Hi all, To reduce the risk of the online fsck service suffering some sort of catastrophic breach that results in attackers reconfiguring the running system, I embarked on a security audit of the systemd service files. The result should be that all elements of the background service (individual scrub jobs, the scrub_all initiator, and the failure reporting) run with as few privileges and within as strong of a sandbox as possible. Granted, this does nothing about the potential for the /kernel/ screwing up, but at least we could prevent obvious container escapes. If you're going to start using this mess, you probably ought to just pull from my git trees, which are linked below. This is an extraordinary way to destroy everything. Enjoy! Comments and questions are, as always, welcome. --D xfsprogs git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfsprogs-dev.git/log/?h=scrub-service-security --- doc/README-env-vars.txt | 2 + scrub/Makefile | 7 +++ scrub/phase1.c | 4 +- scrub/system-xfs_scrub.slice | 30 +++++++++++++ scrub/vfs.c | 2 - scrub/xfs_scrub.c | 9 +++- scrub/xfs_scrub.h | 5 ++ scrub/xfs_scrub@xxxxxxxxxxx | 85 ++++++++++++++++++++++++++++++++++---- scrub/xfs_scrub_all.service.in | 66 ++++++++++++++++++++++++++++++ scrub/xfs_scrub_fail@xxxxxxxxxxx | 60 +++++++++++++++++++++++++++ 10 files changed, 253 insertions(+), 17 deletions(-) create mode 100644 scrub/system-xfs_scrub.slice
