* Micah Anderson <mi...@debian.org> [2014-11-30 22:50 -0500]: > Package: alsa-base > Version: 1.0.27+1 > Severity: wishlist > [...] > Hello, > > If you add the option ProtectSystem=yes to the service file, then the > daemon will not have the ability to write to /usr.
To be honest: Which daemon do you mean? > There is no reason why it needs to write there, so enabling this > option should not cause any problems. We don't have any service files in the alsa-base package. There are three in the alsa-utils package for the use of alsactl. They are managing to save and restore periodically the sound state to/from /var/lib/alsa. The HOME is defined as /var/run/alsa. But none is writing anything to /usr, though. > This option is one of the systemd security features for systemd > service files that was detailed in a talk[0] given by Lennart which > details various security features you can enable in your package's > service files. To be serious: Are you sure you filed the bug against the correct package? There might be something I have overseen, but what? Elimar -- Never make anything simple and efficient when a way can be found to make it complex and wonderful ;-) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
