Fedora 40 Enhances Security with Systemd Hardening Measures
Fedora 40 is set to enhance system security by utilizing high-level security features offered by systemd, as reported by Phoronix. The upcoming release of Fedora plans to enable several optional settings provided by systemd to strengthen the security of services running on the system. These settings include PrivateTmp, ProtectSystem, ProtectHome, ProtectClock, ProtectHostname, ProtectKernelModules, PrivateDevices, PrivateNetwork, NoNewPrivileges, ProtectKernelTunables, and other options that provide additional restrictions and isolation for systemd services.
The change proposal for this systemd security hardening has been approved by the Fedora Engineering and Steering Committee (FESCo) and is expected to be implemented in Fedora 40, due to debut in the spring. The inclusion of these security measures will significantly enhance the default security of Fedora services, protecting against any potential unknown security vulnerabilities in default system services.
For more information on the systemd security hardening changes planned for Fedora 40, you can refer to the change proposal and the approval by FESCo.
Source: Phoronix.