From 40cedc85f61b0cb7d0715d05d0907f98e430de45 Mon Sep 17 00:00:00 2001
From: Benjamin Gilbert <benjamin.gilbert@coreos.com>
Date: Fri, 28 Jul 2017 22:41:53 -0700
Subject: [PATCH] coreos-base/oem-vmware: enable PrivateTmp for vmtoolsd

It would have mitigated CVE-2015-5191 and might again be useful in the
future.
---
 .../coreos-base/oem-vmware/files/units/vmtoolsd.service          | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vmware/files/units/vmtoolsd.service b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vmware/files/units/vmtoolsd.service
index 0cc3af343c..85efdeb719 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vmware/files/units/vmtoolsd.service
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-vmware/files/units/vmtoolsd.service
@@ -7,6 +7,7 @@ ConditionVirtualization=vmware
 ExecStartPre=/usr/bin/ln -sfT /usr/share/oem/vmware-tools /etc/vmware-tools
 ExecStart=/usr/share/oem/bin/vmtoolsd
 TimeoutStopSec=5
+PrivateTmp=true
 
 [Install]
 WantedBy=multi-user.target