On Wed, 14.12.16 12:37, Richard Hughes ([email protected]) wrote:
> On 14 December 2016 at 11:36, Lennart Poettering
> wrote:
> > RestrictNamespaces=yes
>
> I didn't see this on
> https://www.freedesktop.org/software/systemd/man/systemd.exec.html --
> is super-new or just undocumented? Otherw
On 14 December 2016 at 11:36, Lennart Poettering wrote:
> RestrictNamespaces=yes
I didn't see this on
https://www.freedesktop.org/software/systemd/man/systemd.exec.html --
is super-new or just undocumented? Otherwise, thanks!
Richard.
___
systemd-devel
On Wed, 14.12.16 10:55, Richard Hughes ([email protected]) wrote:
> On 14 December 2016 at 09:32, Reindl Harald wrote:
> > RestrictAddressFamilies=AF_NETLINK
>
> Great, that was the pointer I needed, thanks. I'm currently setting
> this in the service file:
>
> NoNewPrivileges=yes
> PrivateTm
On 14 December 2016 at 09:32, Reindl Harald wrote:
> RestrictAddressFamilies=AF_NETLINK
Great, that was the pointer I needed, thanks. I'm currently setting
this in the service file:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=
Am 14.12.2016 um 10:25 schrieb Richard Hughes:
It would be a shame to have PrivateNetwork commented out in fwupd,
especially as it's a root daemon that has no business dealing with
networking stuff. Is there a way of using PrivateNetwork=yes and
allowing AF_NETLINK to correctly work?
Restrict
Hi all,
For a long time colord has had PrivateNetwork commented out in colord,
as it prevented libudev working correctly. We thought that perhaps
udev's AF_NETLINK messages are being filtered when network namespacing
is on. In an unrelated project (this time fwupd) we recently also
found that libu
