[Pkg-alsa-devel] Bug#771628: Bug#771628: alsa-base: Please add ProtectSystem=yes to systemd service file

Elimar Riesebieter riesebie at lxtec.de
Mon Dec 1 19:27:58 UTC 2014


* Micah Anderson <micah at debian.org> [2014-11-30 22:50 -0500]:

> Package: alsa-base
> Version: 1.0.27+1
> Severity: wishlist
> 
[...]
> Hello,
> 
> If you add the option ProtectSystem=yes to the service file, then the
> daemon will not have the ability to write to /usr.

To be honest: Which daemon do you mean?

> There is no reason why it needs to write there, so enabling this
> option should not cause any problems.

We don't have any service files in the alsa-base package. There are
three in the alsa-utils package for the use of alsactl. They are
managing to save and restore periodically the sound state to/from
/var/lib/alsa. The HOME is defined as /var/run/alsa. But none is
writing anything to /usr, though.

> This option is one of the systemd security features for systemd
> service files that was detailed in a talk[0] given by Lennart which
> details various security features you can enable in your package's
> service files.

To be serious: Are you sure you filed the bug against the correct
package? There might be something I have overseen, but what?

Elimar
-- 
 Never make anything simple and efficient when a way
  can be found to make it complex and wonderful ;-)



More information about the Pkg-alsa-devel mailing list