For the 2014-04-02 meeting as the Change Proposal was announced on devel-announce list on 2014-03-26.
Let's make Fedora more secure by default! Recent systemd versions provide two per-service switches PrivateDevices=yes/no and PrivateNetwork=yes/no which enable services to run without access to any physical devices in /dev, or without access to kind of network sockets. So far this has seen little use in Fedora, and with this Fedora Change we'd like to change this, and enable these for all long-running services that do not require device/network access.
Agreed on 2014-04-02 FESCo meeting: PrivateDevices=yes and PrivateNetwork=yes For Long-Running Services Change accepted (8+1 0-1)
notting has question to note: is disconnecting the netlink and audit namespace truly required, or just merely a choice of what they decided to remove?
to comment on this ticket.