I'm not sure about how systemd behaves. If a proper GID can be configured, it can provide a solution for the grsec PROC vs systemd issue... -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057
2013.December 17.(K) 08:29 időpontban Sven Vermeulen ezt írta: > On Dec 17, 2013 12:56 AM, Tóth Attila <at...@atoth.sote.hu> wrote: >> >> It turns out systemd is not compatible with CONFIG_GRKERNSEC_PROC. It >> has >> been reported as freedesktop bug #65575. Of course if there would be a >> specific group under which systemd performs its proc related activities, >> that could be configured as the exception GID, but I can hardly imagine >> that it is the case. > > I thought one of the principles of systemd is that it keeps running > (daemonized) and you communicate with it over sockets. Are you sure > systemd > doesn't run with a fixed GID? Probably even the root GID. > > Wkr, > Sven >
