[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian fork: 'Devuan', Debian without Systemd

On 03/12/14 21:52, Martinx - ジェームズ wrote:
I'm using `GRSecurity` with Debian in prod and it doesn't work with `systemd`.

I NEED `sysvinit-core` (or upstart) and there is no plans to deploy
`systemd` at my company's public data center. Since it [systemd]
doesn't work here.

If `systemd` gets fixed (to work with `GRSecurity`), then, I'll give
it a second try. Otherwise, I'll need to move to Devuan...

Lennart do not care about that:
https://bugs.freedesktop.org/show_bug.cgi?id=65575 - How bad is that?

A cursory search using duckduckgo with the search terms:

	+grsecurity +systemd

leads me, directly and indirectly, to information on various web sites associated with Arch Linux, Gentoo, and grsecurity which lead me to believe that it is possible to work around the problem described in that bug report without completely disabling CONFIG_GRKERNSEC_PROC. (Of course, I recognize that in any given situation, it may not be acceptable to make the necessary configuration changes.)

That said, I don't see a problem with Lennart's position in that bug report anyway. "Well, this sounds useful, but I don't see how we can support this, we need access to the PID directory of the sender of messages, to collect metadata, there's really no way around it." seems like a perfectly reasonable explanation for things not working-as-intended on systems where that access is not available.

Reply to: