[systemd-devel] [PATCH] Split sysctl 50-default.conf setting file

Tom Gundersen teg at jklm.no
Mon Dec 2 15:51:03 PST 2013


On Tue, Dec 3, 2013 at 12:04 AM, Kay Sievers <kay at vrfy.org> wrote:
> On Mon, Dec 2, 2013 at 11:52 PM, Goffredo Baroncelli <kreijack at libero.it> wrote:
>
>> I have ne question: what happens if a sysctl setting is in more than
>> one file ? systemd-sysctl is smart enough to write the last value or
>>  perform several writes ?
>
> One write only, it logs at "info" level about overwritten values.
>
>>> Kay explained in IRC that we do not allow such actions, because access to
>>> the keyboad doesn't mean full access to the machine, and we default to safe
>>> settings. Allowing the reboot though logind is different, because the user
>>> must authenticate first to open a session.
>>
>> Sorry, but I cannot agree: from a theoretical point of view Kay has
>> reason. However who has access to the keyboard and not to the "power
>> switch" ? If I want to switch the PC and the software cannot allow it, I
>> unplug the main power...
>
> The keyboard is surely not the computer itself, the wires or the reset
> or power button. Login prompts must not have the ability to trigger
> unsafe options with the keyboard alone.

It is useful to imagine an internet cafe, a library, or a school,
where the user may only have physical access to the keyboard, and not
the machine itself.

>> I think that we should give access to other keys like:
>> - Boot
>> - Reboot
>> - powerOff
>> - Umount
>
> Sure it's useful for you as it is for me on my box, but it is not a
> safe default. You need to set it locally, we cannot do that.
>
> Kay
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel


More information about the systemd-devel mailing list