This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This message eventually gets returned by the app's Start method, so they should be wrapped to provide a friendly message.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>