[systemd-devel] Use of capabilities in default service files
Florian Weimer
fweimer at redhat.com
Mon Jul 20 04:24:48 PDT 2015
There are a few examples similar to these in the source tree:
[Unit]
Description=Legacy D-Bus Protocol Compatibility Daemon
[Service]
ExecStart=@rootlibexecdir@/systemd-bus-proxyd
--address=kernel:path=/sys/fs/kdbus/0-system/bus
NotifyAccess=main
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
m4_ifdef(`HAVE_SMACK', CAP_MAC_ADMIN )
…
[Unit]
Description=Hostname Service
Documentation=man:systemd-hostnamed.service(8) man:hostname(5)
man:machine-info(5)
Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed
[Service]
ExecStart=@rootlibexecdir@/systemd-hostnamed
BusName=org.freedesktop.hostname1
CapabilityBoundingSet=CAP_SYS_ADMIN
…
[Unit]
Description=Locale Service
Documentation=man:systemd-localed.service(8) man:locale.conf(5)
man:vconsole.conf(5)
Documentation=http://www.freedesktop.org/wiki/Software/systemd/localed
[Service]
ExecStart=@rootlibexecdir@/systemd-localed
BusName=org.freedesktop.locale1
CapabilityBoundingSet=
…
What's the intent of these settings? Is it a form of hardening? If
yes, it is rather ineffective because UID=0 does not need any
capabilities to completely compromise the system.
--
Florian Weimer / Red Hat Product Security
More information about the systemd-devel
mailing list