[SERVER-33871] Stricter systemd .service settings Created: 14/Mar/18  Updated: 05/Dec/22  Resolved: 16/Nov/22

Status: Closed
Project: Core Server
Component/s: Packaging
Affects Version/s: None
Fix Version/s: 4.1 Desired

Type: Improvement Priority: Minor - P4
Reporter: Thomas Sjögren Assignee: [DO NOT ASSIGN] Backlog - Server Development Platform Team (SDP) (Inactive)
Resolution: Won't Do Votes: 0
Labels: sdp-backlog-purge
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Development Platform
Participants:

 Description   

It's recommended to use stricter systemd .service settings when possible, to reduce the potential impact of a vulnerability. Using `ProtectSystem`, `ProtectHome` and removing the `CAP_SYS_PTRACE` capability is .service configuration changes that shouldn't impact the functionality or perfomance of a MongoDB server.



 Comments   
Comment by Iryna Zhuravlova [ 16/Nov/22 ]

After a careful backlog refinement, the team decided to close this ticket because of its low priority and limited resource capacity. If you believe that this ticket requires additional attention from the team and should be re-opened, feel free to change the status to "Needs Scheduling" and ping me or @alexander.neben

Comment by Ramon Fernandez Marina [ 14/Mar/18 ]

Thanks for your report and for taking the time to put together a pull request konstruktoid. Sending this ticket to the Build team for consideration.

Generated at Thu Feb 08 04:34:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.