I guess that was back when udev did not kill processes. There were issues with this as processes tended to accumulate and stuff.

Of course you can not sandbox processes started by udev via RUN, which is trivial using other means I will not name here.

I can think of several options:

• stick with an old version of udev that still allows this

• use a udev replacement that does not have this problem

• write something that watches udev and starts/stops things for it

Unfortunately all of these require the distribution to put in effort, which makes all of them rather unsuited as a quick work-around.

The second step will cause the X server to be started as root, which is a really bad idea(TM). The first step might already do that (since Xwrapper defaults to "auto").

https://media.ccc.de/v/30C3_-_5499_-_en … n_sprundel has an introduction to X server security.

Check https://ci.devuan.org/view/All/builds: All builds Devuan developers are listed there (both the successful ones and the failed attempts). Note that only the packages changed by Devuan will show up in this list. The vast majority of packages is taken straight from Debian servers without any changes applied. From what I understand the process of importing packages from Debian to Devuan does not take all Debian security repositories into account right now though (IIRC Jessie is covered though). This is planned to get fixed in the next version of the merge server.

For now, you better double-check ci.devuan.org for the last successful build of Devuan packages effected by Debian security updates. You might want to also check that the security updates from Debian actually reach your system.