Hi, All Systems Go! is already long ago, so a status update where I'm are using a Linux distribution with NoNewPrivs set by default.
I renamed my "pwaccess" PoC to "account-utils" (https://github.com/thkukuk/account-utils), which should contain now the main functionality to replace chage, chfn, chsh, expiry, passwd and pam_unix.so. I ignored everything around "newgrp" and "gpasswd". Together with polkit from git I have an openSUSE MicroOS machine running I can use as a container Host OS for most of my daily work. So authentication, password management, run0 as su/sudo replacement, run containers. Currently I try to get all modified and new packages into MicroOS to make it easy to enable this feature. Next steps: * auccount-utils is currently under review by our security team * polkit: SELinux policy needs to get adjusted, WIP * Wrapper for su to use run0/systemd-run. Has anybody looked at this already? * Better polkit rules for run0 to be more aligned with sudo behavior. Questions for systemd developers: 1. people are afraid if they see that "org.freedesktop.systemd1.manage-units" is used for run0, they want to have the feeling they can apply different rules to who can manage units and who can use run0. And chance to add ""org.freedesktop.systemd1.run0"? 2. Which variables does systemd provide for polkits "action.lookup()"? I couldn't really find this out. Biggest remaining issue: looks like the postfix container really needs setuid, since the daemon drops it's privileges and depends on setgid helper :( Regards, Thorsten -- Thorsten Kukuk, Distinguished Engineer, Future Technologies SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany Geschäftsführer: Jochen Jaser, Andrew McDonald, Werner Knoblich, (HRB 36809, AG Nürnberg)
