Message ID | 20200615072055.2083-11-nolange79@gmail.com |
---|---|
State | Superseded |
Headers | show |
Series | [v2,01/14] package/systemd: configure nss plugins in nsswitch.conf | expand |
I wonder how that would work with lines that contain %b (boot id) and %m (machine-id) my educated guest would be that it would create files with the host's boot-id/machine-id. Thus leaking the host's information. This is not good, especially the machine-id of the host which is confidential information (not crypto-grade, but still shouldn't be leaked) if systemd-tmpile supports that correctly (maybe skipping all %b %m when --root is used) it's all fine. But I don't remember seeing that. does it ? Cheers Jeremy Le lun. 15 juin 2020 à 09:21, Norbert Lange <nolange79@gmail.com> a écrit : > Especially for read-only filesystems it is helpfull to > pre-create all folders for non-volatile paths. > > This needs to run under fakeroot to allow setting > uids/gids/perms for the target fs. > > Signed-off-by: Norbert Lange <nolange79@gmail.com> > --- > package/systemd/systemd.mk | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk > index e117e3a082..cb0278f3b7 100644 > --- a/package/systemd/systemd.mk > +++ b/package/systemd/systemd.mk > @@ -599,6 +599,12 @@ SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES > endif > SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS > > +define SYSTEMD_CREATE_TMPFILES_HOOK > + $(HOST_DIR)/bin/systemd-tmpfiles --root=$(TARGET_DIR) --create > --boot \ > + $(addprefix --exclude-prefix=/,dev mnt proc run sys tmp) > || : > +endef > +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_CREATE_TMPFILES_HOOK > + > SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV) > SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV) > > @@ -652,7 +658,7 @@ HOST_SYSTEMD_CONF_OPTS = \ > -Dvconsole=false \ > -Dquotacheck=false \ > -Dsysusers=false \ > - -Dtmpfiles=false \ > + -Dtmpfiles=true \ > -Dimportd=false \ > -Dhwdb=false \ > -Drfkill=false \ > -- > 2.27.0 > >
Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN < jeremy.rosen@smile.fr>: > I wonder how that would work with lines that contain %b (boot id) > and %m (machine-id) > my educated guest would be that it would create files with the host's > boot-id/machine-id. Thus leaking the host's information. This is not > good, especially the machine-id of the host which is confidential > information (not crypto-grade, but still shouldn't be leaked) > > if systemd-tmpile supports that correctly (maybe skipping all %b %m > when --root is used) it's all fine. But I don't remember seeing that. > > does it ? > The default config files don't create files with machine-id, and %b is not replaced at all AFAIR. But I believe you are right that systemd-tmpfiles picks up the host machine-id and would replace it. Good catch, need to check. > > Cheers > Jeremy > > > Le lun. 15 juin 2020 à 09:21, Norbert Lange <nolange79@gmail.com> a > écrit : > >> Especially for read-only filesystems it is helpfull to >> pre-create all folders for non-volatile paths. >> >> This needs to run under fakeroot to allow setting >> uids/gids/perms for the target fs. >> >> Signed-off-by: Norbert Lange <nolange79@gmail.com> >> --- >> package/systemd/systemd.mk | 8 +++++++- >> 1 file changed, 7 insertions(+), 1 deletion(-) >> >> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk >> index e117e3a082..cb0278f3b7 100644 >> --- a/package/systemd/systemd.mk >> +++ b/package/systemd/systemd.mk >> @@ -599,6 +599,12 @@ SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES >> endif >> SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS >> >> +define SYSTEMD_CREATE_TMPFILES_HOOK >> + $(HOST_DIR)/bin/systemd-tmpfiles --root=$(TARGET_DIR) --create >> --boot \ >> + $(addprefix --exclude-prefix=/,dev mnt proc run sys tmp) >> || : >> +endef >> +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_CREATE_TMPFILES_HOOK >> + >> SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV) >> SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV) >> >> @@ -652,7 +658,7 @@ HOST_SYSTEMD_CONF_OPTS = \ >> -Dvconsole=false \ >> -Dquotacheck=false \ >> -Dsysusers=false \ >> - -Dtmpfiles=false \ >> + -Dtmpfiles=true \ >> -Dimportd=false \ >> -Dhwdb=false \ >> -Drfkill=false \ >> -- >> 2.27.0 >> >> > > -- > [image: SMILE] <http://www.smile.eu/> > > 20 rue des Jardins > 92600 Asnières-sur-Seine > *Jérémy ROSEN* > Architecte technique > > [image: email] jeremy.rosen@smile.fr > [image: phone] +33 6 88 25 87 42 > [image: url] http://www.smile.eu > > [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook] > <https://www.facebook.com/smileopensource> [image: LinkedIn] > <https://www.linkedin.com/company/smile> [image: Github] > <https://github.com/Smile-SA> > > [image: Découvrez l’univers Smile, rendez-vous sur smile.eu] > <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature> >
On Mon, Jun 15, 2020 at 7:59 AM Norbert Lange <nolange79@gmail.com> wrote: > > > Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN < > jeremy.rosen@smile.fr>: > >> I wonder how that would work with lines that contain %b (boot id) >> and %m (machine-id) >> my educated guest would be that it would create files with the host's >> boot-id/machine-id. Thus leaking the host's information. This is not >> good, especially the machine-id of the host which is confidential >> information (not crypto-grade, but still shouldn't be leaked) >> > >> if systemd-tmpile supports that correctly (maybe skipping all %b %m >> when --root is used) it's all fine. But I don't remember seeing that. >> >> does it ? >> > > The default config files don't create files with machine-id, and %b is not > replaced at all AFAIR. > But I believe you are right that systemd-tmpfiles picks up the host > machine-id and would replace it. > Good catch, need to check. > > FYI, this issue is being worked on: > https://github.com/systemd/systemd/pull/16187 > > >> Cheers >> Jeremy >> >> >> Le lun. 15 juin 2020 à 09:21, Norbert Lange <nolange79@gmail.com> a >> écrit : >> >>> Especially for read-only filesystems it is helpfull to >>> pre-create all folders for non-volatile paths. >>> >>> This needs to run under fakeroot to allow setting >>> uids/gids/perms for the target fs. >>> >>> Signed-off-by: Norbert Lange <nolange79@gmail.com> >>> --- >>> package/systemd/systemd.mk | 8 +++++++- >>> 1 file changed, 7 insertions(+), 1 deletion(-) >>> >>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk >>> index e117e3a082..cb0278f3b7 100644 >>> --- a/package/systemd/systemd.mk >>> +++ b/package/systemd/systemd.mk >>> @@ -599,6 +599,12 @@ SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES >>> endif >>> SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS >>> >>> +define SYSTEMD_CREATE_TMPFILES_HOOK >>> + $(HOST_DIR)/bin/systemd-tmpfiles --root=$(TARGET_DIR) --create >>> --boot \ >>> + $(addprefix --exclude-prefix=/,dev mnt proc run sys tmp) >>> || : >>> +endef >>> +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_CREATE_TMPFILES_HOOK >>> + >>> SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV) >>> SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV) >>> >>> @@ -652,7 +658,7 @@ HOST_SYSTEMD_CONF_OPTS = \ >>> -Dvconsole=false \ >>> -Dquotacheck=false \ >>> -Dsysusers=false \ >>> - -Dtmpfiles=false \ >>> + -Dtmpfiles=true \ >>> -Dimportd=false \ >>> -Dhwdb=false \ >>> -Drfkill=false \ >>> -- >>> 2.27.0 >>> >>> >> >> -- >> [image: SMILE] <http://www.smile.eu/> >> >> 20 rue des Jardins >> 92600 Asnières-sur-Seine >> *Jérémy ROSEN* >> Architecte technique >> >> [image: email] jeremy.rosen@smile.fr >> [image: phone] +33 6 88 25 87 42 >> [image: url] http://www.smile.eu >> >> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook] >> <https://www.facebook.com/smileopensource> [image: LinkedIn] >> <https://www.linkedin.com/company/smile> [image: Github] >> <https://github.com/Smile-SA> >> >> [image: Découvrez l’univers Smile, rendez-vous sur smile.eu] >> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature> >> >
Am Montag, 28. September 2020 schrieb Adam Duskett <aduskett@gmail.com>: > > > On Mon, Jun 15, 2020 at 7:59 AM Norbert Lange <nolange79@gmail.com> wrote: > >> >> >> Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN < >> jeremy.rosen@smile.fr>: >> >>> I wonder how that would work with lines that contain %b (boot id) >>> and %m (machine-id) >>> my educated guest would be that it would create files with the host's >>> boot-id/machine-id. Thus leaking the host's information. This is not >>> good, especially the machine-id of the host which is confidential >>> information (not crypto-grade, but still shouldn't be leaked) >>> >> >>> if systemd-tmpile supports that correctly (maybe skipping all %b %m >>> when --root is used) it's all fine. But I don't remember seeing that. >>> >>> does it ? >>> >> >> The default config files don't create files with machine-id, and %b is >> not replaced at all AFAIR. >> But I believe you are right that systemd-tmpfiles picks up the host >> machine-id and would replace it. >> Good catch, need to check. >> > > >> FYI, this issue is being worked on: >> https://github.com/systemd/systemd/pull/16187 >> > That PR is from a guy with an username matching my initials. Weird ;) I seem to be unable to get simple questions about the how unanswered (until pushes that raises issues that I wanted to solve before spending time coding, testing and adhering to coding guidelines). Now I am thinking, that maybe a small separate tool supporting the systemd-tmpfiles, systemd-sysusers and busybox makeusers "setup functionality" might get done faster and might allow the config to be used. I'm not motivated to face this head on for a while, at any rate. Norbert
On Mon, Sep 28, 2020 at 12:00 PM Norbert Lange <nolange79@gmail.com> wrote: > > > > Am Montag, 28. September 2020 schrieb Adam Duskett <aduskett@gmail.com>: >> >> >> >> On Mon, Jun 15, 2020 at 7:59 AM Norbert Lange <nolange79@gmail.com> wrote: >>> >>> >>> >>> Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>: >>>> >>>> I wonder how that would work with lines that contain %b (boot id) >>>> and %m (machine-id) >>>> my educated guest would be that it would create files with the host's >>>> boot-id/machine-id. Thus leaking the host's information. This is not >>>> good, especially the machine-id of the host which is confidential >>>> information (not crypto-grade, but still shouldn't be leaked) >>>> >>>> >>>> if systemd-tmpile supports that correctly (maybe skipping all %b %m >>>> when --root is used) it's all fine. But I don't remember seeing that. >>>> >>>> does it ? >>> >>> >>> The default config files don't create files with machine-id, and %b is not replaced at all AFAIR. >>> But I believe you are right that systemd-tmpfiles picks up the host machine-id and would replace it. >>> Good catch, need to check. >> >> >>> >>> FYI, this issue is being worked on: >>> https://github.com/systemd/systemd/pull/16187 > > > That PR is from a guy with an username matching my initials. Weird ;) > Crazy coincidence! > I seem to be unable to get simple questions about the how unanswered (until pushes that raises issues that I wanted to solve before spending time coding, testing and adhering to coding guidelines). > > Now I am thinking, that maybe a small separate tool supporting the systemd-tmpfiles, systemd-sysusers and busybox makeusers "setup functionality" might get done faster and might allow the config to be used. > > I'm not motivated to face this head on for a while, at any rate. > To be fair, I did test your PR (updated to work with 246.5) and it works perfectly. It's a shame it's so difficult to get Pottering to respond to these things. Adam > Norbert
Agreed, he seems to have trouble grasping the embedded use-case... (I am monitoring this PR too...) The only thing I can say is "Hang on there, Norbert" these kind of things take an unfortunate amount of time, but the systemd project tends to not forget patches... even after a long time asleep. Le lun. 28 sept. 2020 à 22:27, Adam Duskett <aduskett@gmail.com> a écrit : > On Mon, Sep 28, 2020 at 12:00 PM Norbert Lange <nolange79@gmail.com> > wrote: > > > > > > > > Am Montag, 28. September 2020 schrieb Adam Duskett <aduskett@gmail.com>: > >> > >> > >> > >> On Mon, Jun 15, 2020 at 7:59 AM Norbert Lange <nolange79@gmail.com> > wrote: > >>> > >>> > >>> > >>> Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN < > jeremy.rosen@smile.fr>: > >>>> > >>>> I wonder how that would work with lines that contain %b (boot id) > >>>> and %m (machine-id) > >>>> my educated guest would be that it would create files with the host's > >>>> boot-id/machine-id. Thus leaking the host's information. This is not > >>>> good, especially the machine-id of the host which is confidential > >>>> information (not crypto-grade, but still shouldn't be leaked) > >>>> > >>>> > >>>> if systemd-tmpile supports that correctly (maybe skipping all %b %m > >>>> when --root is used) it's all fine. But I don't remember seeing that. > >>>> > >>>> does it ? > >>> > >>> > >>> The default config files don't create files with machine-id, and %b is > not replaced at all AFAIR. > >>> But I believe you are right that systemd-tmpfiles picks up the host > machine-id and would replace it. > >>> Good catch, need to check. > >> > >> > >>> > >>> FYI, this issue is being worked on: > >>> https://github.com/systemd/systemd/pull/16187 > > > > > > That PR is from a guy with an username matching my initials. Weird ;) > > > Crazy coincidence! > > > I seem to be unable to get simple questions about the how unanswered > (until pushes that raises issues that I wanted to solve before spending > time coding, testing and adhering to coding guidelines). > > > > Now I am thinking, that maybe a small separate tool supporting the > systemd-tmpfiles, systemd-sysusers and busybox makeusers "setup > functionality" might get done faster and might allow the config to be used. > > > > I'm not motivated to face this head on for a while, at any rate. > > > To be fair, I did test your PR (updated to work with 246.5) and it > works perfectly. It's a shame it's so difficult to get Pottering > to respond to these things. > > > Adam > > Norbert >
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk index e117e3a082..cb0278f3b7 100644 --- a/package/systemd/systemd.mk +++ b/package/systemd/systemd.mk @@ -599,6 +599,12 @@ SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES endif SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS +define SYSTEMD_CREATE_TMPFILES_HOOK + $(HOST_DIR)/bin/systemd-tmpfiles --root=$(TARGET_DIR) --create --boot \ + $(addprefix --exclude-prefix=/,dev mnt proc run sys tmp) || : +endef +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_CREATE_TMPFILES_HOOK + SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV) SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV) @@ -652,7 +658,7 @@ HOST_SYSTEMD_CONF_OPTS = \ -Dvconsole=false \ -Dquotacheck=false \ -Dsysusers=false \ - -Dtmpfiles=false \ + -Dtmpfiles=true \ -Dimportd=false \ -Dhwdb=false \ -Drfkill=false \
Especially for read-only filesystems it is helpfull to pre-create all folders for non-volatile paths. This needs to run under fakeroot to allow setting uids/gids/perms for the target fs. Signed-off-by: Norbert Lange <nolange79@gmail.com> --- package/systemd/systemd.mk | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)