Consider using systemd's security features in NetworkManager service files
#2 Updated by intrigeri over 4 years ago
- Subject changed from Evaluate usage of systemd's security features in NetworkManager service file to Consider using systemd's security features in NetworkManager service files
- Priority changed from Normal to Low
- Type of work changed from Research to Test
Basically, there's none. It could be worth trying to set
PrivateDevices = yes,
ProtectHome = yes,
ProtectSystem = full and perhaps also
PrivateTmp = yes. Calling this low priority, though.
#4 Updated by denkxor over 1 year ago
Tails 3.6.2 is using ProtectSystem=true and ProtectHome=read-only out of the box. The unit-file can be found in /lib/systemd/system/network-manager.service.
I tried to add PrivateDevices=yes and PrivateTmp=yes and run systemctl daemon-reload and restart NetworkManager.service. Nothing of this produces error notifications, according to systemctl status NetworkManager is running without problems.
The normal functionality like adding a new wifi network by gui seems to work, too.
Are there special things you would expect to fail? I could test them.
I don't know how to make this change persist across reboots, maybe some errors would occur in boot process only?