@nllgg @Cambion Zaterdag spreek ik zelf ook, over het beveiligen van applicaties.
De presentatie is geschikt voor nagenoeg iedereen die al Linux draait. Er komen zowel zaken aan bod geschikt voor beginners. In stappen gaan we de diepte in. Ook gevorderde gebruikers van Linux kunnen waarschijnlijk nog wat leren van de mogelijkheden die #systemd en de #Linux kernel te bieden heeft.
Replaced sudo with run0 and I'm very happy to have one less setuid binary to worry about.
Maak jouw Linux nog veiliger 
Iedere gebruiker kan zijn/haar Linux systeem nóg veiliger maken dan het standaard al is. Dat hoeft niet allemaal bijzonder ingewikkeld te zijn, zoals de mogelijkheden van systemd en sandboxing.
Michael Boelen @mboelen legt het uit.
Kom volgende week ook naar de NLLGG bijeenkomst !
15 Maart, #Utrecht, #NLLGG
#veiligheid #systemd #linux
Vervollständige den Satz:
„Wäre ich einen Tag lang Linux-/Open-Source-Diktator würde ich …“
Bei mir wäre es definitiv das zurechtstutzen von #systemd zu einem reinen Initsystem innerhalb der Distributionen. Aktuell zu ausufernd, inkonsistent und unzuverlässig.
Als zweites #rhel SRPM‘s wieder öffentlich stellen
Found some examples in this repo:
https://github.com/nosada/mkosi-files
Have several build attempts, but still struggle at customizing the built image automatically: file access permissions aren't allowing modifications, sudo in the container does not work, etc.
Anyways, liking that mkosi / systemd-nspawn nicely integrate into the systemd ecosystem - and come with superb documentation.
Trying to get a bit familiar with systemd-nspawn (little bit clumsy name) by following this article:
https://benjamintoll.com/2022/02/04/on-running-systemd-nspawn-containers/
Its a bit outdated, eg. `machinectl pull-raw ...` is `importctl pull-raw`, but it can be translated.
Trying to create an image using `mkosi` that then later can be started.
Overall aim is to start a firefox in a spawned container. Let's see...
Today in "#systemd ruins everything", Jan learns that systemd-resolve...
- runs a proxy DNS server on 127.0.0.53 (which is in /etc/resolv.conf)
- uses it's own /run/systemd/resolve/resolv.conf
- will read and cache /etc/hosts regardless of what /etc/nsswitch.conf says (`ReadEtcHosts` defaults to `yes` in /etc/systemd/resolved.conf)
Applications that follow traditional libc resolver logic now will continue to get /etc/hosts results even if /etc/nsswitch.conf excludes 'files'.
Does the coming #nextcloud #client on #linux now runs as a native #systemd unit for a more userfriendly and 24x7 file synching when more users of a family are using the same linux dektop computer?
what’s the #systemd version of atd? does it exist? do i have to systemd-run?
I've dug into a #systemd problem recently and let it be said that spreading docs across a myriad of man pages sucks! And no single Stackoverflow answer applied to me. The best ones are hard to find because I don't know the right search terms (override? drop-in?). So I resorted to an #LLM to find answers.
They were wrong because the LLM mixed all kinds of sources ("if the uid is 1000, place a file in /home/user/.config/systemd"). But at least they pointed me in the right direction.
How to Create a Custom #Systemd Service in #Linux
https://www.maketecheasier.com/create-custom-systemd-service-in-linux/
Reading this article, particularly the section on the ideas for the future of SystemD, makes me think more and more about FreeBSD.
I almost switched yesterday. Had it installed. ZFS is a dream and native, not like trying to shoe horn in alien technology under Linux. But getting Wayland working seemed to be more effort than I was willing to put in at the time. Tangentially, session management is not an OOB thing with gdm or sddm? Starting the GUI from the command line? Wiring sessions up myself into the display manager? Wut? It's not 1997. Maybe I approached it incorrectly and need to spend more time with it. The Handbook is excellent, except when it isn't. The section on Wayland is quite 'hand wavey'.
Getting the the 4070 working under Debian Trixie was not as straightforward as I'd expected even. Why is Debian, particularly Testing, not following newer NVIDIA drivers? Manpower thing? In retrospect, are newer drivers in backports? Unlikely if not in testing I guess.
Maybe I should poke around with a physical box with a real GPU and FreeBSD to experiment.
Anyway, still on Linux (and SystemD) for now. To be honest, certain amount of FOMO at play as well.
> systemd räumt Dateien in /tmp nach 10 Tagen ohne Benutzung weg, in /var/tmp nach 30 Tagen.
ALS VOREINSTELLUNG?
IST DAS DEREN ERNST?
Lässt sich das irgendwo durch eine Einstellung unterbinden?
Für Microsoft war die GPL mal eine "ansteckende Krankheit".
Ich bin mir nicht sicher, ob systemd nicht die gleiche Bezeichnung verdient.
Submitted my proposal for the @nluug conference in May! It is about #systemd and how to leverage it for improved #LinuxSecurity.
Do you also have something to share about #OpenSource, #OpenStandards or anything related? Submit your proposal: https://cfp.nluug.nl/nluug-voorjaarsconferentie-2025/
If you are a speaker at #FOSDEM or #cfgmgmtcamp, then most likely you are a good match 
Back to #FOSDEM. Will I try #ParticuleOS ? Maybe
Taking a photo of @pid_eins taking a photo of the room before his "14 Years of systemd" #KeynoteTalk
@fosdem #FOSDEM #FOSDEM2025 #FLOSSConf #FLOSSConference #systemd
@krishean that's not how #systemd works.
SystemD was created because #SysVinit was shit and noone fixed it or made something better.
#Wayland is the future as #Xorg is being #EoL'd.
For the shitty #GlibC we have alternatives like #bionic and espechally #musl!
| wörk 
