| 1 |
On Fri, 2008-03-21 at 10:20 +0000, Roy Marples wrote: |
| 2 |
> Hi List. |
| 3 |
> |
| 4 |
> I've just removed the code to check for euid when running services and instead |
| 5 |
> relying on permissions of the service state dir and testing errno. This is a |
| 6 |
> good thing, but it does have one side effect. |
| 7 |
> |
| 8 |
> OpenRC can track daemons by how they were started. So every time you run |
| 9 |
> rc-status it tests each reported service to ensure all daemons are up. This |
| 10 |
> also works fine unprivileged on normal boxes - except for hardened where |
| 11 |
> users can only see their own processes. |
| 12 |
> |
| 13 |
> This isn't really an easy answer, as we could have installed OpenRC in a |
| 14 |
> prefix where this wouldn't apply, but we don't know that either. |
| 15 |
> |
| 16 |
> Ideas anyone? |
| 17 |
|
| 18 |
err... run rc-status as root? |
| 19 |
|
| 20 |
I mean if you are not supposed to see if a process is running or not as |
| 21 |
normal user, then hardned is doin it's job when does not allow rc-status |
| 22 |
to show this info to the unprivileged user. |
| 23 |
|
| 24 |
if (!HARDENED || (HARDENED && euid=0) { |
| 25 |
/* show if process is running or not */ |
| 26 |
} |
| 27 |
|
| 28 |
> Thanks |
| 29 |
> |
| 30 |
> Roy |
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-dev@l.g.o mailing list |
Archives