diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2015-01-01 04:40:41 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2015-01-05 14:12:58 -0500 |
commit | 524daa8c3e2bd63ad9dbc24711cdcfb45a65b2db (patch) | |
tree | 2a15cff09799dca02bf99580a89a28da8f94d691 /src/core/ima-setup.h | |
parent | 9c3349e23b14db27e7ba45f82cf647899c563ea9 (diff) |
journal: call connect() with dropped privileges
When systemd starts a service, it first opened /run/systemd/journal/stdout
socket, and only later switched to the right user.group (if they are
specified). Later on, journald looked at the credentials, and saw
root.root, because credentials are stored at the time the socket is
opened. As a result, all messages passed over _TRANSPORT=stdout were
logged with _UID=0, _GID=0.
Drop real uid and gid temporarily to fix the issue.
Diffstat (limited to 'src/core/ima-setup.h')
0 files changed, 0 insertions, 0 deletions