-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/26/2014 11:30 AM, Reindl Harald wrote: > > Am 26.03.2014 16:28, schrieb Bill Nottingham: >> Jaroslav Reznik (jreznik@xxxxxxxxxx) said: >>> = Proposed System Wide Change: PrivateDevices=yes and >>> PrivateNetwork=yes For Long-Running Services = >>> https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork >>> >>> >>> Change owner(s): Lennart Poettering <lennart at poettering dot net>, Dan >>> Walsh, Kay Sievers >>> >>> Let's make Fedora more secure by default! Recent systemd >>> versions provide two per-service switches PrivateDevices=yes/no >>> and PrivateNetwork=yes/no which enable services to run without >>> access to any physical devices in /dev, or without access to >>> kind of network sockets. So far this has seen little use in >>> Fedora, and with this Fedora Change we'd like to change this, >>> and enable these for all long-running services that do not >>> require device/network access. >> >> Can you define 'recent' here? While we wouldn't want to change >> the behavior of existing F20 or earlier services, it would be >> worthwhile to know if packages built for EPEL 7 could/should use >> this feature as well > > i just tried on F20 and "PrivateDevices" is not known sadly because > i have some services in mind where i would like that > > Mär 26 15:51:55 testserver.rhsoft.net systemd[1]: > [/usr/lib/systemd/system/httpd.service:15] Unknown lvalue > 'PrivateDevices' in section 'Service' > > > PrivateNetwork seems to have been around since at least 2012. The commit providing PrivateDevices[1] went upstream on January 20th. According to git describe 7f112f50fea585411ea2d493b3582bea77eb4d6e we get v208-1612-g7f112f5 which means it went in 1,612 patches after v208 was released, so it's definitely not in F20 or RHEL 7 beta. [1] http://cgit.freedesktop.org/systemd/systemd/commit/?id=7f112f50fea585411ea2d493b3582bea77eb4d6e&utm_source=anzwix -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMzE84ACgkQeiVVYja6o6NofQCeMJ1RVsfx2/l4Atnr4P5uh0Oq IWsAoKczKEPdgQI2KUSnuOy0Nl0V/hfD =N7q3 -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
