Re: systmd-analyze security as a release goal

[Andrey Rakhmatullin]

On Mon, Jul 03, 2023 at 11:40:18PM +0200, Marco d'Itri wrote:
> This is a good example of what an almost fully sandboxed service looks 
> like:
> 
> https://salsa.debian.org/md/rpki-client/-/blob/master/debian/rpki-client.service
Cool but looks like a lot of work. Is it possible to do this without
applying the flags one by one and testing the result? Is it easier to
start with applying all of them and then looking what needs to be
disabled?