Systemd services lack many security and sandboxing settings
The so called exposure level estimated by systemd-analyze security is 9.2/10 "UNSAFE" for the two Sigsum services and the two Trillian services alike. The number is 6.5 "MEDIUM" for the mariadb service. They should all be improved, especially the four we're providing in our Ansible role 'sigsum'.
Edited by Linus Nordberg