Feature #12255
Use polkit with Tails Server
0%
Description
Tails Server does a lot of things that require higher privileges. Currently, the backend is executed as root. We should consider running it as its own user, and write polkit actions and policies to allow privileged actions.
Actions that require higher privileges:
- apt update, apt install
- systemctl start/stop
- write to service config files (e.g. sshd_config)
- rw access to /var/lib/tor and /var/lib/tails
- copy to persistent volume
- mount —bind, umount
Subtasks
History
#1 Updated by segfault 2017-02-19 17:14:06
- Affected tool set to Server
#2 Updated by segfault 2017-02-19 17:53:38
polkit best practices: https://www.freedesktop.org/software/polkit/docs/latest/polkit-apps.html
#3 Updated by Anonymous 2018-01-16 10:10:45
It might also be useful to see how we did in tails-installer.
#4 Updated by segfault 2018-02-10 09:29:21
- Parent task set to Feature #5688
#5 Updated by segfault 2018-02-10 10:16:55
- Description updated
We now have a separated backend and don’t have to run the GUI as root anymore. Updated the description accordingly.