Package: haveged
Version: 1.9.1-3
Severity: wishlist
Hi Lunar,
I think the unit file for haveged should include DevicePolicy=closed,
reducing the impact of it having CAP_SYS_ADMIN.
I tested that here, and it works fine.
What do you think?
Best,
nicoo
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages haveged depends on:
ii init-system-helpers 1.29
ii libc62.22-5
ii libhavege1 1.9.1-3
ii lsb-base 9.20160110
haveged recommends no packages.
haveged suggests no packages.
-- no debconf information