[d-kernel] [PATCH 0/2] Kiosk: turn off secureexec for allowed executables
Vitaly Chikunov
vt на altlinux.org
Ср Авг 6 17:06:06 MSK 2025
Oleg,
On Wed, Aug 06, 2025 at 04:18:21PM +0300, mcpain at altlinux.org wrote:
> From: Oleg Solovyov <mcpain at altlinux.org>
>
> Modern desktop environments tends to become incompatible with kiosk.
> KDE works so far but systemd unit fails to launch [1]
> GNOME breaks fatally [2]
>
> This happens because /lib/systemd/systemd uses secure_getenv() to get
> environment variables and receives NULL since secureexec is enforced by
> Kiosk LSM.
>
> Since I am uncertain what else is to be replaced with getenv() in
> systemd and how much things it will break in future I chose to allow
> running those executables without setting up secureexec.
Не написано кто, планируется, что уберет secureexec флаг, это было бы
полезно знать для понимания замысла/контекста.
Thanks,
>
> By default, secureexec is set unless explicitly told not to do so.
>
> [1] https://bugzilla.altlinux.org/55130
> [2] https://bugzilla.altlinux.org/55518
>
> Oleg Solovyov (2):
> kiosk: split kiosk_nl_send_*
> kiosk: add secureexec parameter
>
> security/kiosk/kiosk_lsm.c | 59 ++++++++++++++++++++++++++++++++++----
> 1 file changed, 54 insertions(+), 5 deletions(-)
>
> --
> 2.50.1
>
> _______________________________________________
> devel-kernel mailing list
> devel-kernel at lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/devel-kernel
Подробная информация о списке рассылки devel-kernel