Re: [systemd-devel] systemd-timesyncd with read-only root filesystem

2016-12-08 Thread André Hartmann
Hi Martin, Am 04.12.2016 um 17:48 schrieb Martin Pitt: Hello André, André Hartmann [2016-12-01 11:20 +0100]: In other words: once this symlink is valid, you cannot invalidate it by make it a dangling symlink, you have to remove it. Can somebody confirm this observation? Not a dangling one,

[systemd-devel] unsubscribe

2016-12-08 Thread Arlt, Michael
unsubscribe *** Hinweis zur Datensicherheit Die Datenübertragung über das Internet erfolgt derzeit im Wesentlichen ungesichert. Die Vertraulichkeit sensibler, personenbezogener Daten gegenüber Dritten ist nicht gewährleistet. Es ist nicht ausgeschlossen, dass übermittelte Daten von

[systemd-devel] About http://0pointer.net/blog/avoiding-cve-2016-8655-with-systemd.html

2016-12-08 Thread Michael Biebl
Reading Lennarts recent blog post, I just wanted to make people aware that the RestrictAddressFamilies= feature is currently broken on several architectures, including i386. So be careful for now until https://github.com/systemd/systemd/issues/4575 has been fixed -- Why is it that all of the

Re: [systemd-devel] About http://0pointer.net/blog/avoiding-cve-2016-8655-with-systemd.html

2016-12-08 Thread Michael Biebl
Btw, I think we are lacking a good systemd sandboxing howto/tutorial. The one linked from fdo (http://0pointer.de/blog/projects/security.html) is pretty dated and the systemd.exec man page is not coherent enough with regards to security/sandboxing. Related to that, I think it would be good if we

Re: [systemd-devel] About http://0pointer.net/blog/avoiding-cve-2016-8655-with-systemd.html

2016-12-08 Thread Reindl Harald
Am 09.12.2016 um 01:56 schrieb Michael Biebl: Btw, I think we are lacking a good systemd sandboxing howto/tutorial. The one linked from fdo (http://0pointer.de/blog/projects/security.html) is pretty dated and the systemd.exec man page is not coherent enough with regards to security/sandboxing.

Re: [systemd-devel] About http://0pointer.net/blog/avoiding-cve-2016-8655-with-systemd.html

2016-12-08 Thread Michael Biebl
You are confusing a user service (which is installed in /usr/lib/systemd/user) with priviledge dropping via User=. Those are different things. 2016-12-09 2:01 GMT+01:00 Reindl Harald : > > > Am 09.12.2016 um 01:56 schrieb Michael Biebl: >> >> Btw, I think we are lacking a