On Mon, 12.12.16 14:41, Paul Wouters (paul@xxxxxxxxx) wrote: > Note that I wonder if restricting address families really belongs in > systemd. Why isnt this a libcap-ng capability? That way my software > can support this without depending on systemd. hu? libcap-ng is a library to manage Linux process capabilities. RestrictAddressFamilies= is a unit file setting, all you have to do enable it in the unit files of your choice, and the service it runs then loses access to a specific AF_xyz family (or all but a specific one). It's implementation is based on Linux seccomp, a kernel facility entirely unrelated to Linux process capabilities. And there's no talk of having to "depend" on systemd for this to work. If you ship a systemd unit file in your package (and, quite frankly you have to if your package contains a service of some kind, this is Fedora after all), then all you need to do is add a line RestrictAddressFamilies= to it. Ideally, you'd ship such a unit file upstream. But if you don't want your stuff tainted by the horrible idea of shipping systemd unit files upstream, then it's totally enough to make this change downstream in the RPM. Of course, you can also set up seccomp filters yourself, in your daemon, in C code, by using libseccomp. It's great if you do, and that's totally possible, and can be functionality-wise entirely equivalent. The only difference is: systemd makes all of this trivially easy to use, by making this a single-line change in a unit file without involving C hacking. Lennart -- Lennart Poettering, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
