[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC] locking down rsyslog.service

Am 11.10.23 um 12:54 schrieb Sam Morris:
On 10/10/2023 19:22, Michael Biebl wrote:
I intend to lock down rsyslog.service in Debian in one of the next
uploads using the following systemd directives

Have you considered NoNewPrivileges=yes?

This is turned in implicitly by some of the other options (e.g,. PrivateDevices=yes) but only if running without CAP_SYS_ADMIN, so for it to be effective you'd have to set it explicitly.

Thanks. Will add it.


are probably safe as well. So will add them too.

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply to: