This tries to protect the portal and D-Bus daemon from other processes. Unfortunately, this protection is extremely limited: it currently only unshares cgroup, IPC, network, and UTS namespaces. The single biggest improvement that could be made, by far, is to make all mounts that the portal and bus daemon have access to 'nosymfollow', except for the root filesystem. Unfortunately, I am not aware of how to enforce this on mounts that appear after the service starts. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- .../run-image/service/vm-services/template/data/service/dbus/run | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run index 9b2319265024ab51934157834b280be869afa9b9..3a7dd49415538f1872b984bcc791ef754b6922aa 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run @@ -6,6 +6,11 @@ importas -i VM VM nsenter --mount=${VM}/mount +unshare + --cgroup + --ipc + --net + --uts dbus-daemon --config-file /usr/share/dbus-1/session.conf --print-address 3 -- 2.52.0