On Thu, Dec 19, 2013 at 09:57:48AM -0800, Russ Allbery wrote: > Ian Jackson <ijack...@chiark.greenend.org.uk> writes: > > Russ Allbery writes: > >> * Lots of really interesting defense-in-depth security features. I > >> particularly liked ReadWriteDirectories, ReadOnlyDirectories, > >> InaccessibleDirectories, PrivateNetwork, and NoNewPrivileges, which > >> provide a sort of lightweight process containment that would be much > >> easier to use than a full-blown chroot, and in some ways more powerful. > > > I think that this functionality should be provided by "auxiliary verb" > > wrapper commands, not welded into init. > > Why? It feels like it adds (mild) complexity without a whole lot of > benefit. The init system (for both systemd and upstart) are already > handling setuid, setgid, nice, OOM adjustment, system resource limits, > etc. This stuff feels like the same type of thing.
We should have *at least* auxverb-style commands for this, because they're often useful outside the context of the init system (for example, a private network is useful for building packages; you can do this kind of thing with "unshare -n" or with the LXC tools). It's a fairly narrow judgement call whether this kind of thing should be directly supported in the init daemon or not; I can certainly see some being useful, although if they're already supported by auxverbs then they would presumably be pretty trivial to add to anything that already has direct support for things like "nice". In the case of Upstart's "setuid" and "setgid" verbs, I think part of the reasoning was that we had scripts that were doing it by hand in a boilerplate fashion but of course it was important that they get it just right, and it made sense to consolidate the code. That seems to me to be a reasonable metric for whether this belongs in the init daemon. -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-ctte-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131219190912.ga5...@riva.ucam.org