Using systemd for more secure services in Fedora

Posted Dec 22, 2016 6:40 UTC (Thu) by josh (subscriber, #17465)
In reply to: Using systemd for more secure services in Fedora by davidstrauss
Parent article: Using systemd for more secure services in Fedora

> The problem with that approach is that new classes of sandboxing cannot be assumed to have an empty whitelist for existing units; it would break all existing configurations any time a new directive gets introduced. You would need configuration versioning with strange effects like assuming an allow-all rule for any options introduced in later updates, which would partly defeat the "on by default" approach.

That still seems like a sensible approach. You could have a version number, which you increase every time you add a new sandboxing feature, and units could declare a version number they work with. The sandbox would then treat every feature up to that version as off-by-default, and every subsequent feature as on-by-default.

Using systemd for more secure services in Fedora

Posted Dec 22, 2016 7:26 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

I work on some projects which have this kind of thing. It's a maintenance nightmare. Because sometimes you want the new stuff if available, but still have a low minimum version, so projects end up with asking for the new stuff if available, but with the bad defaults of the older version. This seems like a sensible maintenance trade-off to me, but I'm also not a systemd developer either; maybe it'd be easier there too.