summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorTom Gundersen <teg@jklm.no>2014-06-01 22:01:20 +0100
committerTom Gundersen <teg@jklm.no>2014-06-03 10:40:28 +0200
commit682265d5e2157882861b0091c6b81fa92699b72a (patch)
treedde1a99c7c4df2c673f4dabe02b7b6ba8409aede /README
parent0bbea466dcafc0ff51811a3bc451e983c02e63bf (diff)
resolved: run as unpriviliged "systemd-resolve" user
This service is not yet network facing, but let's prepare nonetheless. Currently all caps are dropped, but some may need to be kept in the future.
Diffstat (limited to 'README')
-rw-r--r--README5
1 files changed, 5 insertions, 0 deletions
diff --git a/README b/README
index 0ea50434bb..adc5b081d2 100644
--- a/README
+++ b/README
@@ -193,6 +193,11 @@ USERS AND GROUPS:
facing service will drop privileges (with the exception of
CAP_NET_*) and assumed this uid/gid for security reasons.
+ The name resolution daemon requires the "systemd-resolve"
+ system user and group to exist. During execution this network
+ facing service will drop privileges and assume this uid/gid
+ for security reasons.
+
WARNINGS:
systemd will warn you during boot if /etc/mtab is not a
symlink to /proc/mounts. Please ensure that /etc/mtab is a