Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
schleuder
schleuder
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 101
    • Issues 101
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 4
    • Merge Requests 4
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • schleuder
  • schleuderschleuder
  • Issues
  • #350

Closed
Open
Opened May 27, 2018 by georg@georgOwner

Introduce systemd features to improve security

systemd supports features like ReadOnlyDirectories and dropping capabilities. We should make use of them, to improve the security of the overall system.

One caveat, tough: AFAIK, different versions of systemd support different "droppable" capabilites. If one is using a list of capabilites and only one of them isn't supported, all of them are ignored.

This needs research and further discussion, for now that's just a starting point to keep track of it (and to counter my bad memory..)

Edited May 27, 2018 by georg
Assignee
Assign to
4.0
Milestone
4.0
Assign milestone
Time tracking
None
Due date
None
Reference: schleuder/schleuder#350