[Pkg-alsa-devel] Bug#771628: Bug#771628: alsa-base: Please add ProtectSystem=yes to systemd service file
micah
micah at debian.org
Mon Dec 8 16:00:01 UTC 2014
Hello,
Elimar Riesebieter <riesebie at lxtec.de> writes:
>> If you add the option ProtectSystem=yes to the service file, then the
>> daemon will not have the ability to write to /usr.
>
> To be honest: Which daemon do you mean?
I was looking at the different alsa daemons that have systemd files.
>> There is no reason why it needs to write there, so enabling this
>> option should not cause any problems.
>
> We don't have any service files in the alsa-base package. There are
> three in the alsa-utils package for the use of alsactl. They are
> managing to save and restore periodically the sound state to/from
> /var/lib/alsa. The HOME is defined as /var/run/alsa. But none is
> writing anything to /usr, though.
Sorry, indeed, this should have been filed against alsa-base.
Do any of these write to /home ? If not, that can also be walled off.
>> This option is one of the systemd security features for systemd
>> service files that was detailed in a talk[0] given by Lennart which
>> details various security features you can enable in your package's
>> service files.
>
> To be serious: Are you sure you filed the bug against the correct
> package? There might be something I have overseen, but what?
No, you are right, it was against the wrong package.
micah
More information about the Pkg-alsa-devel
mailing list