diff options
| author | Topi Miettinen <toiwoton@gmail.com> | 2019-12-06 16:36:58 +0200 |
|---|---|---|
| committer | Topi Miettinen <toiwoton@gmail.com> | 2019-12-07 18:55:54 +0200 |
| commit | 07317d6e343c439d384fa42f89dc5b6cfe03f809 (patch) | |
| tree | be0fc827348056f11dab5ccca79b0a7f6ec73aa5 /src/resolve | |
| parent | 36f43076b99e2054de96f112f494a82916377d8c (diff) | |
| download | systemd-07317d6e343c439d384fa42f89dc5b6cfe03f809.tar.gz | |
resolved, networkd: don't resolve the user if not root
If a daemon is not started as root, most likely it also can't create its
directory and let's not try to resolve the user in that case either.
Create /run/systemd/netif/lldp with tmpfiles.d like other netif directories.
This is also very helpful for preparing a RootImage for the daemons as NSS crud
is not needed.
Diffstat (limited to 'src/resolve')
| -rw-r--r-- | src/resolve/resolved.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c index 2ca9fbdc72..27848cccae 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c @@ -21,9 +21,6 @@ static int run(int argc, char *argv[]) { _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; _cleanup_(manager_freep) Manager *m = NULL; - const char *user = "systemd-resolve"; - uid_t uid; - gid_t gid; int r; log_setup_service(); @@ -37,18 +34,21 @@ static int run(int argc, char *argv[]) { if (r < 0) return log_error_errno(r, "SELinux setup failed: %m"); - r = get_user_creds(&user, &uid, &gid, NULL, NULL, 0); - if (r < 0) - return log_error_errno(r, "Cannot resolve user name %s: %m", user); - - /* Always create the directory where resolv.conf will live */ - r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, MKDIR_WARN_MODE); - if (r < 0) - return log_error_errno(r, "Could not create runtime directory: %m"); - /* Drop privileges, but only if we have been started as root. If we are not running as root we assume most - * privileges are already dropped. */ + * privileges are already dropped and we can't create our directory. */ if (getuid() == 0) { + const char *user = "systemd-resolve"; + uid_t uid; + gid_t gid; + + r = get_user_creds(&user, &uid, &gid, NULL, NULL, 0); + if (r < 0) + return log_error_errno(r, "Cannot resolve user name %s: %m", user); + + /* As we're root, we can create the directory where resolv.conf will live */ + r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, MKDIR_WARN_MODE); + if (r < 0) + return log_error_errno(r, "Could not create runtime directory: %m"); /* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */ r = drop_privileges(uid, gid, |