From 198ce9324844a947567ae4b3e3f4e68e8f07df8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 14 Dec 2017 12:44:21 +0100 Subject: [PATCH] core: drop taints for nobody user/group names We have a check and warning at compile time. The user cannot do anything about this at runtime, and all other taints are about checks that happen at runtime and are specific to that system (and at least potentially correctable). (The logic in the compilation-time check was updated to treat "nogroup" as OK, but not the runtime check. But I think it's better to remove the runtime check for this altogether, so this becomes moot.) --- src/core/manager.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c index 0681bbbbd24..ff4917312c6 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -3872,14 +3872,17 @@ char *manager_taint_string(Manager *m) { char *buf, *e; int r; + /* Returns a "taint string", e.g. "local-hwclock:var-run-bad". + * Only things that are detected at runtime should be tagged + * here. For stuff that is set during compilation, emit a warning + * in the configuration phase. */ + assert(m); buf = new(char, sizeof("split-usr:" "cgroups-missing:" "local-hwclock:" "var-run-bad:" - "weird-nobody-user:" - "weird-nobody-group:" "overflowuid-not-65534:" "overflowgid-not-65534:")); if (!buf) @@ -3901,12 +3904,6 @@ char *manager_taint_string(Manager *m) { if (r < 0 || !PATH_IN_SET(destination, "../run", "/run")) e = stpcpy(e, "var-run-bad:"); - if (!streq(NOBODY_USER_NAME, "nobody")) - e = stpcpy(e, "weird-nobody-user:"); - - if (!streq(NOBODY_GROUP_NAME, "nobody")) - e = stpcpy(e, "weird-nobody-group:"); - r = read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid); if (r >= 0 && !streq(overflowuid, "65534")) e = stpcpy(e, "overflowuid-not-65534:");