Sandboxing options

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Sandboxing options
From: Christopher Wong <Christopher.Wong@xxxxxxxx>
Date: Mon, 28 Sep 2020 17:00:33 +0000
Accept-language: en-US, sv-SE

Hi,

There are a bunch of sandboxing options that I am trying to enable but I got no effects when I am setting them. Below are the options that I am trying to set, but I can't seem to turn them on.

LockPersonality=true

MemoryDenyWriteExecute=true

RestrictRealtime=true

RestrictSUIDSGID=true

RestrictNamespaces=

SystemCallArchitectures=native

#SystemCallArchitectures=option

UMask=0000

#UMask=0033

I have enabled the following kernel configurations:

CONFIG_NAMESPACES=y

CONFIG_NET_NS=y

CONFIG_USER_NS=y

CONFIG_SECCOMP=y

Is there anything that I am missing?

Best Regards,

Christopher Wong

_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Follow-Ups:
- Re: Sandboxing options
  - From: Lennart Poettering

Prev by Date: Re: Memory in systemctl status
Next by Date: Re: Memory in systemctl status
Previous by thread: Memory in systemctl status
Next by thread: Re: Sandboxing options
Index(es):
- Date
- Thread

[Index of Archives] [LARTC] [Bugtraq] [Yosemite Forum] [Photo]

Powered by Linux