[SERVER-33871] Stricter systemd .service settings Created: 14/Mar/18 Updated: 05/Dec/22 Resolved: 16/Nov/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Packaging |
| Affects Version/s: | None |
| Fix Version/s: | 4.1 Desired |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Thomas Sjögren | Assignee: | [DO NOT ASSIGN] Backlog - Server Development Platform Team (SDP) (Inactive) |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | sdp-backlog-purge | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Server Development Platform
|
| Participants: |
| Description |
|
It's recommended to use stricter systemd .service settings when possible, to reduce the potential impact of a vulnerability. Using `ProtectSystem`, `ProtectHome` and removing the `CAP_SYS_PTRACE` capability is .service configuration changes that shouldn't impact the functionality or perfomance of a MongoDB server. |
| Comments |
| Comment by Iryna Zhuravlova [ 16/Nov/22 ] |
|
After a careful backlog refinement, the team decided to close this ticket because of its low priority and limited resource capacity. If you believe that this ticket requires additional attention from the team and should be re-opened, feel free to change the status to "Needs Scheduling" and ping me or @alexander.neben |
| Comment by Ramon Fernandez Marina [ 14/Mar/18 ] |
|
Thanks for your report and for taking the time to put together a pull request konstruktoid. Sending this ticket to the Build team for consideration. |