From 9d7c50aa030ee70d507c414bb02f0add8ffa2835 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 18 May 2018 16:28:51 -0400
Subject: Tighten the security on the podman varlink socket

We only want root to be allowed to access this socket.
Also move socket to /run/podman directory.  This requires
us to drop a podman.conf tmpfiles.d file.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #806
Approved by: mheon
---
 contrib/varlink/podman.conf | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 contrib/varlink/podman.conf

(limited to 'contrib/varlink/podman.conf')

diff --git a/contrib/varlink/podman.conf b/contrib/varlink/podman.conf
new file mode 100644
index 000000000..732c15185
--- /dev/null
+++ b/contrib/varlink/podman.conf
@@ -0,0 +1 @@
+d /run/podman 0700 root root
-- 
cgit v1.2.3-54-g00ecf