[PATCH] systemd: disable socket activation for root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm completely out of my depth here - I program mostly in bash, but ...

If you want to know if you can do something, one way is to try to do it 
and see if it fails.

What would happen if you just issued something harmless like a touch 
command to something in the path?
Wouldn't that give you a definitive answer without checking any flags or 
settings?

Joe

On 02/08/2017 07:36 AM, Tanu Kaskinen wrote:
> On Fri, 2017-02-03 at 10:17 -0300, Felipe Sateler wrote:
>> On 3 February 2017 at 05:51, Tanu Kaskinen <tanuk at iki.fi> wrote:
>>> We disallow autospawning for root, but when using systemd socket
>>> activation to start pulseaudio, that replaces the autospawning
>>> mechanism, and there was no similar "root protection" in socket
>>> activation. This patch disables the socket activation for root.
>>>
>>> Thanks to Felipe Sateler for coming up with the idea of using
>>> ConditionPathIsReadWrite=!/run.
>> I'm sorry but I'll have to take this back. This check only checks if
>> the path is mounted read-write, not if the calling process has the
>> necessary permissions.
>>
>> https://github.com/systemd/systemd/blob/master/src/shared/condition.c#L405
>> https://github.com/systemd/systemd/blob/master/src/basic/stat-util.c#L126
>>
>> :(
> Well, that's disappointing (and shame on me - I should have tested the
> patch better).
>
> I think using ExecStartPre as Ahmed first suggested is the best
> solution. It should do exactly what we want. The admin capability check
> can have some corner cases where it does the wrong thing.
>



[Index of Archives]     [Linux Audio Users]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux