Bug#887343: systemd-timesyncd does not start with DynamicUser=yes

Felipe Sateler fsateler at debian.org
Mon Jan 15 13:42:37 GMT 2018


Control: forwarded -1 https://github.com/systemd/systemd/issues/7883

On Mon, Jan 15, 2018 at 8:57 AM, Martin Pitt <mpitt at debian.org> wrote:

> Guido Günther [2018-01-15 12:14 +0100]:
> > > > This seems to be caused by the fact that libnss-systemd is not a hard
> > > > dependency of systemd. I'm not sure what the best solution is?
> Having a
> > > > service that is enabled by fails to start looks weird though. Maybe
> > > > providing a static user isn't that bad?
> > > >
> > >
> > > It requires libnss-systemd, yes. Do you not have it installed?
> > > It's a recommends, so should be installed by default
> >
> > See above: "without installing recommends". My whole point is that the
> > systemd package installs a service that won't even start without the
> > recommends which looks somewhat wrong to me.
>
> Note that *in general*, DynamicUser=yes does not *require* libnss-systemd.
> Services start without it, the only effect is that showing the process with
> tools like "ps" will not be able to resolve a dynamic user ID to a name -
> it
> will just be shown as an ID. This might be a bit confusing, but acceptable
> for
> some environments, hence I just made it a Recommends:, not a Depends:.
>
> If timesyncd in particular somehow wants to resolve the systemd-timesyncd
> system user in its own code, then that either should be fixed, or systemd
> needs
> to raise libnss-systemd to a Depends: for that particular bug/reason.
>

It appears timesyncd wants to do this to support being run as root and then
dropping privileges. However, this will fail in the DynamicUser=yes world
because systemd-timesync user won't exist if we are not running the
service. I'm not sure it makes sense anymore to support that usecase, so I
have filed the issue upstream.

-- 

Saludos,
Felipe Sateler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20180115/4bdf6348/attachment.html>


More information about the Pkg-systemd-maintainers mailing list