This change (juju4@8621f1f) adds security hardening capabilities from systemd per https://www.freedesktop.org/software/systemd/man/systemd.exec.html
It brings down exposure level from 9.6 to 2.8 (systemd-analyze security omid) and would likely limit impact of vulnerability like recent one (https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure)
It requires more extensive testing as I only ensured that service is started and no error in /var/opt/omi/log/omiserver.log.
This change (juju4@8621f1f) adds security hardening capabilities from systemd per https://www.freedesktop.org/software/systemd/man/systemd.exec.html
It brings down exposure level from 9.6 to 2.8 (
systemd-analyze security omid) and would likely limit impact of vulnerability like recent one (https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure)It requires more extensive testing as I only ensured that service is started and no error in /var/opt/omi/log/omiserver.log.