Re: graphical sessions inherits display-maanger only partly

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Am 22.01.19 um 08:12 schrieb Mantas Mikulėnas:
> On Tue, Jan 22, 2019 at 3:46 AM Reindl Harald <h.reindl@xxxxxxxxxxxxx
> <mailto:h.reindl@xxxxxxxxxxxxx>> wrote:
> 
> 
>     "ProtectSystem=full" with the setup below just works, "su -" in a
>     konsole within the graphical session don't gain write permissions
> 
>     Tasks: 4
>     why?
> 
>     shouldn't everything started after the graphical login interherit any
>     settings from teh display-manager service and run under it's cgroup?
> 
> 
> No, one of the first things done during login is to create a new logind
> session with associated cgroup (under user.slice) and move your process
> into it.

so that ProtectSystem and FS namespaces are properly interhited is more
luck than by design?

the idea is to restrict everything running in grpahical sessions
administration is always done via sshd
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux