DMM#1198
Draft
pophilpo wants to merge 7 commits into
Draft
Conversation
orb-ui now runs as a dedicated orb-ui user (not worldcoin), so the per-session PulseAudio socket at /run/user/1000/pulse/native is not accessible. Point PULSE_SERVER at /tmp/pulse-audio instead, which is served by the new orb-os PulseAudio drop-in with auth-group=audio.
Move from the shared worldcoin user to a dedicated orb-jobs-agent user. Add standard hardening: ProtectSystem=strict, ReadOnlyPaths=/, RestrictNamespaces, MemoryDenyWriteExecute, etc. ReadWritePaths covers the hardcoded store paths (/mnt/scratch, /mnt/updates) and the calibration/version files in /usr/persistent. CAP_SYS_ADMIN is retained (AmbientCapabilities) because the fsck handler calls umount(2)/fsck which require mount namespace privileges. systemctl and shutdown calls go through polkit (existing pkla rules for manage-units and power management), so no extra capabilities needed there.
Reverting the dedicated-user hardening for jobs-agent as agreed with the security team — this service will be tackled in a separate workstream.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.