[release-notes] Adding PrivateDevices and PrivateNetwork to System Daemons
pbokoc
pbokoc at fedoraproject.org
Mon Oct 13 17:16:15 UTC 2014
commit 1f85cf3b65ef357eab6e08b3ad21606b85f2eec9
Author: Petr Bokoc <pbokoc at redhat.com>
Date: Mon Oct 13 18:39:16 2014 +0200
Adding PrivateDevices and PrivateNetwork to System Daemons
en-US/System_Daemons.xml | 22 ++++++++++++++++++++++
1 files changed, 22 insertions(+), 0 deletions(-)
---
diff --git a/en-US/System_Daemons.xml b/en-US/System_Daemons.xml
index 3808a6d..faf73b7 100644
--- a/en-US/System_Daemons.xml
+++ b/en-US/System_Daemons.xml
@@ -64,5 +64,27 @@
</para>
</section>
+ <section id="sect-systemd-privatedevices-privatenetwork">
+ <title>Systemd PrivateDevices and PrivateNetwork</title>
+ <para>
+ Two new security-related options are now being used by <systemitem>systemd</systemitem> for long-running services which do not require access to physical devices or the network:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The <option>PrivateDevices</option> setting, when set to "yes", provides a private, minimimal <filename class="directory">/dev</filename> that does not include physical devices. This allows long-running services to have limited access, increasing security.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The <option>PrivateNetwork</option> setting, when set to "yes", provides a private network with only a loopback interface. This allows long-running services that do not require network access to be cut off from the network.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ For details about this change, see the <ulink url="https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork">PrivateDevices and PrivateNetwork Wiki page</ulink>.
+ </para>
+ </section>
+
</section>
More information about the docs-commits
mailing list