[d-kernel] [PATCH 0/2] Kiosk: turn off secureexec for allowed executables
mcpain на altlinux.org
mcpain на altlinux.org
Ср Авг 6 16:18:21 MSK 2025
From: Oleg Solovyov <mcpain at altlinux.org>
Modern desktop environments tends to become incompatible with kiosk.
KDE works so far but systemd unit fails to launch [1]
GNOME breaks fatally [2]
This happens because /lib/systemd/systemd uses secure_getenv() to get
environment variables and receives NULL since secureexec is enforced by
Kiosk LSM.
Since I am uncertain what else is to be replaced with getenv() in
systemd and how much things it will break in future I chose to allow
running those executables without setting up secureexec.
By default, secureexec is set unless explicitly told not to do so.
[1] https://bugzilla.altlinux.org/55130
[2] https://bugzilla.altlinux.org/55518
Oleg Solovyov (2):
kiosk: split kiosk_nl_send_*
kiosk: add secureexec parameter
security/kiosk/kiosk_lsm.c | 59 ++++++++++++++++++++++++++++++++++----
1 file changed, 54 insertions(+), 5 deletions(-)
--
2.50.1
Подробная информация о списке рассылки devel-kernel