wryMitts

> I have several hooks on an initramfs system with noexec option on /tmp. Also I use luks and have no problems with that either. Can you provide a little...

Brainstorming a fix while keeping noexec and pam-tmpdir-helper It seems that mkimitramfs treats files in `/etc/initramfs-tools/conf.d` as shell scripts. It is not documented, but perhaps we can override `TMPDIR` there...

> If we use SupplementaryGroups=proc then the logged in user (and all programs stared by it) are excluded from hidepid protections. I could not entirely reproduce this with the given...

> Interesting. So how exactly is this any different than just dropping in protectproc=yes for all system services? Because since we allow all user services and if this actually whitelists...

I ran some testing on my systems (server VM only, no desktop): ### Test method I applied the patch like this, partially related to https://github.com/Kicksecure/security-misc/issues/208: ``` sudo groupadd proc mkdir...

This is also somewhat strange, but the system suddenly stops responding to ACPI power button events when booted with subset=pid. Typically a shutdown is initiated when subset=pid is not set,...

I can confirm this behavior, I also got constant OOMkill events in my logs, and extreme sluggishness of the device. The moment I Force Stop Orbot, the phone begins to...

> Thanks for all this. Can everyone confirm that this only happens when Kindness mode is activated? Once I disabled Kindness mode over a week ago, I have not had...

Some testing details: For about two days now, I ran Orbot with Kindness mode (only when plugged in). I unplugged, and replugged my device throughout the day. It seems that...

I managed to reproduce it faster by unplugging and plugging in charging cable over and over. I keep getting these log events in a loop now, while entire phone slows...