Open ptr1337 opened 2 months ago
The systemd service does not use any hardening options currently, but we should work them out, since its pretty important if we want to put this default enabled at distributions.
Fedora is also working on hardening their service, see here: https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening#Detailed_Description
Many of these can be also applied for the scx.service
Good idea, we have brought it up before and at the next office hours we can bring it up again
BTW, when touching the systemd config it might be worth to set up the exec properties like Nice=
The systemd service does not use any hardening options currently, but we should work them out, since its pretty important if we want to put this default enabled at distributions.
Fedora is also working on hardening their service, see here: https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening#Detailed_Description
Many of these can be also applied for the scx.service