merge opencontainers#4428 into opencontainers/runc:main

Kir Kolyshkin (2): memfd-bind: more specific doc URL memfd-bind: fixup systemd unit file and README LGTMs: rata cyphar
lifubang · Oct 15, 2024 · 798ba5c · 798ba5c
2 parents 9112335 + 4fdd561
commit 798ba5c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/contrib/cmd/memfd-bind/README.md b/contrib/cmd/memfd-bind/README.md
@@ -25,7 +25,7 @@ The provided `[email protected]` file can be used to get systemd to manage
 this daemon. You can supply the path like so:
 
 ```
-% systemctl start memfd-bind@/usr/bin/runc
+% systemctl start memfd-bind@$(systemd-escape -p /usr/bin/runc)
 ```
 
 Thus, there are three ways of protecting against CVE-2019-5736, in order of how

diff --git a/contrib/cmd/memfd-bind/[email protected] b/contrib/cmd/memfd-bind/[email protected]
@@ -1,11 +1,11 @@
 [Unit]
-Description=Manage memfd-bind of %I
-Documentation=https://github.com/opencontainers/runc
+Description=Manage memfd-bind of %f
+Documentation=https://github.com/opencontainers/runc/blob/main/contrib/cmd/memfd-bind/README.md
 
 [Service]
 Type=simple
-ExecStart=memfd-bind "%I"
-ExecStop=memfd-bind --cleanup "%I"
+ExecStart=memfd-bind "%f"
+ExecStop=memfd-bind --cleanup "%f"
 
 [Install]
 WantedBy=multi-user.target