On Fri, 24.04.15 16:42, Topi Miettinen (toiwo...@gmail.com) wrote:
> > I think all long-running ones that reasonably can already do. I mean,
> > things like logind simple need too many caps, it's really not worth
> > trying to make them run under a different uid, because they have so
> > much priv
On 04/24/15 14:52, Lennart Poettering wrote:
> On Sat, 14.02.15 12:32, Topi Miettinen (toiwo...@gmail.com) wrote:
>
> Sorry for the late response, still going through piles of mail.
>
>> No setuid programs are expected to be executed, so add
>> SecureBits=no-setuid-fixup no-setuid-fixup-l
On Sat, 14.02.15 12:32, Topi Miettinen (toiwo...@gmail.com) wrote:
Sorry for the late response, still going through piles of mail.
> No setuid programs are expected to be executed, so add
> SecureBits=no-setuid-fixup no-setuid-fixup-locked
> to unit files.
> >>>
> >>> So, hmm, afte
On 02/11/15 16:32, Lennart Poettering wrote:
> On Wed, 11.02.15 16:24, Topi Miettinen (toiwo...@gmail.com) wrote:
>
>> On 02/10/15 21:00, Lennart Poettering wrote:
>>> On Sat, 07.02.15 10:40, Topi Miettinen (toiwo...@gmail.com) wrote:
>>>
No setuid programs are expected to be executed, so add
On Wed, 11.02.15 16:24, Topi Miettinen (toiwo...@gmail.com) wrote:
> On 02/10/15 21:00, Lennart Poettering wrote:
> > On Sat, 07.02.15 10:40, Topi Miettinen (toiwo...@gmail.com) wrote:
> >
> >> No setuid programs are expected to be executed, so add
> >> SecureBits=no-setuid-fixup no-setuid-fixup-
On 02/10/15 21:00, Lennart Poettering wrote:
> On Sat, 07.02.15 10:40, Topi Miettinen (toiwo...@gmail.com) wrote:
>
>> No setuid programs are expected to be executed, so add
>> SecureBits=no-setuid-fixup no-setuid-fixup-locked
>> to unit files.
>
> So, hmm, after reading the man page again: what'
On Sat, 07.02.15 10:40, Topi Miettinen (toiwo...@gmail.com) wrote:
> No setuid programs are expected to be executed, so add
> SecureBits=no-setuid-fixup no-setuid-fixup-locked
> to unit files.
So, hmm, after reading the man page again: what's the rationale for
precisely these bits?
I mean no-set
No setuid programs are expected to be executed, so add
SecureBits=no-setuid-fixup no-setuid-fixup-locked
to unit files.
---
units/systemd-hostnamed.service.in| 1 +
units/systemd-importd.service.in | 1 +
units/systemd-journal-gatewayd.service.in | 1 +
units/systemd-journal-remot