NonRoot discussion at Hackathon - call for input
Michael.E.Brown at dell.com
Michael.E.Brown at dell.com
Tue Jan 9 05:35:23 AEDT 2018
Hello (again) to everybody going to the hackathon. I'm currently scheduled for an hour talk on Thursday on root/nonroot security.
What would be the best way to make this hour the most productive hour we can have on this topic?
My background: I led the conversion effort for Dell IDRAC to move our entire infrastructure away from running daemons as root, and instead run each daemon under a distinct user account. I provided technical backstop as individual teams took over the efforts for their daemons and provided training and design support to ensure that the effort went as smoothly as possible. Our currently shipping Dell IDRAC has most of this work present in our shipping product, with a few remaining daemons rolling into upcoming releases.
What I might suggest would be helpful:
- Slides on examples
o Running daemon
o Setting up user accounts for daemons
o Setting up tmpfiles rules
o Setting up DBUS security
o Udev rules to set up /dev/ permissions and ownership (if needed)
- Hands-on: actually hacking live on some daemons to try to get some converted to non-root
I'm open to using this hour however people feel it would be most helpful and will get some slides written to cover some of the above.
Thoughts?
--
Michael Brown
Dell EMC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180108/4c45dcbf/attachment-0001.html>
More information about the openbmc
mailing list