Project

General

Profile

Feature #12255

Feature #5688: Tails Server: Self-hosted services behind Tails-powered onion services

Use polkit with Tails Server

Added by segfault over 2 years ago. Updated over 1 year ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
02/19/2017
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Server

Description

Tails Server does a lot of things that require higher privileges. Currently, the backend is executed as root. We should consider running it as its own user, and write polkit actions and policies to allow privileged actions.

Actions that require higher privileges:
- apt update, apt install
- systemctl start/stop
- write to service config files (e.g. sshd_config)
- rw access to /var/lib/tor and /var/lib/tails
- copy to persistent volume
- mount --bind, umount

History

#1 Updated by segfault over 2 years ago

  • Affected tool set to Server

#3 Updated by u over 1 year ago

It might also be useful to see how we did in tails-installer.

#4 Updated by segfault over 1 year ago

  • Parent task set to #5688

#5 Updated by segfault over 1 year ago

  • Description updated (diff)

We now have a separated backend and don't have to run the GUI as root anymore. Updated the description accordingly.

Also available in: Atom PDF