systemd

shaba/systemd

Fork 0

mirror of https://github.com/systemd/systemd.git synced 2025-01-10 05:18:17 +03:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Zbigniew Jędrzejewski-Szmek	2c06e40ae9	tmpfiles: add period at end of the sentence The license that is immediately above is properly punctuated and it looks sloppy when our line below isn't.	2024-11-21 18:35:18 +01:00
Lennart Poettering	40fb9eebbc	tmpfiles: use same credstore perms everywhere In `b6033b7060` support was added to create {/etc\|/run}/credstore{\|.encrypted} via tmpfiles.d with perms 0000. These perms are so restrictive that not even root can access them unless it has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time In `24039e1207` support was added to create /etc/credstore with perm 0700 from meson.build at build time. This patch makes unifies the two parts: 1. creates both /etc/credstore and /etc/credstore.encrypted in both places (the build system still won't create them in /run/, since that's pointless since not shipped, and the runtime won't create the dirs below /usr/lib/, since that's not generically writable anyway). 2. Both at runtime and at build time we'll create the dirs with mode 0700. This is easier for packaging tools to handle since they generally react pretty negatively on dirs they can't enumerate.	2023-05-31 11:15:26 +08:00
Lennart Poettering	b6033b7060	tmpfiles: automatically create /etc/credstore/ and friends This adds a tmpfiles.d/ snippet for LoadCredential= style credentials directories in /etc/ and /run/. This is done primarily to ensure that the access modes for the dirs are set up properly, in the most restrictive ways. Specifically these are set to 0000, so that CAP_DAC_OVERRIDE is necessary to enumerate and read the credentials, and being UID=0 is not sufficient to do so. This creates /etc/credstore/, but leaves /run/credstore/ absent if missing, for now. Thinking is: the latter being non-persistent is created by software usually, not manually by users, and hence more likely right. But dunno, we might want to revisit this sooner or later. This is ultimately an exercise to advertise the LoadCredential= concept a bit, and do so in a reasonably secure way, underlining the safety of the concept.	2023-01-27 10:03:38 +01:00

Zbigniew Jędrzejewski-Szmek

2c06e40ae9

tmpfiles: add period at end of the sentence

The license that is immediately above is properly punctuated and it looks
sloppy when our line below isn't.

2024-11-21 18:35:18 +01:00

Lennart Poettering

40fb9eebbc

tmpfiles: use same credstore perms everywhere

In b6033b7060 support was added to create
{/etc|/run}/credstore{|.encrypted} via tmpfiles.d with perms 0000. These
perms are so restrictive that not even root can access them unless it
has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time

In 24039e1207 support was added to create
/etc/credstore with perm 0700 from meson.build at build time.

This patch makes unifies the two parts:

1. creates both /etc/credstore *and* /etc/credstore.encrypted in both
   places (the build system still won't create them in /run/, since
   that's pointless since not shipped, and the runtime won't create the
   dirs below /usr/lib/, since that's not generically writable anyway).

2. Both at runtime and at build time we'll create the dirs with mode
   0700. This is easier for packaging tools to handle since they
   generally react pretty negatively on dirs they can't enumerate.

2023-05-31 11:15:26 +08:00

Lennart Poettering

b6033b7060

tmpfiles: automatically create /etc/credstore/ and friends

This adds a tmpfiles.d/ snippet for LoadCredential= style credentials
directories in /etc/ and /run/.

This is done primarily to ensure that the access modes for the dirs are
set up properly, in the most restrictive ways. Specifically these are
set to 0000, so that CAP_DAC_OVERRIDE is necessary to enumerate and read
the credentials, and being UID=0 is not sufficient to do so.

This creates /etc/credstore/, but leaves /run/credstore/ absent if
missing, for now. Thinking is: the latter being non-persistent is
created by software usually, not manually by users, and hence more
likely right. But dunno, we might want to revisit this sooner or later.

This is ultimately an exercise to advertise the LoadCredential= concept
a bit, and do so in a reasonably secure way, underlining the safety of
the concept.

2023-01-27 10:03:38 +01:00

3 Commits