FS#43832 : [postgresql] Add more systemd hardening features

FS#43832 - [postgresql] Add more systemd hardening features

Attached to Project: Arch Linux
Opened by Tobias Hunger (hunger) - Sunday, 15 February 2015, 19:24 GMT
Last edited by Dan McGee (toofishes) - Thursday, 11 June 2015, 16:07 GMT

Task Type	Feature Request
Category	Packages: Extra
Status	Closed
Assigned To	Dan McGee (toofishes)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
Please add more systemd hardening features to postgresql.service.

The following set should be fine:
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
RuntimeDirectory=postgresql
RuntimeDirectoryMode=700

This task depends upon

Closed by Dan McGee (toofishes)
Thursday, 11 June 2015, 16:07 GMT
Reason for closing: Works for me
Additional comments about closing: Added a few minor tweaks, but got no further response.

Comment by Dan McGee (toofishes) - Sunday, 24 May 2015, 13:48 GMT

700 makes no sense for the directory mode here; it needs to be world readable so other users can actually connect to the socket.

I'm assuming that bit replaces the tmpfiles.d configuration we currently have?

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#43832 - [postgresql] Add more systemd hardening features

Details

Loading...