Not sure if thats the issue but if it is then its unsolvable by default. we try to avoid systemd as much as possible and this looks like app specific change so you need to figure out how to set apps needs on the OS.
I didn’t notice that. It’s a systemd based distribution. Where you got that idea from?
I didn’t quote you, reply to you.
I replied to “we try to avoid systemd as much as possible” for which I don’t know where that is coming from.
Check "Non-systemd Init "
I don’t think we can claim that.
For example, we’re using systemd tmpfiles.d / /usr/lib/tmpfiles.d/, while we could implement that some other way. (Which however would make little sense not to do as long as we are using systemd.)
Yeah thats due to current state of no better distro alternatives. on the other hand if there is any possible way to avoid systemd with the same level of usefulness/easiness then it should be done.
Otherwise we are going to be systemd dependent and hard to detach whenever later something comes up (because systemd is a piece of bloated code which has its own stupid issues, which should be avoided whenever possible).
Otherwise we are going to be systemd dependent and hard to detach whenever later something comes up (because systemd is a piece of bloated code which has its own stupid issues, which should be avoided whenever possible).
Without systemd, kicksecure can never move to using run0 instead of sudo. Secureblue has already moved to run0. See Release v4.2.0 - secureblue goes sudoless! · secureblue/secureblue · GitHub.
In a continuing effort to minimize and eventually eliminate suid-root binaries, sudo, su, and pkexec have all been removed from the images. As noted at the end of this section of the postinstall readme, polkit prompts and manual polkit invokations via run0 can be used to accomplish the same functionality without suid-root, notably even for non-wheel users (by prompting for the wheel user’s password). In addition, suid-root has been removed from numerous other binaries that don’t require it.
If you do not want to take this direction, that is okay. But it is an option to potentially consider.
For Kicksecure, it is planned to replace sudo with doas as well as to implement Role-Based Boot Modes (user versus admin) for Enhanced Security.
Comments on run0: