left4me

History

mwiegand f615d0de75 spec(user-uid-split): mark superseded by the hardening refactor The 1/2/3-user question is answered: stay at 2 (left4me + l4d2-sandbox). The defenses that motivated a 3-user split (cross-uid ptrace, cross-server contamination, web-side reach into gameserver state, DB/env exposure to srcds) are closed by the systemd hardening composition: PrivateUsers + PrivatePIDs + TemporaryFileSystem + SystemCallFilter=~@debug + empty CapabilityBoundingSet. The residual filesystem-ACL surface (mode 0640 root:left4me on DB and web.env) is noted as a separate concern — covered for the current deployment shape, revisit if shape changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-15 14:59:13 +02:00
..
plans	plan(hardening-refactor): implementation plan against the proven composition	2026-05-15 14:25:25 +02:00
specs	spec(user-uid-split): mark superseded by the hardening refactor	2026-05-15 14:59:13 +02:00

spec(user-uid-split): mark superseded by the hardening refactor

The 1/2/3-user question is answered: stay at 2 (left4me + l4d2-sandbox).
The defenses that motivated a 3-user split (cross-uid ptrace,
cross-server contamination, web-side reach into gameserver state,
DB/env exposure to srcds) are closed by the systemd hardening
composition: PrivateUsers + PrivatePIDs + TemporaryFileSystem +
SystemCallFilter=~@debug + empty CapabilityBoundingSet.

The residual filesystem-ACL surface (mode 0640 root:left4me on DB and
web.env) is noted as a separate concern — covered for the current
deployment shape, revisit if shape changes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-15 14:59:13 +02:00

plans

plan(hardening-refactor): implementation plan against the proven composition

2026-05-15 14:25:25 +02:00

specs

spec(user-uid-split): mark superseded by the hardening refactor

2026-05-15 14:59:13 +02:00