Package: gpm Version: 1.20.7-11+b2 Severity: normal Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
The following systemd security settings seem to work well, please consider adding them to the default configuration. [Service] CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_AUDIT_WRITE CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_FSETID CAP_IPC_LOCK CAP_KILL CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_RAWIO CAP_SYS_RESOURCE CAP_SYS_TTY_CONFIG ProtectSystem=true PrivateTmp=true MemoryDenyWriteExecute=true RestrictSUIDSGID=false NoNewPrivileges=false ProtectHostname=true ProtectHome=true ProtectKernelTunables=true ProtectKernelLogs=true ProtectControlGroups=true ProtectKernelModules=false PrivateDevices=false RestrictNamespaces=true ProtectClock=true RestrictAddressFamilies=AF_PACKET AF_INET AF_INET6 AF_UNIX AF_NETLINK LockPersonality=true ProtectKernelModules=true RestrictRealtime=true ProtectSystem=true UMask=077 SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete @reboot @resources @swap -- System Information: Debian Release: trixie/sid Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.12.9-amd64 (SMP w/18 CPU threads; PREEMPT) Kernel taint flags: TAINT_CPU_OUT_OF_SPEC Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect Versions of packages gpm depends on: ii debconf [debconf-2.0] 1.5.89 ii init-system-helpers 1.68 ii libc6 2.40-5 ii libgpm2 1.20.7-11+b2 ii ucf 3.0048 gpm recommends no packages. gpm suggests no packages. -- debconf-show failed
