Systemd/Hardening/en: Difference between revisions
Updating to match new version of source page Tags: Mobile edit Mobile web edit |
Updating to match new version of source page |
||
| Line 7: | Line 7: | ||
A more granular way, would be to put these 3 paths into <code>BindReadOnlyPaths</code>, and wait for the creation of <code>/etc/resolv.conf</code> through a <code>systemd.path</code> unit. | A more granular way, would be to put these 3 paths into <code>BindReadOnlyPaths</code>, and wait for the creation of <code>/etc/resolv.conf</code> through a <code>systemd.path</code> unit. | ||
== Dropping a shell inside a systemd service == | == Dropping a shell inside a systemd service == | ||
While hardening a service, it often happens that you want a shell inside a hardened systemd unit, for | While hardening a service, it often happens that you want a shell inside a hardened systemd unit, for example to check access to files, or check the network connectivity. One way to do this is to use tmux to create a session inside the service, and attaching to it outside of the service. | ||
Simple example: | Simple example: | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||