[$] Using systemd for more secure services in Fedora

The AF_PACKET local privilege escalation (also known as CVE-2016-8655)has been fixed by most distributions atthis point; stable kernels addressing the problem were released on December 10. But, as adiscussion on the fedora-devel mailing list shows, systemd now providesoptions that could help mitigate CVE-2016-8655 and, more importantly, othervulnerabilities that remain undiscovered or have yet to be introduced. Thegenesis for the discussion was a blogpost from Lennart Poettering about the RestrictAddressFamiliesdirective, but recent systemd versions have other sandboxing features thatcould be used to head off the next vulnerability.