[systemd-devel] Failed to determine supported controllers: No such process
Reindl Harald
h.reindl at thelounge.net
Tue Jan 21 14:55:30 UTC 2020
Hi
about to upgrade prepare Fedora 31 upgrades
------------------------------
Jan 21 15:30:01 testserver systemd[17664]: Failed to determine supported
controllers: No such process
Jan 21 15:30:01 testserver systemd[17664]: Failed to allocate manager
object: No such process
Jan 21 15:30:01 testserver systemd[1]: user at 48.service: Failed with
result 'protocol'.
Jan 21 15:30:01 testserver systemd[1]: Failed to start User Manager for
UID 48.
------------------------------
this is pretty sure a classical cronjob running as "apache"
we do we need to lower security with never ssystemd versions in case i
am right about "ProtectControlGroups=yes" is the problem?
------------------------------
[root at testserver:~]$ cat /etc/systemd/system/crond.service.d/security.conf
[Service]
# global restrictions
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_LOCAL AF_UNIX AF_NETLINK
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @reboot @swap
# allow raid-check with 'ProtectKernelTunables' enabled
ReadWritePaths=-/sys/block/md0
ReadWritePaths=-/sys/block/md1
ReadWritePaths=-/sys/block/md2
# protect root-account
ReadOnlyPaths=-/root/.bash_logout
ReadOnlyPaths=-/root/.bash_profile
ReadOnlyPaths=-/root/.bashrc
ReadOnlyPaths=-/root/.cshrc
ReadOnlyPaths=-/root/.local/bin
ReadOnlyPaths=-/root/.local/sbin
ReadOnlyPaths=-/root/.local/share
ReadOnlyPaths=-/root/.tcshrc
ReadOnlyPaths=-/root/.ssh/authorized_keys
ReadOnlyPaths=-/root/.ssh/authorized_keys2
# write-protect boot-partition and rpm-database
ReadOnlyPaths=-/boot
ReadOnlyPaths=-/var/lib/rpm
# write-protect system-folders
ReadOnlyPaths=-/usr/bin
ReadOnlyPaths=-/usr/include
ReadOnlyPaths=-/usr/lib
ReadOnlyPaths=-/usr/lib64
ReadOnlyPaths=-/usr/libexec
ReadOnlyPaths=-/usr/local/bin
ReadOnlyPaths=-/usr/local/sbin
ReadOnlyPaths=-/usr/sbin
ReadOnlyPaths=-/usr/share
ReadOnlyPaths=-/usr/src
# prohibit change system-users/groups from root-cronjobs
ReadOnlyPaths=-/etc/group
ReadOnlyPaths=-/etc/group-
ReadOnlyPaths=-/etc/gshadow
ReadOnlyPaths=-/etc/gshadow-
ReadOnlyPaths=-/etc/passwd
ReadOnlyPaths=-/etc/passwd-
ReadOnlyPaths=-/etc/shadow
ReadOnlyPaths=-/etc/shadow-
ReadOnlyPaths=-/etc/subgid
ReadOnlyPaths=-/etc/subgid-
ReadOnlyPaths=-/etc/subuid
ReadOnlyPaths=-/etc/subuid-
# write-protect critical config-files
ReadOnlyPaths=-/etc/aliases
ReadOnlyPaths=-/etc/anacrontab
ReadOnlyPaths=-/etc/bashrc
ReadOnlyPaths=-/etc/cron.allow
ReadOnlyPaths=-/etc/cron.deny
ReadOnlyPaths=-/etc/crontab
ReadOnlyPaths=-/etc/crypttab
ReadOnlyPaths=-/etc/dracut.conf
ReadOnlyPaths=-/etc/e2fsck.conf
ReadOnlyPaths=-/etc/ethertypes
ReadOnlyPaths=-/etc/filesystems
ReadOnlyPaths=-/etc/fstab
ReadOnlyPaths=-/etc/host.conf
ReadOnlyPaths=-/etc/hostname
ReadOnlyPaths=-/etc/hosts
ReadOnlyPaths=-/etc/hosts.allow
ReadOnlyPaths=-/etc/hosts.deny
ReadOnlyPaths=-/etc/inittab
ReadOnlyPaths=-/etc/ld.so.cache
ReadOnlyPaths=-/etc/ld.so.conf
ReadOnlyPaths=-/etc/libuser.conf
ReadOnlyPaths=-/etc/locale.conf
ReadOnlyPaths=-/etc/login.defs
ReadOnlyPaths=-/etc/mdadm.conf
ReadOnlyPaths=-/etc/mke2fs.conf
ReadOnlyPaths=-/etc/my.cnf
ReadOnlyPaths=-/etc/netconfig
ReadOnlyPaths=-/etc/networks
ReadOnlyPaths=-/etc/nsswitch.conf
ReadOnlyPaths=-/etc/ntp.conf
ReadOnlyPaths=-/etc/php.ini
ReadOnlyPaths=-/etc/profile
ReadOnlyPaths=-/etc/protocols
ReadOnlyPaths=-/etc/resolv.conf
ReadOnlyPaths=-/etc/rkhunter.conf
ReadOnlyPaths=-/etc/rkhunter.conf.local
ReadOnlyPaths=-/etc/rsyslog.conf
ReadOnlyPaths=-/etc/shells
ReadOnlyPaths=-/etc/sudoers
ReadOnlyPaths=-/etc/sysctl.conf
ReadOnlyPaths=-/etc/xattr.conf
# write-protect critical config-folders
ReadOnlyPaths=-/etc/alternatives
ReadOnlyPaths=-/etc/bash_completion.d
ReadOnlyPaths=-/etc/binfmt.d
ReadOnlyPaths=-/etc/chkconfig.d
ReadOnlyPaths=-/etc/cron.d
ReadOnlyPaths=-/etc/cron.daily
ReadOnlyPaths=-/etc/cron.hourly
ReadOnlyPaths=-/etc/cron.monthly
ReadOnlyPaths=-/etc/cron.weekly
ReadOnlyPaths=-/etc/depmod.d
ReadOnlyPaths=-/etc/dnf
ReadOnlyPaths=-/etc/dracut.conf.d
ReadOnlyPaths=-/etc/exports.d
ReadOnlyPaths=-/etc/grub.d
ReadOnlyPaths=-/etc/iproute2
ReadOnlyPaths=-/etc/krb5.conf.d
ReadOnlyPaths=-/etc/ld.so.conf.d
ReadOnlyPaths=-/etc/logrotate.d
ReadOnlyPaths=-/etc/logwatch
ReadOnlyPaths=-/etc/lynis
ReadOnlyPaths=-/etc/modprobe.d
ReadOnlyPaths=-/etc/modules-load.d
ReadOnlyPaths=-/etc/openvpn
ReadOnlyPaths=-/etc/pam.d
ReadOnlyPaths=-/etc/php
ReadOnlyPaths=-/etc/php.d
ReadOnlyPaths=-/etc/php.lounge.d
ReadOnlyPaths=-/etc/popt.d
ReadOnlyPaths=-/etc/prelink.conf.d
ReadOnlyPaths=-/etc/profile.d
ReadOnlyPaths=-/etc/rc.d
ReadOnlyPaths=-/etc/request-key.d
ReadOnlyPaths=-/etc/rpm
ReadOnlyPaths=-/etc/rsyslog.d
ReadOnlyPaths=-/etc/security
ReadOnlyPaths=-/etc/selinux
ReadOnlyPaths=-/etc/sensors.d
ReadOnlyPaths=-/etc/skel
ReadOnlyPaths=-/etc/sudoers.d
ReadOnlyPaths=-/etc/sysctl.d
ReadOnlyPaths=-/etc/tmpfiles.d
ReadOnlyPaths=-/etc/udev
ReadOnlyPaths=-/etc/xdg
ReadOnlyPaths=-/etc/xinetd.d
ReadOnlyPaths=-/etc/yum.repos.d
More information about the systemd-devel
mailing list