F21 System Wide Change: PrivateDevices=yes and PrivateNetwork=yes For Long-Running Services
Stephen Gallagher
sgallagh at redhat.com
Wed Mar 26 17:43:48 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/26/2014 10:06 AM, Jaroslav Reznik wrote:
<snip>
> Note that PrivateNetwork=yes should not be used for:
>
> 1. Services that actually require network access (with the
> exception of daemons only needing socket activation) 2. Services
> which may be used to execute arbitrary user or administrator
> supplied programs. (see above) 3. Services which might need to
> resolve non-system user and group names. Since on some setups
> resolving non-system users might require network access to an LDAP
> or NIS server, enabling this option on might break resolving of
> these user names. Note however that system users/groups are always
> resolvable even without network access. Hence it is safe to enable
> this option for daemons which just need to resolve their own system
> user or group name.
This may not be a safe statement to make. I personally know of a great
many deployments where admins have removed the local accounts for
their services and instead rely on LDAP accounts. (This is mostly to
guarantee that the file ownership of these services is the same user
on all systems, which they may not be if the local account was created
using the 'get-next-free-id' approach).
We'd need to think very hard about whether any service should have
this turned on by default. If we *do* enable it by default, we should
also carefully document how to turn it off for those services if they
rely on centrally-managed accounts.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlMzEdQACgkQeiVVYja6o6NopwCeKvVcDmpNpMu8UWfytTrW8KXJ
ym8Anj/+pqO9e7pg3/pNfwMYq95DiWSd
=HBVJ
-----END PGP SIGNATURE-----
More information about the devel
mailing list