Johan Empa @JohanEmpa

8 posts8 participants0 posts today

**hyperreal** @hyperreal@tilde.zone · 1d

I've been looking into hardening systemd and I'm curious why so many units are not hardened by default. Like why isn't it a standard practice to harden systemd units? Do the exposed parts shown in the output of `systemd analyze security <unit>` have that much of an impact on the overall security of the unit? I would think these exposure points would add up to a vulnerability that shouldn't be neglected.

https://blog.sergeantbiggs.net/posts/hardening-applications-with-systemd/

SergeantBiggs Blog · Mar 5, 2022Hardening Applications with systemdBecause we live in the day and age where the new gods have taken over Linux, it’s a good idea to familiarize ourselves with their rituals. Some of them might seem strange to us, but some of them are actually very nice features. One of the features I really like about systemd are the built-in hardening capabilities. The built-in options for hardening are quite extensive, and can best be compared to something like firejail. They both have similar capabilities, but firejail focuses more on desktop applications, whereas systemd hardening applies to systemd units. The hardening options are configured in the units service file, in the [Service] section.

#systemd #FOSS #infosec

Continued thread

**T_X** @T_X@chaos.social · 2d

T_X @T_X@chaos.social

@schenklradio @ffhl @videolan @tokudan entweder muss ich mir vll. noch was mit #systemd basteln, dass das nicht per #SAP (#RFC2974) announced wird, wenn gerade keine Sendung läuft. Weil so ist es außerhalb der Sendezeiten dann komplett still, wenn man's auswählt, was Leute verwirren könnte. Oder gibt es zufällig alternativ sonst noch einen Zwischeneinspieler? Hatte letzten Samstag zum ersten mal reingehört und das klang so, als ob es da am Ende was voraufgezeichnetes gab?

**noroute2host** @noroute2host@mastodon.social · 3d *

3d *

noroute2host @noroute2host@mastodon.social

¿Quién dice que los domingos son para descansar? ¡Vuelta a la carga con más contenido! Arranque automático de #contenedores con #dockercompose y #systemd

https://noroute2host.com/docker-compose-al-arranque-con-systemd.html

noroute2host.com · 3dArranque automático de contenedores con docker-compose y systemdRegresamos a vueltas con contenedores y docker. En este nuevo post vamos a ver como generar un servicio de systemd para nuestros ficheros docker compose o docker-compose.yml. Así que sí, después de la larga espera para hablar un poco de contenedores, vamos a encadenar un par de articulos consecutivos este tema.

#noroute2host #docker #compose

**Gerard Braad** @gbraad@mastodon.social · 3d

Gerard Braad @gbraad@mastodon.social

To download the latest web Remote Extension Host of #VSCodium

https://github.com/gbraad-devenv/fedora/issues/77#issuecomment-2781339941

and to run with #systemd:

https://github.com/gbraad-vscode/code-systemd/issues/2#issuecomment-2781345108

After this, you can open http://[ipaddress]:8000

Note: if you want to restrict this, you can modify the service to bind to only host 127.0.0.1 or something like your Tailscale IP address.

Using: https://github.com/VSCodium/vscodium/releases/download/1.99.02283/vscodium-reh-web-linux-x64-1.99.02283.tar.gz https://github.com/VSCodium/vscodium/releases/download/1.99.02283/vscodium-reh-...

GitHubAdd Codium (web) option · Issue #77 · gbraad-devenv/fedoraBy gbraad

#vscode #development

4d

[[nodiscard]] constexpr auto Herz() noexcept -> @herzenschein@furry.engineer

I just found this website about systemd: https://systemd-by-example.com/

It's a teaching website and playground to learn how to do dependency management with systemd units.

You can follow the instructions locally with a podman container or play with how the example systemd units interact on the website.

systemd-by-example.comsystemd by example - the systemd playground

More from

Sebastian Jambor

#systemd #linux #podman

Continued thread

**Gerard Braad** @gbraad@mastodon.social · 5d

Gerard Braad @gbraad@mastodon.social

I added a few options to my #systemd extension for VSCode; it can switch between user services and system, allows you to group by status, enable/disable, mask/unmask, etc.

I hope to add more detailed information, like if the service is masked, units other than 'services', etc. Hope to get some more time soon, but currently on a short leave.

Thanks for the kind words and support.

Replied to Unix Weekly

**ali miracle** @alimiracle@mastodon.social · 6d

ali miracle @alimiracle@mastodon.social

@unix_discussions great, just what the world needed—systemd with extra portability! Now BSD users can finally experience the joy of debugging 500+ services they never asked for. Truly, a victory for freedom!
#linux
#unix
#systemd
#bsd

**Unix Weekly** @unix_discussions@mastodon.social · 6d

Unix Weekly @unix_discussions@mastodon.social

InitWare, a portable systemd fork running on BSDs and Linux

https://github.com/InitWare/InitWare

Discussions: https://discu.eu/q/https://github.com/InitWare/InitWare

The InitWare Suite of Middleware allows you to manage services and system resources as logical entities called units. Its main component is a service management ("init") system. - InitWar...

GitHubGitHub - InitWare/InitWare: The InitWare Suite of Middleware allows you to manage services and system resources as logical entities called units. Its main component is a service management ("init") system.The InitWare Suite of Middleware allows you to manage services and system resources as logical entities called units. Its main component is a service management ("init") system. - InitWar...

#linux #netbsd #systemd

@thilo@fromm.social · 6d

@thilo@fromm.social

While practising my #kubernetes #systemd #sysext talk for #CloudNative Rejekts I constantly went over time, so I tried a radical concept: just demos, no slides.

Please find the result here: https://m.youtube.com/watch?v=Hb37wNKcZdM and let me know what you think!

m.youtube.com- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

**Lobsters** @lobsters@mastodon.social · 6d

Lobsters @lobsters@mastodon.social

InitWare: systemd-like clone for BSDs https://lobste.rs/s/utis5o #netbsd #systemd
https://github.com/InitWare/InitWare

lobste.rsInitWare: systemd-like clone for BSDs | Lobsters

**Andreas Schneider** @cryptomilk@mastodon.social · Apr 3

Apr 3

Andreas Schneider @cryptomilk@mastodon.social

I've created the first alpha release of libkirmes, a Rust and C library which provides an API to access the systemd userdb.

It will be used in our localkdc project to enrich user information of a user in our kerberos database with information from the local userdb.

https://crates.io/crates/kirmes

crates.iocrates.io: Rust Package Registry

#systemd #kerberos #iakerb

**Frehi** @frehi@fosstodon.org · Apr 2

Apr 2

Frehi @frehi@fosstodon.org

Hurray, systemd-resolved is back in Debian.
https://metadata.ftp-master.debian.org/changelogs//main/s/systemd/systemd_257.4-9_changelog

#systemd #debian

**Scott Laird** @laird@hachyderm.io · Apr 2

Apr 2

Scott Laird @laird@hachyderm.io

Huh. Now that I have #otel traces on a bunch of things at home, it's pretty clear that my clocks aren't in sync on every system. They're maybe 1ms off, but it's enough that supposedly-nested trace spans aren't quite nested right.

Which is annoying since I have two local GPS #NTP receivers.

The two "bad" machines were using #systemd-timesyncd to talk to Ubuntu's pool clocks instead of the local clocks. The "good" machines are using #chrony and claim that they're ~2 us off of GPS time.

Now I'm curious -- is this a problem with network latency and Ubuntu's pool, or is that just as good as timesyncd gets?

**Lobsters** @lobsters@mastodon.social · Mar 31

Mar 31

Lobsters @lobsters@mastodon.social

My Way to Remove Linuxisms from FreeBSD https://lobste.rs/s/njhsdh #freebsd #linux #systemd
https://eugene-andrienko.com/en/it/2025/03/30/freebsd-pkgs-wout-unwanted-deps

lobste.rsMy Way to Remove Linuxisms from FreeBSD | Lobsters

**Morten Linderud** @Foxboron@chaos.social · Mar 31 *

Mar 31 *

Morten Linderud @Foxboron@chaos.social

So, we did a thing.

https://github.com/systemd/systemd/pull/36914

This PR introduces two new changes.
A Go Library
systemd is an important set of libraries and utilities on modern Linux systems. The need to remove C in favour of memory-safe alternative is of peak...

GitHubSupport for Go library and utilities by Foxboron · Pull Request #36914 · systemd/systemdBy Foxboron

#systemd #golang #go

**Lou Lüeder** @lou_de_sel@eldritch.cafe · Mar 31 *

Mar 31 *

Lou Lüeder @lou_de_sel@eldritch.cafe

EDIT: J'ai trouvé cet article et j'ai compris et ça marche https://mo8it.com/blog/quadlet/

S'il y a des gens qui utilisent podman par ici j'ai une question parce que je comprends pas bien la doc.

J'ai un petit container sans root que je lance à la main avec podman start mon_container quand j'en ai besoin et ça commence à devenir un peu redondant vu que je vais souvent sur mon ordi spécifiquement pour l'utiliser. Donc je cherche à le lancer quand j'ouvre ma session.

J'ai voulu générer une unit systemd avec la commande qui va bien mais j'ai vu qu'elle était dépréciée et qu'il était conseillé d'utiliser un "Quadlet" pour faire ça.

Sauf que mon cerveau percute pas du tout la doc officielle. C'est quoi un quadlet ? Comment je transforme mon container en quadlet ? Et comment je lance le quadlet au démarrage de ma session ?

Je prend toute explication/tuto écrit/tuto vidéo !

mo8it.comQuadlet: Running Podman containers under systemdFinally, Podman has a Docker Compose alternative

#podman #quadlet #systemd

Continued thread

**asmw** @asmw@infosec.exchange · Mar 30

Mar 30

asmw @asmw@infosec.exchange

Huh, thanks @mullvadnet!
Created an account and added funds in less than 5 minutes and had #Ipv6 connectivity.

I think a #systemd update broke something with my #wireguard tunnels or routing/port forwarding on the proxy server?

Not in the mood to debug, rebooting fixed the problem.

Replied to wtfismyip

**Kevin Bowen** @kevinbowen@fosstodon.org · Mar 29

Mar 29

Kevin Bowen @kevinbowen@fosstodon.org

@wtfismyip

Good news, for me, personally . Looks like a bit of an ugly process to get there; but, it's important to see how the sausage is made I guess.

https://salsa.debian.org/systemd-team/systemd/-/merge_requests/289

GitLabnon-maintainer upload of 257.4-3.1 (!289) · Merge requests · Debian systemd Team / systemd · GitLabI uploaded this MR to delayed/10 in agreement with Debian's procedures.

#Debian #Linux #SystemD

**st1nger** @st1nger@infosec.exchange · Mar 28

Mar 28

st1nger @st1nger@infosec.exchange

#Debian #systemd maintainer today removed both systemd-resolved and systemd-nspawn packages from Testing/Trixie/Debian 13 - soon to be in feature freeze - due to disagreements with the Technical Committee. New installs can use resolvconf. https://tracker.debian.org/news/1632477/accepted-systemd-2574-4-source-into-unstable/

tracker.debian.orgDebian Package Tracker

**wtfismyip** @wtfismyip@gnu.gl · Mar 28

Mar 28

wtfismyip @wtfismyip@gnu.gl

From Debian Unstable changelog:

systemd-resolved is going away!

Terminal screenshot of the following:

* Drop systemd-resolved package. The ctte has declared that the way the systemd-resolved tool works is incompatible with their decision to prioritize avahi in Debian. Furthermore, the resolved tool is being used to inflict pain on the maintainer, and induce burnout. Regrettably, the only safe solution to ensure this package is compliant with this decision is to drop it, as all reasonable alternatives put forward have been rejected: https://salsa.debian. org/systemd-team/systemd/-/merge_requests/289 (Closes: #1098914)

#Debian #linux #systemd

Recent searches

Search options

Administered by:

Server stats:

#systemd