This one is a little self-hosting specific, and more casual Linux best practices, but I’ve got a new blog post down for general security! Harden your systemd units (especially custom ones) for better peace of mind on the internet!
This one is a little self-hosting specific, and more casual Linux best practices, but I’ve got a new blog post down for general security! Harden your systemd units (especially custom ones) for better peace of mind on the internet!
That’s a super valid question, as it seems sometimes that some of these things are configured in a way that begs the question “why?” As far as contributing to documentation, that’s a moot point. This is already in the man pages, and that’s exactly what I referenced in writing this post, in addition to some empirical testing of course. As far as implementation goes, I think that probably lies at a per distribution level, where not one size fits all. Although I don’t know of it off the top of my head, I’m sure there’s a security centric distro out there that implements more of these sandboxing options by default.