public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Fabian Groffen <grobian@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Testing to see if services have crashed on hardened
Date: Fri, 21 Mar 2008 11:37:11 +0100	[thread overview]
Message-ID: <20080321103711.GA8418@gentoo.org> (raw)
In-Reply-To: <200803211020.45551.roy@marples.name>

On 21-03-2008 10:20:45 +0000, Roy Marples wrote:
> Hi List.
> 
> I've just removed the code to check for euid when running services and
> instead relying on permissions of the service state dir and testing
> errno. This is a good thing, but it does have one side effect.
> 
> OpenRC can track daemons by how they were started. So every time you
> run rc-status it tests each reported service to ensure all daemons are
> up.  This also works fine unprivileged on normal boxes - except for
> hardened where users can only see their own processes.

Assuming you would use libkvm, on Darwin this means as unprivileged user
(not using suid) you can't see any processes at all.

> This isn't really an easy answer, as we could have installed OpenRC in a 
> prefix where this wouldn't apply, but we don't know that either.
> 
> Ideas anyone?

Is there a way to just have some fallback method which is less
functional, but just uses some pid file with a lock or something?


-- 
Fabian Groffen
Gentoo on a different level
-- 
gentoo-dev@lists.gentoo.org mailing list



  reply	other threads:[~2008-03-21 10:37 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-21 10:20 [gentoo-dev] Testing to see if services have crashed on hardened Roy Marples
2008-03-21 10:37 ` Fabian Groffen [this message]
2008-03-21 12:07   ` Roy Marples
2008-03-22 10:27     ` [gentoo-dev] Why no updates on delay of 2008.0 release Ben de Groot
2008-03-22 15:39       ` Sylvain Alain
2008-03-22 21:34         ` [gentoo-dev] " Duncan
2008-03-22 18:54       ` Christian Faulhammer
2008-03-23  2:01       ` [gentoo-dev] " Chrissy Fullam
2008-03-23  5:54         ` [gentoo-dev] " Duncan
2008-03-23 12:17         ` [gentoo-dev] " Richard Freeman
2008-03-23 12:26           ` Ciaran McCreesh
2008-03-23 13:00           ` Ben de Groot
2008-03-25 19:45     ` [gentoo-dev] Testing to see if services have crashed on hardened Fabian Groffen
2008-03-21 10:44 ` Natanael Copa
2008-03-21 12:08   ` Roy Marples
2008-03-21 12:39     ` Natanael Copa
2008-03-21 13:08       ` Roy Marples

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080321103711.GA8418@gentoo.org \
    --to=grobian@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox