On Thu, 11.02.16 16:19, Dave Reisner ([email protected]) wrote: > On Thu, Feb 11, 2016 at 05:50:08PM +0100, Lennart Poettering wrote: > > Heya! > > > > I just tagged the v229 release of systemd. Enjoy! > > > > CHANGES WITH 229: > > > > <snip> > > > > * When the stacktrace is extracted from processes of system users, > > this > > is now done as "systemd-coredump" user, in order to sandbox this > > potentially security sensitive parsing operation. (Note that when > > processing coredumps of normal users this is done under the user > > ID > > of process that crashed, as before.) Packagers should take notice > > that it is now necessary to create the "systemd-coredump" system > > user > > and group at package installation time. > > > > Why is it left to downstream to create this user? What makes it > different from the other 4 users which systemd already creates?
The user is handled exactly the same way as the other 4 users. It's listed in the sysusers fragment, but for packages which use distro-specific adduser/useradd tools from their scripts this is irrelevant, and the packagers need to be aware of this. This is why I am mentioning this. I can only recommend distros to use sysusers to manage their system users, to enable full stateless operation in a distro-independent way. But I know that many do not, that's all. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
