https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40901
--- Comment #85 from Kyle M Hall (khall) <[email protected]> --- Created attachment 199104 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199104&action=edit Bug 40901: (follow-up) Systemd hardening I think the following systemd security measures are safe for Koha: ProtectSystem=full Sets /usr & /boot to read-only ProtectHome=yes Hides /home, /root and /run/user NOTE: The hiding of /run/user through me off, but google says it's only for interactive logins only. AFAIK the only thing that does that is koha-shell which isn't a systemd thing so it is unaffected PrivateTmp=yes Private /tmp & /var/tmp NOTE: AFACT nothing in Koha shares files via /tmp which feels like it would be a bad thing to do anyway NoNewPrivileges=yes setuid binaries can't re-elevate NOTE: This feels like the most important one! Signed-off-by: Kyle M Hall <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
