patches and low-level development discussion
 help / color / mirror / code / Atom feed
blob 441dcc6e17193f2d7683c7d11eae5478e6c15683 1059 bytes (raw)
name: host/rootfs/etc/systemd/system.conf.d/zspectrum.conf 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

 
# SPDX-License-Identifier: CC0-1.0
# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
[Manager]
# Ensure that programs can be found iff
# they were deliberately installed by being listed
# in "packages" or "usrPackages" in host/rootfs/default.nix.
DefaultEnvironment=PATH=/usr/bin
# Spectrum OS's host does not use files that are
# setuid, setgid, or have file capabilities.
# This is equivalent to having all filesystems
# mounted with nosetuid.  This may need to change
# once SELinux starts to be used, as there may be
# programs that need to perform operations that
# SELinux should not allow their callers to perform.
# However, such programs should really be launched
# by the all-powerful init process instead.
NoNewPrivileges=yes
# Spectrum OS's host has no need for any program
# to be able to make system calls with non-native
# architectures.
SystemCallArchitectures=native
# Spectrum OS's host does not need the ability
# to compromise the kernel.  Kernel lockdown
# blocks this anyway.
CapabilityBoundingSet=~CAP_SYS_RAWIO

debug log:

solving 441dcc6e17193f2d7683c7d11eae5478e6c15683 ...
found 441dcc6e17193f2d7683c7d11eae5478e6c15683 in https://inbox.spectrum-os.org/spectrum-devel/20250904-systemd-v1-20-2a63b790a913@gmail.com/

applying [1/1] https://inbox.spectrum-os.org/spectrum-devel/20250904-systemd-v1-20-2a63b790a913@gmail.com/
diff --git a/host/rootfs/etc/systemd/system.conf.d/zspectrum.conf b/host/rootfs/etc/systemd/system.conf.d/zspectrum.conf
new file mode 100644
index 0000000000000000000000000000000000000000..441dcc6e17193f2d7683c7d11eae5478e6c15683

Checking patch host/rootfs/etc/systemd/system.conf.d/zspectrum.conf...
Applied patch host/rootfs/etc/systemd/system.conf.d/zspectrum.conf cleanly.

index at:
100644 441dcc6e17193f2d7683c7d11eae5478e6c15683	host/rootfs/etc/systemd/system.conf.d/zspectrum.conf

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://spectrum-os.org/git/crosvm
	https://spectrum-os.org/git/doc
	https://spectrum-os.org/git/mktuntap
	https://spectrum-os.org/git/nixpkgs
	https://spectrum-os.org/git/spectrum
	https://spectrum-os.org/git/ucspi-vsock
	https://spectrum-os.org/git/www

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).