Hello, Elimar Riesebieter <[email protected]> writes:
>> If you add the option ProtectSystem=yes to the service file, then the >> daemon will not have the ability to write to /usr. > > To be honest: Which daemon do you mean? I was looking at the different alsa daemons that have systemd files. >> There is no reason why it needs to write there, so enabling this >> option should not cause any problems. > > We don't have any service files in the alsa-base package. There are > three in the alsa-utils package for the use of alsactl. They are > managing to save and restore periodically the sound state to/from > /var/lib/alsa. The HOME is defined as /var/run/alsa. But none is > writing anything to /usr, though. Sorry, indeed, this should have been filed against alsa-base. Do any of these write to /home ? If not, that can also be walled off. >> This option is one of the systemd security features for systemd >> service files that was detailed in a talk[0] given by Lennart which >> details various security features you can enable in your package's >> service files. > > To be serious: Are you sure you filed the bug against the correct > package? There might be something I have overseen, but what? No, you are right, it was against the wrong package. micah -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
