[systemd-devel] [PATCH 3/4] units: differentiate the bus proxy and bus driver for the user manager

Kay Sievers kay at vrfy.org
Thu Dec 26 19:45:32 PST 2013


On Thu, Dec 26, 2013 at 11:35 PM, Giovanni Campagna
<scampa.giovanni at gmail.com> wrote:

> they do need the IPC_OWNER capability, to fake credentials
> on kdbus.

Oh, I guess we should just allow the owner/creator of the bus, the
user in this case, to do all that without the kernel capability.

We should not leak privileges into the user session, systemd --user
runs as the user and any other process of the same user can ptrace it.

Kay


More information about the systemd-devel mailing list