From 33320dcf5865ed1da5936572a4920f9aa654433b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 23 May 2021 22:05:07 +0200 Subject: [PATCH] Version 249-rc1 --- 19950.patch | 273 +++++++++++++++++++++++++++++++++++++++++++++++++++ sources | 2 +- systemd.spec | 10 +- 3 files changed, 282 insertions(+), 3 deletions(-) create mode 100644 19950.patch diff --git a/19950.patch b/19950.patch new file mode 100644 index 0000000..fc08006 --- /dev/null +++ b/19950.patch @@ -0,0 +1,273 @@ +From 420ae742ef584fbe5b98780c3cdada528a45ad67 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 23 May 2021 22:00:22 +0200 +Subject: [PATCH] meson: allow "soft-static" allocations for uids and gids in + the initrd + +The general idea with users and groups created through sysusers is that an +appropriate number is picked when the allocation is made. The number that is +selected will be different on each system based on the order of creation of +users, installed packages, etc. Since system users and groups are not shared +between installations, this generally is not an issue. But it becomes a problem +for initrd: some file systems are shared between the initrd and the host (/run +and /dev are probably the only ones that matter). If the allocations are +different in the host and the initrd, and files survive switch-root, they will +have wrong ownership. + +This makes the gids build-time-configurable for all groups and users where +state may survive the switch from initrd to the host. + +In particular, all "hardware access" groups are like this: files in /dev will +be owned by them. Eventually the new udev would change ownership, but there +would be a momemnt where the files were owned by the wrong group. The +allocations are "soft-static" in the language of Fedora packaging guidelines: +the uid/gid will be used if possible, but we'll fall back to a different +one. TTY_GID is the exception, because the number is used directly. + +Similarly, the possibility to configure "soft-static" uids is added for daemons +which may usefully run in the initramfs: systemd-network (lease information and +interface state is serialized to /run), systemd-resolve (stub files and +interface state), systemd-timesync (/run/systemd/timesync). + +Journal files are owned by the group systemd-journal, and acls are granted +for wheel and adm. + +systemd-oom and systemd-coredump are excluded from this patch: I assume that +oomd is not useful in the initrd, and coredump leaves no state (it only creates +a pipe in /run?). + +The defaults are not changed: if nothing is configured, dynamic allocation will +be used. I looked at a Debian system, and the numbers are all different than +on Fedora. + +For Fedora, see the list of uids and gids at https://pagure.io/setup/blob/master/f/uidgid. +In particular, systemd-network and systemd-resolve got soft-static numbers to +make it easy to transition from a non-host-specific initrd to a host system +already a few years back (https://bugzilla.redhat.com/show_bug.cgi?id=1102002). + +I also requested static allocations for sgx, input, render in +https://pagure.io/packaging-committee/issue/1078, +https://pagure.io/setup/pull-request/27. +--- + meson.build | 40 ++++++++++++++++++++++++------- + meson_options.txt | 48 ++++++++++++++++++++++++++++++++++---- + sysusers.d/basic.conf.in | 38 +++++++++++++++--------------- + sysusers.d/systemd.conf.in | 8 +++---- + 4 files changed, 99 insertions(+), 35 deletions(-) + +diff --git a/meson.build b/meson.build +index 0b136529e3a1..3634ce0a3cb0 100644 +--- a/meson.build ++++ b/meson.build +@@ -793,12 +793,37 @@ endif + conf.set_quoted('NOBODY_USER_NAME', nobody_user) + conf.set_quoted('NOBODY_GROUP_NAME', nobody_group) + +-tty_gid = get_option('tty-gid') +-conf.set('TTY_GID', tty_gid) +- +-# Ensure provided GID argument is numeric, otherwise fall back to default assignment +-users_gid = get_option('users-gid') +-conf.set('USERS_GID', users_gid < 0 ? '-' : users_gid) ++static_ugids = [] ++foreach option : ['adm-gid', ++ 'audio-gid', ++ 'cdrom-gid', ++ 'dialout-gid', ++ 'disk-gid', ++ 'input-gid', ++ 'kmem-gid', ++ 'kvm-gid', ++ 'lp-gid', ++ 'render-gid', ++ 'sgx-gid', ++ 'tape-gid', ++ 'tty-gid', ++ 'users-gid', ++ 'utmp-gid', ++ 'video-gid', ++ 'wheel-gid', ++ 'systemd-journal-gid', ++ 'systemd-network-uid', ++ 'systemd-resolve-uid', ++ 'systemd-timesync-uid'] ++ name = option.underscorify().to_upper() ++ val = get_option(option) ++ ++ # Ensure provided GID argument is numeric, otherwise fall back to default assignment ++ conf.set(name, val >= 0 ? val : '-') ++ if val >= 0 ++ static_ugids += '@0@:@1@'.format(option, val) ++ endif ++endforeach + + conf.set10('ENABLE_ADM_GROUP', get_option('adm-group')) + conf.set10('ENABLE_WHEEL_GROUP', get_option('wheel-group')) +@@ -3713,14 +3738,13 @@ status = [ + 'extra start script: @0@'.format(get_option('rc-local')), + 'debug shell: @0@ @ @1@'.format(get_option('debug-shell'), + get_option('debug-tty')), +- 'TTY GID: @0@'.format(tty_gid), +- 'users GID: @0@'.format(conf.get('USERS_GID')), + 'system UIDs: <=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_UID_MAX'), + conf.get('SYSTEM_ALLOC_UID_MIN')), + 'system GIDs: <=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_GID_MAX'), + conf.get('SYSTEM_ALLOC_GID_MIN')), + 'dynamic UIDs: @0@…@1@'.format(dynamic_uid_min, dynamic_uid_max), + 'container UID bases: @0@…@1@'.format(container_uid_base_min, container_uid_base_max), ++ 'static UID/GID allocations: @0@'.format(' '.join(static_ugids)), + '/dev/kvm access mode: @0@'.format(get_option('dev-kvm-mode')), + 'render group access mode: @0@'.format(get_option('group-render-mode')), + 'certificate root directory: @0@'.format(get_option('certificate-root')), +diff --git a/meson_options.txt b/meson_options.txt +index fc58e888d939..5048de755d91 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -204,6 +204,7 @@ option('status-unit-format-default', type : 'combo', + description : 'use unit name or description in messages by default') + option('time-epoch', type : 'integer', value : '-1', + description : 'time epoch for time clients') ++ + option('system-alloc-uid-min', type : 'integer', value : '-1', + description : 'minimum system UID used when allocating') + option('system-alloc-gid-min', type : 'integer', value : '-1', +@@ -220,10 +221,6 @@ option('container-uid-base-min', type : 'integer', value : 0x00080000, + description : 'minimum container UID base') + option('container-uid-base-max', type : 'integer', value : 0x6FFF0000, + description : 'maximum container UID base') +-option('tty-gid', type : 'integer', value : 5, +- description : 'the numeric GID of the "tty" group') +-option('users-gid', type : 'integer', value : '-1', +- description : 'the numeric GID of the "users" group') + option('adm-group', type : 'boolean', + description : 'the ACL for adm group should be added') + option('wheel-group', type : 'boolean', +@@ -234,6 +231,49 @@ option('nobody-user', type : 'string', + option('nobody-group', type : 'string', + description : 'The name of the nobody group (the one with GID 65534)', + value : 'nobody') ++option('adm-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "adm" group') ++option('audio-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "audio" group') ++option('cdrom-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "cdrom" group') ++option('dialout-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "dialout" group') ++option('disk-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "disk" group') ++option('input-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "input" group') ++option('kmem-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "kmem" group') ++option('kvm-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "kvm" group') ++option('lp-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "lp" group') ++option('render-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "render" group') ++option('sgx-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "sgx" group') ++option('tape-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "tape" group') ++option('tty-gid', type : 'integer', value : 5, ++ description : 'the numeric GID of the "tty" group') ++option('users-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "users" group') ++option('utmp-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "utmp" group') ++option('video-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "video" group') ++option('wheel-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "wheel" group') ++option('systemd-journal-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the systemd-journal group') ++option('systemd-network-uid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the systemd-network user') ++option('systemd-resolve-uid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the systemd-resolve user') ++option('systemd-timesync-uid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the systemd-timesync user') ++ + option('dev-kvm-mode', type : 'string', value : '0666', + description : '/dev/kvm access mode') + option('group-render-mode', type : 'string', value : '0666', +diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in +index 9da02514216d..8cc1a7cad218 100644 +--- a/sysusers.d/basic.conf.in ++++ b/sysusers.d/basic.conf.in +@@ -12,28 +12,28 @@ u root 0 "Super User" /root + u {{NOBODY_USER_NAME}} 65534 "Nobody" - + + # Administrator group: can *see* more than normal users +-g adm - - - ++g adm {{ADM_GID }} - - + + # Administrator group: can *do* more than normal users +-g wheel - - - ++g wheel {{WHEEL_GID }} - - + +-# Access to certain kernel and userspace facilities +-g kmem - - - +-g tty {{TTY_GID}} - - +-g utmp - - - ++# Access to shared database of users on the system ++g utmp {{UTMP_GID }} - - + +-# Hardware access groups +-g audio - - - +-g cdrom - - - +-g dialout - - - +-g disk - - - +-g input - - - +-g kvm - - - +-g lp - - - +-g render - - - +-g sgx - - - +-g tape - - - +-g video - - - ++# Physical and virtual hardware access groups ++g audio {{AUDIO_GID }} - - ++g cdrom {{CDROM_GID }} - - ++g dialout {{DIALOUT_GID}} - - ++g disk {{DISK_GID }} - - ++g input {{INPUT_GID }} - - ++g kmem {{KMEM_GID }} - - ++g kvm {{KVM_GID }} - - ++g lp {{LP_GID }} - - ++g render {{RENDER_GID }} - - ++g sgx {{SGX_GID }} - - ++g tape {{TAPE_GID }} - - ++g tty {{TTY_GID }} - - ++g video {{VIDEO_GID }} - - + + # Default group for normal users +-g users {{USERS_GID}} - - ++g users {{USERS_GID }} - - +diff --git a/sysusers.d/systemd.conf.in b/sysusers.d/systemd.conf.in +index 9905eb596c61..9941ef8ef4f7 100644 +--- a/sysusers.d/systemd.conf.in ++++ b/sysusers.d/systemd.conf.in +@@ -5,18 +5,18 @@ + # the Free Software Foundation; either version 2.1 of the License, or + # (at your option) any later version. + +-g systemd-journal - - ++g systemd-journal {{SYSTEMD_JOURNAL_GID}} - + {% if ENABLE_NETWORKD %} +-u systemd-network - "systemd Network Management" ++u systemd-network {{SYSTEMD_NETWORK_UID}} "systemd Network Management" + {% endif %} + {% if ENABLE_OOMD %} + u systemd-oom - "systemd Userspace OOM Killer" + {% endif %} + {% if ENABLE_RESOLVE %} +-u systemd-resolve - "systemd Resolver" ++u systemd-resolve {{SYSTEMD_RESOLVE_UID}} "systemd Resolver" + {% endif %} + {% if ENABLE_TIMESYNCD %} +-u systemd-timesync - "systemd Time Synchronization" ++u systemd-timesync {{SYSTEMD_TIMESYNC_UID}} "systemd Time Synchronization" + {% endif %} + {% if ENABLE_COREDUMP %} + u systemd-coredump - "systemd Core Dumper" diff --git a/sources b/sources index 993683e..fcb0ef4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-248.3.tar.gz) = 8e7ff0d5e63cc933e4dc23f7e0bef9707fde90396605eb8822d34de90d7abe8fd37e5739e33b657868218aa7281147cc944c096c007324c3e6fb54d833a83485 +SHA512 (systemd-249-rc1.tar.gz) = dd75fd6a2f63ce296973c7052ebd199619c99805935e9e04a65b58b0de6053f51157233070f32a4731c43cb65e8d232051a0b5c26508256218ae63f11cd24f1b diff --git a/systemd.spec b/systemd.spec index 1415927..d8ed461 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -%global stable 1 +#global stable 1 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -30,7 +30,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd %if %{without inplace} -Version: 248.3 +Version: 249~rc1 Release: 1%{?dist} %else # determine the build information from local checkout @@ -145,6 +145,7 @@ BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(tss2-esys) BuildRequires: pkgconfig(tss2-rc) BuildRequires: pkgconfig(tss2-mu) +BuildRequires: systemtap-sdt-devel BuildRequires: libxslt BuildRequires: docbook-style-xsl BuildRequires: pkgconfig @@ -993,6 +994,11 @@ fi %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Wed Jun 16 2021 Zbigniew Jędrzejewski-Szmek - 249~rc1-1 +- Latest upstream prerelease, see + https://github.com/systemd/systemd/blob/v248-rc4/NEWS. + Fixes #1963428. + * Sat May 15 2021 Zbigniew Jędrzejewski-Szmek - 248.3-1 - A fix for resolved crashes (#1946386, #1960227, #1950241) - Some minor fixes for documentation, systemd-networkd, systemd-run, bootctl.