From 9d7c50aa030ee70d507c414bb02f0add8ffa2835 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 18 May 2018 16:28:51 -0400 Subject: Tighten the security on the podman varlink socket We only want root to be allowed to access this socket. Also move socket to /run/podman directory. This requires us to drop a podman.conf tmpfiles.d file. Signed-off-by: Daniel J Walsh Closes: #806 Approved by: mheon --- Makefile | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Makefile') diff --git a/Makefile b/Makefile index a839b1ab9..3833ac78d 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,7 @@ MANDIR ?= ${PREFIX}/share/man SHAREDIR_CONTAINERS ?= ${PREFIX}/share/containers ETCDIR ?= ${DESTDIR}/etc ETCDIR_LIBPOD ?= ${ETCDIR}/crio +TMPFILESDIR ?= ${PREFIX}/lib/tmpfiles.d SYSTEMDDIR ?= ${PREFIX}/lib/systemd/system BUILDTAGS ?= seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh) $(shell hack/btrfs_installed_tag.sh) $(shell hack/ostree_tag.sh) $(shell hack/selinux_tag.sh) PYTHON ?= /usr/bin/python3 @@ -208,6 +209,7 @@ install.docker: docker-docs install.systemd: install ${SELINUXOPT} -m 644 -D contrib/varlink/io.projectatomic.podman.socket ${SYSTEMDDIR}/io.projectatomic.podman.socket install ${SELINUXOPT} -m 644 -D contrib/varlink/io.projectatomic.podman.service ${SYSTEMDDIR}/io.projectatomic.podman.service + install ${SELINUXOPT} -m 644 -D contrib/varlink/podman.conf ${TMPFILESDIR}/podman.conf uninstall: for i in $(filter %.1,$(MANPAGES)); do \ -- cgit v1.2.3-54-g00ecf