mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
691edeacf2
This is a continuation of #8595 and #8599. I somehow had missed that `/etc/fstab` can be used to tell `mount` to let users mount some filesystems with preset options. This is using the full history of `mount` hardening so should be safe enough. The option `user` in `/etc/fstab` automatically disables any kind of `setuid` feature on the mounted filesystem, which is the main attack vector I know of. This works flawlessly on my local VM, so hopefully this time's the charm. (It also happens to be my third PR specifically targeted on this issue, so, who knows, it may even work.) CHANGELOG_BEGIN CHANGELOG_END |
||
---|---|---|
.. | ||
cron | ||
da-ghc-lib | ||
docker | ||
patch_bazel_windows | ||
bash-lib.yml | ||
build-unix.yml | ||
build-windows.yml | ||
build.yml | ||
check-changelog.sh | ||
clean-up.yml | ||
clear-shared-segments-macos.yml | ||
compatibility_ts_libs.yml | ||
compatibility-windows.yml | ||
compatibility.yml | ||
configure-bazel.sh | ||
copy-unix-release-artifacts.sh | ||
copy-windows-release-artifacts.sh | ||
dev-env-install.sh | ||
dev-env-push.py | ||
postgresql.conf | ||
prs.yml | ||
publish-artifactory.sh | ||
report-end.yml | ||
report-start.yml | ||
slack_user_ids | ||
tell-slack-failed.yml | ||
windows-diagnostics.ps1 |