Bug#771632: gdm3: Please add ProtectSystem=yes to systemd service file
Micah Anderson
micah at debian.org
Mon Dec 1 03:52:26 UTC 2014
Package: gdm3
Version: 3.14.1-3
Severity: wishlist
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
Hello,
If you add the option ProtectSystem=yes to the service file, then the
daemon will not have the ability to write to /usr.
There is no reason why it needs to write there, so enabling this
option should not cause any problems.
This option is one of the systemd security features for systemd
service files that was detailed in a talk[0] given by Lennart which
details various security features you can enable in your package's
service files.
micah
[0] http://ftp.nluug.nl/video/nluug/2014-11-20_nj14/zaal-2/5_Lennart_Poettering_-_Systemd.webm
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gdm3 depends on:
ii accountsservice 0.6.37-3+b1
ii adduser 3.113+nmu3
ii awesome [x-window-manager] 3.4.15-1+b1
ii dconf-cli 0.22.0-1
ii dconf-gsettings-backend 0.22.0-1
ii debconf [debconf-2.0] 1.5.54
ii gir1.2-gdm3 3.14.1-3
ii gnome-session [x-session-manager] 3.14.0-2
ii gnome-session-bin 3.14.0-2
ii gnome-settings-daemon 3.14.1-1
ii gnome-shell 3.14.1-2
ii gnome-terminal [x-terminal-emulator] 3.14.1-1
ii gsettings-desktop-schemas 3.14.1-1
ii libaccountsservice0 0.6.37-3+b1
ii libaudit1 1:2.4-1
ii libc6 2.19-13
ii libcanberra-gtk3-0 0.30-2.1
ii libcanberra0 0.30-2.1
ii libgdk-pixbuf2.0-0 2.31.1-2+b1
ii libgdm1 3.14.1-3
ii libglib2.0-0 2.42.1-1
ii libglib2.0-bin 2.42.1-1
ii libgtk-3-0 3.14.5-1
ii libpam-modules 1.1.8-3.1
ii libpam-runtime 1.1.8-3.1
ii libpam-systemd 215-7
ii libpam0g 1.1.8-3.1
ii librsvg2-common 2.40.5-1
ii libselinux1 2.3-2
ii libsystemd0 215-7
ii libwrap0 7.6.q-25
ii libx11-6 2:1.6.2-3
ii libxau6 1:1.0.8-1
ii libxdmcp6 1:1.1.1-1
ii libxrandr2 2:1.4.2-1+b1
ii lsb-base 4.1+Debian13+nmu1
ii metacity [x-window-manager] 1:3.14.3-1
ii policykit-1 0.105-8
ii rxvt-unicode [x-terminal-emulator] 9.20-1+b1
ii ucf 3.0030
ii x11-common 1:7.7+7
ii x11-xserver-utils 7.7+3+b1
ii xterm [x-terminal-emulator] 312-1
Versions of packages gdm3 recommends:
ii at-spi2-core 2.14.0-1
ii desktop-base 7.0.3
ii gnome-icon-theme 3.12.0-1
ii gnome-icon-theme-symbolic 3.12.0-1
ii x11-xkb-utils 7.7+1
ii xserver-xephyr 2:1.16.1.901-1
ii xserver-xorg 1:7.7+7
ii zenity 3.14.0-1
Versions of packages gdm3 suggests:
ii gnome-orca 3.14.0-2
ii libpam-gnome-keyring 3.14.0-1+b1
-- debconf information excluded
More information about the pkg-gnome-maintainers
mailing list