Lennart Poettering on Nostr: …that SystemCallFilter= in unit files understands. "systemd-analyze architectures" ...
…that SystemCallFilter= in unit files understands. "systemd-analyze architectures" lists architectures recognized by systemd (for use with ConditionArchitecture=) and "systemd-analyze filesystem" lists file system types understood by systemd for its file system access restriction logic.
And then there's "systemd-analyze capability" that allows listing process capabilities the local kernel and systemd know. Process capabilities are finer grained permissions that each process can possess or lack.
Published at
2024-12-11 09:15:34Event JSON
{
"id": "8a75d480be1d08d471e0739587303d7da40150adc442e692532fa9e9904ccfc0",
"pubkey": "1d95c32d9a9d95a54f98eb2eaa156f3d3a71dc49eca2c960b2b89962758f1cc0",
"created_at": 1733908534,
"kind": 1,
"tags": [
[
"e",
"aeb07544d0d30bd6a66d635c3966a3611c8f3c4b02bb0e065ccc6febe2e50e63",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/113633429700493947",
"activitypub"
]
],
"content": "…that SystemCallFilter= in unit files understands. \"systemd-analyze architectures\" lists architectures recognized by systemd (for use with ConditionArchitecture=) and \"systemd-analyze filesystem\" lists file system types understood by systemd for its file system access restriction logic.\n\nAnd then there's \"systemd-analyze capability\" that allows listing process capabilities the local kernel and systemd know. Process capabilities are finer grained permissions that each process can possess or lack.",
"sig": "8c54ba10764e0ae113217f96fdc8160eb763458fc96e44629c5c023f9527151f30f0b5d82028b2b02e9b5ff5414478f3adaf2948bd02b307def34c54640efacb"
}
