Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. Re: docs/pod test failures (Julien ?LIE)
2. Re: systemd integration and socket activation (Julien ?LIE)
3. Re: systemd hardening for INN (Julien ?LIE)
----------------------------------------------------------------------
Message: 1
Date: Sun, 8 Nov 2020 20:54:17 +0100
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: docs/pod test failures
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Bo,
> There are more cases of hard-coded /usr/bin/perl that might need
> the fixscript treatment too:
> contrib/mkbuf
> contrib/analyze-traffic.pl
> contrib/authmysql
> innfeed/testListener.pl
> support/mkchangelog
> support/mkmanifest
> tests/data/overview/munge-data
Thanks for the list.
These Perl scripts are not supposed to be run by regular users (contrary
to the one you mentioned, that is part of the test suite). I don't
believe changing the path to Perl interpreter will change much things
for them (except perhaps for the scripts in contrib, if used).
--
Julien ?LIE
??Sol lucet omnibus.??
------------------------------
Message: 2
Date: Sun, 8 Nov 2020 21:19:50 +0100
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: systemd integration and socket activation
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252; format=flowed
Hi Marco,
>> When integrating systemd support in INN, we'll use the portable
>> RRA_LIB_SYSTEMD_DAEMON_OPTIONAL m4 macro from rra-c-util:
>
> Sure, that was just the bare minimum to make it build. :-)
Should your patch proposal for socket activation and systemd integration
be merged into INN or do you have any improvement or bug fix since your
last commit earlier this year?
--
Julien ?LIE
??Sol lucet omnibus.??
------------------------------
Message: 3
Date: Sun, 8 Nov 2020 21:22:41 +0100
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: systemd hardening for INN
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Russ,
> I'm still testing, but in early experiments the following systemd service
> unit seems to work for starting INN while applying considerably more
> protections than the sample one included in the source tree. (This is
> using Debian package paths.)
[...]
> AmbientCapabilities=CAP_NET_BIND_SERVICE
> NoNewPrivileges=true
> PrivateDevices=true
> PrivateTmp=true
> ProtectControlGroups=true
> ProtectHome=true
> ProtectKernelModules=true
> ProtectKernelTunables=true
> ProtectSystem=full
> RuntimeDirectory=news
[...]
Any improvement since your last mail in August?
> Setting NoNewPrivileges will break most local sendmail implementations
> because they're setuid or setgid to drop off mail in the mail queue. With
> this configuration, I'm using mSMTP as the configured mta, set to forward
> mail via SMTP to localhost.
So maybe this setting should be commented out in the sample.
--
Julien ?LIE
??Ce n'est pas en tournant le dos aux choses qu'on leur fait face.??
(Pierre Dac)
------------------------------
Subject: Digest Footer
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
------------------------------
End of inn-workers Digest, Vol 125, Issue 3
*******************************************
