[PATCHSET,v24.0,0/5] xfs_scrub: tighten security of systemd services

Message ID	167243871464.718298.4729609315819255063.stgit@magnolia (mailing list archive)
Headers	show Return-Path: <linux-xfs-owner@vger.kernel.org> Subject: [PATCHSET v24.0 0/5] xfs_scrub: tighten security of systemd services From: "Darrick J. Wong" <djwong@kernel.org> To: cem@kernel.org, djwong@kernel.org Cc: linux-xfs@vger.kernel.org Date: Fri, 30 Dec 2022 14:18:34 -0800 Message-ID: <167243871464.718298.4729609315819255063.stgit@magnolia> In-Reply-To: <Y69Unb7KRM5awJoV@magnolia> References: <Y69Unb7KRM5awJoV@magnolia> User-Agent: StGit/0.19 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk
Series	xfs_scrub: tighten security of systemd services \| expand [PATCHSET,v24.0,0/5] xfs_scrub: tighten security of systemd services [1/5] xfs_scrub: allow auxiliary pathnames for sandboxing [2/5] xfs_scrub.service: reduce CPU usage to 60% when possible [3/5] xfs_scrub: tighten up the security on the background systemd service [4/5] xfs_scrub_fail: tighten up the security on the background systemd service [5/5] xfs_scrub_all: tighten up the security on the background systemd service

Message ID

167243871464.718298.4729609315819255063.stgit@magnolia (mailing list archive)

Headers

Subject: [PATCHSET v24.0 0/5] xfs_scrub: tighten security of systemd services
From: "Darrick J. Wong" <djwong@kernel.org>
To: cem@kernel.org, djwong@kernel.org
Cc: linux-xfs@vger.kernel.org
Date: Fri, 30 Dec 2022 14:18:34 -0800
Message-ID: <167243871464.718298.4729609315819255063.stgit@magnolia>
In-Reply-To: <Y69Unb7KRM5awJoV@magnolia>
References: <Y69Unb7KRM5awJoV@magnolia>
User-Agent: StGit/0.19
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Precedence: bulk

Series

xfs_scrub: tighten security of systemd services | expand

Message

Darrick J. Wong Dec. 30, 2022, 10:18 p.m. UTC

Hi all,

To reduce the risk of the online fsck service suffering some sort of
catastrophic breach that results in attackers reconfiguring the running
system, I embarked on a security audit of the systemd service files.
The result should be that all elements of the background service
(individual scrub jobs, the scrub_all initiator, and the failure
reporting) run with as few privileges and within as strong of a sandbox
as possible.

Granted, this does nothing about the potential for the /kernel/ screwing
up, but at least we could prevent obvious container escapes.

If you're going to start using this mess, you probably ought to just
pull from my git trees, which are linked below.

This is an extraordinary way to destroy everything.  Enjoy!
Comments and questions are, as always, welcome.

--D

xfsprogs git tree:
https://git.kernel.org/cgit/linux/kernel/git/djwong/xfsprogs-dev.git/log/?h=scrub-service-security
---
 doc/README-env-vars.txt          |    2 +
 scrub/Makefile                   |    7 +++
 scrub/phase1.c                   |    4 +-
 scrub/system-xfs_scrub.slice     |   30 +++++++++++++
 scrub/vfs.c                      |    2 -
 scrub/xfs_scrub.c                |    9 +++-
 scrub/xfs_scrub.h                |    5 ++
 scrub/xfs_scrub@.service.in      |   85 ++++++++++++++++++++++++++++++++++----
 scrub/xfs_scrub_all.service.in   |   66 ++++++++++++++++++++++++++++++
 scrub/xfs_scrub_fail@.service.in |   60 +++++++++++++++++++++++++++
 10 files changed, 253 insertions(+), 17 deletions(-)
 create mode 100644 scrub/system-xfs_scrub.slice