On Fri, Apr 11, 2014 at 12:09 PM, Colin Walters <walters@xxxxxxxxxx>
wrote:
On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff
<martin.langhoff@xxxxxxxxx> wrote:
>
> If you move in this direction, you have to create files/dirs to be
> owned by the daemon user too.
If we ban set{u,g}id binaries for dynamic uids, then we can just have
all files in /usr owned by root:root. Then there are two other
directories: /var and /etc. For /var, the model OSTree pushes towards
is one where /var should start completely empty. So dynamically
allocating uids works there.
However, /etc is still an issue; /etc/polkit-1/rules.d for example is
owned by polkitd:root. A quick run on my el7 workstation:
# find /etc '!' -uid 0 -o '!' -gid 0 | while read f; do rpm -qf $f;
done | sort -u
chrony-1.29.1-1.el7.x86_64
cups-1.6.3-14.el7.x86_64
mock-1.1.38-1.el7.noarch
ntp-4.2.6p5-18.el7.x86_64
paps-0.6.8-28.el7.x86_64
pesign-0.109-6.el7.x86_64
polkit-0.112-5.el7.x86_64
polkit-pkla-compat-0.1-4.el7.x86_64
wvdial-1.61-9.el7.x86_64
#
Why are the mock files in /etc owned by root:mock? It's not like
they're secret...I wonder if it's intentional.
Anyways yeah, a fair amount of stuff here. A possible model is to
patch the services to start as root, open up the config files they want
(readonly or writable as appropriate), then setuid. Would be fairly
invasive as far as code goes. Another is to just fall back to static
allocation for these. Another is to implement Lennart's suggestion of
dynamic population instead of having the files shipped as owned by the
uid/gid.
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
