Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#42657 - [redis] Add security to redis.service

Attached to Project: Community Packages
Opened by Tobias Hunger (hunger) - Sunday, 02 November 2014, 12:16 GMT
Last edited by Sergej Pupykin (sergej) - Thursday, 26 February 2015, 14:56 GMT
Task Type Feature Request
Category Packages
Status Closed
Assigned To Sergej Pupykin (sergej)
Bartłomiej Piotrowski (Barthalion)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
The redis.service file makes no use whatsoever of the systemd security features.

The following settings could be added to harden the redis installation:

Group=redis
CapabilityBoundingSet=
PrivateTmp=true
PrivateDevices=true
ProtectSystem=full
ProtectHome=true
NoNewPrivileges=true
RuntimeDirectory=redis
RuntimeDirectoryMode=700

Additional info:
* 2.8.17-1


Steps to reproduce:
* Install redis
* check /usr/lib/systemd/system/redis.service
This task depends upon

Closed by  Sergej Pupykin (sergej)
Thursday, 26 February 2015, 14:56 GMT
Reason for closing:  Fixed
Additional comments about closing:  in svn/trunk only

Loading...