2017-11-30 18:24 GMT+01:00 Lennart Poettering :
> On Do, 30.11.17 10:35, Mantas Mikulėnas (graw...@gmail.com) wrote:
>
>> Then I'm guessing ProtectSystem=strict overrides ReadWritePaths and makes
>> /var/log read-only...
>
> Hmm, it does? It really shouldn't.
>
> I thought
On Do, 30.11.17 10:35, Mantas Mikulėnas (graw...@gmail.com) wrote:
> Then I'm guessing ProtectSystem=strict overrides ReadWritePaths and makes
> /var/log read-only...
Hmm, it does? It really shouldn't.
I thought the issues were mostly around InaccessiblePaths= not
permitting exclusions, not
2017-11-30 16:07 GMT+01:00 Michael Biebl :
> 2017-11-30 9:35 GMT+01:00 Mantas Mikulėnas :
>> On Thu, Nov 30, 2017 at 10:31 AM, Michael Biebl wrote:
>>>
>>> 2017-11-30 6:52 GMT+01:00 Mantas Mikulėnas :
>>> > On Thu, Nov 30,
On Thu, Nov 30, 2017 at 10:31 AM, Michael Biebl wrote:
> 2017-11-30 6:52 GMT+01:00 Mantas Mikulėnas :
> > On Thu, Nov 30, 2017 at 5:27 AM, Michael Biebl wrote:
> >>
> >> Hi,
> >>
> >> today I tried to lock down the rsyslog.service that I
2017-11-30 6:52 GMT+01:00 Mantas Mikulėnas :
> On Thu, Nov 30, 2017 at 5:27 AM, Michael Biebl wrote:
>>
>> Hi,
>>
>> today I tried to lock down the rsyslog.service that I have on my system.
>>
>> For that I first created an override.conf that contained
>>
>>
On Thu, Nov 30, 2017 at 5:27 AM, Michael Biebl wrote:
> Hi,
>
> today I tried to lock down the rsyslog.service that I have on my system.
>
> For that I first created an override.conf that contained
>
> [Service]
> ProtectHome=yes
> PrivateTmp=yes
> PrivateDevices=yes
>
>
Hi,
today I tried to lock down the rsyslog.service that I have on my system.
For that I first created an override.conf that contained
[Service]
ProtectHome=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ReadWritePaths=/var/log
ReadWritePaths=/var/spool/rsyslog