Run Tails Server services in containers
Running the services in their own containers would provide better security by isolation, and ease the cleanup during service uninstallation, which will probably lead to fewer bugs.
#2 Updated by intrigeri 2018-02-11 06:50:15
> Running the services in their own containers would provide better security by isolation
FTR I’m not 100% convinced the (implementation complexity cost / security benefit) ratio is worth it compared to hardening individual services’ systemd unit files (+ possibly adding AppArmor profiles): systemd’s hardening features are getting very close to what containers can do nowadays, so let’s not overstate the additional security we would get from containers. But perhaps your other reason to lean towards containers (robustness) is enough to make the overall cost/benefit worth it, I dunno.
#3 Updated by segfault 2018-03-04 21:48:18
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 50
LXC in combination with
systemd-machined turned out to be buggy. I implemented running the services with
systemd-nspawn containers cannot be made as secure as LXC containers, because they are always granted a long list of capabilities, including
Also, I didn’t configure any security features for the containers yet, but plan to do so.