From Fedora Project Wiki
No edit summary
Line 3: Line 3:
Journal messages can be forwarded to remote storage, without using a syslog daemon. The '''systemd-journal-remote''' and '''systemd-journal-upload''' packages provide receiver and sender daemons. Communication is done over HTTPS.
Journal messages can be forwarded to remote storage, without using a syslog daemon. The '''systemd-journal-remote''' and '''systemd-journal-upload''' packages provide receiver and sender daemons. Communication is done over HTTPS.


== systemd PrivateDevices ==
== systemd PrivateDevices and PrivateNetwork ==


The PrivateDevices setting, when set to "yes", provides a private, minimimal /dev that does not include physical devices. This allows long-running services to have limited access, increasing security.
Two new security-related options are now being used by '''systemd''' for long-running services which do not require access to physical devices or the network:


== systemd PrivateNetwork ==
* The PrivateDevices setting, when set to "yes", provides a private, minimimal /dev that does not include physical devices. This allows long-running services to have limited access, increasing security.
* The PrivateNetwork setting, when set to "yes", provides a private network with only a loopback interface. This allows long-running services that do not require network access to be cut off from the network.


The PrivateNetwork setting, when set to "yes", provides a private network with only a loopback interface. This allows long-running services that do not require network access to be cut off from the network.
For details about this change, see the [https://fedoraproject.org/wiki/Changes/PrivateDevicesAndPrivateNetwork PrivateDevices and PrivateNetwork wiki page].


[[Category:Docs Project]]
[[Category:Docs Project]]
[[Category:Draft documentation]]
[[Category:Draft documentation]]
[[Category:Documentation beats]]
[[Category:Documentation beats]]

Revision as of 17:41, 14 August 2014

Remote journal logging

Journal messages can be forwarded to remote storage, without using a syslog daemon. The systemd-journal-remote and systemd-journal-upload packages provide receiver and sender daemons. Communication is done over HTTPS.

systemd PrivateDevices and PrivateNetwork

Two new security-related options are now being used by systemd for long-running services which do not require access to physical devices or the network:

  • The PrivateDevices setting, when set to "yes", provides a private, minimimal /dev that does not include physical devices. This allows long-running services to have limited access, increasing security.
  • The PrivateNetwork setting, when set to "yes", provides a private network with only a loopback interface. This allows long-running services that do not require network access to be cut off from the network.

For details about this change, see the PrivateDevices and PrivateNetwork wiki page.

Retrieved from "https://fedoraproject.org/w/index.php?title=Documentation_System_Daemons_Beat&oldid=384287"