[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: systmd-analyze security as a release goal

"Trent W. Buck" <trentbuck@gmail.com> writes:

> As someone who does that kind of thing a lot, I'd rather have
> the increased annoyance of opt-out hardening than
> the reduced security of opt-in hardening.
> Even if it means I occasionally need to patch site-local rules into
> /etc/apparmor.d/local/usr.bin.msmtp or
> /etc/systemd/system/libvirtd.service.d/override.conf.

I also feel this way but there are a bunch of people who really, really
don't, and also it's not entirely obvious when hardening is failing or
what overrides you need to add.  So making this the default is hard,
because it fundamentally breaks the "it has to work out of the box"
property that people expect.  Making it be semi-normal for daemons to not
work out of the box depending on what configuration options or other
packages you have installed is a hard sell.

That makes me want some way to opt in to "hardening that might break
something," but I'm not sure the best way to do that.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>
Reply to: