Exec-as-caller systemd unit and authenticated-admin prompt carve-outs#40
Merged
Conversation
…outs Adds deployment/systemd/guard-exec-as-caller.service: a root-started variant that runs approved commands as the connecting Unix caller (--users, --exec-as-caller) with a Unix socket and --state-db, and the sandbox relaxations that mode needs (ProtectHome=false, /home in ReadWritePaths). It is a sibling of guard.service; comments document the UID allow-list and when to widen ReadWritePaths. Extends the safe and readonly evaluator prompts so authenticated read-only appliance and service-management APIs reached through a named SSH host or localhost tunnel with guard-injected credentials are treated as ordinary administration: fixed GET/search/status calls and bounded response handling (head -c, wc -c, jq) are not a secret leak, and a request body from a named local JSON file is not exfiltration merely because its path contains 'secrets/'. The existing credential-leak deny rules that follow are unchanged.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a guard-exec-as-caller.service systemd unit for the deployment where the daemon starts as root and runs each approved command as the connecting Unix caller (--users, --exec-as-caller over a Unix socket, with --state-db), including the sandbox relaxations that mode requires and comments documenting the UID allow-list and when to widen ReadWritePaths. It also extends the safe and readonly evaluator prompts so authenticated read-only appliance and service-management APIs reached through a named SSH host or localhost tunnel with guard-injected credentials read as ordinary administration: fixed GET/search/status calls and bounded response handling are not a secret leak, and a request body from a named local JSON file is not exfiltration merely because its path contains secrets/. The credential-leak deny rules that follow are unchanged, and main's existing vendor-specific examples were left as-is.