Jaroslav Reznik (jreznik@xxxxxxxxxx) said: > = Proposed System Wide Change: PrivateDevices=yes and PrivateNetwork=yes For > Long-Running Services = > https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork > > Change owner(s): Lennart Poettering <lennart at poettering dot net>, Dan > Walsh, Kay Sievers > > Let's make Fedora more secure by default! Recent systemd versions provide two > per-service switches PrivateDevices=yes/no and PrivateNetwork=yes/no which > enable services to run without access to any physical devices in /dev, or > without access to kind of network sockets. So far this has seen little use in > Fedora, and with this Fedora Change we'd like to change this, and enable these > for all long-running services that do not require device/network access. Can you define 'recent' here? While we wouldn't want to change the behavior of existing F20 or earlier services, it would be worthwhile to know if packages built for EPEL 7 could/should use this feature as well. Bill -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
