Enable systemd sandboxing feature in unit files (!3) · Merge requests · Debian / sysstat · GitLab

Noah Meyerhans requested to merge noahm/sysstat:sandbox into master Dec 12, 2024

Sandboxing employs kernel facilities such as namespacing, systemcall filters, and capabilities(7) to raise the security posture for the services covered. Documentation at https://manpages.debian.org/unstable/systemd/systemd.exec.5.en.html#SANDBOXING

Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089798