Overview
Loading...
Request History
jsegitz created request
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
trenn accepted request
For me it still looks more convenient, to change this in systemd itself.
At least settings which should apply for >95-100% of our service files, which should be most of these...
Still adding, as this seems to be discussed and the way to go for probably valid reasons which are not that obvious.
Where can I look these up?
Are these SUSE specific?
Instead of auto-generating systemd attributes, it might be better to automatically do the right thing behind the scenes. I wonder whether this is the first of dozens/hundreds of systemd service file modification commits... (Note: I am one week on holidays, answer may take a while).
https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
Explains most, not sure whether this is the best way to go. Ideal would be a general hardening and only mention exceptions. This should lower amount of submitrequests. I guess we will also diverge and would have to patch mainline service files..? Sigh...
Thank you for your comments. Changing the defaults in systemd would be a missive breaking change, with this we can do this iteratively. I added a FAQ to the wiki to explain this
@a_jaeger, @msmeissn, @tabraham1, @trenn: review reminder