1 |
On Fri, 2008-03-21 at 10:20 +0000, Roy Marples wrote: |
2 |
> Hi List. |
3 |
> |
4 |
> I've just removed the code to check for euid when running services and instead |
5 |
> relying on permissions of the service state dir and testing errno. This is a |
6 |
> good thing, but it does have one side effect. |
7 |
> |
8 |
> OpenRC can track daemons by how they were started. So every time you run |
9 |
> rc-status it tests each reported service to ensure all daemons are up. This |
10 |
> also works fine unprivileged on normal boxes - except for hardened where |
11 |
> users can only see their own processes. |
12 |
> |
13 |
> This isn't really an easy answer, as we could have installed OpenRC in a |
14 |
> prefix where this wouldn't apply, but we don't know that either. |
15 |
> |
16 |
> Ideas anyone? |
17 |
|
18 |
err... run rc-status as root? |
19 |
|
20 |
I mean if you are not supposed to see if a process is running or not as |
21 |
normal user, then hardned is doin it's job when does not allow rc-status |
22 |
to show this info to the unprivileged user. |
23 |
|
24 |
if (!HARDENED || (HARDENED && euid=0) { |
25 |
/* show if process is running or not */ |
26 |
} |
27 |
|
28 |
> Thanks |
29 |
> |
30 |
> Roy |
31 |
|
32 |
-- |
33 |
gentoo-dev@l.g.o mailing list |