[systemd-devel] Is ProtectHome=not working or am I doing something wrong?
Michael Biebl
mbiebl at gmail.com
Sun Dec 20 08:33:39 PST 2015
Hi,
I'm using systemd v228 and tried to lock down rsyslog a bit.
For that I added
# /etc/systemd/system/rsyslog.service.d/override.conf
[Unit]
ProtectSystem=yes
ProtectHome=yes
CapabilityBoundingSet=~CAP_SYS_ADMIN
I then went on to test it. For that I created the following rsyslog
config which monitors a file in my users home directory:
module(load="imfile")
input(type="imfile"
File="/home/michael/file1"
StateFile="file1"
Tag="tag1")
I thought ProtectHome=yes would deny rsyslog read access to /home, but
it seems the rsyslogd process can read /home/michael/file1 without
problems.
Am I doing something wrong or is this a bug in systemd?
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
More information about the systemd-devel
mailing list