Commit 0e712e93 authored by Philip Withnall's avatar Philip Withnall Committed by Ray Strode

data: Tighten up systemd sandboxing of accounts-daemon.service

Tighten up the sandboxing of the daemon, paying particular attention to
file system access. Further work could be done to make the daemon run as
a non-root user (User=/Group=/DynamicUser=), drop capabilities
(CapabilityBoundingSet=) and restrict system calls (SystemCallFilter=).

This is a reasonable starting point, though. It has been tested with
adding, modifying and deleting users, and reading/writing user extension
data. Testing was done on a Fedora and a Debian-based system.

The useradd/userdel/usermod subprocesses require a lot of permissions
which the accounts-service daemon itself doesn’t. In future, it might
make sense to run them in a separate privilege-escalated sandbox, and
further restrict the permissions of the accounts-service daemon itself.
Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>

!22
parent 152b845b
Pipeline #35588 passed with stage
in 1 minute and 15 seconds