Re: Proposal: ReadOnlyDirectories /etc and /usr for network-services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Jul 22, 2013 at 12:02 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
> has anybody considered to put the following as default in systemd-units of
> network services? cross-posting to  users-list intented because i think it
> is a good idea to bring it to a broader userbase!
>
> ReadOnlyDirectories=/etc
> ReadOnlyDirectories=/usr

I think it's generally known by now that I don't like namespaces as a
security mechanism.  At best, this is duplicating SELinux policy with
less transparency and worse tools.

(The network services shouldn't be running as root in the first place.)
    Mirek
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux