.
So, if /var/tmp is isolated for privileged daemon, it can't see those files as a
separate tmpfs filesystem is mounted on that folder.

- Ideally, we should have PrivateTmp=yes and
JoinsNameSpacesOf=freedombox-privileged.service set on plinth.service. However,
this requires further changes to the way developer execution is done command
line. This is done in future.

Tests:

- Uploading a backup works.

- Uploading a kiwix archive works.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
This commit is contained in:
Sunil Mohan Adapa 2025-09-03 08:23:25 -07:00 committed by Veiko Aasa
parent 1ba31e32f3
commit 4140d3b444
No known key found for this signature in database
GPG Key ID: 478539CAE680674E
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
data/usr/lib/systemd/system/freedombox-privileged.service
View File

@ -13,7 +13,8 @@ TimeoutSec=300s
User=root
Group=root
NotifyAccess=main
PrivateTmp=yes
# Uploaded files in /var/tmp/ are shared with FreedomBox web service.
#PrivateTmp=yes
Restart=on-failure
# Don't restart too fast
RestartSec=1