[systemd-bugs] [Bug 65575] CONFIG_GRKERNSEC_PROC prevents systemd's active users to have enough permission

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Jul 22 07:32:25 PDT 2013


https://bugs.freedesktop.org/show_bug.cgi?id=65575

--- Comment #7 from Agostino Sarubbo <ago at gentoo.org> ---
(In reply to comment #6)
> Could you be a bit more explicit? What is CONFIG_GRKERNSEC_PROC doing and
> why is breaking systemd?

Sure. 

You can find the info about grsecurity here http://grsecurity.net/

The explanation of the module is:

If you say Y here, the permissions of the /proc filesystem will be altered to
enhance system security and privacy.  You MUST choose either a user only
restriction or a user and group restriction. Depending upon the option you
choose, you can either restrict users to see only the processes they themselves
run, or choose a group that can view all processes and files normally
restricted to root if you choose the "restrict to user only" option.  NOTE: If
you're running identd or ntpd as a non-root user, you will have to run it as
the group you specify here.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20130722/e59458dd/attachment.html>


More information about the systemd-bugs mailing list