[systemd-devel] PrivateNetwork and libusb
Richard Hughes
hughsient at gmail.com
Wed Dec 14 10:55:43 UTC 2016
On 14 December 2016 at 09:32, Reindl Harald <h.reindl at thelounge.net> wrote:
> RestrictAddressFamilies=AF_NETLINK
Great, that was the pointer I needed, thanks. I'm currently setting
this in the service file:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes
RestrictAddressFamilies=AF_NETLINK AF_UNIX
Are there other important settings I've missed? fwupd does access the
hardware and write the odd file to the filesystem so there didn't seem
any other super useful flags. Thanks.
Richard
More information about the systemd-devel
mailing list