On Thu, 2 Feb 2023 13:32:14 +0100 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2023-02-02 12:31, Erwin Lam wrote:
On 01-02-2023 15:17, Carlos E. R. wrote:
On 2023-02-01 15:00, Bengt Gördén wrote:
Carlos E. R. wrote:
...
Hi Carlos,
The issue is caused by systemd hardening. Have a look at the file "/usr/lib/systemd/system/mlocate.service",in particular the line "ProtectKernelModules=true". This systemd setting not only prevents the service from loading any modules, but also denies the service access to directory "/lib/modules".
Wow.
I would never have guessed that.
[snip of evidence showing that actually is the case] Is it just me or does that seem like a complication too far to everybody else? An unexpected failure of a well-known longstanding sevice with a totally unexpected and difficult to find reason, and all to what purpose? It doesn't stop bad actors accessing the modules in some other way. What were the systemd people smoking?