[systemd-devel] [PATCH] Apply ProtectSystem to non-merged /usr directories
Lennart Poettering
lennart at poettering.net
Mon Oct 20 08:05:19 PDT 2014
On Sun, 19.10.14 12:05, Martin Pitt (martin.pitt at ubuntu.com) wrote:
> Hello all,
>
> in Debian/Ubuntu we don't use the merged /usr tree for now. systemd
> generally supports that (HAVE_SPLIT_USR), but doesn't consider that
> for ProtectSystem=.
>
> Ansgar (CC'ed) wrote a Debian specific patch for that some months ago.
> I generalized it for upstream now.
>
> Thanks for considering,
I am sorry, but this is nothing we want to support. Monopolizing the
OS in /usr is what makes ProtectSystem= work. If you split things up
into many dirs then you will simply not get the same level of
protection. We will not try to list every possible dirs that the OS
might be split up to in systemd.
Note that your patch is likely to break systems that have the dirs you
list as symlinks (which all systems that have /usr merged have). Also
note that it hardcodes x86_64 peculiarities in an arch-independent
way, which looks pretty wrong too.
We are fine with supporting HAVE_SPLIT_USR work to the level where
things generally work, but given that ProtectSystem= is only an extra
layer of protection where nothing breaks if it doesn't fully protect
systems that haven't done the usr-merge I think applying this patch is not
useful.
Sorry if that's disappointing, but this patch is really something to
carry downstream if at all.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list