Description
Systemd service confinement can be generated from strace-guided profiling to reduce what a service may access. This tool is for administrators hardening known services after observing normal behavior. Incorrect profiles can break production services or miss rare paths, so test units and rollback plans are required.