Restricting ptrace breaks XFCE 4 sessions

Bug #1579418 reported by Jean-Philippe Guérard on 2016-05-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
upstart
Undecided
Unassigned

Bug Description

Using kernel.yama.ptrace_scope = 2 in /etc/sysctl.conf to restrict PTRACE, I am unable to start an XFCE 4 session.

The .xsession-errors tells me:

upstart: Échec de la génération du processus upstart-udev-bridge main : impossible de régler la trace : Opération non permise
upstart: Échec de la génération du processus dbus main : impossible de régler la trace : Opération non permise

Which translates to:

upstart: Failed to create the main upstart-udev-bridge process: unable to set trace: Operation not permitted
upstart: Failed to create the main dbus process: unable to set trace: Operation not permitted

Setting kernel.yama.ptrace_scope back to 1 fixes the issue.

Starting XFCE 4 manually works perfectly (startxfce4).

I would like to restrict PTRACE usage to the admin user, but this bug makes it impossible.

Steve Langasek (vorlon) wrote :

Upstart relies on ptrace fundamentally for its process supervision. This bug will never be fixed. The resolution for xfce is to migrate from upstart sessions to systemd sessions, which use newer kernel interfaces instead of relying on ptrace.

Changed in upstart:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers