[systemd-devel] best way to enable dynamicuser on a large custom application

[Davis Roman]

Hello,

I've been tasked to take a large application mostly written in C which had
previously always run as root and now run it under dynamic user.

My goal is to follow the "principle of least privilege" and figure out all
the necessary individual privileges I need to provide so that it continues
to work normally as before.

I'm sure I can use a trial and error approach that would involve running
the unprivileged application, inspecting error, granting needed privilege,
rinse, wash and repeat until all errors are resolved
but I'm wondering if there is a more systematic approach that involves
inspecting the code base and figuring out all needed privileges needed to
get the application to work properly?

Thank you,

Davis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210211/8ad081e8/attachment.htm>