[systemd-devel] grant users access to certain services only

Mantas Mikulėnas grawity at gmail.com
Fri Aug 21 03:10:51 PDT 2015


On Fri, Aug 21, 2015 at 12:57 PM, Dominick Grift <dac.override at gmail.com>
wrote:

> Made a demo because i was bored:
> https://www.youtube.com/watch?v=KrK5a7D77l0
>
> In practice though this is probably not an option for you. It is very
> expensive. however it is (optionally) supported by systemd and i just
> wanted to counter
> the misinformation.
>
> i think it kind of sucks that systemctl --user list-units can be used to
> determine who is currently logged in. ( it shows active mount units for
> XDG_RUNTIME_DIR and since those have UID as name you can see who is
> logged in.
>

Hmm, and `findmnt` doesn't?

`systemd --user` runs with the same privileges as the user, anyway. So if
your SELinux policy is more permissive to systemd than regular programs,
it's a bit weird, not to mention possibly insecure.

-- 
Mantas Mikulėnas <grawity at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150821/24866cac/attachment.html>


More information about the systemd-devel mailing list