diff options
Diffstat (limited to 'blog')
| -rw-r--r-- | blog/access-control.org | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/blog/access-control.org b/blog/access-control.org index 3eace82..cd84a34 100644 --- a/blog/access-control.org +++ b/blog/access-control.org @@ -18,7 +18,7 @@ Here are the directories/files it needs write access to: It also needs read-only access to some system files such as (assuming a merged-usr system): #+BEGIN_SRC - /etc/ld.so # the dynamic loader + /etc/ld.so.cache # dynamic loader cache /usr/lib{,32,64} /usr/bin/weechat # weechat executable itself /usr/share @@ -48,12 +48,13 @@ Let's see an example of how we actually do this: --tmpfs /run --tmpfs /var --tmpfs /mnt/sandbox + --ro-bind /etc/ld.so.cache /etc/ld.so.cache --ro-bind /usr /usr --ro-bind /bin /bin --ro-bind /sbin/ /sbin --ro-bind /lib /lib ) - + # handle lib32 and lib64 for some systems [[ -e /lib32 ]] && args+=(--ro-bind /lib32 /lib32) [[ -e /lib64 ]] && args+=(--ro-bind /lib64 /lib64) @@ -80,6 +81,7 @@ This isn't super useful but it shows a simple example. Now lets adapt this to ru --tmpfs /run --tmpfs /var --tmpfs /mnt/sandbox + --ro-bind /etc/ld.so.cache /etc/ld.so.cache --ro-bind /usr /usr --ro-bind /bin /bin --ro-bind /sbin/ /sbin |