Details

    • Sprint:
      1.0.2

      Description

      It would be nice to use more of systemd's hardening features:

      ProtectSystem=full
      NoNewPrivileges=true
      PrivateDevices=true
      ProtectHome=true
      

      I tested these settings and didn't experience any problems in my (admitted limited) setup. I think they should be fine for anyone except for exceptional and odd situations. For the (very rare) impacted user, they can always override the systemd service - but a secure configuration should be the default.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                svoj Sergey Vojtovich
                Reporter:
                candrews Craig Andrews
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: