Closed sisungo closed 11 months ago
The policy
subsystem in airupd
can be entirely removed, then move it out of the daemon. Placing policy
subsystem in airupd
significantly increases complexity of the daemon and increases the chance of having security vulnerabilities.
Removing the policy
subsystem and implementing the similar function in airup
CLI tool. The daemon will use a simpler way for authentication. Running as pid == 1
, root
and users who are in group airup
will have full access to the socket. Running not as pid == 1
, the user running airupd
will have full access to the socket.
Introduction
Current implementation of the policy system is slow, quirky and it lacks some features.
Steps
airupfx::policy
modelUnresolved Questions
Nothing yet.