Hi there,
The s6-svperms is a great feature but it only handle permissions control of a service at runtime. That means that we need to change the permissions of the service everytime that a reboot occurs.
For a server, this is not really a big deal but for a desktop machine this can be really hard to handle as far as the runtime services can be different at each boot (user can activate or disactivate service for his purpose).
Obviously, a script launched at some point of the boot (or after) can change the permissions on the necessary services. However, i think this is not easier and not flexible. 
I thought about a practical solution. 
S6-supervise create the control, status and event directory with the uid:gid of the owner of the process (correct me if i'm wrong).
So, If we have a e.g <service>/data/perms/rules/uid/<uid>/allow file and if s6-supervise check this directory at the creation time and create the necessary file/directory with the respective uid/gid found at that directory, we can configure a service permissions permanently.
 
What's your thought about that?
-- 
eric vidal <eric_at_obarun.org>
Received on Mon Feb 15 2021 - 02:37:30 UTC