Bug 1102002

Summary: new static uids/gids for systemd services
Product: [Fedora] Fedora Reporter: Kay Sievers <kay>
Component: setupAssignee: Ondrej Vasik <ovasik>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: harald, kay, lnykryn, ovasik, rvokal, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: setup-2.9.0-4.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-06 07:00:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kay Sievers 2014-05-28 10:32:43 UTC 
Please add new static uid/gid pairs for systemd services:
  systemd-timesync
  systemd-network

Thanks!
Comment 1 Ondrej Vasik 2014-05-28 11:48:05 UTC 
I no longer can assign uid/gid pairs myself, FPC approval is required here (see https://fedoraproject.org/wiki/Packaging:UsersAndGroups and Soft Static Allocation). Please include the link to the FPC ticket, once is created - so I can track the decision and assign the IDs if approved by FPC.
Comment 2 Ondrej Vasik 2014-06-19 21:21:44 UTC 
Any update? Have you asked for FPC approval?
Comment 3 Ondrej Vasik 2014-10-03 12:35:58 UTC 
Ping? I will close this request if there is no FPC ticket activity.
Comment 4 Ondrej Vasik 2014-10-30 06:03:08 UTC 
Adding several more systemd guys before closing this bugzilla.
Comment 5 Zbigniew Jędrzejewski-Szmek 2014-10-30 12:43:59 UTC 
The motivation is to be able to start those daemons in the initramfs. For security reasons it is important to run them as non-root. They create some state files, so uid used in the initramfs has to be the same as the one used on real root.

Please don't close this yet, one of us will file the FPC ticket.
Comment 6 Ondrej Vasik 2014-12-15 12:23:51 UTC 
Any change here? Is the FPC ticket already filed?
Comment 7 Zbigniew Jędrzejewski-Szmek 2014-12-15 14:42:21 UTC 
Now it's filed: https://fedorahosted.org/fpc/ticket/481. Sorry for the delay.
Comment 8 Ondrej Vasik 2015-01-30 11:31:04 UTC 
Done in Rawhide - setup-2.9.5-1.fc22:
* Fri Jan 30 2015 Ondrej Vasik <ovasik> - 2.9.5-1
- assign uidgid for systemd-network(192:192) - FPC 481,bz#1102002
- assign uidgid for systemd-resolve(193:193) - FPC 481,bz#1102002

Not assigning the systemd-timesync as it got +3/-3 votes.
Once it is clear there is no longer expected approval of systemd-timesync, I can run F20/F21 updates.
Comment 9 Fedora Update System 2015-02-23 15:16:45 UTC 
setup-2.9.0-4.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/setup-2.9.0-4.fc21
Comment 10 Fedora Update System 2015-02-25 13:27:08 UTC 
Package setup-2.9.0-4.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing setup-2.9.0-4.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-2502/setup-2.9.0-4.fc21
then log in and leave karma (feedback).
Comment 11 Jaroslav Reznik 2015-03-03 17:18:34 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment 12 Fedora Update System 2015-03-06 07:00:48 UTC 
setup-2.9.0-4.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.