Hi Mehdi, Thank you for considering the patch. On 1/17/21 04:27, Mehdi Dogguy wrote: [...]
I have a doubt about which systemd features to enable by default though. I can see thath Fedora/RedHat enabled really a few, as you can see in [1]. For this reason, I'll ask for advice from Michael (systemd's maintainer). Michael, Sunil here is proposing a .service file for mldonkey-server. I am wondering if we should aim for a simplistic approach as in [1] or if we should enable by default features proposed by Sunil in his patch (see below). What do you think? What would be your recommendation? [1] https://src.fedoraproject.org/rpms/mldonkey/blob/2a45ff06778cadc4d58435ca1e7187396012c6f1/f/mldonkey.service
Debian wiki[1][2] and upstream[3][4] has some resources that could help with deciding security sandboxing features.
Let me know if an explanation of the features in mldonkey context would be helpful.
Links: 1) https://wiki.debian.org/Teams/pkg-systemd/Packaging 2) https://wiki.debian.org/ServiceSandboxing 3) http://0pointer.net/public/systemd-nluug-2014.pdf4) http://ftp.nluug.nl/video/nluug/2014-11-20_nj14/zaal-2/5_Lennart_Poettering_-_Systemd.webm
Thanks, -- Sunil
Attachment:
OpenPGP_0x36C361440C9BC971.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature