Enable systemd hardening options for named
daniel.stirnimann at switch.ch
Wed Jan 31 16:06:12 UTC 2018
> Am 31.01.2018 um 16:35 schrieb Daniel Stirnimann:
>>> that don't change the fact that from that moment on all protections for
>>> *that* service are gone while with layered security and
>>> systemd-hardening are still in place
>> Where is the layered security if you disable for e.g. systems-hardening
>> for a service? I don't understand your argument. If you don't want to
>> loose the security provided by the hardening, then you should not
>> disable it but fix it
> what exactly do you not understand?
I understood your original answer that you see SELinux as an inferior
approach compared to other hardening mechanisms and I would have liked
to know why.
However, this message made it clear that you favor a layered security
approach which is fine.
More information about the bind-users