> >That was also the initial design with substantial priv seperation. > >It shouldn't be designed to tap another process potentially running > >with a different uid. > > Not wanting to touch processes that run with different user ids, is that > in order to fully eliminate any influence from the other process/uid on > the servproc process? servproc is quite tighly pledged with "stdio > proc". Just curious.
"proc" -- as root, right? acme-client was designed to updates the certs. Only that. It wasn't designed to start processes and services, kill processes, etc. It looks like you are trying to bring in all the heavyweight designs of certbot. Why do you have a problem with the little bit of shell script running at the correct position and privilege level? Why does it need to be integrated?
