diff options
| -rw-r--r-- | gnu/services/virtualization.scm | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 076eca7ea2..f0f0ab3bf1 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -1085,6 +1085,20 @@ that will be listening to receive secret keys on port 1004, TCP." accounts) (operating-system-user-services os))))) +(define (operating-system-with-locked-root-account os) + "Return OS with a 'root' account whose password is uninitialized, thereby +preventing password-based authentication as 'root'." + (define root + ;; %ROOT-ACCOUNT has an empty password; change that to an uninitialized + ;; password. + (user-account + (inherit %root-account) + (password #f))) + + (operating-system + (inherit os) + (users (cons root (operating-system-users os))))) + (define %hurd-vm-operating-system (operating-system (inherit %hurd-default-operating-system) @@ -1147,8 +1161,14 @@ that will be listening to receive secret keys on port 1004, TCP." is added to the OS specified in CONFIG." (define transform (compose secret-service-operating-system + ;; When offloading is enabled, (1) add the 'offloading' account, + ;; and (2) prevent users from logging in as 'root' without a + ;; password as this would allow any user on the host to populate + ;; the host's store indirectly (for example by logging in as root + ;; in the Hurd VM over VNC). (if (hurd-vm-configuration-offloading? config) - operating-system-with-offloading-account + (compose operating-system-with-locked-root-account + operating-system-with-offloading-account) identity))) (let* ((os (transform (hurd-vm-configuration-os config))) |