Closed vmihalko closed 9 months ago
In GitLab by @jrybar on Apr 20, 2023, 15:24
/packit copr-build
In GitLab by @bluca on Apr 20, 2023, 17:12
Commented on data/polkit.service.in line 8
these should not be necessary now that the unit is started immediately with the final user
In GitLab by @jrybar on Apr 21, 2023, 12:27
Commented on data/polkit.service.in line 8
True, but removal worsens the results. How about setting CapabilityBoundingSet=
? If the official documentation is up to date, I guess polkit should do neither. Briefly tested manually and so far it doesn't show any inconveniences.
In GitLab by @jrybar on Apr 21, 2023, 13:02
Commented on data/polkit.service.in line 8
changed this line in version 2 of the diff
In GitLab by @jrybar on Apr 21, 2023, 13:02
added 1 commit
In GitLab by @bluca on Apr 21, 2023, 13:14
Commented on data/polkit.service.in line 8
Yeah that looks good
In GitLab by @packit-validation on May 3, 2023, 11:12
mentioned in issue freedesktop/freedesktop#641
In GitLab by @mmassari on May 4, 2023, 11:20
mentioned in issue freedesktop/freedesktop#648
In GitLab by @jrybar on May 24, 2023, 09:59
added 5 commits
polkit:master
In GitLab by @jrybar on Apr 20, 2023, 15:21
Merges polkit-harden-systemd-service -> master
Summary
Rebased !30 with resolved conflicts and additions suggested by OP
Detailed description and/or reproducer
Addition of systemd unit sandboxing in order to increase security and pass 'systemd-analyze security' tests.