It turns out systemd is not compatible with CONFIG_GRKERNSEC_PROC. It has been reported as freedesktop bug #65575. Of course if there would be a specific group under which systemd performs its proc related activities, that could be configured as the exception GID, but I can hardly imagine that it is the case. Gentoo systemd wiki doesn't mention this point, otherwise important for hardened users. Systemd dev stands his ground and puts the period: nothing can be expected until grsecurity hits mainline. That will obviously not happen. I understand the dev having no intentions to support out-of-mainline features. Altering proc access significantly.
Any of you have a workaround for systemd with grsec without completely loosing proc restrictions? I'm trying real hard to be a shepherd. But this time I feel the urge - again - to purge the remnants of the once so shiny GNOME from my systems. Any thoughts on this? Or rather a grsec proc config workaround? Thx: Dw. -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057
