diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-09-19 10:06:09 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-09-20 16:52:02 +0200 |
| commit | 696fc8360df7c3acfa1ad4cebd66bcdfe5a9d575 (patch) | |
| tree | 0278824e39c99ac0a032a890e9c6fb8db6dc383e /units/systemd-networkd.service.in | |
| parent | 62fb7e80fcc45a1530ed58a84980be8cfafa9b3e (diff) | |
| download | systemd-696fc8360df7c3acfa1ad4cebd66bcdfe5a9d575.tar.gz | |
Revert "network: set DynamicUser= to systemd-networkd.service"
This reverts commit d4e9e574ea0b5d23598a317e68399584d229568b.
(systemd.conf.m4 part was already reverted in 5b5d82615011b9827466b7cd5756da35627a1608.)
Together those reverts should "fix" #10025 and #10011. ("fix" is in quotes
because this doesn't really fix the underlying issue, which is combining
DynamicUser= with strict container sandbox, but it avoids the problem by not
using that feature in our default installation.)
Dynamic users don't work well if the service requires matching configuration in
other places, for example dbus policy. This is true for those three services.
In effect, distros create the user statically [1, 2]. Dynamic users make more
sense for "add-on" services where not creating the user, or more precisely,
creating the user lazily, can save resources. For "basic" services, if we are
going to create the user on package installation anyway, setting DynamicUser=
just creates unneeded confusion. The only case where it is actually used is
when somebody forgets to do system configuration. But it's better to have the
service fail cleanly in this case too. If we want to turn on some side-effect
of DynamicUser=yes for those services, we should just do that directly through
fine-grained options. By not using DynamicUser= we also avoid the need to
restart dbus.
[1] https://salsa.debian.org/systemd-team/systemd/commit/bd9bf307274faca24699c0c2d67cb86f18c0b2cb
[2] https://src.fedoraproject.org/rpms/systemd/blob/48ac1cebdedb055d9daf3dfe28c7bde80103f7a1/f/systemd.spec#_473
(Fedora does not create systemd-timesync user.)
Diffstat (limited to 'units/systemd-networkd.service.in')
| -rw-r--r-- | units/systemd-networkd.service.in | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index 371ab3a9cf..65d3e2a660 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -13,7 +13,7 @@ Documentation=man:systemd-networkd.service(8) ConditionCapability=CAP_NET_ADMIN DefaultDependencies=no # systemd-udevd.service can be dropped once tuntap is moved to netlink -After=systemd-udevd.service network-pre.target systemd-sysctl.service +After=systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service Before=network.target multi-user.target shutdown.target Conflicts=shutdown.target Wants=network.target @@ -25,9 +25,9 @@ RestartSec=0 ExecStart=!!@rootlibexecdir@/systemd-networkd WatchdogSec=3min User=systemd-network -DynamicUser=yes CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW +ProtectSystem=strict ProtectHome=yes ProtectControlGroups=yes ProtectKernelModules=yes |