Open scmschmidt opened 1 year ago
The ulp patches
in Libpulp 0.2.10 is able to detect this. When the process is launched with libpulp, its initialization process is able to test its livepatchable capabilities. In such cases ulp patches
will report as disabled
by some internal error.
I checked with a static binary and auditd
and it worked. Thanks.
So far I have:
LD_PRELOAD
for SetUID/SetGID binariesMemoryDenyWriteExecute=yes
in service configuration file. In SLES15.4 I found:auditd.service
augenrules.service
systemd-journald.service
systemd-logind.service
systemd-udevd.service
uuidd.service
mprotect
withEXEC
flags to be blocked (Can this be detected? Do we have a list?)We need to document the exceptions. Also we should provide admins with the tooling to discover such non-livepatchable processes, so they can restart them.