Re: systmd-analyze security as a release goal

To: debian-devel@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: systmd-analyze security as a release goal
From: Marco d'Itri <md@Linux.IT>
Date: Tue, 4 Jul 2023 16:02:24 +0200
Message-id: <[🔎] ZKQmcDSNWPNYntIf@bongo.bofh.it>
In-reply-to: <[🔎] ZKQZxOKr5FV9elrN@durkon.wrar.name>
References: <[🔎] 13735258.RDIVbhacDa@cupcakke> <[🔎] 86jzvg6btb.fsf@simplex.rtf.org.uk> <[🔎] ZKNAQjX6pqHUceNK@bongo.bofh.it> <[🔎] ZKQZxOKr5FV9elrN@durkon.wrar.name>

On Jul 04, Andrey Rakhmatullin <wrar@wrar.name> wrote:

> Cool but looks like a lot of work.
I do not think that this is really a lot of work.

> Is it possible to do this without
> applying the flags one by one and testing the result? Is it easier to
You may intimately know what the daemon needs to do and how the 
sandboxing features work, and be able to mentally create a correct and 
complete configuration.

> start with applying all of them and then looking what needs to be
> disabled?
This is what I do.

-- 
ciao,
Marco

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: systmd-analyze security as a release goal
  - From: "Trent W. Buck" <trentbuck@gmail.com>

References:
- systmd-analyze security as a release goal
  - From: Russell Coker <russell@coker.com.au>
- Re: systmd-analyze security as a release goal
  - From: RL <richard.lewis.debian@googlemail.com>
- Re: systmd-analyze security as a release goal
  - From: Marco d'Itri <md@Linux.IT>
- Re: systmd-analyze security as a release goal
  - From: Andrey Rakhmatullin <wrar@wrar.name>

Prev by Date: Re: systmd-analyze security as a release goal
Next by Date: Re: Bug#1040032: rkdeveloptool: please switch to newer Pine64 fork
Previous by thread: Re: systmd-analyze security as a release goal
Next by thread: Re: systmd-analyze security as a release goal
Index(es):
- Date
- Thread