-
Task
-
Resolution: Incomplete
-
Critical
-
None
-
Dab
Most (all?) system daemons should run with a dedicated user and optionally a dedicated group and SMACK label.
Also, the service should be run with a minimal set of capabilities(7).
For more information, check the security blueprint
Daemons to secure include (list is not exhaustive and may depend on profiles):
- weston / weston-keyboard
- dbus
- journald/syslogd/klogd
- bluez
- ofono
- connman + WPA supplicant
- neard (NFC)
- pulseaudio (depending on it's in the user session or not)
- AudioManager + DLT (still used ?)
- security-manager (if not removed)
- lightmediascanner / rygel
- MostNetworkManager
Inidividual issues (subtasks) should be created for each case.
# | Subject | Branch | Project | Status | CR | V |
---|---|---|---|---|---|---|
13727,2 | af-main: Refactor of user session management | master | AGL/meta-agl | Status: MERGED | +2 | +1 |
21594,7 | weston: Remove user session login for weston | master | AGL/meta-agl | Status: MERGED | +2 | +1 |
21633,1 | Require to run at platform scope | master | apps/agl-service-can-low-level | Status: MERGED | +2 | +1 |
21634,1 | Require to run at platform scope | master | apps/agl-service-audio-4a | Status: MERGED | +2 | +1 |
21637,1 | Require to run at platform scope | master | apps/agl-service-geoclue | Status: MERGED | +2 | +1 |
21639,1 | Require to run at platform scope | master | apps/agl-service-unicens | Status: MERGED | +2 | +1 |
21640,1 | Require to run at platform scope | master | apps/agl-service-platform-info | Status: MERGED | +2 | +1 |
21645,1 | weston: Remove user session login for weston | master | AGL/meta-agl | Status: ABANDONED | 0 | 0 |
21677,2 | Reworked the automount script | master | AGL/meta-agl | Status: MERGED | +2 | +1 |