I initially preferred your option two, a drop-in file in whichever nis and ldap binary packages, on principle of trying to keep the mitigations in place if we can.
But your case for a difficult debugging session is persuasive. Reading the various bug reports around this, option three seems pretty bad -- none of those symptoms would make me think of changing a systemd hardening configuration on a service I might not know I am running. Nothing really looked obviously related to network-based id services. Trying to provide documentation around that won't be very discoverable. Ubuntu is supposed to be easy. So, option one: removing the restrictions for systemd-logind in our package. It would be nice if our implementation of option one would make it very easy to re-add the hardening setting; which we could then document in a hardening guide. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934393 Title: systemd-logind network access is blocked, and breaks remote authentication configurations To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1934393/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
