Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1493047 - ProtectSystem protects /home instead of /usr
ProtectSystem protects /home instead of /usr
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: systemd (Show other bugs)
7.6
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Jan Synacek
Frantisek Sumsal
: EasyFix, Patch
: 1494430 (view as bug list)
Depends On:
Blocks: 1465901
  Show dependency treegraph
 
Reported: 2017-09-19 04:59 EDT by RobHost
Modified: 2018-04-10 07:23 EDT (History)
6 users (show)

See Also:
Fixed In Version: systemd-219-46.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 07:22:48 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Github systemd/systemd/commit/d38e01dc96c5cae1986561c4f3bc7f760560bf2a None None None 2017-09-19 05:01 EDT
Red Hat Product Errata RHBA-2018:0711 None None None 2018-04-10 07:23 EDT

  None (edit)
Description RobHost 2017-09-19 04:59:12 EDT 
Description of problem:

ProtectSystem sets /home read-only instead of /usr. This has been fixed upstream already, see "Additional Info".


Version-Release number of selected component (if applicable):
219


How reproducible:
Setting ProtectSystem for a service unit that writes to /home will result in IO error due to /home being read-only. /usr is not read-only and writes are possible altough it should be read-only instead


Steps to Reproduce:
1. Set ProtectSystem to true or full in systemd service unit that writes to /home.
2. Start the unit
3. See journal for error messages when the process tries to write to /home


Actual results:
/home read-only
/usr not protected and in the same state as without ProtectSystem set


Expected results:
/home accessible as usual for process
/usr read-only for process


Additional info:
This bug seems to be introduced in systemd v220[1] and fixed in v221[2].

[1] https://github.com/systemd/systemd/commit/ee818b89f4890b3a00e93772249fce810f60811e
[2] https://github.com/systemd/systemd/commit/d38e01dc96c5cae1986561c4f3bc7f760560bf2a
Comment 2 Jan Synacek 2017-09-19 06:43:56 EDT 
https://github.com/lnykryn/systemd-rhel/pull/142
Comment 4 Lukáš Nykrýn 2017-10-02 04:51:10 EDT 
fix merged to staging branch -> https://github.com/lnykryn/systemd-rhel/pull/142 -> post
Comment 5 Michal Hlavinka 2017-10-05 08:58:20 EDT 
*** Bug 1494430 has been marked as a duplicate of this bug. ***
Comment 10 errata-xmlrpc 2018-04-10 07:22:48 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0711
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.