On 12/13/2016 7:00 AM, Matthew Miller wrote:
On Tue, Dec 13, 2016 at 12:14:44PM +0100, Lennart Poettering wrote:
Well, the security policies need to be adapted to the service in
question, hence a blanket switch to enable all of them for every
service is problematic. Let's say you block gettimeofday()
system-wide, but then run an NTP service: you just broke it...
I fear it's too late to turn on all sandboxing options by default for
regular services. If we would have had them back when we started we
of course would have made them opt-out rather than opt-in, but that's
too late now...
I'm not so sure it's too late, if we would publicize the change well
enough in advance and have some proven packagers dedicated to finding
any exceptions. It's a matter of how much priority we put on
preventative security measures.
For a less-effort version, we could update
https://fedoraproject.org/wiki/Packaging:Systemd and have an (internal)
marketing campaign asking people to update their packages (as
suggested, ideally upstream).
I'd much rather that effort be put into good SELinux policy
evangelization, documentation, and perhaps additional admin-controllable
booleans.
-jc
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx