> Does any of this code run in pid 1 when enabled?
No. This is only used by the split-out systemd-journal-remote package,
by /lib/systemd/systemd/-journal-gatewayd. This runs as user "systemd-
journal-gateway" and it is tightly locked down in its session cgroup
(see systemd-journal-gatewayd.service):
User=systemd-jouranl-gateway
Group=systemd-journal-gateway
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
ProtectSystem=full
ProtectHome=yes
So this can't access /home at all, the root partition will be readonly
for it, it does not have /dev access (just a small /dev/null and
/dev/zero private dev). Its sole purpose is to expose
/{var,run}/log/journal/ on a HTTP socket (there is some REST API) so
that remote clients can read and store that.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1488341
Title:
MIR: libmicrohttpd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libmicrohttpd/+bug/1488341/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
