I was thinking about this and the problem is actually that runuser
returns (and control is returned to the privileged parent) while there's
an unprivileged descendant with a handle to the tty.
Thus, it seems that it could be solved by having runuser run the child
into a new cgroup and refusing to return while there's any remaining
process there.
Although depending on the exact way that people is expecting to use job
control, that might still interefere despite not changing the session
leader. Do we know actual usages that should continue working?
Regards
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
