uwsgi systemd config (Type=notify)
Stuart Bishop
stuart.bishop at canonical.com
Tue Nov 29 11:36:56 UTC 2016
On 22 November 2016 at 16:41, Boris Rybalkin <ribalkin at gmail.com> wrote:
> Done: https://bugs.launchpad.net/snappy/+bug/1643816
>
> I am not sure why snapd tries to have another layer of daemon
> configuration on top of systemd and not plain systemd template with snap
> variables.
>
If a snap has too much control over the systemd service file that gets
created, it could use this to escape containment and gain root on the box.
snapd needs to ensure that the only programs that get launched are
contained in the snap, and block other issues like killing arbitrary
processes by pointing to someone elses pid file or overwriting arbitrary
files by logging somewhere it shouldn't.
--
Stuart Bishop <stuart.bishop at canonical.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20161129/137ab047/attachment.html>
More information about the Snapcraft
mailing list