[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Let's enable AppArmor by default (why not?)

Hey intri,

> 1. Use the simplest of systemd's hardening features (e.g.
>    Protect{Home,System}=, Private{Devices,Tmp,Network}=,
>    CapabilityBoundingSet=) to their full extend.
>    Not many unit files we ship do that yet. Generally these
>    improvements can be implemented upstream and benefit users of
>    systemd on other distros :)

Indeed! :)  For example, here I'm merging upstream's rather more locked
down unit file into the Debian one:



     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk

Reply to: