[Pkg-dns-devel] Bug#863841: Enable systemd hardening options for named
Simon Deziel
simon at sdeziel.info
Mon Jan 29 16:18:47 UTC 2018
Hi,
In addition to what Russ proposed to add, I've been running with those
additional restrictions:
SystemCallArchitectures=native
# note: AF_NETLINK is needed for getifaddrs(3)
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
They are available on older systemd versions so they shouldn't cause
problems with backports. I tested with systemd 229 (Xenial).
Regards,
Simon
P.S: flags=(attach_disconnected) is still needed for Apparmor.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-dns-devel/attachments/20180129/104939d1/attachment.sig>
More information about the pkg-dns-devel
mailing list