From Fedora Project Wiki

m (Remote journal logging)
Line 3: Line 3:
 
Journal messages can be forwarded to remote storage, without using a syslog daemon. The '''systemd-journal-remote''' and '''systemd-journal-upload''' packages provide receiver and sender daemons. Communication is done over HTTPS.
 
Journal messages can be forwarded to remote storage, without using a syslog daemon. The '''systemd-journal-remote''' and '''systemd-journal-upload''' packages provide receiver and sender daemons. Communication is done over HTTPS.
  
== systemd PrivateDevices ==
+
== systemd PrivateDevices and PrivateNetwork ==
  
The PrivateDevices setting, when set to "yes", provides a private, minimimal /dev that does not include physical devices. This allows long-running services to have limited access, increasing security.
+
Two new security-related options are now being used by '''systemd''' for long-running services which do not require access to physical devices or the network:
  
== systemd PrivateNetwork ==
+
* The PrivateDevices setting, when set to "yes", provides a private, minimimal /dev that does not include physical devices. This allows long-running services to have limited access, increasing security.
 +
* The PrivateNetwork setting, when set to "yes", provides a private network with only a loopback interface. This allows long-running services that do not require network access to be cut off from the network.
  
The PrivateNetwork setting, when set to "yes", provides a private network with only a loopback interface. This allows long-running services that do not require network access to be cut off from the network.
+
For details about this change, see the [https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork PrivateDevices and PrivateNetwork wiki page].
  
 
[[Category:Docs Project]]
 
[[Category:Docs Project]]
 
[[Category:Draft documentation]]
 
[[Category:Draft documentation]]
 
[[Category:Documentation beats]]
 
[[Category:Documentation beats]]

Revision as of 17:41, 14 August 2014

Remote journal logging

Journal messages can be forwarded to remote storage, without using a syslog daemon. The systemd-journal-remote and systemd-journal-upload packages provide receiver and sender daemons. Communication is done over HTTPS.

systemd PrivateDevices and PrivateNetwork

Two new security-related options are now being used by systemd for long-running services which do not require access to physical devices or the network:

  • The PrivateDevices setting, when set to "yes", provides a private, minimimal /dev that does not include physical devices. This allows long-running services to have limited access, increasing security.
  • The PrivateNetwork setting, when set to "yes", provides a private network with only a loopback interface. This allows long-running services that do not require network access to be cut off from the network.

For details about this change, see the PrivateDevices and PrivateNetwork wiki page.