Restrict the Mandos server daemon in the systemd service file.
* mandos.service ([Service]/ProtectSystem): Set to "full". ([Service]/PrivateTmp, [Service]/PrivateDevices, [Service]/ProtectHome): Set to "yes". ([Service]/CapabilityBoundingSet): Set to "CAP_SETUID CAP_DAC_OVERRIDE CAP_NET_RAW".
** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()
32
33
** TODO [#B] use scandir(3) instead of readdir(3)
33
34
34
35
* usplash (Deprecated)
35
** TODO [#A] Make it work again
36
** TODO [#B] Make it work again
36
37
** TODO [#B] use scandir(3) instead of readdir(3)
37
38
38
39
* askpass-fifo
76
77
** TODO Use python-tlslite?
77
78
** TODO D-Bus AddClient() method on server object
78
79
** TODO Use org.freedesktop.DBus.Method.NoReply annotation on async methods. :2:
79
** TODO Support [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-objectmanager][org.freedesktop.DBus.ObjectManager]] interface on server object :2: