Am 31.01.2018 um 16:35 schrieb Daniel Stirnimann:
that don't change the fact that from that moment on all protections for
*that* service are gone while with layered security and
systemd-hardening are still in place
Where is the layered security if you disable for e.g. systems-hardening
for a service? I don't understand your argument. If you don't want to
loose the security provided by the hardening, then you should not
disable it but fix it
what exactly do you not understand?
they guy i repsonded to said with SELinux the hardening options for
systemd are not required and i explained that they are anyways a good
idea and why - not more and not less
"That does not mean they are not useful, but most of them are
irrelevant with SELinux in enforcing mode. We want all Fedora users to
run in enforcing mode, especially on servers" was so far OK because it
statet them as still useful
"Especially restricting path access does not make sense with SELinux. It
is much more powerful and is already used" is nonsense because when you
set SELInux global or for the specific service to permissive there is
nothing powerful left because SELinux was for that case your only
security layer you just disabled
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
