This tries to protect the portal and D-Bus daemon from other processes. Unfortunately, this protection is extremely limited: it currently only switches network and cgroup namespaces. The single biggest improvement that could be made, by far, is to make all mounts that the portal and bus daemon have access to 'nosymfollow', except for the root filesystem. Unfortunately, I am not aware of how to enforce this on mounts that appear after the service starts. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- .../run-image/service/vm-services/template/data/service/dbus/run | 1 + 1 file changed, 1 insertion(+) diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run index 9b2319265024ab51934157834b280be869afa9b9..4e100ad39e11c802f875ac318c2d908b5e6dd9b8 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run @@ -6,6 +6,7 @@ importas -i VM VM nsenter --mount=${VM}/mount +unshare --net --ipc dbus-daemon --config-file /usr/share/dbus-1/session.conf --print-address 3 -- 2.52.0