I am working on restricting the permssions of user units in SystemD. One of the things that I want to do is set ProtectHome=yes (or DynamicUser=yes), but the process needs access to the .Xauthority file (as it needs to communicate with X). I attempted to use BindReadOnlyPaths=$HOME/.Xauthority but that does not appear to work, probably because it is a file, and not a directory. I suspect that the way I will have to do it, is copying the .Xauthority file into the created tmpfs, but I could not find a suitable way to do this. How would I go about doing this?
Asked
Active
Viewed 73 times
1
rhbvkleef
- 136
- 5