F21 System Wide Change: PrivateDevices=yes and PrivateNetwork=yes For Long-Running Services
Reindl Harald
h.reindl at thelounge.net
Wed Mar 26 15:30:26 UTC 2014
Am 26.03.2014 16:28, schrieb Bill Nottingham:
> Jaroslav Reznik (jreznik at redhat.com) said:
>> = Proposed System Wide Change: PrivateDevices=yes and PrivateNetwork=yes For
>> Long-Running Services =
>> https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork
>>
>> Change owner(s): Lennart Poettering <lennart at poettering dot net>, Dan
>> Walsh, Kay Sievers
>>
>> Let's make Fedora more secure by default! Recent systemd versions provide two
>> per-service switches PrivateDevices=yes/no and PrivateNetwork=yes/no which
>> enable services to run without access to any physical devices in /dev, or
>> without access to kind of network sockets. So far this has seen little use in
>> Fedora, and with this Fedora Change we'd like to change this, and enable these
>> for all long-running services that do not require device/network access.
>
> Can you define 'recent' here? While we wouldn't want to change the behavior
> of existing F20 or earlier services, it would be worthwhile to know if
> packages built for EPEL 7 could/should use this feature as well
i just tried on F20 and "PrivateDevices" is not known
sadly because i have some services in mind where i would like that
Mär 26 15:51:55 testserver.rhsoft.net systemd[1]: [/usr/lib/systemd/system/httpd.service:15] Unknown lvalue
'PrivateDevices' in section 'Service'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140326/9f1579b0/attachment.sig>
More information about the devel
mailing list