On Mon, Jul 22, 2013 at 12:02 AM, Reindl Harald <[email protected]> wrote:
> has anybody considered to put the following as default in systemd-units of
> network services? cross-posting to users-list intented because i think it
> is a good idea to bring it to a broader userbase!
>
> ReadOnlyDirectories=/etc
> ReadOnlyDirectories=/usr
I think it's generally known by now that I don't like namespaces as a
security mechanism. At best, this is duplicating SELinux policy with
less transparency and worse tools.
(The network services shouldn't be running as root in the first place.)
Mirek
--
devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/devel
