Summary

Improve security by enabling some of the high level systemd security hardening settings that isolate and sandbox default system services.

Benefit to Fedora

Fedora services will get a significant security boost by default by avoiding or mitigating any unknown security vulnerabilities in default system services.

  • LalSalaamComrade@lemmy.ml
    link
    fedilink
    arrow-up
    21
    arrow-down
    12
    ·
    edit-2
    11 months ago

    “Hmphhh”, breathing heavily, one of your half-informed brethren approaches you. In front of you is a bizzare creature that spends day and night modding his kawaii, unproportionally large breasted and rainbow-eyed waifu desktop. On one hand is his aformentioned waifu pillow stained with, let’s not talk about that. On his legs are two large stocking-like socks, no pants and a shirt that says “I ❤️ Poettering”

    “Akshually…”, and as he says that, you can hear the velled up mucus, ready to launch itself upon further tickle to the nose. Quickly, you hand this poor lad a box of tissue. Nodding his head, as to be grateful for your act of kindness, he empties all the air out of his lungs. “That’s a lot you’re holding in there”, you silently whisper.

    “…As I was saying, systemd is not an init system, it is more than that”, smirks this weird man. As you try to process all of that, to your horror, you realise that you’re speaking to a modder, or as they call it in politically incorrect terms, a ricer. One of those people you’ve never wanted to meet in real life.

    “But I do care about security, and the attack surface is now pretty larg…”, you say, to which the man interrupts, “Linux does not have any viruses, s…stop spreading FUD…banned, 1 day”. The last part doesn’t make a lot of sense, but you assume that he’s pretending this conversation to be on a forum, and he is a “moderator”.

    “I do care about the basic UNIX philosophy, which is modulari…”, again, to which this gentleman in front of you interrupts, “If you want modularity, then start from making a micro-kernel. Banned, 5 days”, he scoffs and laughs at you.

    “But Poettering left a mess behind that is Linux audio, atd you trust that guy? Also systemd is not as fast as he claims to be, how can y…”

    “SHUTTTT UPPPP! IF YYOU THINK SOMEONE IS NOT GOOD WITH THEIR SKILLS, THEN MAKE ONE YOURSELF! POETTERING LETS ME CUSTOMIZE WAIFU DESKTOP WITH EASE, STOP ATTACKING LENNA-SENPAI! BANNED, 30 DAYS!”.

    “Akshually…”, you mumur, as you leave the room, but the man heard you clearly. “…I am a big fan of Scheme, so I learnt Guile. Now I use GNU Shepherd”, you say, as you close the door behind.

    “ARRRRRRRR! BANNED, 2 MONTHS! BANNED, 3 MONTHS! ARRRRRRR!”, you hear the noise behind, content that you’re not one the one following the herds to the cliff.