Andrew Savchenko andrew at
Wed Oct 14 01:13:34 BST 2020

Dear Maintainers,

Among others, /usr/bin/systemd-analyze can be called with "security" parameter 
which shows sandboxing settings of the loaded units on the scale from 0 to 10.

On Debian v10.6 vast majority of the services are reported as "unsafe" with 
exposure score >9. This includes sshd, unattended-upgrades and others.

Is there a plan to improve situation for Bullseye? I think maintainers of
Whonix project, which is based on Debian, are using it for some services they 
ship in addition to base (sdwdate, onion-grater, etc).


With regards,

More information about the Pkg-systemd-maintainers mailing list