search

sisungo / airup

🚀 Airup is a modern, portable and blazingly fast implementation of service supervisor and the init daemon.
MIT License
18 stars 1 forks source link

[Feature Request] Refactor policy system #13

Closed sisungo closed 11 months ago

sisungo commented 1 year ago

Introduction

Current implementation of the policy system is slow, quirky and it lacks some features.

Steps

Unresolved Questions

Nothing yet.

sisungo commented 11 months ago

The policy subsystem in airupd can be entirely removed, then move it out of the daemon. Placing policy subsystem in airupd significantly increases complexity of the daemon and increases the chance of having security vulnerabilities.

Removing the policy subsystem and implementing the similar function in airup CLI tool. The daemon will use a simpler way for authentication. Running as pid == 1, root and users who are in group airup will have full access to the socket. Running not as pid == 1, the user running airupd will have full access to the socket.