On Sun, 06 Jan 2019 21:13:26 +0300, Lev Olshvang said: > I am trying to harden the embedded system. > I have embedded system with systemd ..... OK, you've already got a problem right there. It's an embedded system. Therefor, you know everything that should be running, and what order it should start in. If you don't already know that, you have bigger design issues. So you probably want to reduce system complexity and save both RAM and flash memory space by heaving systemd over the side and using something simpler (sysvinit, or upstart, or even use '/bin/make' if you want to guarantee that certain tasks don't start till others have actually launched successfully, or use a custom-written system launcher). That's going to do more to reduce the attack surface than any amount of monkeying around with the permissions in /proc will do. _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
