Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: 对org.deepin.dde.PasswdConf1服务进行安全加固 #39

Merged
merged 1 commit into from
Sep 5, 2024
Merged

feat: 对org.deepin.dde.PasswdConf1服务进行安全加固 #39

merged 1 commit into from
Sep 5, 2024

Conversation

ECQZXC
Copy link
Contributor

@ECQZXC ECQZXC commented Sep 2, 2024

通过配置systemd service,限制进程的权限范围,提升安全性;

Task: https://pms.uniontech.com/task-view-361195.html

feat: 对org.deepin.dde.PasswdConf1服务进行安全加固
78489c6 
通过配置systemd service,限制进程的权限范围,提升安全性;

Task: https://pms.uniontech.com/task-view-361195.html
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 2, 2024
edited
Loading

CLA Assistant Lite bot:

如果你是以企业贡献者的身份进行提交,请联系我们签署企业贡献者许可协议
If you submit as corporate contributor, please contact us to sign our Corporate Contributor License Agreement

感谢您的提交,我们非常感谢。 像许多开源项目一样,在接受您的贡献之前,我们要求您签署我们的个人贡献者许可协议。 您只需发布与以下格式相同的评论即可签署个人贡献者许可协议
Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Individual Contributor License Agreement before we can accept your contribution. You can sign the Individual Contributor License Agreement by just posting a Pull Request Comment same as the below format.

I have read the CLA Document and I hereby sign the CLA.

echengqi seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You can retrigger this bot by commenting recheck in this Pull Request

@deepin-ci-robot
Copy link

deepin pr auto review

关键摘要:

  • debian/control文件中,将debhelper的依赖从>= 9更改为= 11可能会导致兼容性问题,需要确认是否所有系统都支持debhelper-compat
  • override_dh_auto_install规则中添加了dh_installtmpfiles,但未提供上下文说明为什么需要这样做。
  • Exec=/bin/falsemisc/system-services/org.deepin.dde.PasswdConf1.service中被设置,这可能不是预期的行为,应该确认这是否是调试代码。
  • 服务文件deepin-passwd-conf.service中注释掉了User=root,但没有提供替代方案来管理服务,这可能会导致服务无法正确启动。
  • 服务文件中设置了ProtectHome=yes,但没有考虑用户可能需要通过服务管理密码的情况,这可能会限制用户体验。
  • 服务文件中包含了PrivateMounts=yes,这可能会导致服务无法访问某些系统目录,需要评估是否有必要。
  • 服务文件中包含了LockPersonality=yes,这可能会限制服务的安全性,需要评估是否有必要。

是否建议立即修改:

@deepin-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ECQZXC, fly602

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ECQZXC
Copy link
Contributor Author

ECQZXC commented Sep 5, 2024

/merge

@deepin-bot
Copy link
Contributor

deepin-bot bot commented Sep 5, 2024

This pr cannot be merged! (status: unstable)

@ECQZXC ECQZXC merged commit 60f55bd into linuxdeepin:master Sep 5, 2024
15 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fly602 fly602 fly602 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ECQZXC @deepin-ci-robot @fly602