Yeah, sounds reasonable. Meanwhile I found some problems with systemd 255, running on 24.04.3 Server.
- Services that start as root like postfix or php-fpm work smoothly with most systemd isolation settings except for PrivateUsers, which blinds away the user they want to become after starting. - Services that are startet by systemd as a non-root user and are expected to notify systemd (e.g. mysql server) don't really work with some isolation settings, they seem to block the notification process. So it might indeed be a more stable path to first get 26.04 server with systemd 258, and then start testing and iterating through systemd fixes and improvements. However, I do consider this as a really important matter. I'm in Europe, and for political and economical reasons, we have to face and expect a dramatically intensified level of attacks. So one approach could be to start with just comments in the service unit file telling which settings - are recommended - depend on the individual configuration (e.g. access to user homes) - cannot be used (yet), because breaking the daemon's function (systematically or with current systemd) - need to be tested. regards -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2136123 Title: insufficient security settings for postfix systemd services To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2136123/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
