[systemd-devel] [ANNOUNCE] systemd v229
Colin Guthrie
colin at mageia.org
Fri Feb 12 11:40:34 UTC 2016
Armin K. wrote on 12/02/16 09:56:
> On 12.02.2016 10:54, Colin Guthrie wrote:
>> Dave Reisner wrote on 12/02/16 01:09:
>>> On Thu, Feb 11, 2016 at 10:26:51PM +0100, Reindl Harald wrote:
>>>>
>>>> Am 11.02.2016 um 22:19 schrieb Dave Reisner:
>>>>> On Thu, Feb 11, 2016 at 05:50:08PM +0100, Lennart Poettering wrote:
>>>>>> I just tagged the v229 release of systemd. Enjoy!
>>>>>>
>>>>>> CHANGES WITH 229:
>>>>>>
>>>>>> <snip>
>>>>>>
>>>>>> * When the stacktrace is extracted from processes of system users, this
>>>>>> is now done as "systemd-coredump" user, in order to sandbox this
>>>>>> potentially security sensitive parsing operation. (Note that when
>>>>>> processing coredumps of normal users this is done under the user ID
>>>>>> of process that crashed, as before.) Packagers should take notice
>>>>>> that it is now necessary to create the "systemd-coredump" system user
>>>>>> and group at package installation time.
>>>>>>
>>>>>
>>>>> Why is it left to downstream to create this user? What makes it
>>>>> different from the other 4 users which systemd already creates?
>>>>
>>>> systemd don't create any user. nowhere, rpm-scritrs downstream does
>>>
>>> You're mistaken. See /usr/lib/sysusers.d/{basic,systemd,systemd-remote}.conf and
>>> systemd-sysusers(8). The curious absence of systemd-coredump from
>>> sysusers.d/systemd.conf is what I'm asking about here.
>>
>> Seems odd indeed. It's perhaps because the user needs to own directories
>> that are packaged (e.g. in /var) which is somewhat tricky with sysusers
>> - you need to have the user available before the package is installed -
>> i.e. an RPM %pre script. Just a guess at why it was left out.
>>
>> Personally, I'd just make such folders ghosts and them have them created
>> by tmpfiles after package install (and thus after sysusers has run to
>> create the user who will own the folders)
>>
>> This is something that I think should be automated in RPM packaging
>> (i.e. the creation of ghosts automatically by parsing packaged tmpfiles
>> snippets), but this is off-topic.
>>
>> Col
>>
>>
>>
>>
>
> I don't see the problem. The user is already in sysusers.d/systemd.conf.m4
>
> https://github.com/systemd/systemd/blob/master/sysusers.d/systemd.conf.m4
>
> I do appreciate that he mentioned a new user had to be created, because,
> you know, not everyone uses systemd-sysusers.
Indeed. In my package here, it successfully created the user via
sysusers on update. I should have double checked rather than blindly
believing Dave's statement which, as it turns out, is incorrect (tho' I
can see why he make the assumption due to the original wording).
Col
--
Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/
Day Job:
Tribalogic Limited http://www.tribalogic.net/
Open Source:
Mageia Contributor http://www.mageia.org/
PulseAudio Hacker http://www.pulseaudio.org/
Trac Hacker http://trac.edgewall.org/
More information about the systemd-devel
mailing list