On Do, 30.11.17 10:35, Mantas Mikulėnas (graw...@gmail.com) wrote:
> Then I'm guessing ProtectSystem=strict overrides ReadWritePaths and makes
> /var/log read-only...
Hmm, it does? It really shouldn't.
I thought the issues were mostly around InaccessiblePaths= not
permitting exclusions, not abo
2017-11-30 16:07 GMT+01:00 Michael Biebl :
> 2017-11-30 9:35 GMT+01:00 Mantas Mikulėnas :
>> On Thu, Nov 30, 2017 at 10:31 AM, Michael Biebl wrote:
>>>
>>> 2017-11-30 6:52 GMT+01:00 Mantas Mikulėnas :
>>> > On Thu, Nov 30, 2017 at 5:27 AM, Michael Biebl wrote:
>>> >>
>>> >> [Service]
>>> >> Prote
On Thu, 30 Nov 2017 13:29:22 +0100
Lennart Poettering wrote:
> On Do, 30.11.17 12:09, Pekka Paalanen (ppaala...@gmail.com) wrote:
>
> > > Hmm, what is this about?
> > >
> > > This is racy, as the session ID is not really reliably predictable,
> > > and is synthesized in different contexts in di
On Do, 30.11.17 11:16, Martyn Welch (martyn.we...@collabora.co.uk) wrote:
> Debugging suggested that XDG_RUNTIME_DIR was not being created when it
> failed. There are 2 processes setting a PAMName, the failing Weston
> service and the user@.service (IIRC this gets called as part of user
> session
On Do, 30.11.17 12:09, Pekka Paalanen (ppaala...@gmail.com) wrote:
> > Hmm, what is this about?
> >
> > This is racy, as the session ID is not really reliably predictable,
> > and is synthesized in different contexts in different ways, for
> > example depnding on whether audit is enabled in the k
On Thu, Nov 30, 2017, 12:10 Pekka Paalanen wrote:
> > > +# Set up a full user session for the user, required by Weston.
> > > +PAMName=login
> >
> > Piggy-backing on "login" is a bad idea. "login" is a text tool, and
> > thus the PAM rules for it usually pull in some TTY specific PAM
> > modules.
On Thu, 2017-11-30 at 12:09 +0200, Pekka Paalanen wrote:
> On Wed, 29 Nov 2017 19:05:07 +0100
> Lennart Poettering wrote:
>
> > On Di, 28.11.17 12:14, Pekka Paalanen (ppaala...@gmail.com) wrote:
> >
> > > +
> > > +[Unit]
> > > +Description=Weston, a Wayland compositor, as a system service
> > >
On Wed, 29 Nov 2017 19:05:07 +0100
Lennart Poettering wrote:
> On Di, 28.11.17 12:14, Pekka Paalanen (ppaala...@gmail.com) wrote:
>
> > +
> > +[Unit]
> > +Description=Weston, a Wayland compositor, as a system service
> > +Documentation=man:weston(1) man:weston.ini(5)
> > +Documentation=http://wa
On Thu, Nov 30, 2017 at 10:31 AM, Michael Biebl wrote:
> 2017-11-30 6:52 GMT+01:00 Mantas Mikulėnas :
> > On Thu, Nov 30, 2017 at 5:27 AM, Michael Biebl wrote:
> >>
> >> Hi,
> >>
> >> today I tried to lock down the rsyslog.service that I have on my system.
> >>
> >> For that I first created an o
2017-11-30 6:52 GMT+01:00 Mantas Mikulėnas :
> On Thu, Nov 30, 2017 at 5:27 AM, Michael Biebl wrote:
>>
>> Hi,
>>
>> today I tried to lock down the rsyslog.service that I have on my system.
>>
>> For that I first created an override.conf that contained
>>
>> [Service]
>> ProtectHome=yes
>> Private
>>> On 30.11.17 at 09:23, wrote:
> On Wed, Nov 29, Jan Beulich wrote:
>
>> Ah, I see. But then still I don't see why at least on half way
>> recent Xen /sys/hypervisor/properties/features wouldn't have
>> the information you're after (and even more precise, because
>> down the road control domain
On Wed, Nov 29, Jan Beulich wrote:
> Ah, I see. But then still I don't see why at least on half way
> recent Xen /sys/hypervisor/properties/features wouldn't have
> the information you're after (and even more precise, because
> down the road control domain and hardware domain may be
> separate ent
12 matches
Mail list logo
