On Fri, May 04, 2018 at 18:28:36 +0200, Michael Biebl wrote: > Use a drop-in config as described in the Arch wiki: > > For user sessions to work correctly, an exception needs to be added for > systemd-logind: > > /etc/systemd/system/systemd-logind.service.d/hidepid.conf containing > > [Service] > SupplementaryGroups=proc
Odd, I thought I had created exactly that file (but named override.conf and with "adm") via "systemctl edit systemd-logind", and got this error: Service has more than one ExecStart= setting But it's working fine now and I do get a session. > Well, I think granting read access to the syslog files (and the journal > fwiw) as a side effect of granting read access to /proc makes group adm > a poor choice. Those should be treated separately. > > A dedicated "proc" group, as the Arch wiki suggests, makes much more > sense to me. Access to /proc isn't really a side-effect if 'adm' is for "system monitoring/security". Though in practice it does just seem to be used for log access. I can't really ask you to add "SupplementaryGroups=proc" when the group doesn't exist by default. Of course, anyone enabling hidepid can do it either way, once they figure out what's going on. The systemd overrides make it pretty convenient (e.g., I don't have to maintain an entire copy of the service file with one extra line). -- Michael
signature.asc
Description: PGP signature
--------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
_______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
