* micah <mi...@debian.org> [2014-12-08 11:00 -0500]: > > Hello, > > Elimar Riesebieter <riese...@lxtec.de> writes: > > >> If you add the option ProtectSystem=yes to the service file, then the > >> daemon will not have the ability to write to /usr. > > > > To be honest: Which daemon do you mean? > > I was looking at the different alsa daemons that have systemd files.
Which daemons? What are they managing? > > >> There is no reason why it needs to write there, so enabling this > >> option should not cause any problems. > > > > We don't have any service files in the alsa-base package. There are > > three in the alsa-utils package for the use of alsactl. They are > > managing to save and restore periodically the sound state to/from > > /var/lib/alsa. The HOME is defined as /var/run/alsa. But none is > > writing anything to /usr, though. > > Sorry, indeed, this should have been filed against alsa-base. Hmpf, you filed #771628 against alsa-base! > Do any of these write to /home ? If not, that can also be walled off. The $HOME of the alsa-utils daemons is /var/run/alsa. > >> This option is one of the systemd security features for systemd > >> service files that was detailed in a talk[0] given by Lennart which > >> details various security features you can enable in your package's > >> service files. > > > > To be serious: Are you sure you filed the bug against the correct > > package? There might be something I have overseen, but what? > > No, you are right, it was against the wrong package. Doesn't make sense to discuss this further. Bug closed hereby. Elimar -- On the keyboard of life you have always to keep a finger at the escape key;-) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
