hot take: hardening your services with systemd's hardening features (nonewprivileges, capabilites, protectsystem/protecthome, cpuaccounting, memoryaccounting, apparmor, privatetmp, other protect* and private* flags).... is good actually even if you fundamentally trust all the software by default
shit's going to have bugs in it


systemd is just miles ahead of literally anything else when it comes to security features

haters will say "that's not init's job" but fun fact: we don't live in the 90s anymore

· · Web · 1 · 2 · 9

@haskal Careful saying anything about systemd, it brings out the trolls...

Sign in to participate in the conversation

cybrespace: the social hub of the information superhighway jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal support us on patreon or liberapay!