[Pkg-alsa-devel] Bug#771628: Bug#771628: alsa-base: Please add ProtectSystem=yes to systemd service file
Elimar Riesebieter
riesebie at lxtec.de
Mon Dec 8 18:32:14 UTC 2014
* micah <micah at debian.org> [2014-12-08 11:00 -0500]:
>
> Hello,
>
> Elimar Riesebieter <riesebie at lxtec.de> writes:
>
> >> If you add the option ProtectSystem=yes to the service file, then the
> >> daemon will not have the ability to write to /usr.
> >
> > To be honest: Which daemon do you mean?
>
> I was looking at the different alsa daemons that have systemd files.
Which daemons? What are they managing?
>
> >> There is no reason why it needs to write there, so enabling this
> >> option should not cause any problems.
> >
> > We don't have any service files in the alsa-base package. There are
> > three in the alsa-utils package for the use of alsactl. They are
> > managing to save and restore periodically the sound state to/from
> > /var/lib/alsa. The HOME is defined as /var/run/alsa. But none is
> > writing anything to /usr, though.
>
> Sorry, indeed, this should have been filed against alsa-base.
Hmpf, you filed #771628 against alsa-base!
> Do any of these write to /home ? If not, that can also be walled off.
The $HOME of the alsa-utils daemons is /var/run/alsa.
> >> This option is one of the systemd security features for systemd
> >> service files that was detailed in a talk[0] given by Lennart which
> >> details various security features you can enable in your package's
> >> service files.
> >
> > To be serious: Are you sure you filed the bug against the correct
> > package? There might be something I have overseen, but what?
>
> No, you are right, it was against the wrong package.
Doesn't make sense to discuss this further. Bug closed hereby.
Elimar
--
On the keyboard of life you have always
to keep a finger at the escape key;-)
More information about the Pkg-alsa-devel
mailing list