journal,coredump: do not do ACL magic for "nobody" user either
The "nobody" user might possibly be seen by the journal or coredumping code if unmapped userns-using processes are somehow visible to them. Let's make sure we don't do the ACL magic for this user either, since this is a special system user that might be backed by different real users in different contexts.
This commit is contained in:
parent
7e61fd02b0
commit
05fd2156b7
|
@ -165,7 +165,7 @@ static int fix_acl(int fd, uid_t uid) {
|
|||
|
||||
assert(fd >= 0);
|
||||
|
||||
if (uid_is_system(uid) || uid_is_dynamic(uid))
|
||||
if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY)
|
||||
return 0;
|
||||
|
||||
/* Make sure normal users can read (but not write or delete)
|
||||
|
|
|
@ -248,7 +248,7 @@ static void server_add_acls(JournalFile *f, uid_t uid) {
|
|||
assert(f);
|
||||
|
||||
#if HAVE_ACL
|
||||
if (uid_is_system(uid) || uid_is_dynamic(uid))
|
||||
if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY)
|
||||
return;
|
||||
|
||||
r = add_acls_for_user(f->fd, uid);
|
||||
|
@ -406,7 +406,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
|
|||
if (s->runtime_journal)
|
||||
return s->runtime_journal;
|
||||
|
||||
if (uid_is_system(uid) || uid_is_dynamic(uid))
|
||||
if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY)
|
||||
return s->system_journal;
|
||||
|
||||
r = sd_id128_get_machine(&machine);
|
||||
|
|
Loading…
Reference in New Issue