Hi, I was reading up on setting loginuid immutable, and was wondering what are the current known problematic cases.
In general, anything that requires switching a set loginuid to another value will be blocked: - sshd started on another port by the logged in user to debug something, and that debug requires logging in as a different user than the one who started it up - container that starts up within the user's session, instead of via dockerd/containerd, systemd, or some other already-running daemon. I read a lengthy bug in Redhat's bugzilla about a bad interaction with systemd's nspawn, where apparently the container is started directly, and thus inheriting the user's loginuid, instead of being started via a request to systemd (the daemon) The manpage mentions "certain kinds of containers", and I assume it's a reference to nspawn's case above. Are there other prominent problematic situations that people have encountered while setting loginuid immutable? -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
