[PATCH 2/2] paccache.service.in: Lower priority of unit
Frederik “Freso” S. Olesen
freso.dk at gmail.com
Fri Jul 9 11:09:03 UTC 2021
On Fri, Jul 09, 2021 at 11:32:18AM +0100, Morgan Adamiec via pacman-contrib wrote:
> On 09/07/2021 11:19, Frederik “Freso” S. Olesen via pacman-contrib wrote:
> > they probably need to edit the .service file anyway
>
> Why? doesn't the service just call `paccache -r` which in turns reads
> pacman.conf?
Yeah, you’re right. I forgot that CacheDir can take multiple
directories.
v2 of patch 1 changes `ProtectSystem=strict` to `ProtectSystem=full`
which removes the need to specify ReadWritePaths. It can be demoted
further to `ProtectSystem=yes` if people use /etc/… as one of the cache
directories, or removed entirely if /usr/… or /boot/… or /efi/… are
used cache paths. I guess /usr/local/… might be? /usr/local/ could be
added in as a ReadWritePaths if we want to support that while still
locking down /usr/ otherwise.
(Patch 2/2 still applies frictionlessly on top of patch 1 v2, so I
didn’t resend that.)
--
Solidarity,
Frederik “Freso” S. Olesen <https://freso.dk/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/pacman-contrib/attachments/20210709/507fbd04/attachment.sig>
More information about the pacman-contrib
mailing list