Ian Jackson <ijack...@chiark.greenend.org.uk> writes: > Russ Allbery writes:
>> * Lots of really interesting defense-in-depth security features. I >> particularly liked ReadWriteDirectories, ReadOnlyDirectories, >> InaccessibleDirectories, PrivateNetwork, and NoNewPrivileges, which >> provide a sort of lightweight process containment that would be much >> easier to use than a full-blown chroot, and in some ways more powerful. > I think that this functionality should be provided by "auxiliary verb" > wrapper commands, not welded into init. Why? It feels like it adds (mild) complexity without a whole lot of benefit. The init system (for both systemd and upstart) are already handling setuid, setgid, nice, OOM adjustment, system resource limits, etc. This stuff feels like the same type of thing. Also, note that systemd also has broad support for SELinux and related MAC mechanisms (and upstart has support for apparmor), which use the same type of mechanism. I believe there are some policy challenges in allowing a separate process to handle that setup without compromising security. The init system is already running in the correct trusted context to do that sort of setup. (I'm very interested in the SELinux parts as well, but probably won't be able to use them immediately, so I didn't analyze them in much depth.) -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-ctte-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/877gb0d8pv....@windlord.stanford.edu