Ok, so with the feedback provided so far, restricting the capabilities could lead to unexpected breakage when using one of the more "flexible" plugins like omprog.
I would therefore suggest the following three as a start: > [Service] > ProtectSystem=full > ProtectHome=yes > PrivateTmp=yes I think we can safely assume that rsyslog does not need to write to /usr, /home and doesn't need /tmp as IPC with external processes. Rainer, can you apply those changes upstream or do you want me to create a PR for that? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
