mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
62ece23968
This adds hardening to the relay example systemd service shown in the admin portal. Instead of running the service as root to download the relay binary, we can let systemd manage the state directory and run with lower privileges at all times. I've also removed a shell injection which would in theory allow a malicious github api server to run commands as root in the pre start phase. That being said I have no idea how this script is intended to function, since it downloads the relay binary from the latest release on GitHub which currently is a `gui-client` release without any relay binaries attached.