Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10298

Improve systemd service hardening

    XMLWordPrintable

    Details

    • Sprint:
      1.0.2

      Description

      It would be nice to use more of systemd's hardening features:

      ProtectSystem=full
      NoNewPrivileges=true
      PrivateDevices=true
      ProtectHome=true
      

      I tested these settings and didn't experience any problems in my (admitted limited) setup. I think they should be fine for anyone except for exceptional and odd situations. For the (very rare) impacted user, they can always override the systemd service - but a secure configuration should be the default.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              svoj Sergey Vojtovich
              Reporter:
              candrews Craig Andrews
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: