Loading...

XML

Word

Printable

Details

Type: Task
Resolution: Fixed
Priority: Minor
Fix Version/s: Needlefish 14.0.2, Octopus 15.0.0
Affects Version/s: None
Component/s: App Framework
Labels:
- MergedForNeedlefish
- MergedForOctopus

Contract ID:
- Konsulko-2019.1

Description

Since applaunchd needs to start/stop systemd units, the user is granted elevated systemd unit-management permissions via PolKit policy. If applaunchd and all the apps run under the same agl-driver user, all the apps have these elevated systemd permissions too. Separating them into different users allows removing elevated systemd unit-management permission from individual apps, but leaving such permission for applaunchd, which enhances overall security of the system.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Denys Dmytriyenko

Reporter:: Denys Dmytriyenko

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Oct/22 5:31 PM

Updated:: 16/Nov/22 10:49 PM

Resolved:: 17/Oct/22 11:29 PM