Re: [s6-svperms] Handling service permissions at creation time.

From: Colin Booth <colin_at_heliocat.net>
Date: Mon, 15 Feb 2021 12:21:56 +0000

On Mon, Feb 15, 2021 at 11:58:59AM +0000, Laurent Bercot wrote:
> > So, If we have a e.g <service>/data/perms/rules/uid/<uid>/allow file and if s6-supervise check this directory at the creation time and create the necessary file/directory with the respective uid/gid found at that directory, we can configure a service permissions permanently.
>
> Typically, if you're using s6-rc, this can be done via a s6-rc
> service running early, before the longruns are started. The "up"
> script can read attributes from a file and set them; the "down"
> script can save all the attributes to a file.
>
> Ideally, though, the user would be able to declare the attributes
> in service definition directories, and s6-rc would set them
> automatically at start. That wouldn't help with early services, but
> early services should be few and far between and their permissions
> shouldn't be trifled with.
>
> I can add that functionality to the next version of s6-rc. What do
> you think?
>
Services can fix their own permissions so if s6-rc is going to grow that
functionality it should be in the generated run, not in some rarely used
outboard helper service.
-- 
Colin Booth
Received on Mon Feb 15 2021 - 12:21:56 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC