Merge pull request #108028 from Mic92/confinment
systemd-confinement: use /var/empty as chroot mountpoint
This commit is contained in:
commit
8737aa9311
|
@ -105,7 +105,7 @@ in {
|
|||
wantsAPIVFS = lib.mkDefault (config.confinement.mode == "full-apivfs");
|
||||
in lib.mkIf config.confinement.enable {
|
||||
serviceConfig = {
|
||||
RootDirectory = pkgs.runCommand rootName {} "mkdir \"$out\"";
|
||||
RootDirectory = "/var/empty";
|
||||
TemporaryFileSystem = "/";
|
||||
PrivateMounts = lib.mkDefault true;
|
||||
|
||||
|
|
Loading…
Reference in a new issue