Hi Zbigniew,
+
+[Service]
+Restart=on-failure
+ExecStart=@rootlibexecdir@/systemd-proxy-discoveryd
+StandardOutput=null
What privileges does this daemon require? I'd guess it can run as normal
user at least... Since this is supposed to be executing untrusted javascript
code, let's lock it down heavily from the start.
I agree. It only requires to get access to dbus and netlink, so nothing
specific to root.
And yes for the JS engine itself there should be more to be done: all JS
context
should be fully contained. PAC files can be anything which sounds scary.
Tomasz
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
