Hi,
following requirement is needed here (forced by application migration from C6->C8):
I have two services running under supervision by systemd.
ServiceA: runs as user AppUser ServiceB: runs as user AppUser
ServiceB can see "all" processes from AppUser (ps aux) running by systemd (in fact it sees no other processes). So ServiceB can see the processes of ServiceA.
I have also a cron job that runs every 5 minutes as user AppUser.
Now the problem is, that ServiceB via ps aux can't see the process of the cron job albeit running by the same AppUser.
Which security feature of systemd can be altered to allow seeing all or at least AppUser's processes?
ServiceA as only this "features": PrivateTmp=true
ServiceB as only this features: PrivateTmp=true RuntimeDirectory=calculation RuntimeDirectoryMode=0755
Any hints would be great! Thanks, Leon
Am 06.11.20 um 14:57 schrieb Leon Fauster:
Hi,
following requirement is needed here (forced by application migration from C6->C8):
I have two services running under supervision by systemd.
ServiceA: runs as user AppUser ServiceB: runs as user AppUser
ServiceB can see "all" processes from AppUser (ps aux) running by systemd (in fact it sees no other processes). So ServiceB can see the processes of ServiceA.
I have also a cron job that runs every 5 minutes as user AppUser.
Now the problem is, that ServiceB via ps aux can't see the process of the cron job albeit running by the same AppUser.
Which security feature of systemd can be altered to allow seeing all or at least AppUser's processes?
ServiceA as only this "features": PrivateTmp=true
ServiceB as only this features: PrivateTmp=true RuntimeDirectory=calculation RuntimeDirectoryMode=0755
Any hints would be great!
Okay, I got it now. The problem was SELinux related instead systemd.
Just a unconfined vs confined domain context that mismatched ...
-- Leon