Bug#925552: release-notes: document problems with hidepid vs Buster systemd
Andrei POPESCU wrote: >> + disable it before the upgrade, to ensure login sessions work on >> + &releasename;. (A possible route to re-enabling it is outlined on the > > Any particular reason for using "&releasename;" instead of "buster"? > > At least for me it's easier to read (and understand) the source text > without so much markup. I'll just have been copying the prevailing markup features from neighbouring sections.. Personally I would be happy to see &releasename; etc. eliminated in any section that won't be kept for the buster->bullseye edition (and the places that don't change should rarely mention releasenames). It's not quite as bad as &debian;, which almost never makes sense, since anybody recycling this document for (e.g.) Devuan would need to change almost everything else, too. But I've given up trying to get this sorted out, just as I've given up asking why it is that we write "stretch" when the release announcement called it "Stretch" and it's named after something called "Stretch"! -- JBR with qualifications in linguistics, experience as a Debian sysadmin, and probably no clue about this particular package
Bug#925552: release-notes: document problems with hidepid vs Buster systemd
On Sb, 20 apr 19, 18:40:17, Justin B Rye wrote: > Andrei POPESCU wrote: > > Justin B Rye wrote: > >> The "hidepid" mount-options for /proc (as recommended by various > > > > Why plural? Both the wiki and proc(5) are using singular. > > You're right - I was thinking of "hidepid=0/1/2" as separate options, > but yes, the approved terminology is to call it one option with > multiple possible arguments. I suppose I could argue that it's > only the non-zero arguments that cause problems rather than the > hidepid option itself, but no, here's a patch making it singular. :) > diff --git a/en/issues.dbk b/en/issues.dbk > index 39d27b25..81ed5863 100644 > --- a/en/issues.dbk > +++ b/en/issues.dbk > @@ -41,15 +41,15 @@ information mentioned in . > > > > -Hidepid mount options for procfs unsupported > +Hidepid mount option for procfs unsupported > > - The hidepid mount options for > - /proc are known to cause problems with current > - versions of systemd, and are considered by systemd upstream to be an > + Using the hidepid mount option for > + /proc is known to cause problems with current > + versions of systemd, and is considered by systemd upstream to be an >unsupported configuration. Users who have modified > - /etc/fstab to enable these options are advised to > - disable them before the upgrade, to ensure login sessions work on > - &releasename;. (A possible route to re-enabling them is outlined on the > + /etc/fstab to enable this option are advised to > + disable it before the upgrade, to ensure login sessions work on > + &releasename;. (A possible route to re-enabling it is outlined on the Any particular reason for using "&releasename;" instead of "buster"? At least for me it's easier to read (and understand) the source text without so much markup. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Bug#925552: release-notes: document problems with hidepid vs Buster systemd
Andrei POPESCU wrote: > Justin B Rye wrote: >> The "hidepid" mount-options for /proc (as recommended by various > > Why plural? Both the wiki and proc(5) are using singular. You're right - I was thinking of "hidepid=0/1/2" as separate options, but yes, the approved terminology is to call it one option with multiple possible arguments. I suppose I could argue that it's only the non-zero arguments that cause problems rather than the hidepid option itself, but no, here's a patch making it singular. -- JBR with qualifications in linguistics, experience as a Debian sysadmin, and probably no clue about this particular package diff --git a/en/issues.dbk b/en/issues.dbk index 39d27b25..81ed5863 100644 --- a/en/issues.dbk +++ b/en/issues.dbk @@ -41,15 +41,15 @@ information mentioned in . -Hidepid mount options for procfs unsupported +Hidepid mount option for procfs unsupported - The hidepid mount options for - /proc are known to cause problems with current - versions of systemd, and are considered by systemd upstream to be an + Using the hidepid mount option for + /proc is known to cause problems with current + versions of systemd, and is considered by systemd upstream to be an unsupported configuration. Users who have modified - /etc/fstab to enable these options are advised to - disable them before the upgrade, to ensure login sessions work on - &releasename;. (A possible route to re-enabling them is outlined on the + /etc/fstab to enable this option are advised to + disable it before the upgrade, to ensure login sessions work on + &releasename;. (A possible route to re-enabling it is outlined on the wiki's https://wiki.debian.org/Hardening#Mounting_.2Fproc_with_hidepid";>Hardening page.)
Bug#925552: release-notes: document problems with hidepid vs Buster systemd
On Ma, 26 mar 19, 18:12:38, Justin B Rye wrote: > > The "hidepid" mount-options for /proc (as recommended by various Why plural? Both the wiki and proc(5) are using singular. Thanks, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Bug#925552: release-notes: document problems with hidepid vs Buster systemd
Package: release-notes Severity: wishlist Tags: patch The "hidepid" mount-options for /proc (as recommended by various online hardening HOWTOs) work with Stretch but cause problems on Buster, and are considered an unsupported configuration by systemd upstream - see #819808, #892585, #897654. So users should probably be advised to disable hidepid before doing a dist-upgrade. Proposed text for issues.dbk: Hidepid mount options for procfs unsupported The hidepid mount options to /proc are known to cause problems with current versions of systemd, and are considered by systemd upstream to be an unsupported configuration. Users who have modified /etc/fstab to enable these options are advised to disable them before the upgrade, to ensure login sessions work on &releasename;. (A possible route to re-enabling them is outlined on the wiki's https://wiki.debian.org/Hardening#Mounting_.2Fproc_with_hidepid";>Hardening page.) I can't claim to have tested the advice on that Hardening link on a modern laptop running GNOME-on-wayland with pulseaudio and udisks2 and network-manager and so on, but if it's wrong, we should correct the wiki rather than the pointer. -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- JBR with qualifications in linguistics, experience as a Debian sysadmin, and probably no clue about this particular package diff --git a/en/issues.dbk b/en/issues.dbk index 35841ee6..b69e7dbe 100644 --- a/en/issues.dbk +++ b/en/issues.dbk @@ -39,6 +39,22 @@ information mentioned in . + + +Hidepid mount options for procfs unsupported + + The hidepid mount options to /proc are known to cause + problems with current versions of systemd, and are considered by systemd + upstream to be an unsupported configuration. Users who have modified + /etc/fstab to enable these options are advised to + disable them before the upgrade, to ensure login sessions work on + &releasename;. (A possible route to re-enabling them is outlined on the + wiki's https://wiki.debian.org/Hardening#Mounting_.2Fproc_with_hidepid";>Hardening + page.) + + + Noteworthy obsolete packages