Hi Matus, The workaround for X seems reasonable (and honestly, I haven't seen any issues with X when running in this mode).
The systemd problems are problems with systemd and need to be fixed. I shouldn't have to disable security mechanisms because of systemd. Note: I've also not seen any issues with DBus operations in with this enabled but maybe I wasn't trying the right operations. Granted, I can't manage other people's processes but that's...good, right? Trevor On Wed, Sep 5, 2018 at 5:01 AM Matus Marhefka <[email protected]> wrote: > Hello Trevor, > > this feature would be nice to have and it can be definitely implemented in > SSG. I would suggest to have a rule for it but I would not include it into > any profile by default as this option currently causes issues with other > components (see https://wiki.archlinux.org/index.php/security#hidepid). > This way we can provide a possibility for users to include it into their > profiles using tailoring if they really want to. > > Regards, > Matus Marhefka > > On Tue, Sep 4, 2018 at 4:41 PM, Trevor Vaughan <[email protected]> > wrote: > >> I've had this feature request open for a while at >> https://github.com/OpenSCAP/scap-security-guide/issues/1648 suggesting >> that hidepid=2 be added to /proc to help meet the AC-3 and AC-6 controls. >> >> As we approach EL8 (I think), I'd like to have this discussion since this >> capability has shown to be valuable in a practical way on multi-user >> systems. >> >> Thanks, >> >> Trevor >> >> -- >> Trevor Vaughan >> Vice President, Onyx Point, Inc >> (410) 541-6699 x788 >> >> -- This account not approved for unencrypted proprietary information -- >> >> _______________________________________________ >> scap-security-guide mailing list -- >> [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> >> > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
