systemd-analyze security and SystemCallFilter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

why are these bad and scored?
including syscalls to the blacklist is hardly wrong

systemd-243.8-1.fc31.x86_64

✗ SystemCallFilter=~@clock                                    System
call blacklist defined for service, and @clock is included               0.1
✗ SystemCallFilter=~@debug                                    System
call blacklist defined for service, and @debug is included               0.1
✗ SystemCallFilter=~@module                                   System
call blacklist defined for service, and @module is included              0.1
✗ SystemCallFilter=~@mount                                    System
call blacklist defined for service, and @mount is included               0.1
✗ SystemCallFilter=~@raw-io                                   System
call blacklist defined for service, and @raw-io is included              0.1
✗ SystemCallFilter=~@reboot                                   System
call blacklist defined for service, and @reboot is included              0.1
✗ SystemCallFilter=~@swap                                     System
call blacklist defined for service, and @swap is included                0.1
✗ SystemCallFilter=~@privileged                               System
call blacklist defined for service, and @privileged is not included      0.2
✗ SystemCallFilter=~@resources                                System
call blacklist defined for service, and @resources is not included       0.2
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux