[FEAT] Rewrite scripts in python and launch systemd limited root processes

### Benefit

All of our native scripts call run0 directly even when fairly limited root privileges are needed. Hence principle of least privilege, security will benefit from reduce the privileges of these processes

### Solution

Use systemd process sandboxing (see [this](https://github.com/HastD/run0edit/blob/7606bf1e71c62a07ca090bbd0e3e6bdc651ba664/run0edit_main.py#L77-L103))

### Alternatives

We could use custom selinux modules and apply them to specific run0/root invocations. The predone systemd solution seems easier and more maintainable.

### Declaration

- [x] I agree to follow this project's [Code of Conduct](https://secureblue.dev/code-of-conduct).
- [x] I declare that this is not a request for alternate community messaging or social platforms.
- [x] I declare that I have read the [secureblue website](https://secureblue.dev/#about) and my feature request is in-scope.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[FEAT] Rewrite scripts in python and launch systemd limited root processes #1206

Benefit

Solution

Alternatives

Declaration

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[FEAT] Rewrite scripts in python and launch systemd limited root processes #1206

Description

Benefit

Solution

Alternatives

Declaration

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions