If I globally disable filesystem access to home (i.e. filesystems=!home;
), and an app declared that it needs home/some-dir
, do I need to explicitly prevent access or do my global settings take precedence?
If I globally disable filesystem access to home (i.e. filesystems=!home;
), and an app declared that it needs home/some-dir
, do I need to explicitly prevent access or do my global settings take precedence?
home/some-dir takes precedence.
More specific rules overrule general rules.
So I need to go look at what filesystem each app is requesting and manually disable that on top of disabling home access entirely? What’s the point of being able to do
filesystem=!home
in the global config?