Hmm,
not sure why my mailer decided this isn't important - it is!
Lost a few days on it due to not being visible yet - I beg all your pardon for this.
/slap my mail filers
This essentially came due to:
1. myself wanting to bring the Delta we had (by Serge) to run as libvirt-dnsmasq to Debian in [1]
2. out of the discussion in said bug it was decided to be a security risk. I don't have good logs to share (IRC/Mails/Hangout-Talks), but the TL;DR was "do not run it as that user"
3. out of that discussion the change causing this happened in [2]
I think I want to re-fix that at least for bionic to bring back Serges changes.
But in a modified way so they do not trigger the security issues found back then.
They'll probably get an own group at least ...
I also need to look more into the issue that arises due to it for you by reading more into the comments above...
@Seth - any recommendation which user would be best for security isolation. Is an own one (but also with an own group this time) the best we can do?
Hmm,
not sure why my mailer decided this isn't important - it is!
Lost a few days on it due to not being visible yet - I beg all your pardon for this.
/slap my mail filers
This essentially came due to: Hangout- Talks), but the TL;DR was "do not run it as that user"
1. myself wanting to bring the Delta we had (by Serge) to run as libvirt-dnsmasq to Debian in [1]
2. out of the discussion in said bug it was decided to be a security risk. I don't have good logs to share (IRC/Mails/
3. out of that discussion the change causing this happened in [2]
I think I want to re-fix that at least for bionic to bring back Serges changes.
But in a modified way so they do not trigger the security issues found back then.
They'll probably get an own group at least ...
I also need to look more into the issue that arises due to it for you by reading more into the comments above...
@Seth - any recommendation which user would be best for security isolation. Is an own one (but also with an own group this time) the best we can do?
[1]: https:/ /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 862340 /bugs.launchpad .net/ubuntu/ +source/ libvirt/ +bug/1690729
[2]: https:/