[systemd-devel] [ANNOUNCE] systemd v229
Lennart Poettering
lennart at poettering.net
Fri Feb 12 20:04:50 UTC 2016
On Thu, 11.02.16 16:19, Dave Reisner (d at falconindy.com) wrote:
> On Thu, Feb 11, 2016 at 05:50:08PM +0100, Lennart Poettering wrote:
> > Heya!
> >
> > I just tagged the v229 release of systemd. Enjoy!
> >
> > CHANGES WITH 229:
> >
> > <snip>
> >
> > * When the stacktrace is extracted from processes of system users, this
> > is now done as "systemd-coredump" user, in order to sandbox this
> > potentially security sensitive parsing operation. (Note that when
> > processing coredumps of normal users this is done under the user ID
> > of process that crashed, as before.) Packagers should take notice
> > that it is now necessary to create the "systemd-coredump" system user
> > and group at package installation time.
> >
>
> Why is it left to downstream to create this user? What makes it
> different from the other 4 users which systemd already creates?
The user is handled exactly the same way as the other 4 users. It's
listed in the sysusers fragment, but for packages which use
distro-specific adduser/useradd tools from their scripts this is
irrelevant, and the packagers need to be aware of this. This is why I
am mentioning this.
I can only recommend distros to use sysusers to manage their system
users, to enable full stateless operation in a distro-independent
way. But I know that many do not, that's all.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list