[systemd-devel] Sandboxing options
Christopher Wong
Christopher.Wong at axis.com
Mon Sep 28 17:00:33 UTC 2020
Hi,
There are a bunch of sandboxing options that I am trying to enable but I got no effects when I am setting them. Below are the options that I am trying to set, but I can't seem to turn them on.
LockPersonality=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
RestrictSUIDSGID=true
RestrictNamespaces=
SystemCallArchitectures=native
#SystemCallArchitectures=option
UMask=0000
#UMask=0033
I have enabled the following kernel configurations:
CONFIG_NAMESPACES=y
CONFIG_NET_NS=y
CONFIG_USER_NS=y
CONFIG_SECCOMP=y
Is there anything that I am missing?
Best Regards,
Christopher Wong ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200928/5378779c/attachment-0001.htm>
More information about the systemd-devel
mailing list