Merge pull request #927 from bruno-at-bareos/dev/bruno-at-bareos/docu…

…mentation_critical_items_systemd

docs: document critical items  with new systemd service type

CHANGELOG.md

@@ -75,6 +75,8 @@ and since Bareos version 20 this project adheres to [Semantic Versioning](https:
 - add job name in End Job Session output in bls tool [PR #916]
 - added check for orphaned storages in dbcheck [PR #912]
 - added option to delete selected storage in bconsole if it is orphaned [PR #912]
+- docs: BareosSecurityIssues add remark about new systemd service (non forking) logged information into systemd-journal
+- docs: BareosSecurityIssues add remark about new systemd service (non forking) logged information into systemd-journal [PR #927]
 
 ### Changed
 - core: systemd service: change daemon type from forking to simple and start daemons in foreground [PR #824]
@@ -213,4 +215,5 @@ and since Bareos version 20 this project adheres to [Semantic Versioning](https:
 [PR #919]: https://github.com/bareos/bareos/pull/919
 [PR #920]: https://github.com/bareos/bareos/pull/920
 [PR #924]: https://github.com/bareos/bareos/pull/924
+[PR #927]: https://github.com/bareos/bareos/pull/927
 [unreleased]: https://github.com/bareos/bareos/tree/master

docs/manuals/source/TasksAndConcepts/BareosSecurityIssues.rst

@@ -23,6 +23,7 @@ Bareos Security Issues
 
 -  You can restrict what IP addresses Bareos will bind to by using the appropriate DirAddress, FDAddress, or SDAddress records in the respective daemon configuration files.
 
+-  The new systemd service uses the systemd default service type 'Simple', which will log startup errors to systemd-journal. This is particularly useful to debug starting errors. However this could also leak some sensitive information to the journal. Though the access to the systemd journal is sensitive and as such per default restricted, you might want to verify that your installation is strict enough.
 
 
 .. _section-SecureEraseCommand: