#3117 Change: Systemd Security Hardening
Closed: Accepted 4 months ago by sgallagh. Opened 5 months ago by amoloney.

Improve security by enabling some of the high level systemd security hardening settings that isolate and sandbox default system services.

Owners, do not implement this work until the FESCo vote has explicitly ended.
The Fedora Program Manager will create a tracking bug in Bugzilla for this Change, which is your indication to proceed.
See the FESCo ticket policy and the Changes policy for more information.

REMINDER: This ticket is for FESCo members to vote on the proposal. Further discussion should happen in the devel list thread linked above.

There's still some open questions in the discussion thread. Let's finish the discussion first.

The discussion has died down and the proposal has been updated.


I hope each service is tested after making these changes. And for units we take from upstream, we work to send these improvements there.

But hey, let's give this a shot. +1

APPROVED (+4, 0, -0)

Metadata Update from @ngompa:
- Issue tagged with: pending announcement

5 months ago

Metadata Update from @sgallagh:
- Issue close_status updated to: Accepted
- Issue status updated to: Closed (was: Open)

4 months ago

Login to comment on this ticket.