On Fri, Aug 03, 2018 at 12:13:30PM +0200, Christian Ehrhardt wrote:
> If working this could maybe fixup the terminal it is running in but not
> more than that.
Yes - it would be limited in scope. But for CLI tools (say lxc), if lxc
is wrapped with newgrp, then it should be sufficient.
> - And the UI itself when click-starting things will not have changed
Yeah, so for example starting virt-manager from the desktop shell will
continue to be a problem until the next login session. Do you have any
solution in mind for this? Apart from something quite invasive (eg.
getting the desktop shell to re-exec itself via newgrp, or ptrace except
that's disabled by default, etc, or not using groups, or kernel support
for messing with group membership of other processes, and/or something
that walks a cgroup modifying group memberships) I don't see any
solution.
