Feature #12080
Further harden custom systemd unit files
Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
-
Target version:
-
Start date:
12/24/2016
Due date:
% Done:
0%
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Yes
Affected tool:
Description
Here are a few directives we should apply to all our custom unit files, whenever it doesn't break stuff:
- RestrictAddressFamilies
- ProtectKernelTunables
- ProtectControlGroups
- ProtectKernelModules
- MemoryDenyWriteExecute
- RestrictRealtime
Reference: https://lwn.net/Articles/709755/
History
#1 Updated by intrigeri over 2 years ago
- Priority changed from Normal to Low