Bug 1253924
Summary: | systemd and xorg-x11-xfs both list /tmp/.font-unix in /usr/lib/tmpfiles.d | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jonathan Kamens <jik> |
Component: | xorg-x11-xfs | Assignee: | X/OpenGL Maintenance List <xgl-maint> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | fedora, johannbg, lnykryn, msekleta, s, systemd-maint, udovdh, xgl-maint, zbyszek |
Target Milestone: | --- | Keywords: | FutureFeature, Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-01-07 21:30:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jonathan Kamens
2015-08-15 17:38:41 UTC
Normally I'd say that the package that uses those dirs should have the tmpfiles snippet and not systemd, but there are special considerations here. /tmp is a public space, and by having the files in systemd we avoid a possible attack in the case where X11 is installed later, on an already running system. But this is very special case, and maybe something we shouldn't care about. If indeed "a very special case" then code something to not warn about duplicate lines for "very special cases". There shouldn't be that many "special cases", otherwise they wouldn't be "special" Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. Please drop /usr/lib/tmpfiles.d/xfs.conf. Longer explanation: normally we'd expect tmpfiles for a specific package to be carried by that package. But xorg-x11-xfs is an optional package (not even installed by default). If this tmpfiles snippet was in xorg-x11-xfs, it would be possible for a normal user to create /tmp/.font-unix after the system is booted, and then trick the administrator into installing the package, thus resulting in wrong permissions on the directory. The simplest solution is to carry the tmpfiles snippet in systemd, as it is currently, so it is always guaranteed to be there. I still see this issue on an updated F26. Any progress, patches we could test or otherwise? As I see it: We could drop /usr/lib/tmpfiles.d/xfs.conf. We could also at least stop logging about this issue at the warning level. In my F33 machines (where xorg-x11-xfs is no longer installed, but even after I installed it to check) it seems this is no longer a problem, with only systemd listing that file. $ dnf repoquery --whatprovides /usr/lib/tmpfiles.d/xfs.conf xorg-x11-xfs-1:1.2.0-8.fc33.x86_64 It's still there. Yes, but issuing the commands given in the original report: % cd /usr/lib/tmpfiles.d % grep font-unix * which used to yield: x11.conf:d /tmp/.font-unix 1777 root root 10d xfs.conf:d /tmp/.font-unix 1777 root root now gives: x11.conf:D! /tmp/.font-unix 1777 root root 10d xfs.conf:d /tmp/.font-unix 1777 root root i.e. the starting "d" in x11.conf has been replaced by "D!" The man page for tmpfiles.d shows d /directory/to/create-and-cleanup mode user group cleanup-age - D /directory/to/create-and-remove mode user group cleanup-age - and If multiple files specify the same path, the entry in the file with the lexicographically earliest name will be applied (note that lines suppressed due to the "!" are filtered before application, meaning that if an early line carries the exclamation mark and is suppressed because of that, a later line matching in path will be applied) Runnig systemd-tmpfiles --clean does not complain about duplicate paths for /tmp/.font-unix. (It does complain about "Line references path below legacy directory /var/run/' for a few config files) datura:~/fedora/xorg-x11-xfs% pkg commit -c -p && pkg build --nowait [rawhide 30ebfc9] Drop /usr/lib/tmpfiles.d/xfs.conf, systemd handles it safely for us (#1253924) 2 files changed, 4 insertions(+), 5 deletions(-) delete mode 100644 xfs.tmpfiles Enumerating objects: 5, done. Counting objects: 100% (5/5), done. Delta compression using up to 12 threads Compressing objects: 100% (3/3), done. Writing objects: 100% (3/3), 461 bytes | 461.00 KiB/s, done. Total 3 (delta 2), reused 0 (delta 0), pack-reused 0 remote: Emitting a message to the fedora-messaging message bus. remote: * Publishing information for 1 commits remote: Sending to redis to log activity and send commit notification emails remote: * Publishing information for 1 commits remote: - to fedora-message remote: 2022-01-07 21:30:24,614 [WARNING] pagure.lib.notify: pagure is about to send a message that has no schemas: pagure.git.receive To ssh://pkgs.fedoraproject.org/rpms/xorg-x11-xfs 731b65d..30ebfc9 rawhide -> rawhide warning: Macro expanded in comment on line 56: %{name} = %{version}-%{release} Building xorg-x11-xfs-1.2.0-14.fc36 for rawhide Created task: 80969397 Task info: https://koji.fedoraproject.org/koji/taskinfo?taskID=80969397 |