Hey intri,
> 1. Use the simplest of systemd's hardening features (e.g.
> Protect{Home,System}=, Private{Devices,Tmp,Network}=,
> CapabilityBoundingSet=) to their full extend.
>
> Not many unit files we ship do that yet. Generally these
> improvements can be implemented upstream and benefit users of
> systemd on other distros :)
Indeed! :) For example, here I'm merging upstream's rather more locked
down unit file into the Debian one:
https://bugs.debian.org/871610
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
