-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/27/2014 06:18 PM, Simo Sorce wrote:
On Thu, 2014-03-27 at 22:59 +0100, Lennart Poettering wrote:
On Wed, 26.03.14 13:43, Stephen Gallagher (sgall...@redhat.com)
wrote:
Note that PrivateNetwork=yes should not be used for:
1. Services
On Thu, 2014-03-27 at 18:18 -0400, Simo Sorce wrote:
On Thu, 2014-03-27 at 22:59 +0100, Lennart Poettering wrote:
On Wed, 26.03.14 13:43, Stephen Gallagher (sgall...@redhat.com) wrote:
Note that PrivateNetwork=yes should not be used for:
1. Services that actually require network
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/27/2014 12:30 AM, William Brown wrote:
On Wed, 2014-03-26 at 13:43 -0400, Stephen Gallagher wrote:
On 03/26/2014 10:06 AM, Jaroslav Reznik wrote:
snip
Note that PrivateNetwork=yes should not be used for:
1. Services that actually
On Thu, 2014-03-27 at 08:06 -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/27/2014 12:30 AM, William Brown wrote:
On Wed, 2014-03-26 at 13:43 -0400, Stephen Gallagher wrote:
On 03/26/2014 10:06 AM, Jaroslav Reznik wrote:
snip
Note that
2014-03-26 15:06 GMT+01:00 Jaroslav Reznik jrez...@redhat.com:
== Detailed Description ==
When PrivateDevices=yes is set in the [Service] section of a systemd service
unit file, the processes run for the service will run in a private file system
namespace
IIRC the kernel has had some issues
2014-03-26 15:06 GMT+01:00 Jaroslav Reznik jrez...@redhat.com:
== Detailed Description ==
When PrivateDevices=yes...
Furthermore, the
CAP_MKNOD capability is removed. Finally, the devices cgroup controller is
used to ensure that no access to device nodes except the listed ones is
possible.
On 03/27/2014 01:49 PM, Miloslav Trmač wrote:
2014-03-26 15:06 GMT+01:00 Jaroslav Reznik jrez...@redhat.com:
== Detailed Description ==
When PrivateDevices=yes...
Furthermore, the
CAP_MKNOD capability is removed. Finally, the devices cgroup controller is
used to ensure that no access to
2014-03-27 20:57 GMT+01:00 Daniel J Walsh dwa...@redhat.com:
On 03/27/2014 01:49 PM, Miloslav Trmač wrote:
2014-03-26 15:06 GMT+01:00 Jaroslav Reznik jrez...@redhat.com:
== Detailed Description ==
When PrivateDevices=yes...
Furthermore, the
CAP_MKNOD capability is removed. Finally, the
On 03/27/2014 04:03 PM, Miloslav Trmač wrote:
2014-03-27 20:57 GMT+01:00 Daniel J Walsh dwa...@redhat.com:
On 03/27/2014 01:49 PM, Miloslav Trmač wrote:
2014-03-26 15:06 GMT+01:00 Jaroslav Reznik jrez...@redhat.com:
== Detailed Description ==
When PrivateDevices=yes...
Furthermore, the
On Wed, 26.03.14 11:28, Bill Nottingham (nott...@splat.cc) wrote:
Jaroslav Reznik (jrez...@redhat.com) said:
= Proposed System Wide Change: PrivateDevices=yes and PrivateNetwork=yes
For
Long-Running Services =
https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork
On Wed, 26.03.14 13:43, Stephen Gallagher (sgall...@redhat.com) wrote:
Note that PrivateNetwork=yes should not be used for:
1. Services that actually require network access (with the
exception of daemons only needing socket activation) 2. Services
which may be used to execute arbitrary
On Thu, 2014-03-27 at 22:59 +0100, Lennart Poettering wrote:
On Wed, 26.03.14 13:43, Stephen Gallagher (sgall...@redhat.com) wrote:
Note that PrivateNetwork=yes should not be used for:
1. Services that actually require network access (with the
exception of daemons only needing
= Proposed System Wide Change: PrivateDevices=yes and PrivateNetwork=yes For
Long-Running Services =
https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork
Change owner(s): Lennart Poettering lennart at poettering dot net, Dan
Walsh, Kay Sievers
Let's make Fedora more secure by
Jaroslav Reznik (jrez...@redhat.com) said:
= Proposed System Wide Change: PrivateDevices=yes and PrivateNetwork=yes For
Long-Running Services =
https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork
Change owner(s): Lennart Poettering lennart at poettering dot net, Dan
Am 26.03.2014 16:28, schrieb Bill Nottingham:
Jaroslav Reznik (jrez...@redhat.com) said:
= Proposed System Wide Change: PrivateDevices=yes and PrivateNetwork=yes For
Long-Running Services =
https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork
Change owner(s): Lennart
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/26/2014 10:06 AM, Jaroslav Reznik wrote:
snip
Note that PrivateNetwork=yes should not be used for:
1. Services that actually require network access (with the
exception of daemons only needing socket activation) 2. Services
which may be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/26/2014 11:30 AM, Reindl Harald wrote:
Am 26.03.2014 16:28, schrieb Bill Nottingham:
Jaroslav Reznik (jrez...@redhat.com) said:
= Proposed System Wide Change: PrivateDevices=yes and
PrivateNetwork=yes For Long-Running Services =
Am 26.03.2014 18:52, schrieb Stephen Gallagher:
On 03/26/2014 11:30 AM, Reindl Harald wrote:
i just tried on F20 and PrivateDevices is not known sadly because
i have some services in mind where i would like that
Mär 26 15:51:55 testserver.rhsoft.net systemd[1]:
On Wed, Mar 26, 2014 at 1:59 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 26.03.2014 18:52, schrieb Stephen Gallagher:
On 03/26/2014 11:30 AM, Reindl Harald wrote:
i just tried on F20 and PrivateDevices is not known sadly because
i have some services in mind where i would like that
On Wed, 2014-03-26 at 13:43 -0400, Stephen Gallagher wrote:
On 03/26/2014 10:06 AM, Jaroslav Reznik wrote:
snip
Note that PrivateNetwork=yes should not be used for:
1. Services that actually require network access (with the
exception of daemons only needing socket activation) 2.
20 matches
Mail list logo