• Philip Withnall's avatar
    data: Tighten up systemd sandboxing of accounts-daemon.service · 0e712e93
    Philip Withnall authored
    Tighten up the sandboxing of the daemon, paying particular attention to
    file system access. Further work could be done to make the daemon run as
    a non-root user (User=/Group=/DynamicUser=), drop capabilities
    (CapabilityBoundingSet=) and restrict system calls (SystemCallFilter=).
    
    This is a reasonable starting point, though. It has been tested with
    adding, modifying and deleting users, and reading/writing user extension
    data. Testing was done on a Fedora and a Debian-based system.
    
    The useradd/userdel/usermod subprocesses require a lot of permissions
    which the accounts-service daemon itself doesn’t. In future, it might
    make sense to run them in a separate privilege-escalated sandbox, and
    further restrict the permissions of the accounts-service daemon itself.
    Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
    
    !22
    0e712e93
meson.build 1.05 KB