On 12/09/16 00:56, Michael Biebl wrote: > Btw, I think we are lacking a good systemd sandboxing howto/tutorial. > The one linked from fdo > (http://0pointer.de/blog/projects/security.html) is pretty dated and > the systemd.exec man page is not coherent enough with regards to > security/sandboxing. > > Related to that, I think it would be good if we would annotate in the > man page, which sandboxing features work for user services and which > don't. It's not always immediately obvious which feature requires root > privileges.
Agreed. I started making a tool that helps with the systemd service unit settings. It's not finished (is any software ever finished), but can generate reasonable values from a representative test run of the service. Please check out: https://github.com/topimiettinen/systemd-settings-generator/blob/master/strace.stp Earlier announcement: https://lists.freedesktop.org/archives/systemd-devel/2016-August/037310.html -Topi _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
