Bug#887343: systemd-timesyncd does not start with DynamicUser=yes

Felipe Sateler fsateler at debian.org
Mon Jan 15 22:58:25 GMT 2018 

Control: tags -1 patch fixed-upstream

On Mon, Jan 15, 2018 at 10:42 AM, Felipe Sateler <fsateler at debian.org> wrote:
> Control: forwarded -1 https://github.com/systemd/systemd/issues/7883
>
> On Mon, Jan 15, 2018 at 8:57 AM, Martin Pitt <mpitt at debian.org> wrote:
>>
>> Guido Günther [2018-01-15 12:14 +0100]:
>> > > > This seems to be caused by the fact that libnss-systemd is not a
>> > > > hard
>> > > > dependency of systemd. I'm not sure what the best solution is?
>> > > > Having a
>> > > > service that is enabled by fails to start looks weird though. Maybe
>> > > > providing a static user isn't that bad?
>> > > >
>> > >
>> > > It requires libnss-systemd, yes. Do you not have it installed?
>> > > It's a recommends, so should be installed by default
>> >
>> > See above: "without installing recommends". My whole point is that the
>> > systemd package installs a service that won't even start without the
>> > recommends which looks somewhat wrong to me.
>>
>> Note that *in general*, DynamicUser=yes does not *require* libnss-systemd.
>> Services start without it, the only effect is that showing the process
>> with
>> tools like "ps" will not be able to resolve a dynamic user ID to a name -
>> it
>> will just be shown as an ID. This might be a bit confusing, but acceptable
>> for
>> some environments, hence I just made it a Recommends:, not a Depends:.
>>
>> If timesyncd in particular somehow wants to resolve the systemd-timesyncd
>> system user in its own code, then that either should be fixed, or systemd
>> needs
>> to raise libnss-systemd to a Depends: for that particular bug/reason.
>
>
> It appears timesyncd wants to do this to support being run as root and then
> dropping privileges. However, this will fail in the DynamicUser=yes world
> because systemd-timesync user won't exist if we are not running the service.
> I'm not sure it makes sense anymore to support that usecase, so I have filed
> the issue upstream.

This was fixed upstream:

https://github.com/systemd/systemd/commit/444c1915f94d7109b5fd97277b049ed17289848d



-- 

Saludos,
Felipe Sateler

More information about the Pkg-systemd-maintainers mailing list