Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. Hardened
conky and /proc/net restrictions
powerman at powerman
Sep 30, 2012, 6:21 AM
Post #1 of 2 (889 views)
Permalink
Hi!

Is it possible to work around /proc/net restrictions to let conky access
network traffic stats without running `sudo conky` or disabling
CONFIG_GRKERNSEC_PROC_USER? Maybe using `setfacl` or something like that
to mark /usr/bin/conky allowed to access /proc/net?

--
WBR, Alex.
Re: conky and /proc/net restrictions [ In reply to ]
swift at gentoo
Sep 30, 2012, 7:19 AM
Post #2 of 2 (854 views)
Permalink
On Sep 30, 2012 3:25 PM, "Alex Efros" <powerman@powerman.name> wrote:
> Is it possible to work around /proc/net restrictions to let conky access
> network traffic stats without running `sudo conky` or disabling
> CONFIG_GRKERNSEC_PROC_USER? Maybe using `setfacl` or something like that
> to mark /usr/bin/conky allowed to access /proc/net?

Iirc there is a kernel setting that defines which group (gid) is exempt
from this control. Perhaps you can use that and make the conky user part of
that group?

Wkr,
Sven Vermeulen

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal