diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-12-21 10:00:06 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-12-22 10:30:35 +0900 |
| commit | 80ce8580f5aa6b03fa13a0b3b30207bc9b5c5fe0 (patch) | |
| tree | c18332bf3df4321d274a4a4775091d2bfc82644b /docs | |
| parent | e20bae24d138e96aac6d8c99a396df0a8773876e (diff) | |
| download | systemd-80ce8580f5aa6b03fa13a0b3b30207bc9b5c5fe0.tar.gz | |
dissect-image: let's lock down fstypes a bit
When we dissect images automatically, let's be a bit more conservative
with the file system types we are willing to mount: only mount common
file systems automatically.
Explicit mounts requested by admins should always be OK, but when we do
automatic mounts, let's not permit barely maintained, possibly legacy
file systems.
The list for now covers the four common writable and two common
read-only file systems. Sooner or later we might want to add more to the
list.
Also, it might make sense to eventually make this configurable via the
image dissection policy logic.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ENVIRONMENT.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index b4fa682cae..fb35300419 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -415,6 +415,10 @@ disk images with `--image=` or similar: * `$SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=sec` — takes a timespan, which controls the timeout waiting for the image to be configured. Defaults to 100 msec. +* `$SYSTEMD_DISSECT_FILE_SYSTEMS=` — takes a colon-separated list of file + systems that may be mounted for automatically dissected disk images. If not + specified defaults to something like: `ext4:btrfs:xfs:vfat:erofs:squashfs` + * `$SYSTEMD_LOOP_DIRECT_IO` – takes a boolean, which controls whether to enable LO_FLAGS_DIRECT_IO (i.e. direct IO + asynchronous IO) on loopback block devices when opening them. Defaults to on, set this to "0" to disable this |