[systemd-devel] [ANNOUNCE] systemd v229
Dave Reisner
d at falconindy.com
Fri Feb 12 12:46:46 UTC 2016
On Fri, Feb 12, 2016 at 10:56:29AM +0100, Armin K. wrote:
> On 12.02.2016 10:54, Colin Guthrie wrote:
> > Dave Reisner wrote on 12/02/16 01:09:
> >> On Thu, Feb 11, 2016 at 10:26:51PM +0100, Reindl Harald wrote:
> >>>
> >>> Am 11.02.2016 um 22:19 schrieb Dave Reisner:
> >>>> On Thu, Feb 11, 2016 at 05:50:08PM +0100, Lennart Poettering wrote:
> >>>>> I just tagged the v229 release of systemd. Enjoy!
> >>>>>
> >>>>> CHANGES WITH 229:
> >>>>>
> >>>>> <snip>
> >>>>>
> >>>>> * When the stacktrace is extracted from processes of system users, this
> >>>>> is now done as "systemd-coredump" user, in order to sandbox this
> >>>>> potentially security sensitive parsing operation. (Note that when
> >>>>> processing coredumps of normal users this is done under the user ID
> >>>>> of process that crashed, as before.) Packagers should take notice
> >>>>> that it is now necessary to create the "systemd-coredump" system user
> >>>>> and group at package installation time.
> >>>>>
> >>>>
> >>>> Why is it left to downstream to create this user? What makes it
> >>>> different from the other 4 users which systemd already creates?
> >>>
> >>> systemd don't create any user. nowhere, rpm-scritrs downstream does
> >>
> >> You're mistaken. See /usr/lib/sysusers.d/{basic,systemd,systemd-remote}.conf and
> >> systemd-sysusers(8). The curious absence of systemd-coredump from
> >> sysusers.d/systemd.conf is what I'm asking about here.
> >
> > Seems odd indeed. It's perhaps because the user needs to own directories
> > that are packaged (e.g. in /var) which is somewhat tricky with sysusers
> > - you need to have the user available before the package is installed -
> > i.e. an RPM %pre script. Just a guess at why it was left out.
> >
> > Personally, I'd just make such folders ghosts and them have them created
> > by tmpfiles after package install (and thus after sysusers has run to
> > create the user who will own the folders)
> >
> > This is something that I think should be automated in RPM packaging
> > (i.e. the creation of ghosts automatically by parsing packaged tmpfiles
> > snippets), but this is off-topic.
> >
> > Col
> >
> >
> >
> >
>
> I don't see the problem. The user is already in sysusers.d/systemd.conf.m4
>
> https://github.com/systemd/systemd/blob/master/sysusers.d/systemd.conf.m4
>
> I do appreciate that he mentioned a new user had to be created, because,
> you know, not everyone uses systemd-sysusers.
>
Ah, this is all I was looking for. Sorry, should have looked a bit more
closely.
More information about the systemd-devel
mailing list