El 10/09/12 09:12, Ludwig Nussel escribió: vant kernel code:
#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE if (task->loginuid != -1) return -EPERM; #else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ if (!capable(CAP_AUDIT_CONTROL)) return -EPERM; #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
I am not sure what the relation to systemd is though.
With systemd if you enter e.g. "sudo rcsshd start" a wrappper asks systemd to call the sshd init script as child of systemd. Therefore the newly forked daemon has no loginuid and can set it if needed. If you do that in sysv "sudo rcsshd start" would run in your session directly, inheriting your loginuid. Therefore sshd could not set the loginuid properly anymore for users trying to log in. To fix that sysv would need to run init scripts through a wrapper too.
cu Ludwig
DO you think it is reasonable to ask kernel developers to turn this into a sysctl so we simple turn the flag on at some point at startup ? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org