Bug#771625: openssh-server: Please add ProtectSystem=yes to service file
Christoph Anton Mitterer <calestyo@scientia.net> writes:
> Hmm, I'd have blindly guessed that all of systemd's security options
> apply only per cgroup... and the sessions which run in their own cgroup
> wouldn't inherit them... but you may be right..
That would explain Micah's results, and would certainly be a nice way to
implement it. I wasn't sure if namespaces were per-cgroup or if those
were two separate things that had to be handled independently.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: