[systemd-devel] systemd-analyze security and SystemCallFilter
Reindl Harald
h.reindl at thelounge.net
Sun Jul 12 16:35:30 UTC 2020
why are these bad and scored?
including syscalls to the blacklist is hardly wrong
systemd-243.8-1.fc31.x86_64
✗ SystemCallFilter=~@clock System
call blacklist defined for service, and @clock is included 0.1
✗ SystemCallFilter=~@debug System
call blacklist defined for service, and @debug is included 0.1
✗ SystemCallFilter=~@module System
call blacklist defined for service, and @module is included 0.1
✗ SystemCallFilter=~@mount System
call blacklist defined for service, and @mount is included 0.1
✗ SystemCallFilter=~@raw-io System
call blacklist defined for service, and @raw-io is included 0.1
✗ SystemCallFilter=~@reboot System
call blacklist defined for service, and @reboot is included 0.1
✗ SystemCallFilter=~@swap System
call blacklist defined for service, and @swap is included 0.1
✗ SystemCallFilter=~@privileged System
call blacklist defined for service, and @privileged is not included 0.2
✗ SystemCallFilter=~@resources System
call blacklist defined for service, and @resources is not included 0.2
More information about the systemd-devel
mailing list