Bug#756604: systemd: NoNewPrivileges allows UID changes, while the doc says it prohibits it
intrigeri at debian.org
intrigeri at debian.org
Thu Jul 31 10:42:00 BST 2014
Package: systemd
Version: 208-6
Severity: normal
Hi,
the attached unit file has NoNewPrivileges set to "yes", which,
according to systemd.exec(5), "prohibits UID changes of any kind".
However, the tor daemon it starts successfully manages to change its
UID to debian-tor, as configured with "User debian-tor" in
/usr/share/tor/tor-service-defaults-torrc:
# systemctl status tor.service
tor.service - Anonymizing overlay network for TCP
Loaded: loaded (/etc/systemd/system/tor.service; disabled)
Active: active (running) since Thu 2014-07-31 11:25:47 CEST; 14min ago
Process: 30506 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --verify-config (code=exited, status=0/SUCCESS)
Main PID: 30509 (tor)
CGroup: /system.slice/tor.service
└─30509 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0
$ ps aux | grep usr/bin/tor
debian-+ 30509 0.1 0.2 66536 33708 ? Ss 11:25 0:01 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0
Did I misunderstand the documentation, or is the doc wrong, or is
there a bug somewhere?
Cheers,
--
intrigeri
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tor.service
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20140731/92d60de8/attachment.ksh>
More information about the Pkg-systemd-maintainers
mailing list