Skip to content

Use polkit with Tails Server

Tails Server does a lot of things that require higher privileges. Currently, the backend is executed as root. We should consider running it as its own user, and write polkit actions and policies to allow privileged actions.

Actions that require higher privileges:
- apt update, apt install
- systemctl start/stop
- write to service config files (e.g. sshd_config)
- rw access to /var/lib/tor and /var/lib/tails
- copy to persistent volume
- mount —bind, umount

Parent Task: #5688

Original created by @segfault on 12255 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information