[Enhancement] Hardening the systemd service

sched-ext / scx

sched_ext schedulers and tools

https://bit.ly/scx_slack

GNU General Public License v2.0

956 stars 90 forks source link

[Enhancement] Hardening the systemd service #596

Open ptr1337 opened 2 months ago

ptr1337 commented 2 months ago

The systemd service does not use any hardening options currently, but we should work them out, since its pretty important if we want to put this default enabled at distributions.

Fedora is also working on hardening their service, see here: https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening#Detailed_Description

Many of these can be also applied for the scx.service

sirlucjan commented 2 months ago

Good idea, we have brought it up before and at the next office hours we can bring it up again

Dietr1ch commented 2 months ago

BTW, when touching the systemd config it might be worth to set up the exec properties like Nice=