On Wed, Jun 01, 2016 at 03:48:04PM +0200, Lennart Poettering wrote:
Again, this isn't just work-arounds around broken programs.
It's a
security thing. It's privileged code (logind, PID 1) that enforces a
clear life-cycle on unprivileged programs.
Any scheme that relies on unprivileged programs "being nice" doesn't
fix the inherent security problem: after logout a user should not be
able consume further runtime resources on the system, regardless if he
does that because of a bug or on purpose.
This paints a very specific premise of what a "logout" is, and I'm not
sure I agree with it. There are actually many cases where I want to use
resources on systems I have accounts on without specifically being
logged in — the login session is just a connection in to manage things.
Otherwise, we should remove user crontabs, at, and similar. And there
are definitely some systems where that policy has a place, but I don't
see it making sense as Fedora default, either system wide or for any of
the Editions.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader