Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Hardened (http://www.linux-archive.org/gentoo-hardened/)
-   -   conky and /proc/net restrictions (http://www.linux-archive.org/gentoo-hardened/708517-conky-proc-net-restrictions.html)

Alex Efros 09-30-2012 01:21 PM
conky and /proc/net restrictions
 
Hi!

Is it possible to work around /proc/net restrictions to let conky access
network traffic stats without running `sudo conky` or disabling
CONFIG_GRKERNSEC_PROC_USER? Maybe using `setfacl` or something like that
to mark /usr/bin/conky allowed to access /proc/net?

--
WBR, Alex.

Sven Vermeulen 09-30-2012 02:19 PM
conky and /proc/net restrictions
 
On Sep 30, 2012 3:25 PM, "Alex Efros" <powerman@powerman.name> wrote:

> Is it possible to work around /proc/net restrictions to let conky access

> network traffic stats without running `sudo conky` or disabling

> CONFIG_GRKERNSEC_PROC_USER? Maybe using `setfacl` or something like that

> to mark /usr/bin/conky allowed to access /proc/net?


Iirc there is a kernel setting that defines which group (gid) is exempt from this control. Perhaps you can use that and make the conky user part of that group?


Wkr,

* Sven Vermeulen


All times are GMT. The time now is 06:03 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.