Hmm, not sure why my mailer decided this isn't important - it is! Lost a few days on it due to not being visible yet - I beg all your pardon for this. /slap my mail filers
This essentially came due to: 1. myself wanting to bring the Delta we had (by Serge) to run as libvirt-dnsmasq to Debian in [1] 2. out of the discussion in said bug it was decided to be a security risk. I don't have good logs to share (IRC/Mails/Hangout-Talks), but the TL;DR was "do not run it as that user" 3. out of that discussion the change causing this happened in [2] I think I want to re-fix that at least for bionic to bring back Serges changes. But in a modified way so they do not trigger the security issues found back then. They'll probably get an own group at least ... I also need to look more into the issue that arises due to it for you by reading more into the comments above... @Seth - any recommendation which user would be best for security isolation. Is an own one (but also with an own group this time) the best we can do? [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862340 [2]: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1690729 ** Bug watch added: Debian Bug tracker #862340 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862340 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1743718 Title: libvirt-daemon-system package runs dnsmasq as nobody To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1743718/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
