conflict between polkit (kde-authentication-agent-1) and /proc fs "hidepid=2" option: regression, or new req't?
PGNet Dev
pgnet.dev at gmail.com
Wed Oct 16 19:07:49 UTC 2019
I run linux KDE + Plasma5.
After recent kernel upgrades from 5.3.5x -> 5.3.6x (currently, 5.3.6-25.gd6c109d), I was no longer able to
-- mount removable devices
-- build/install kernel mods for VirtualBox
-- etc
'polkit-kde-authentication-agent-1' was not longer exec'ing -- either on boot, or manually.
it appears that /proc entry in fstab
/etc/fstab
...
proc /proc proc rw,nosuid,nodev,noexec,relatime,hidepid=2 0 0
^^^^^^^^^
...
now has a problem with "hidepid=2"
changing
- proc /proc proc rw,nosuid,nodev,noexec,relatime,hidepid=2 0 0
+ proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
fixes the problem, so that the agent execs correctly.
it appears there's a (new?) conflict between hidepid and polkit.
QUESTION:
is this intended/expected, and un-hardening the system by removig hidepid is now required?
or, is this a regression? and, if so, in what -- polkit?
details of findings so far, here:
https://bugzilla.opensuse.org/show_bug.cgi?id=1154139
More information about the polkit-devel
mailing list