Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   portablectl    ( 1 )

прикрепляйте, отсоединяйте или проверяйте портативные сервисные образы (Attach, detach or inspect portable service images)

  Name  |  Synopsis  |  Description  |  Commands  |  Options  |  Files  |    Profiles    |  Exit  |  Environment  |  See also  |

Профили (Profiles)

When portable service images are attached a "profile" drop-in is linked in, which may be used to enforce additional security (and other) restrictions locally. Four profile drop-ins are defined by default, and shipped in /usr/lib/systemd/portable/profile/. Additional, local profiles may be defined by placing them in /etc/systemd/portable/profile/. The default profiles are:

Table 2. Profiles ┌──────────┬──────────────────────────┐ │Name Description │ ├──────────┼──────────────────────────┤ │default │ This is the default │ │ │ profile if no other │ │ │ profile name is set via │ │ │ the --profile= (see │ │ │ above). It's fairly │ │ │ restrictive, but should │ │ │ be useful for common, │ │ │ unprivileged system │ │ │ workloads. This includes │ │ │ write access to the │ │ │ logging framework, as │ │ │ well as IPC access to │ │ │ the D-Bus system. │ ├──────────┼──────────────────────────┤ │nonetwork │ Very similar to default, │ │ │ but networking is turned │ │ │ off for any services of │ │ │ the portable service │ │ │ image. │ ├──────────┼──────────────────────────┤ │strict │ A profile with very │ │ │ strict settings. This │ │ │ profile excludes IPC │ │ │ (D-Bus) and network │ │ │ access. │ ├──────────┼──────────────────────────┤ │trusted │ A profile with very │ │ │ relaxed settings. In │ │ │ this profile the │ │ │ services run with full │ │ │ privileges. │ └──────────┴──────────────────────────┘

For details on these profiles and their effects see their precise definitions, e.g. /usr/lib/systemd/portable/profile/default/service.conf and similar.