doc: Update thread model regarding .service unit permissions

canonical · Sep 10, 2024 · 3fdd2c3 · 3fdd2c3
1 parent c9074a5
commit 3fdd2c3
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/doc/security.md b/doc/security.md
@@ -19,6 +19,23 @@ Security advice: ensure all YAML files in `/etc/netplan`, `/run/netplan` and
 `/lib/netplan` are not readable by non-privileged users.
 :::
 
+## Systemd `.service` units
+
+Netplan generates many systemd `.service` units, which are world-accessible to
+any local user through systemd APIs by design, e.g. using `systemctl show UNIT_NAME.service`
+
+Such service units are therefore generated with `0o644` permissions. This
+needs to be taken into consideration especially for the `netplan-ovs-*.service`
+units that might contain arbitrary content, for example using the `other-config`
+or `external-ids`. Make sure not to put any secrets into those fields, as those
+will become world-readable.
+
+* `/run/systemd/system/netplan-ovs-*.service`
+* `/run/systemd/system/netplan-sriov-*.service`
+* `/run/systemd/system/netplan-regdom.service`
+* `/run/systemd/system/netplan-wpa-*.service`
+* `/run/systemd/system/systemd-networkd-wait-online.service.d/10-netplan*.conf`
+
 ## Static analysis with Coverity
 
 To ensure that common issues do not sneak undetected in our code base,