[systemd-devel] upower fails with PrivateNetwork=true
Reindl Harald
h.reindl at thelounge.net
Sat Jul 7 13:28:15 UTC 2018
Am 07.07.2018 um 14:35 schrieb Michael Biebl:
> Tbh, I find it a bit confusing that we have three mechanisms now
> (PrivateNetwork, RestrictAddressFamilies, IPAddressDeny) and when one
> is supposed to use which one of these.
why
* PrivateNetwork -> big hammer
service needs no network stuff at all
* RestrictAddressFamilies -> finer hammer
service must only talk local
* IPAddressDeny/IPAddressAllow
better way than iptables because it's for the whole
process-group independent of users/groups and specific
binaries
can be combined with RestrictAddressFamilies
RestrictAddressFamilies=AF_INET AF_INET6
IPAddressAllow=192.168.196.0/24
More information about the systemd-devel
mailing list