On Sun, 2017-07-23 at 12:13 +0200, Yves-Alexis Perez wrote: > On Sun, 2017-07-23 at 04:30 +0200, Michael Biebl wrote: > > > > > > There is https://bugzilla.redhat.com/show_bug.cgi?id=1130796 which > > provides some more background and also mentions a workaround, i.e. > > mounting proc with gid=<somegroup> and adding polkitd to that group. > > I haven't actually tested that though. > > Thanks, I'll try the gid thing and report back, but I had the impression that > the /proc/1/cgroup access was done as my user/group and not by polkitd as > polkitd user/group.
Confirmed, giving access to /proc to polkitd user (running polkitd) is not enough, the authentication agent seems to requires that as well (and granting my user access to /proc denies the interest of hidepid). Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
