Marcus Meissner wrote:
On Mon, Sep 10, 2012 at 11:26:30AM +0200, Stephan Kulow wrote:
On 10.09.2012 03:39, Cristian Rodríguez wrote:
Above, there is a list of tasks, which are "up for the grabs" after we completely remove the old sysvinit system from the distribution.
This kind of asks for a meta bug to track the TODOs :)
* We have to remove ConsoleKit, ASAP. its functionality has been replaced by systemd logind, apparently is enough to build polkit with systemd support to achieve this goal.
* build the kernel with CONFIG_AUDIT_LOGINUID_IMMUTABLE=yes
(From these point on sysvinit waves his old arse goodbye)
Can you please elaborate on this one?
Once the loginuid is set, not even root can change it anymore.
relevant kernel code: #ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE if (task->loginuid != -1) return -EPERM; #else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ if (!capable(CAP_AUDIT_CONTROL)) return -EPERM; #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
I am not sure what the relation to systemd is though.
With systemd if you enter e.g. "sudo rcsshd start" a wrappper asks systemd to call the sshd init script as child of systemd. Therefore the newly forked daemon has no loginuid and can set it if needed. If you do that in sysv "sudo rcsshd start" would run in your session directly, inheriting your loginuid. Therefore sshd could not set the loginuid properly anymore for users trying to log in. To fix that sysv would need to run init scripts through a wrapper too. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org