On 03/12/14 21:52, Martinx - ジェームズ wrote:
I'm using `GRSecurity` with Debian in prod and it doesn't work with `systemd`.
I NEED `sysvinit-core` (or upstart) and there is no plans to deploy
`systemd` at my company's public data center. Since it [systemd]
doesn't work here.
If `systemd` gets fixed (to work with `GRSecurity`), then, I'll give
it a second try. Otherwise, I'll need to move to Devuan...
Lennart do not care about that:
https://bugs.freedesktop.org/show_bug.cgi?id=65575 - How bad is that?
A cursory search using duckduckgo with the search terms:
+grsecurity +systemd
leads me, directly and indirectly, to information on various web sites
associated with Arch Linux, Gentoo, and grsecurity which lead me to
believe that it is possible to work around the problem described in that
bug report without completely disabling CONFIG_GRKERNSEC_PROC. (Of
course, I recognize that in any given situation, it may not be
acceptable to make the necessary configuration changes.)
That said, I don't see a problem with Lennart's position in that bug
report anyway. "Well, this sounds useful, but I don't see how we can
support this, we need access to the PID directory of the sender of
messages, to collect metadata, there's really no way around it." seems
like a perfectly reasonable explanation for things not
working-as-intended on systems where that access is not available.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/547f9a90.5080...@zen.co.uk
