mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 22:07:35 +00:00
Base: Remove unnecessary UID separation of multi-process Browser
After looking closely at this, I realized that we've been running all the service processes under separate user accounts even though there's actually no need to. Since we already use pledge() and unveil() to limit the scope and access of these programs, separating them to another UID doesn't achieve anything meaningful. So let's bring them back to the "anon" user account and simplify things. Programs affected: - ImageDecoder - RequestServer - WebContent - WebSocket Longer term, I'd like for all of these to get spawned for the current desktop user somehow, possibly by some kind of session manager, or perhaps by the Browser program itself. But for now they remain under SystemServer's control.
This commit is contained in:
parent
434c190667
commit
a7e44d8b3c
3 changed files with 5 additions and 13 deletions
|
@ -3,7 +3,7 @@ Socket=/tmp/portal/request
|
|||
SocketPermissions=660
|
||||
Lazy=1
|
||||
Priority=low
|
||||
User=request
|
||||
User=anon
|
||||
BootModes=text,graphical,self-test
|
||||
MultiInstance=1
|
||||
AcceptSocketConnections=1
|
||||
|
@ -12,7 +12,7 @@ AcceptSocketConnections=1
|
|||
Socket=/tmp/portal/webcontent
|
||||
SocketPermissions=660
|
||||
Lazy=1
|
||||
User=webcontent
|
||||
User=anon
|
||||
BootModes=graphical
|
||||
MultiInstance=1
|
||||
AcceptSocketConnections=1
|
||||
|
@ -21,7 +21,7 @@ AcceptSocketConnections=1
|
|||
Socket=/tmp/portal/image
|
||||
SocketPermissions=660
|
||||
Lazy=1
|
||||
User=image
|
||||
User=anon
|
||||
BootModes=graphical
|
||||
MultiInstance=1
|
||||
AcceptSocketConnections=1
|
||||
|
@ -37,7 +37,7 @@ Socket=/tmp/portal/websocket
|
|||
SocketPermissions=660
|
||||
Lazy=1
|
||||
Priority=low
|
||||
User=websocket
|
||||
User=anon
|
||||
BootModes=text,graphical,self-test
|
||||
MultiInstance=1
|
||||
AcceptSocketConnections=1
|
||||
|
|
|
@ -4,13 +4,9 @@ tty:x:2:
|
|||
phys:x:3:window,anon
|
||||
audio:x:4:anon
|
||||
utmp:x:5:
|
||||
lookup:x:10:request,websocket,anon
|
||||
request:x:11:webcontent,anon
|
||||
lookup:x:10:anon
|
||||
notify:x:12:anon
|
||||
window:x:13:anon,notify
|
||||
clipboard:x:14:anon,notify
|
||||
webcontent:x:15:anon
|
||||
image:x:16:anon,webcontent
|
||||
symbol:x:17:anon
|
||||
websocket:x:18:webcontent,anon
|
||||
users:x:100:anon
|
||||
|
|
|
@ -1,13 +1,9 @@
|
|||
root::0:0:root:/root:/bin/sh
|
||||
lookup:!:10:10:LookupServer,,,:/:/bin/false
|
||||
request:!:11:11:RequestServer,,,:/:/bin/false
|
||||
notify:!:12:12:NotificationServer,,,:/:/bin/false
|
||||
window:!:13:13:WindowServer,,,:/:/bin/false
|
||||
clipboard:!:14:14:Clipboard,,,:/:/bin/false
|
||||
webcontent:!:15:15:WebContent,,,:/:/bin/false
|
||||
image:!:16:16:ImageDecoder,,,:/:/bin/false
|
||||
symbol:!:17:17:SymbolServer,,,:/:/bin/false
|
||||
websocket:!:18:18:WebSocket,,,:/:/bin/false
|
||||
sshd:!:19:19:OpenSSH privsep,,,:/:/bin/false
|
||||
anon:!:100:100:Anonymous,,,:/home/anon:/bin/sh
|
||||
nona:!:200:200:Nona,,,:/home/nona:/bin/sh
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue