Re: Why sysrq is limited to only "sync" command on official fedora kernel?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dne 25.2.2015 v 18:44 Reindl Harald napsal(a):



Am 25.02.2015 um 18:37 schrieb Paul Wouters:

On Wed, 25 Feb 2015, Lennart Poettering wrote:


Hmm? Syncing is allowed to my knowledge. C-a-d and gdm allow a clean
reboot/poweroff. But sysrq does an abnormal reboot/poweroff, which we
cannot allow. Similar, remounting read-only is also security senstive,
which we cannot allow.

Without being logged in there's very little you can do on a host right
now, and sysrq should not open up more there by default.


You must have forgotten your university days....

The alternative to not being able to sync-umount-boot using sysrq is to
flip the switch. I'd rather have them use sysrq.

I said it when they closed X ctrl-alt-backspace and I'll say it now.
When you are on console with the power plug, preventing these actions
is stupid


when you are on a machine where you have pysical only keyboard and mouse it is
not - not every PC stands in front of your face - think about kiosk mode and
so on...
When I read such answers - I always wonder myself - how many kiosk ever run Fedora...
It's such a bad idea to optimize Fedora for one-in-milion users and those 999.999 has to suffer instead of require 1 guy to configure more secure version.
On the other hand - Fedora might easily provide a 'script' to disable all obscure 'security' settings - if that's the only thing to pass the security audit with 'defaults'...
And my recent personal experience - I tried to configure NFS to use it between my qemu and host machine - and guess what - first thing which has been instantly removed from host was firewalld as this piece is simply unconfigurable nonsense and the second one is absurdly broken nfs4 - replaced with usable nfs3...
People need to do their works and don't have time to spend ours figuring out where the settings has been shifted after some security-person decisions and systemd upgrades.... 

Regards

Zdenek

--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux