-
Task
-
Resolution: Fixed
-
Minor
-
None
Since applaunchd needs to start/stop systemd units, the user is granted elevated systemd unit-management permissions via PolKit policy. If applaunchd and all the apps run under the same agl-driver user, all the apps have these elevated systemd permissions too. Separating them into different users allows removing elevated systemd unit-management permission from individual apps, but leaving such permission for applaunchd, which enhances overall security of the system.
# | Subject | Branch | Project | Status | CR | V |
---|---|---|---|---|---|---|
28039,2 | meta-app-framework: applaunchd: run under a separate user | master | AGL/meta-agl | Status: MERGED | +2 | +1 |
28137,2 | meta-app-framework: applaunchd: run under a separate user | needlefish | AGL/meta-agl | Status: MERGED | +2 | +1 |