[systemd-devel] loose thoughts around portable services

[Umut Tezduyar Lindskog]

Hi, we have been playing around more with the portable services and lots of loose thoughts came up. Hopefully we can initiate discussions.

The PrivateUsers and DynamicUsers are turned off for the trusted profile in portable services but none of the passwd/group and nss files are mapped to the sandbox by default essentially preventing the sandbox to do a user look up. Is this a use case that should be offered by the “trusted” profile or should this be handled by the services that would like to do a look-up?

Is there a way to have PrivateUsers=yes and map more host users to the sandbox? We have dynamic, uid based authorization on dbus methods. Up on receiving a method, the server checks the sender uid against a set of rule files.

Would it benefit others if the “profile” support was moved out of the portable services and be part of the unit files? For example part of the [Install] section.

Has there been any thought about nesting profiles? Example, one profile can include other profiles in it.

Systemd analyze security is great! We believe it would be easier to audit if we had a way to compare a service file’s sandboxing directives against a profile and find the delta. Then score the service file against delta.

Thank you for your comments
Umut
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20211013/e6a26c48/attachment.htm>