Merge pull request systemd#7003 from yuwata/enable-dynamic-user

poettering · web-flow · commit b74023db06a0 · 2017-10-10T10:05:43.000+02:00
timesyncd, journal-upload: Enable DynamicUser=
diff --git a/src/basic/mkdir-label.c b/src/basic/mkdir-label.c
@@ -25,8 +25,8 @@
 #include "label.h"
 #include "mkdir.h"
 
-int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {
-        return mkdir_safe_internal(path, mode, uid, gid, mkdir_label);
+int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) {
+        return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir_label);
 }
 
 int mkdir_parents_label(const char *path, mode_t mode) {
diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c
@@ -22,14 +22,15 @@
 #include <string.h>
 #include <sys/stat.h>
 
+#include "alloc-util.h"
 #include "fs-util.h"
 #include "macro.h"
 #include "mkdir.h"
 #include "path-util.h"
 #include "stat-util.h"
 #include "user-util.h"
 
-int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkdir_func_t _mkdir) {
+int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink, mkdir_func_t _mkdir) {
         struct stat st;
         int r;
 
@@ -42,6 +43,19 @@ int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkd
         if (lstat(path, &st) < 0)
                 return -errno;
 
+        if (follow_symlink && S_ISLNK(st.st_mode)) {
+                _cleanup_free_ char *p = NULL;
+
+                r = chase_symlinks(path, NULL, CHASE_NONEXISTENT, &p);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return mkdir_safe_internal(p, mode, uid, gid, false, _mkdir);
+
+                if (lstat(p, &st) < 0)
+                        return -errno;
+        }
+
         if ((st.st_mode & 0007) > (mode & 0007) ||
             (st.st_mode & 0070) > (mode & 0070) ||
             (st.st_mode & 0700) > (mode & 0700) ||
@@ -53,8 +67,8 @@ int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkd
         return 0;
 }
 
-int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid) {
-        return mkdir_safe_internal(path, mode, uid, gid, mkdir);
+int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) {
+        return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir);
 }
 
 int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir) {
diff --git a/src/basic/mkdir.h b/src/basic/mkdir.h
@@ -22,17 +22,17 @@
 
 #include <sys/types.h>
 
-int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid);
+int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink);
 int mkdir_parents(const char *path, mode_t mode);
 int mkdir_p(const char *path, mode_t mode);
 
 /* mandatory access control(MAC) versions */
-int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid);
+int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink);
 int mkdir_parents_label(const char *path, mode_t mode);
 int mkdir_p_label(const char *path, mode_t mode);
 
 /* internally used */
 typedef int (*mkdir_func_t)(const char *pathname, mode_t mode);
-int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkdir_func_t _mkdir);
+int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink, mkdir_func_t _mkdir);
 int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir);
 int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir);
diff --git a/src/core/execute.c b/src/core/execute.c
@@ -1974,7 +1974,7 @@ static int setup_exec_directory(
                         }
 
                         /* First set up private root if it doesn't exist yet, with access mode 0700 and owned by root:root */
-                        r = mkdir_safe_label(private_root, 0700, 0, 0);
+                        r = mkdir_safe_label(private_root, 0700, 0, 0, false);
                         if (r < 0)
                                 goto fail;
 
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
@@ -1170,7 +1170,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
 
         mkdir_p_label("/var/lib/systemd", 0755);
 
-        r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0);
+        r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0, false);
         if (r < 0)
                 return r;
 
@@ -1904,7 +1904,7 @@ static int update_schedule_file(Manager *m) {
 
         assert(m);
 
-        r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0);
+        r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0, false);
         if (r < 0)
                 return log_error_errno(r, "Failed to create shutdown subdirectory: %m");
 
diff --git a/src/login/logind-inhibit.c b/src/login/logind-inhibit.c
@@ -86,7 +86,7 @@ int inhibitor_save(Inhibitor *i) {
 
         assert(i);
 
-        r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0);
+        r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, false);
         if (r < 0)
                 goto fail;
 
@@ -290,7 +290,7 @@ int inhibitor_create_fifo(Inhibitor *i) {
 
         /* Create FIFO */
         if (!i->fifo_path) {
-                r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0);
+                r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, false);
                 if (r < 0)
                         return r;
 
diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
@@ -93,7 +93,7 @@ int seat_save(Seat *s) {
         if (!s->started)
                 return 0;
 
-        r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0);
+        r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0, false);
         if (r < 0)
                 goto fail;
 
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
@@ -179,7 +179,7 @@ int session_save(Session *s) {
         if (!s->started)
                 return 0;
 
-        r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
+        r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, false);
         if (r < 0)
                 goto fail;
 
@@ -948,7 +948,7 @@ int session_create_fifo(Session *s) {
 
         /* Create FIFO */
         if (!s->fifo_path) {
-                r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
+                r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, false);
                 if (r < 0)
                         return r;
 
diff --git a/src/login/logind-user.c b/src/login/logind-user.c
@@ -141,7 +141,7 @@ static int user_save_internal(User *u) {
         assert(u);
         assert(u->state_file);
 
-        r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0);
+        r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0, false);
         if (r < 0)
                 goto fail;
 
@@ -334,7 +334,7 @@ static int user_mkdir_runtime_path(User *u) {
 
         assert(u);
 
-        r = mkdir_safe_label("/run/user", 0755, 0, 0);
+        r = mkdir_safe_label("/run/user", 0755, 0, 0, false);
         if (r < 0)
                 return log_error_errno(r, "Failed to create /run/user: %m");
 
diff --git a/src/machine/machine.c b/src/machine/machine.c
@@ -128,7 +128,7 @@ int machine_save(Machine *m) {
         if (!m->started)
                 return 0;
 
-        r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0);
+        r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0, false);
         if (r < 0)
                 goto fail;
 
diff --git a/src/network/networkd.c b/src/network/networkd.c
@@ -54,19 +54,19 @@ int main(int argc, char *argv[]) {
 
         /* Always create the directories people can create inotify
          * watches in. */
-        r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid);
+        r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, false);
         if (r < 0)
                 log_warning_errno(r, "Could not create runtime directory: %m");
 
-        r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid);
+        r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, false);
         if (r < 0)
                 log_warning_errno(r, "Could not create runtime directory 'links': %m");
 
-        r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid);
+        r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, false);
         if (r < 0)
                 log_warning_errno(r, "Could not create runtime directory 'leases': %m");
 
-        r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid);
+        r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, false);
         if (r < 0)
                 log_warning_errno(r, "Could not create runtime directory 'lldp': %m");
 
diff --git a/src/nspawn/nspawn-setuid.c b/src/nspawn/nspawn-setuid.c
@@ -244,7 +244,7 @@ int change_uid_gid(const char *user, char **_home) {
         if (r < 0)
                 return log_error_errno(r, "Failed to make home root directory: %m");
 
-        r = mkdir_safe(home, 0755, uid, gid);
+        r = mkdir_safe(home, 0755, uid, gid, false);
         if (r < 0 && r != -EEXIST)
                 return log_error_errno(r, "Failed to make home directory: %m");
 
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
@@ -61,7 +61,7 @@ int main(int argc, char *argv[]) {
         }
 
         /* Always create the directory where resolv.conf will live */
-        r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid);
+        r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, false);
         if (r < 0) {
                 log_error_errno(r, "Could not create runtime directory: %m");
                 goto finish;
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
@@ -221,7 +221,7 @@ static void test_readlink_and_make_absolute(void) {
         char name_alias[] = "/tmp/test-readlink_and_make_absolute-alias";
         char *r = NULL;
 
-        assert_se(mkdir_safe(tempdir, 0755, getuid(), getgid()) >= 0);
+        assert_se(mkdir_safe(tempdir, 0755, getuid(), getgid(), false) >= 0);
         assert_se(touch(name) >= 0);
 
         assert_se(symlink(name, name_alias) >= 0);
diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
@@ -69,7 +69,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
                 }
 
         } else {
-                r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid);
+                r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, true);
                 if (r < 0)
                         return log_error_errno(r, "Failed to create state directory: %m");
 
diff --git a/sysusers.d/systemd-remote.conf.m4 b/sysusers.d/systemd-remote.conf.m4
@@ -8,6 +8,3 @@
 m4_ifdef(`HAVE_MICROHTTPD',
 u systemd-journal-remote  - "systemd Journal Remote"
 )m4_dnl
-m4_ifdef(`HAVE_LIBCURL',
-u systemd-journal-upload  - "systemd Journal Upload"
-)m4_dnl
diff --git a/sysusers.d/systemd.conf.m4 b/sysusers.d/systemd.conf.m4
@@ -12,9 +12,6 @@ u systemd-network   - "systemd Network Management"
 m4_ifdef(`ENABLE_RESOLVE',
 u systemd-resolve   - "systemd Resolver"
 )m4_dnl
-m4_ifdef(`ENABLE_TIMESYNCD',
-u systemd-timesync  - "systemd Time Synchronization"
-)m4_dnl
 m4_ifdef(`ENABLE_COREDUMP',
 u systemd-coredump  - "systemd Core Dumper"
 )m4_dnl
diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in
@@ -14,11 +14,10 @@ After=network-online.target
 [Service]
 ExecStart=@rootlibexecdir@/systemd-journal-upload --save-state
 User=systemd-journal-upload
+DynamicUser=yes
 SupplementaryGroups=systemd-journal
 WatchdogSec=3min
-PrivateTmp=yes
 PrivateDevices=yes
-ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
@@ -23,11 +23,10 @@ RestartSec=0
 ExecStart=!!@rootlibexecdir@/systemd-timesyncd
 WatchdogSec=3min
 User=systemd-timesync
+DynamicUser=yes
 CapabilityBoundingSet=CAP_SYS_TIME
 AmbientCapabilities=CAP_SYS_TIME
-PrivateTmp=yes
 PrivateDevices=yes
-ProtectSystem=strict
 ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelTunables=yes

Original file line number	Diff line number	Diff line change
`@@ -25,8 +25,8 @@`
`25`	`25`	`#include "label.h"`
`26`	`26`	`#include "mkdir.h"`
`27`	`27`
`28`		`-int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {`
`29`		`- return mkdir_safe_internal(path, mode, uid, gid, mkdir_label);`
	`28`	`+int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) {`
	`29`	`+ return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir_label);`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`int mkdir_parents_label(const char *path, mode_t mode) {`
Original file line number	Diff line number	Diff line change
`@@ -1974,7 +1974,7 @@ static int setup_exec_directory(`
`1974`	`1974`	`}`
`1975`	`1975`
`1976`	`1976`	`/* First set up private root if it doesn't exist yet, with access mode 0700 and owned by root:root */`
`1977`		`- r = mkdir_safe_label(private_root, 0700, 0, 0);`
	`1977`	`+ r = mkdir_safe_label(private_root, 0700, 0, 0, false);`
`1978`	`1978`	`if (r < 0)`
`1979`	`1979`	`goto fail;`
`1980`	`1980`