From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-29996-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1JceWG-0006nR-MU
	for garchives@archives.gentoo.org; Fri, 21 Mar 2008 10:30:40 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 90BD0E0592;
	Fri, 21 Mar 2008 10:29:27 +0000 (UTC)
Received: from mail.marples.name (rsm.demon.co.uk [80.177.111.50])
	by pigeon.gentoo.org (Postfix) with ESMTP id 5D8A2E0592
	for <gentoo-dev@lists.gentoo.org>; Fri, 21 Mar 2008 10:29:27 +0000 (UTC)
Received: from uberpc.marples.name (uberpc.marples.name [10.73.1.30])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.marples.name (Postfix) with ESMTP id 16F3719006C
	for <gentoo-dev@lists.gentoo.org>; Fri, 21 Mar 2008 10:20:46 +0000 (GMT)
From: Roy Marples <roy@marples.name>
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] Testing to see if services have crashed on hardened
Date: Fri, 21 Mar 2008 10:20:45 +0000
User-Agent: KMail/1.9.7
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200803211020.45551.roy@marples.name>
X-Archives-Salt: 9296cca1-61ba-4f93-960c-9a5e1c19e1bf
X-Archives-Hash: 3261ae84dc639845caf8a44af46bb9c1

Hi List.

I've just removed the code to check for euid when running services and instead 
relying on permissions of the service state dir and testing errno. This is a 
good thing, but it does have one side effect.

OpenRC can track daemons by how they were started. So every time you run 
rc-status it tests each reported service to ensure all daemons are up.  This 
also works fine unprivileged on normal boxes - except for hardened where 
users can only see their own processes.

This isn't really an easy answer, as we could have installed OpenRC in a 
prefix where this wouldn't apply, but we don't know that either.

Ideas anyone?

Thanks

Roy
-- 
gentoo-dev@lists.gentoo.org mailing list