| View previous topic :: View next topic |
| Author |
Message |
minkanjin
n00b
Joined: 29 Jan 2017
Posts: 42
|
 Posted: Sun Jan 29, 2017 11:30 pm Post subject: Android-like per-package privileges with normal linux privs |
 |
|
What I want to do is to set up a privilege structure that mimics Androids per-app privileges. So I would assign a username (or system username rather) to a package. That username would then be added to the groups that the package needs access to, such as video,audio,etc. Then finally the real user gets added to the packages primary group, and the setuid flag is used to change the real user to the package user.
The hope is that this can add a bit of sandboxing without adding another layer to access control..
Is this idea at all feasible, or should I rather wait for something like flatpack?
If it is feasible, is there a tool/script to help set it up?
Is there a possibility that it could be added to portage (perhaps as a plugin that executes after everything else)? |
|
| Back to top |
|
 |
Roman_Gruber
Advocate
Joined: 03 Oct 2006
Posts: 3846
Location: Austro Bavaria
|
| Posted: Mon Jan 30, 2017 1:10 am Post subject: |
|
|
Are you asking about the group principle in linux?
| Code: | | https://wiki.gentoo.org/wiki/Knowledge_Base:Adding_a_user_to_a_group |
--
I'm still not sure if you ask for an android box or for a gentoo box in the first place.
--
No idea waht are you after. When you do not trust your user, just remove the rights. Or use a kiosk distro.
When you want to grand limited rights for certain tasks, than use the group principle, which already works for certain tasks.
The ordinary user has usually no rights. I have to use a lot the superuser to get my things done.
-- |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23097
|
| Posted: Mon Jan 30, 2017 4:39 am Post subject: |
|
|
| Android uses a perversion of the standard Unix model to achieve a fairly useful feature; OP wants to have that same feature on desktop Linux. Each Android app runs as a separate user ID, so apps are incapable of using ptrace on each other, reading each others' settings without the help of a broker (which typically asks the user to confirm the operation), etc. This is useful if you want to run a program that you do not trust fully. Under the classic permissions model, a rogue program can delete everything in the user's home directory (whether maliciously or due to sloppy coding). Under the mobile permission model, the application can wreck its own settings, but not touch settings of unrelated programs. |
|
| Back to top |
|
|
Roman_Gruber
Advocate
Joined: 03 Oct 2006
Posts: 3846
Location: Austro Bavaria
|
| Posted: Mon Jan 30, 2017 2:06 pm Post subject: |
|
|
| Do we not use virtual machines for such untrusted software to shield it? |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23097
|
| Posted: Tue Jan 31, 2017 3:37 am Post subject: |
|
|
| Not everyone has the hardware to run virtual machines well. In some cases, a virtual machine provides too much isolation, making it inconvenient to use the program. |
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6920
|
| Posted: Wed Feb 01, 2017 2:25 am Post subject: |
|
|
| Use firejail. It comes with premade sandbox rules for many common desktop apps. |
|
| Back to top |
|
|
minkanjin
n00b
Joined: 29 Jan 2017
Posts: 42
|
| Posted: Sat Feb 18, 2017 2:59 pm Post subject: |
|
|
Seems setuid only elevates privileges. For this to work, it needs to drop them too. So something else it will have to be.
I'll check out firejail |
|
| Back to top |
|
|
|
Networking & Security
