Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10298

Improve systemd service hardening

    XMLWordPrintable

Details

    • 1.0.2

    Description

      It would be nice to use more of systemd's hardening features:

      ProtectSystem=full
      NoNewPrivileges=true
      PrivateDevices=true
      ProtectHome=true
      

      I tested these settings and didn't experience any problems in my (admitted limited) setup. I think they should be fine for anyone except for exceptional and odd situations. For the (very rare) impacted user, they can always override the systemd service - but a secure configuration should be the default.

      Attachments

        Issue Links

          Activity

            People

              svoj Sergey Vojtovich
              candrews Craig Andrews
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.