Hi,
I'm using systemd v228 and tried to lock down rsyslog a bit.
For that I added
# /etc/systemd/system/rsyslog.service.d/override.conf
[Unit]
ProtectSystem=yes
ProtectHome=yes
CapabilityBoundingSet=~CAP_SYS_ADMIN
I then went on to test it. For that I created the following rsyslog
config which monitors a file in my users home directory:
module(load="imfile")
input(type="imfile"
File="/home/michael/file1"
StateFile="file1"
Tag="tag1")
I thought ProtectHome=yes would deny rsyslog read access to /home, but
it seems the rsyslogd process can read /home/michael/file1 without
problems.
Am I doing something wrong or is this a bug in systemd?
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
