Hi On Sun, 30 Nov 2014 22:54:52 -0500 Micah Anderson <mi...@debian.org> wrote:
> If you add the option ProtectSystem=yes to the service file, then the > daemon will not have the ability to write to /usr. > > There is no reason why it needs to write there, so enabling this > option should not cause any problems. > As long as rsyslog retains the CAP_SYS_ADMIN priv, it could undo the changes by ProtectSystem=yes and I'm not sure if we can drop this capability. This would need further testing, so for a network setup where rsyslog needs to open privileged ports.
signature.asc
Description: OpenPGP digital signature
