Am 07.02.2013 14:19, schrieb Reindl Harald: >>> LimitNOFILE=100000 >>> LimitMEMLOCK=infinity >>> OOMScoreAdjust=-1000 >>> PrivateTmp=yes >>> CapabilityBoundingSet=~CAP_SYS_PTRACE >>> InaccessibleDirectories=/boot >>> InaccessibleDirectories=/home >>> InaccessibleDirectories=/usr/local/scripts >>> InaccessibleDirectories=/var/lib/rpm >>> InaccessibleDirectories=/var/spool > > CONFIG proxy.config.diags.debug.enabled INT 0 > CONFIG proxy.config.diags.debug.tags STRING http.*|dns.* > CONFIG proxy.config.dump_mem_info_frequency INT 0 > CONFIG proxy.config.stack_dump_enabled 0 > > the first 3 values where already there, we will see > for me "stack_dump_enabled" is new and unclear what > it is supposed to do
FYI: "CONFIG proxy.config.stack_dump_enabled 0" resolves the instability in context of "CapabilityBoundingSet=~CAP_SYS_PTRACE" maybe this should not be implicitly enabled - not because my systemd-settings, more because in context of servers any code which does not run can not make troubles in a security-context
signature.asc
Description: OpenPGP digital signature
