Re: [RFC] locking down rsyslog.service
On 10/10/2023 19:22, Michael Biebl wrote:
I intend to lock down rsyslog.service in Debian in one of the next
uploads using the following systemd directives
Have you considered NoNewPrivileges=yes?
This is turned in implicitly by some of the other options (e.g,.
PrivateDevices=yes) but only if running without CAP_SYS_ADMIN, so for it
to be effective you'd have to set it explicitly.
Sam Morris <https://robots.org.uk/>
PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9