Feature #12080
Further harden custom systemd unit files
Start date:
2016-12-24
Due date:
% Done:
0%
Description
Here are a few directives we should apply to all our custom unit files, whenever it doesn’t break stuff:
- RestrictAddressFamilies
- ProtectKernelTunables
- ProtectControlGroups
- ProtectKernelModules
- MemoryDenyWriteExecute
- RestrictRealtime
Reference: https://lwn.net/Articles/709755/
Subtasks
History
#1 Updated by intrigeri 2017-06-05 17:19:35
- Priority changed from Normal to Low
#2 Updated by intrigeri 2019-04-07 09:24:20
- Assignee deleted (
intrigeri) - Starter set to Yes