[systemd-devel] [ANNOUNCE] systemd v229

Armin K. krejzi at email.com
Fri Feb 12 09:56:29 UTC 2016 

On 12.02.2016 10:54, Colin Guthrie wrote:
> Dave Reisner wrote on 12/02/16 01:09:
>> On Thu, Feb 11, 2016 at 10:26:51PM +0100, Reindl Harald wrote:
>>>
>>> Am 11.02.2016 um 22:19 schrieb Dave Reisner:
>>>> On Thu, Feb 11, 2016 at 05:50:08PM +0100, Lennart Poettering wrote:
>>>>> I just tagged the v229 release of systemd. Enjoy!
>>>>>
>>>>> CHANGES WITH 229:
>>>>>
>>>>> <snip>
>>>>>
>>>>>         * When the stacktrace is extracted from processes of system users, this
>>>>>           is now done as "systemd-coredump" user, in order to sandbox this
>>>>>           potentially security sensitive parsing operation. (Note that when
>>>>>           processing coredumps of normal users this is done under the user ID
>>>>>           of process that crashed, as before.) Packagers should take notice
>>>>>           that it is now necessary to create the "systemd-coredump" system user
>>>>>           and group at package installation time.
>>>>>
>>>>
>>>> Why is it left to downstream to create this user? What makes it
>>>> different from the other 4 users which systemd already creates?
>>>
>>> systemd don't create any user. nowhere, rpm-scritrs downstream does
>>
>> You're mistaken. See /usr/lib/sysusers.d/{basic,systemd,systemd-remote}.conf and
>> systemd-sysusers(8). The curious absence of systemd-coredump from
>> sysusers.d/systemd.conf is what I'm asking about here.
> 
> Seems odd indeed. It's perhaps because the user needs to own directories
> that are packaged (e.g. in /var) which is somewhat tricky with sysusers
> - you need to have the user available before the package is installed -
> i.e. an RPM %pre script.  Just a guess at why it was left out.
> 
> Personally, I'd just make such folders ghosts and them have them created
> by tmpfiles after package install (and thus after sysusers has run to
> create the user who will own the folders)
> 
> This is something that I think should be automated in RPM packaging
> (i.e. the creation of ghosts automatically by parsing packaged tmpfiles
> snippets), but this is off-topic.
> 
> Col
> 
> 
> 
> 

I don't see the problem. The user is already in sysusers.d/systemd.conf.m4

https://github.com/systemd/systemd/blob/master/sysusers.d/systemd.conf.m4

I do appreciate that he mentioned a new user had to be created, because,
you know, not everyone uses systemd-sysusers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160212/896711da/attachment.sig>

More information about the systemd-devel mailing list