Archives
Archives
| From: | Florian Schmaus <flow@g.o> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] [RFC] Encouraging using hardening options in systemd units | ||
| Date: | Thu, 25 Aug 2022 14:07:13 | ||
| Message-Id: | 08315fcb-3b7a-6178-30e0-5ef7160a8410@gentoo.org | ||
| In Reply to: | Re: [gentoo-dev] [RFC] Encouraging using hardening options in systemd units by Kenton Groombridge |
||
| 1 | On 25/08/2022 15.25, Kenton Groombridge wrote: |
| 2 | > I think the best way to address this is to have packages ship unit override |
| 3 | > files instead of unit files themselves which enable these options. For example, |
| 4 | > instead of Gentoo shipping a modified miniflux.service unit file, we can instead |
| 5 | > install a file to /etc/system/miniflux.service.d/00gentoo.conf using the |
| 6 | > existing systemd_install_serviced helper in systemd.eclass which enables these |
| 7 | > options. |
| 8 | |
| 9 | Wouldn't the proper place for overrides installed by a distributions |
| 10 | package manager be |
| 11 | |
| 12 | /usr/lib/systemd/system/miniflux.service.d/gentoo.conf |
| 13 | |
| 14 | |
| 15 | - Flow |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] [RFC] Encouraging using hardening options in systemd units | Kenton Groombridge <concord@g.o> |
| Re: [gentoo-dev] [RFC] Encouraging using hardening options in systemd units | "Michał Górny" <mgorny@g.o> |