What | Removed | Added |
---|---|---|
CC | security-team@suse.de | |
Flags | needinfo?(security-team@suse.de) |
Thanks for the report! Indeed, `PrivateDevices=true` set in the ddclient service will cancel the access to the BMC interface, needed by ipmitool. SecurityTeam, could we have your light on the systemd hardening effort ? Could it be possible to keep this restriction but let access to network interface using the "DeviceAllow" into the systemd service file ? Otherwise, have you ideas how to correctly fix it ?