Hi,
There are a bunch of sandboxing options that I am trying to enable but I got no effects when I am setting them. Below are the options that I am trying to set, but I can't seem to turn them on. LockPersonality=true MemoryDenyWriteExecute=true RestrictRealtime=true RestrictSUIDSGID=true RestrictNamespaces= SystemCallArchitectures=native #SystemCallArchitectures=option UMask=0000 #UMask=0033 I have enabled the following kernel configurations: CONFIG_NAMESPACES=y CONFIG_NET_NS=y CONFIG_USER_NS=y CONFIG_SECCOMP=y Is there anything that I am missing? Best Regards, Christopher Wong ?
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
