How are these processes started and can they have a systemd-dropin like
"display-manager.service.d" and where does it need to be placed?
kuiserver5 seems to miss -D_FORTIFY_SOURCE=2 BTW
[root@srv-rhsoft:~]$ cat
/etc/systemd/system/display-manager.service.d/security.conf
[Service]
ReadOnlyDirectories=/boot
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadWriteDirectories=-/etc/vmware
ReadWriteDirectories=-/usr/local/Zend
SystemCallFilter=~@clock @cpu-emulation @reboot @swap
[root@srv-rhsoft:~]$ checksec --proc-all | grep "No Seccomp" |grep -v
vmware | grep -v "sd\-pam" | grep -v crond | grep -v sshd | grep -v
systemd | grep -v "grep " | grep -v bash
dbus-daemon 7816 Full RELRO Canary found No
Seccomp NX enabled PIE enabled Yes
kglobalaccel5 7908 Full RELRO Canary found No
Seccomp NX enabled PIE enabled Yes
dconf-service 7916 Full RELRO Canary found No
Seccomp NX enabled PIE enabled Yes
kactivitymanage 7998 Full RELRO Canary found No
Seccomp NX enabled PIE enabled Yes
gvfsd 8007 Full RELRO Canary found No
Seccomp NX enabled PIE enabled Yes
kuiserver5 8061 Full RELRO No canary found No
Seccomp NX enabled PIE enabled No
[root@srv-rhsoft:~]$ checksec --proc-all | grep dbus
dbus-daemon 7816 Full RELRO Canary found No
Seccomp NX enabled PIE enabled Yes
dbus-daemon 962 Full RELRO Canary found
Seccomp-bpf NX enabled PIE enabled Yes
[root@srv-rhsoft:~]$ ps aux | grep 7816
harry 7816 0.0 0.0 43700 4388 ? Ss 17:59 0:00
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile
--systemd-activation --syslog-only