dcavalca / rpms / systemd

Forked from rpms/systemd 5 months ago
Clone
Zbigniew Jędrzejewski-Szmek c29942
From ca1344d04a9c1804234417dcfbd868524abc7ce6 Mon Sep 17 00:00:00 2001
Zbigniew Jędrzejewski-Szmek 7ec963
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Zbigniew Jędrzejewski-Szmek 7ec963
Date: Tue, 9 Jan 2024 11:28:04 +0100
Zbigniew Jędrzejewski-Szmek 7ec963
Subject: [PATCH] journal: again create user journals for users with high uids
Zbigniew Jędrzejewski-Szmek 7ec963
Zbigniew Jędrzejewski-Szmek 7ec963
This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d
Zbigniew Jędrzejewski-Szmek 7ec963
'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped
Zbigniew Jędrzejewski-Szmek 7ec963
in an additional check of uid_is_container(uid). The problem is that that change
Zbigniew Jędrzejewski-Szmek 7ec963
is not backwards-compatible at all and very hard for users to handle.
Zbigniew Jędrzejewski-Szmek 7ec963
There is no common agreement on mappings of high-range uids. Systemd declares
Zbigniew Jędrzejewski-Szmek 7ec963
ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/,
Zbigniew Jędrzejewski-Szmek 7ec963
but this is only a recent change and various sites allocated those ranges
Zbigniew Jędrzejewski-Szmek 7ec963
in a different way, in particular FreeIPA uses (used?) uids from this range
Zbigniew Jędrzejewski-Szmek 7ec963
for human users. On big sites with lots of users changing uids is obviously a
Zbigniew Jędrzejewski-Szmek 7ec963
hard problem. We generally assume that uids cannot be "freed" and/or changed
Zbigniew Jędrzejewski-Szmek 7ec963
and/or reused safely, so we shouldn't demand the same from others.
Zbigniew Jędrzejewski-Szmek 7ec963
Zbigniew Jędrzejewski-Szmek 7ec963
This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN /
Zbigniew Jędrzejewski-Szmek 7ec963
SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing
Zbigniew Jędrzejewski-Szmek 7ec963
huge problems for existing systems with were created with a different
Zbigniew Jędrzejewski-Szmek 7ec963
definition and couldn't be easily updated. For that case, we added a
Zbigniew Jędrzejewski-Szmek 7ec963
configuration time switch and we now parse /etc/login.defs to actually use the
Zbigniew Jędrzejewski-Szmek 7ec963
value that is appropriate for the local system.
Zbigniew Jędrzejewski-Szmek 7ec963
Zbigniew Jędrzejewski-Szmek 7ec963
Unfortunately, login.defs doesn't have a concept of container allocation ranges
Zbigniew Jędrzejewski-Szmek 7ec963
(and we don't have code to parse and use those nonexistent names either), so we
Zbigniew Jędrzejewski-Szmek 7ec963
can't tell users to adjust logind.defs to work around the changed definition.
Zbigniew Jędrzejewski-Szmek 7ec963
Zbigniew Jędrzejewski-Szmek 7ec963
login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing,
Zbigniew Jędrzejewski-Szmek 7ec963
because they are used to define where the add allocations for subuids, which is
Zbigniew Jędrzejewski-Szmek 7ec963
generally a much smaller range. Maybe we should talk with other folks about
Zbigniew Jędrzejewski-Szmek 7ec963
the appropriate allocation ranges and define some new settings in login.defs.
Zbigniew Jędrzejewski-Szmek 7ec963
But this would require discussion and coordination with other projects first.
Zbigniew Jędrzejewski-Szmek 7ec963
Zbigniew Jędrzejewski-Szmek 7ec963
Actualy, it seems that this change was needed at all. The code in the container
Zbigniew Jędrzejewski-Szmek 7ec963
does not log to the outside journal. It talks to its own journald, which does
Zbigniew Jędrzejewski-Szmek 7ec963
journal splitting using its internal logic based on shifted uids. So let's
Zbigniew Jędrzejewski-Szmek 7ec963
revert the change to fix user systems.
Zbigniew Jędrzejewski-Szmek 7ec963
Zbigniew Jędrzejewski-Szmek 7ec963
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843.
Zbigniew Jędrzejewski-Szmek 7ec963
---
Zbigniew Jędrzejewski-Szmek c29942
 src/basic/uid-classification.c | 2 +-
Zbigniew Jędrzejewski-Szmek 7ec963
 1 file changed, 1 insertion(+), 1 deletion(-)
Zbigniew Jędrzejewski-Szmek 7ec963
Zbigniew Jędrzejewski-Szmek c29942
diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c
Zbigniew Jędrzejewski-Szmek c29942
index e2d2cebc6d..2c8b06c0d3 100644
Zbigniew Jędrzejewski-Szmek c29942
--- a/src/basic/uid-classification.c
Zbigniew Jędrzejewski-Szmek c29942
+++ b/src/basic/uid-classification.c
Zbigniew Jędrzejewski-Szmek 7ec963
@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) {
Zbigniew Jędrzejewski-Szmek 7ec963
 
Zbigniew Jędrzejewski-Szmek 7ec963
         /* Returns true if the specified UID shall get its data stored in the system journal. */
Zbigniew Jędrzejewski-Szmek 7ec963
 
Zbigniew Jędrzejewski-Szmek 7ec963
-        return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid);
Zbigniew Jędrzejewski-Szmek 7ec963
+        return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY;
Zbigniew Jędrzejewski-Szmek 7ec963
 }