Feature #12255: Use polkit with Tails Server

Feature #12255

Use polkit with Tails Server

Added by segfault 2017-02-19 17:13:41 . Updated 2018-02-10 10:16:55 .

Status:

Confirmed

Priority:

Normal

Assignee:

segfault

Category:

Target version:

Start date:

2017-02-19

Due date:

% Done:

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Server

Deliverable for:

Description

Tails Server does a lot of things that require higher privileges. Currently, the backend is executed as root. We should consider running it as its own user, and write polkit actions and policies to allow privileged actions.

Actions that require higher privileges:
- apt update, apt install
- systemctl start/stop
- write to service config files (e.g. sshd_config)
- rw access to /var/lib/tor and /var/lib/tails
- copy to persistent volume
- mount —bind, umount

Subtasks

History

#1 Updated by segfault 2017-02-19 17:14:06

Affected tool set to Server

#2 Updated by segfault 2017-02-19 17:53:38

polkit best practices: https://www.freedesktop.org/software/polkit/docs/latest/polkit-apps.html

#3 Updated by Anonymous 2018-01-16 10:10:45

It might also be useful to see how we did in tails-installer.

#4 Updated by segfault 2018-02-10 09:29:21

Parent task set to Feature #5688

#5 Updated by segfault 2018-02-10 10:16:55

Description updated

We now have a separated backend and don’t have to run the GUI as root anymore. Updated the description accordingly.