[systemd-devel] [ANNOUNCE] systemd v229

Colin Guthrie colin at mageia.org
Fri Feb 12 09:54:13 UTC 2016 

Dave Reisner wrote on 12/02/16 01:09:
> On Thu, Feb 11, 2016 at 10:26:51PM +0100, Reindl Harald wrote:
>>
>> Am 11.02.2016 um 22:19 schrieb Dave Reisner:
>>> On Thu, Feb 11, 2016 at 05:50:08PM +0100, Lennart Poettering wrote:
>>>> I just tagged the v229 release of systemd. Enjoy!
>>>>
>>>> CHANGES WITH 229:
>>>>
>>>> <snip>
>>>>
>>>>         * When the stacktrace is extracted from processes of system users, this
>>>>           is now done as "systemd-coredump" user, in order to sandbox this
>>>>           potentially security sensitive parsing operation. (Note that when
>>>>           processing coredumps of normal users this is done under the user ID
>>>>           of process that crashed, as before.) Packagers should take notice
>>>>           that it is now necessary to create the "systemd-coredump" system user
>>>>           and group at package installation time.
>>>>
>>>
>>> Why is it left to downstream to create this user? What makes it
>>> different from the other 4 users which systemd already creates?
>>
>> systemd don't create any user. nowhere, rpm-scritrs downstream does
> 
> You're mistaken. See /usr/lib/sysusers.d/{basic,systemd,systemd-remote}.conf and
> systemd-sysusers(8). The curious absence of systemd-coredump from
> sysusers.d/systemd.conf is what I'm asking about here.

Seems odd indeed. It's perhaps because the user needs to own directories
that are packaged (e.g. in /var) which is somewhat tricky with sysusers
- you need to have the user available before the package is installed -
i.e. an RPM %pre script.  Just a guess at why it was left out.

Personally, I'd just make such folders ghosts and them have them created
by tmpfiles after package install (and thus after sysusers has run to
create the user who will own the folders)

This is something that I think should be automated in RPM packaging
(i.e. the creation of ghosts automatically by parsing packaged tmpfiles
snippets), but this is off-topic.

Col




-- 

Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/

More information about the systemd-devel mailing list