You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The system daemon probably doesn't really need to run as root (which the client currently checks for -- needlessly, AFAICT). If the system daemon gets handed an open file descriptor to /dev/uhid, that's about all the privileges it needs (and handing on that FD can probably be done in the systemd unit).
A number of good ideas in: http://0pointer.net/public/systemd-nluug-2014.pdf
Should be as simple as trying each mitigation and see which can be enabled without breaking anything.
Possibly more in the following presentation: http://ftp.nluug.nl/video/nluug/2014-11-20_nj14/zaal-2/5_Lennart_Poettering_-_Systemd.webm
The text was updated successfully, but these errors were encountered: