Feature #12255

Use polkit with Tails Server

Added by segfault 2017-02-19 17:13:41 . Updated 2018-02-10 10:16:55 .

Status:
Confirmed
Priority:
Normal
Assignee:
segfault
Category:
Target version:
Start date:
2017-02-19
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Server
Deliverable for:

Description

Tails Server does a lot of things that require higher privileges. Currently, the backend is executed as root. We should consider running it as its own user, and write polkit actions and policies to allow privileged actions.

Actions that require higher privileges:
- apt update, apt install
- systemctl start/stop
- write to service config files (e.g. sshd_config)
- rw access to /var/lib/tor and /var/lib/tails
- copy to persistent volume
- mount —bind, umount


Subtasks


History

#1 Updated by segfault 2017-02-19 17:14:06

  • Affected tool set to Server

#3 Updated by Anonymous 2018-01-16 10:10:45

It might also be useful to see how we did in tails-installer.

#4 Updated by segfault 2018-02-10 09:29:21

#5 Updated by segfault 2018-02-10 10:16:55

  • Description updated

We now have a separated backend and don’t have to run the GUI as root anymore. Updated the description accordingly.