a) You state that some policy says that no ports other than 22 should be open, which policy is that? Does it apply only to cloud images, or is it an Ubuntu policy in general?
b) This is in mantic release at the moment, and switching that option back to "no" could regress users that were relying on this default. What exactly are we losing when we disable this service in this SRU? I checked the original commit[1] but it does not have a bug number linked to it with more details about what was the reasoning to enable this option in the first place.
c) If this is only about cloud images, is the workaround in comment #4 something that could be added to the cloud image build process, or we really want to avoid that?
d) Are there specific security concerns with keeping this service enabled? I presume these were considered when the option was set to "resolve" in that commit[1].
Hi Philip,
I have some questions here:
a) You state that some policy says that no ports other than 22 should be open, which policy is that? Does it apply only to cloud images, or is it an Ubuntu policy in general?
b) This is in mantic release at the moment, and switching that option back to "no" could regress users that were relying on this default. What exactly are we losing when we disable this service in this SRU? I checked the original commit[1] but it does not have a bug number linked to it with more details about what was the reasoning to enable this option in the first place.
c) If this is only about cloud images, is the workaround in comment #4 something that could be added to the cloud image build process, or we really want to avoid that?
d) Are there specific security concerns with keeping this service enabled? I presume these were considered when the option was set to "resolve" in that commit[1].
1. https:/ /git.launchpad. net/~ubuntu- core-dev/ ubuntu/ +source/ systemd/ commit/ ?id=b308303f344 84b293920473e5c 4e0395142e4bcc