[systemd-devel] [PATCH] Split sysctl 50-default.conf setting file

Mantas Mikulėnas grawity at gmail.com
Mon Dec 2 15:55:35 PST 2013


On Dec 3, 2013 1:51 AM, "Tom Gundersen" <teg at jklm.no> wrote:
>
> On Tue, Dec 3, 2013 at 12:04 AM, Kay Sievers <kay at vrfy.org> wrote:
> > On Mon, Dec 2, 2013 at 11:52 PM, Goffredo Baroncelli <kreijack at libero.it>
wrote:
> >
> >> I have ne question: what happens if a sysctl setting is in more than
> >> one file ? systemd-sysctl is smart enough to write the last value or
> >>  perform several writes ?
> >
> > One write only, it logs at "info" level about overwritten values.
> >
> >>> Kay explained in IRC that we do not allow such actions, because
access to
> >>> the keyboad doesn't mean full access to the machine, and we default
to safe
> >>> settings. Allowing the reboot though logind is different, because the
user
> >>> must authenticate first to open a session.
> >>
> >> Sorry, but I cannot agree: from a theoretical point of view Kay has
> >> reason. However who has access to the keyboard and not to the "power
> >> switch" ? If I want to switch the PC and the software cannot allow it,
I
> >> unplug the main power...
> >
> > The keyboard is surely not the computer itself, the wires or the reset
> > or power button. Login prompts must not have the ability to trigger
> > unsafe options with the keyboard alone.
>
> It is useful to imagine an internet cafe, a library, or a school,
> where the user may only have physical access to the keyboard, and not
> the machine itself.

But logind needs to be reconfigured anyway to disallow reboots in this
situation, so why would sysctl be different?

Also Ctrl-Alt-Del and/or the login manager's Reboot option.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20131203/86e9b2ac/attachment.html>


More information about the systemd-devel mailing list