On 2024-12-18 Marcin Owsiany via Exim-users <exim-users@lists.exim.org> wrote: > śr., 18 gru 2024, 18:32 użytkownik Andreas Metzler via Exim-users < [...] > > The netdata systemd service file might be a good candidate to check.
> I did have a look and learned a lot thanks to that, some of the things that > systems makes easy are nice hardening tricks. > However investigating closely I couldn't see any setting that would prevent > access to the spool directory. And what's more important I couldn't find > anything that would prevent reading the data file that already have just > been written to in the same context. Last time I looked at a similar issue the respective service file did not allow CAP_FOWNER CAP_CHOWN. Afaict from looking at https://git.progress-linux.org/users/daniel.baumann/debian/packages/netdata/plain/debian/netdata.service netdata does not either. cu Andreas -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
