[Pkg-alsa-devel] Bug#771628: Bug#771628: alsa-base: Please add ProtectSystem=yes to systemd service file
Elimar Riesebieter
riesebie at lxtec.de
Mon Dec 1 19:27:58 UTC 2014
* Micah Anderson <micah at debian.org> [2014-11-30 22:50 -0500]:
> Package: alsa-base
> Version: 1.0.27+1
> Severity: wishlist
>
[...]
> Hello,
>
> If you add the option ProtectSystem=yes to the service file, then the
> daemon will not have the ability to write to /usr.
To be honest: Which daemon do you mean?
> There is no reason why it needs to write there, so enabling this
> option should not cause any problems.
We don't have any service files in the alsa-base package. There are
three in the alsa-utils package for the use of alsactl. They are
managing to save and restore periodically the sound state to/from
/var/lib/alsa. The HOME is defined as /var/run/alsa. But none is
writing anything to /usr, though.
> This option is one of the systemd security features for systemd
> service files that was detailed in a talk[0] given by Lennart which
> details various security features you can enable in your package's
> service files.
To be serious: Are you sure you filed the bug against the correct
package? There might be something I have overseen, but what?
Elimar
--
Never make anything simple and efficient when a way
can be found to make it complex and wonderful ;-)
More information about the Pkg-alsa-devel
mailing list