On Sa, 13.04.19 14:03, Steve Grubb (sgrubb@xxxxxxxxxx) wrote: > > If you enable lingering for a user, it's the "systemd --user" instance > > (i.e. the per-user service manager) that is started at boot and > > terminated at shutdown (instead of started at first login and > > terminated at last logout of the user), that's all. > > > > If you then run code as user service (i.e. as a service started and > > managed by the "systemd --user" instance instead of PID 1) then it is > > lifecycled (and its processes killed as needed) by the user service > > manager. And you can configure the way you want killing to behave like > > you would for any systemd service: with KillMode= in the unit file. > > This doesn't really fit with the security requirements we need. > Anything run outside of a user session needs to have an audit session id > and login uid assigned to anything run. It has. As mentioned, systemd --user runs as part of a PAM session, hence it acquire its own session ID and loginuid setting as part of that. > We also need to have the ability to know the name of the script that > is being run in an audit event. To my knowledge audit collects the comm name of any process already, no? Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
