Cristian Rodríguez wrote:
El 26/03/14 07:55, Guido Berhoerster escribió:
Specification -------------
Packages that add unprivileged users to e.g. run daemons as need to use names that follow the following regular expression:
^_[0-9a-z][0-9a-z_]*$
Oh ye old Unix design..still giving joy...
What about NOT adding *new* usernames unless there is a good reason to? and encouraging people to drop capabilities, use seccomp, change namespace etc using the systemd functionality designed for that very purpose ?
As you may guess by now. I do not agree with this proposal, as we are just papering over a known design limitation.
This policy doesn't paper over anything and doesn't prevent anyone to leverage modern Linux security features. The policy merely puts some order in existing practices that won't go away anytime soon. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org