Am 26.03.2014 16:28, schrieb Bill Nottingham: > Jaroslav Reznik (jrez...@redhat.com) said: >> = Proposed System Wide Change: PrivateDevices=yes and PrivateNetwork=yes For >> Long-Running Services = >> https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork >> >> Change owner(s): Lennart Poettering <lennart at poettering dot net>, Dan >> Walsh, Kay Sievers >> >> Let's make Fedora more secure by default! Recent systemd versions provide >> two >> per-service switches PrivateDevices=yes/no and PrivateNetwork=yes/no which >> enable services to run without access to any physical devices in /dev, or >> without access to kind of network sockets. So far this has seen little use >> in >> Fedora, and with this Fedora Change we'd like to change this, and enable >> these >> for all long-running services that do not require device/network access. > > Can you define 'recent' here? While we wouldn't want to change the behavior > of existing F20 or earlier services, it would be worthwhile to know if > packages built for EPEL 7 could/should use this feature as well
i just tried on F20 and "PrivateDevices" is not known sadly because i have some services in mind where i would like that Mär 26 15:51:55 testserver.rhsoft.net systemd[1]: [/usr/lib/systemd/system/httpd.service:15] Unknown lvalue 'PrivateDevices' in section 'Service'
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
