On Sa, 13.04.19 14:03, Steve Grubb (sgr...@redhat.com) wrote:

> > If you enable lingering for a user, it's the "systemd --user" instance
> > (i.e. the per-user service manager) that is started at boot and
> > terminated at shutdown (instead of started at first login and
> > terminated at last logout of the user), that's all.
> >
> > If you then run code as user service (i.e. as a service started and
> > managed by the "systemd --user" instance instead of PID 1) then it is
> > lifecycled (and its processes killed as needed) by the user service
> > manager. And you can configure the way you want killing to behave like
> > you would for any systemd service: with KillMode= in the unit file.
> This doesn't really fit with the security requirements we need.
> Anything run outside of a user session needs to have an audit session id
> and login uid assigned to anything run.

It has. As mentioned, systemd --user runs as part of a PAM session,
hence it acquire its own session ID and loginuid setting as part of that.

> We also need to have the ability to know the name of the script that
> is being run in an audit event.

To my knowledge audit collects the comm name of any process already, no?


Lennart Poettering, Berlin
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to