Initial draft of privilege escalation policy

drago01 drago01 at
Wed Jan 20 18:40:50 UTC 2010

On Wed, Jan 20, 2010 at 4:15 AM, Adam Williamson <awilliam at> wrote:
> Hi, everyone. As you may know if you've followed the meetings, FESCo has
> cheerfully punted the privilege escalation policy issue back to us; they
> want us to come up with a draft policy to take back to a FESCo meeting.

> * Run an application that listens on a network port lower than 1024
> * Mount or unmount anything (excluding automounted hotplugged storage
> devices, and devices explicitly configured by the root user for
> unprivileged use)

Define "anything" what about fuse mounts? (like sshfs, or those done by gvfs)

More information about the test mailing list