Michael Biebl wrote:
> Am 10.07.19 um 07:12 schrieb Trent W. Buck:
>
> > "systemd-analyze security systemd-resolved" claims for that
> > PrivateTmp= "does not apply", though it clearly does.
>
> I guess this is the essence of the bug report then and the bug report
> should be retitled something l
Am 10.07.19 um 07:12 schrieb Trent W. Buck:
> "systemd-analyze security systemd-resolved" claims for that
> PrivateTmp= "does not apply", though it clearly does.
I guess this is the essence of the bug report then and the bug report
should be retitled something like this:
systemd-analyze security
Trent W. Buck wrote:
> But I also noticed that "systemd-analyze security" says that PrivateTmp=yes
> will be ignored:
>
> # SYSTEMD_PAGER='grep apply' systemd-analyze security procps.service
> PrivateTmp= Service
> runs in special boot pha
Package: systemd
Version: 241-5
Severity: minor
After discovering "systemd-analyze security", I went around adding
systemd-level confinement to units,
e.g. remove modprobe privileges from all units that don't modprobe.
I noticed that adding PrivateTmp=yes to keyboard-setup.service and
systemd-u
4 matches
Mail list logo
