❦ 27 février 2018 16:00 +0100, Willy Tarreau <[email protected]> :
>> I'm running this exact settings on my Debian Stretch machine using haproxy
>> 1.8.x, without issues so far.
>>
>> The first patch could cause issues for users that store their configuration
>> in /home or /root, but I consider this unlikely.
>>
>> Tim Duesterhus (2):
>> MINOR: systemd: Add SystemD's Protect*= options to the unit file
>> MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
>
> I took a look, but my systemd incompetence limited my ability to understand
> what this really does. How does systemd act to do this exactly ? I'm very
> worried that the only way it could proceed would be by running the process
> under ptrace causing a tremendous slowdown, and additionally making the
> process unobservable/undebuggable. Do you know how it proceeds
> internally ?
It uses seccomp.
--
Document your data layouts.
- The Elements of Programming Style (Kernighan & Plauger)
