BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.devconf.info//devconf-cz-2026//talk//EBLXXZ
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-devconf-cz-2026-EBLXXZ@pretalx.devconf.info
DTSTART;TZID=CET:20260618T123000
DTEND;TZID=CET:20260618T130500
DESCRIPTION:Systemd has been growing new features that extend or replace tr
 aditional Linux security components:\n- systemd-nsresourced instead of sub
 uid/subgid\n- systemd-mountfsd for unprivileged mounting of file systems\n
 - run0 instead of sudo\n- empower group with magic root rights\n- Varlink 
 to allow easy turning of command-line programs into services\n- Polkit rul
 es to allow privilege escalation with centralized policy\n\nWhy are we bui
 lding new components that augment/enhance/replace existing tools?\nAre ins
 tallations with no setuid/setgid binaries possible?\nWhat are some cool th
 ings that weren't possible before?\nWhat are the threat models that this i
 s trying to address?\nAre distros like Fedora really making full use of th
 ose features or should we rely on them more?\nWhere is this all going?
DTSTAMP:20260430T131619Z
LOCATION:E112 (capacity 156)
SUMMARY:New security features in systemd - Zbigniew Jędrzejewski-Szmek
URL:https://pretalx.devconf.info/devconf-cz-2026/talk/EBLXXZ/
END:VEVENT
END:VCALENDAR