On Thu, Mar 31, 2016 at 10:14:20AM +0300, Christos Trochalakis wrote:
> I also believe it makes sense to enable the security features for
> systemd users. `ProtectHome` is a bit tricky as it could possibly break
> some setups, we could use `read-only` there.
>
> Currently we are a bit overwhelmed
Hello all,
On Wed, Mar 30, 2016 at 07:40:24PM +0200, Moritz Muehlenhoff wrote:
On Tue, Mar 01, 2016 at 02:35:39PM -0800, Michael Lustfield wrote:
Control: tags -1 + wontfix
I have three significant issues with adding systemd confinement to
nginx out of the box:
I disagree with these:
1) Th
On Tue, Mar 01, 2016 at 02:35:39PM -0800, Michael Lustfield wrote:
> Control: tags -1 + wontfix
>
> I have three significant issues with adding systemd confinement to
> nginx out of the box:
I disagree with these:
> 1) This will introduce significant differences between debian servers
> running
Control: retitle -1 nginx: Please mention systemd confinement features in the
documentation
Control: tags -1 - wontfix
On Tue, Mar 01, 2016 at 02:35:39PM -0800, Michael Lustfield wrote:
> I have three significant issues with adding systemd confinement to
> nginx out of the box:
They are all very
Oops, the comments were not meant to be in French:
> # CAP_KILL : Nginx signals its child processes that have a different UID
> # CAP_SETUID CAP_SETGID : Nginx drops privileges
> # CAP_NET_BIND_SERVICE : Nginx clearly listens to ports <1024
> # CAP_SYSLOG : Nginx sends logs to syslog
> CapabilityB
Control: tags -1 + wontfix
I have three significant issues with adding systemd confinement to
nginx out of the box:
1) This will introduce significant differences between debian servers
running systemd and every single other init system that debian
supports.
2) Anyone using systemd would have an
Source: nginx
Severity: wishlist
Dear Maintainer,
Nginx can be confined using features from systemd.exec(5).
This can be very helpful in mitigating a potential compromise of the service.
Please consider enabling those security features in future versions
of the package.
Here is a (commented)
7 matches
Mail list logo