Merge pull request #9720 from yuwata/fix-9702
Fix DynamicUser=yes with static User= whose UID and GID are different
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
GitHub
commit
7426028b7a
|
|
@ -525,6 +525,16 @@ static int dynamic_user_realize(
|
|||
num = new_uid;
|
||||
uid_lock_fd = new_uid_lock_fd;
|
||||
}
|
||||
} else if (is_user && !uid_is_dynamic(num)) {
|
||||
struct passwd *p;
|
||||
|
||||
/* Statically allocated user may have different uid and gid. So, let's obtain the gid. */
|
||||
errno = 0;
|
||||
p = getpwuid(num);
|
||||
if (!p)
|
||||
return errno > 0 ? -errno : -ESRCH;
|
||||
|
||||
gid = p->pw_gid;
|
||||
}
|
||||
|
||||
/* If the UID/GID was already allocated dynamically, push the data we popped out back in. If it was already
|
||||
|
|
|
|||
|
|
@ -105,6 +105,25 @@ invalid:
|
|||
return false;
|
||||
}
|
||||
|
||||
static bool check_user_has_group_with_same_name(const char *name) {
|
||||
struct passwd *p;
|
||||
struct group *g;
|
||||
|
||||
assert(name);
|
||||
|
||||
p = getpwnam(name);
|
||||
if (!p ||
|
||||
!streq(p->pw_name, name))
|
||||
return false;
|
||||
|
||||
g = getgrgid(p->pw_gid);
|
||||
if (!g ||
|
||||
!streq(g->gr_name, name))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool is_inaccessible_available(void) {
|
||||
char *p;
|
||||
|
||||
|
|
@ -427,6 +446,10 @@ static void test_exec_supplementarygroups(Manager *m) {
|
|||
|
||||
static void test_exec_dynamicuser(Manager *m) {
|
||||
test(m, "exec-dynamicuser-fixeduser.service", 0, CLD_EXITED);
|
||||
if (check_user_has_group_with_same_name("adm"))
|
||||
test(m, "exec-dynamicuser-fixeduser-adm.service", 0, CLD_EXITED);
|
||||
if (check_user_has_group_with_same_name("games"))
|
||||
test(m, "exec-dynamicuser-fixeduser-games.service", 0, CLD_EXITED);
|
||||
test(m, "exec-dynamicuser-fixeduser-one-supplementarygroup.service", 0, CLD_EXITED);
|
||||
test(m, "exec-dynamicuser-supplementarygroups.service", 0, CLD_EXITED);
|
||||
test(m, "exec-dynamicuser-statedir.service", 0, CLD_EXITED);
|
||||
|
|
|
|||
|
|
@ -45,6 +45,8 @@ test_data_files = '''
|
|||
test-execute/exec-cpuaffinity1.service
|
||||
test-execute/exec-cpuaffinity2.service
|
||||
test-execute/exec-cpuaffinity3.service
|
||||
test-execute/exec-dynamicuser-fixeduser-adm.service
|
||||
test-execute/exec-dynamicuser-fixeduser-games.service
|
||||
test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service
|
||||
test-execute/exec-dynamicuser-fixeduser.service
|
||||
test-execute/exec-dynamicuser-statedir-migrate-step1.service
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
[Unit]
|
||||
Description=Test DynamicUser with static User= whose uid and gid are different
|
||||
# On Fedora, user adm has uid==3 and gid==4.
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -x -c 'test "$$(id -nG)" = "adm" && test "$$(id -ng)" = "adm" && test "$$(id -nu)" = "adm"'
|
||||
# Multiple ExecStart= lines causes the issue #9702.
|
||||
ExecStart=/bin/sh -x -c 'test "$$(id -nG)" = "adm" && test "$$(id -ng)" = "adm" && test "$$(id -nu)" = "adm"'
|
||||
DynamicUser=yes
|
||||
User=adm
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
[Unit]
|
||||
Description=Test DynamicUser with static User= whose uid and gid are different
|
||||
# On Ubuntu or Debian, user games has uid==5 and gid==60.
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -x -c 'test "$$(id -nG)" = "games" && test "$$(id -ng)" = "games" && test "$$(id -nu)" = "games"'
|
||||
# Multiple ExecStart= lines causes the issue #9702.
|
||||
ExecStart=/bin/sh -x -c 'test "$$(id -nG)" = "games" && test "$$(id -ng)" = "games" && test "$$(id -nu)" = "games"'
|
||||
DynamicUser=yes
|
||||
User=games
|
||||
Loading…
Reference in New Issue