Lennart Poettering on Nostr: 2️⃣7️⃣ Here's the 27th post highlighting key new features of the upcoming ...
2️⃣7️⃣ Here's the 27th post highlighting key new features of the upcoming v257 release of systemd. #systemd257
Since a longer time systemd's service management supports various sandboxing options: concepts such as PrivateMounts=, PrivateNetwork=, PrivateDevices=, ProtectSystem=, ProtectHome=, PrivateUsers= and so on, all lock down what a service can see and do, usually by means of Linux process namespacing.
With v257 we add one more knob to this: PrivatePIDs=. This wraps Linux PID namespacing.
Since a longer time systemd's service management supports various sandboxing options: concepts such as PrivateMounts=, PrivateNetwork=, PrivateDevices=, ProtectSystem=, ProtectHome=, PrivateUsers= and so on, all lock down what a service can see and do, usually by means of Linux process namespacing.
With v257 we add one more knob to this: PrivatePIDs=. This wraps Linux PID namespacing.