Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logind: allow to read /proc #21785

Merged
merged 1 commit into from
Dec 17, 2021
Merged

logind: allow to read /proc #21785

merged 1 commit into from
Dec 17, 2021

Conversation

lnussel
Copy link
Contributor

@lnussel lnussel commented Dec 15, 2021

User name and tty are used for wall messages. For that to work logind
must be able to poke around in proc entries of other processes.

@github-actions github-actions bot added the units label Dec 15, 2021
@poettering
Copy link
Member

Just drop the line altogether please, instead.

@lnussel
Copy link
Contributor Author

lnussel commented Dec 15, 2021

How do we prevent that our forgetful selves won't add it again next year in a quest to improve security? :)
Add #ProtectProc=invisible instead?

@mrc0mmand
Copy link
Member

How do we prevent that our forgetful selves won't add it again next year in a quest to improve security? :) Add #ProtectProc=invisible instead?

Maybe adding a test case would help?

@lnussel
logind: allow to read /proc
289c76f 
User name and tty are used for wall messages. For that to work logind
must be able to poke around in proc entries of other processes.
@lnussel
Copy link
Contributor Author

lnussel commented Dec 16, 2021

test cases for that would be ideal indeed. Anyway, removed the setting as requested.

@keszybz keszybz added the good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed label Dec 16, 2021
@poettering
Copy link
Member

you could also leave a comment in: # NB: We don't use ProtectProc= since we need …

@yuwata yuwata added good-to-merge/with-minor-suggestions and removed good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed labels Dec 16, 2021
@yuwata yuwata added this to the v250 milestone Dec 16, 2021
@bluca bluca merged commit 60c5878 into systemd:main Dec 17, 2021
bluca added a commit to bluca/systemd that referenced this pull request Dec 17, 2021
@bluca
logind: add a comment with a reminder why we don't use ProtrectProc=
bff9766 
Follow-up for systemd#21785
@bluca bluca mentioned this pull request Dec 17, 2021
Merged
@bluca
Copy link
Member

bluca commented Dec 17, 2021

Follow-up with comment in #21801 so that we can get this in for rc3

yuwata pushed a commit that referenced this pull request Dec 17, 2021
@bluca @yuwata
logind: add a comment with a reminder why we don't use ProtrectProc=
ba679b8 
Follow-up for #21785
keszybz pushed a commit to systemd/systemd-stable that referenced this pull request Jan 11, 2022
@bluca @keszybz
logind: add a comment with a reminder why we don't use ProtrectProc=
d370601 
Follow-up for systemd/systemd#21785

(cherry picked from commit ba679b8)
keszybz pushed a commit to systemd/systemd-stable that referenced this pull request Jan 13, 2022
@bluca @keszybz
logind: add a comment with a reminder why we don't use ProtrectProc=
194e1e8 
Follow-up for systemd/systemd#21785

(cherry picked from commit ba679b8)
(cherry picked from commit d370601)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
good-to-merge/with-minor-suggestions units
Milestone
v250
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@lnussel @poettering @mrc0mmand @bluca @keszybz @yuwata