Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Run applaunchd under a separate user

Description

Since applaunchd needs to start/stop systemd units, the user is granted elevated systemd unit-management permissions via PolKit policy. If applaunchd and all the apps run under the same agl-driver user, all the apps have these elevated systemd permissions too. Separating them into different users allows removing elevated systemd unit-management permission from individual apps, but leaving such permission for applaunchd, which enhances overall security of the system.

 

Environment

None

Activity

Walt Miner 
November 16, 2022 at 10:49 PM

Close for NN 14.0.2

Fixed

Details

Assignee

Reporter

Fix versions

Labels

Contract ID

Components

Priority

Created October 3, 2022 at 5:31 PM
Updated November 16, 2022 at 10:49 PM
Resolved October 17, 2022 at 11:29 PM