On Wed, 25.01.12 11:11, Jan Engelhardt ([email protected]) wrote: > >[v39] > >* If a group "adm" exists, journal files are automatically > > owned by them > > This sounds like it has the potential that journal files suddenly > beomce writable by a random user group that has existed previously.
They are only readable to "adm", not writable. And "adm" has been defined as "the group which (among other things possibly) is allowed to read log files" on Debian and a number of other Linux distributions. I think this is quite safe to do, and are very useful semantics that make sense to adopt across all Linux distributions. If a distro believes this a huge security thread, they are welcome to maintain a patch to our sources in their rpms to use a different group. > >[v38] > >* Output of SysV services is now forwarded to both the console > > and the journal by default, not only just the console. > > I would actually prefer if it wrote that to the current tty that > invoked the start action, rather than the console which is stowed > away in a deep cellar... We explicitly want to avoid that services are entirely isolated from the user session they are started from. Running a service with the tty of the user running the command would be the absolute opposite of "isolated". In fact, this kind of isolation is one of the big features of systemd. > >* Processes with '@' in argv[0][0] are now excluded from the > > final shut-down killing spree > > Did you consider > http://lists.freedesktop.org/archives/systemd-devel/2012-January/004221.html ? Hmm? what pecisely? I though I already made clear that there's a difference between asking "did this process originate from the initrd?" and "shall this process be killed during the final killing spree?". While there's a big voerlap, and only processes which qualify for the former shall answer "yes" to the latter they aren't the same thing. Or, in other words: I really want people to think about this whole problem before they exclude themselves from the killing spree. Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
