This is a tracking bug for Change: PrivateDevices=yes and PrivateNetwork=yes For Long-Running Services For more details, see: http://fedoraproject.org//wiki/Changes/PrivateDevicesAndPrivateNetwork Let's make Fedora more secure by default! Recent systemd versions provide two per-service switches PrivateDevices=yes/no and PrivateNetwork=yes/no which enable services to run without access to any physical devices in /dev, or without access to kind of network sockets. So far this has seen little use in Fedora, and with this Fedora Change we'd like to change this, and enable these for all long-running services that do not require device/network access.
This message is a reminder that Fedora 21 Accepted Changes Freeze Deadline is on 2014-07-08 [1]. At this point, all accepted Changes should be substantially complete, and testable. Additionally, if a change is to be enabled by default, it must be so enabled at Change Freeze. This bug should be set to the MODIFIED state to indicate that it achieved completeness. Status will be provided to FESCo right after the deadline. If, for any reasons, your Change is not in required state, let me know and we will try to find solution. For Changes you decide to cancel/move to the next release, please use the NEW status and set needinfo on me and it will be acted upon. In case of any questions, don't hesitate to ask Wrangler (jreznik). Thank you. [1] https://fedoraproject.org/wiki/Releases/21/Schedule
This message is a reminder that Fedora 21 Change Checkpoint: 100% Code Complete Deadline (Former Accepted Changes 100% Complete) is on 2014-10-14 [1]. All Accepted Changes has to be code complete and ready to be validated in the Beta release (optionally by Fedora QA). Required bug state at this point is ON_QA. As for several System Wide Changes, Beta Change Deadline is a point of contingency plan. All incompleted Changes will be reported to FESCo on 2014-10-15 meeting. In case of any questions, don't hesitate to ask Wrangler (jreznik). [1] https://fedoraproject.org/wiki/Releases/21/Schedule
The release note is available at https://fedoraproject.org/wiki/Documentation_System_Daemons_Beat?rd=Docs/Beats/SystemDaemons If you want to make any changes, please contact relnotes or the #fedora-docs channel on FreeNode. Making changes to the wiki page at this point does not guarantee that the changes will appear in the final version of the document.
Hi Lennart, did this change happen in Fedora 21? Thanks.
For now, based on FESCo request, moving to F22. Let me know in case it was done and I can revert it.
Jaroslav, the PrivateNetwork= and PrivateDevices= options came with systemd-209. A number of services are already implementing them. IMO this could be considered complete, as f21-stable provides systemd-215.
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days