Added RemoveIPC=, MemorySwapMax=, PrivateUsers=, and various new sub-commands.
These might/might not make the cut for stretch nonetheless its useful to keep an eye on what service features they add that are relevant to us.
Added RemoveIPC=, MemorySwapMax=, PrivateUsers=, and various new sub-commands.
These might/might not make the cut for stretch nonetheless its useful to keep an eye on what service features they add that are relevant to us.
More new protections. Goal is to make long lived processes read-only and decrease kernel attack surface: