Bug 982920 - systemd --test paranoid security
systemd --test paranoid security
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: systemd (Show other bugs)
19
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: systemd-maint
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-10 02:49 EDT by v.ronnen
Modified: 2014-10-14 21:27 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-10-14 21:27:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description v.ronnen 2013-07-10 02:49:29 EDT
Description of problem:

systemd --test can not be run as root nor as an ordinary user

Version-Release number of selected component (if applicable):
Fedora 19

How reproducible:
Allways

Steps to Reproduce:
1. as root:
systemd --test --system --unit=multi-user.target
Don't run test mode as root.
2. as a normal user:
$ systemd --test --system --unit=multi-user.target
systemd 204 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
Failed to set hostname to <fc20.homelinux.org>: Operation not permitted
Failed to open /dev/tty0: Permission denied
Failed to create root cgroup hierarchy: Permission denied
Failed to allocate manager object: Permission denied

Actual results:
useless results

Expected results:
Usefull results

Additional info:

Bug proves --test functionality is not understood by the programmers. 
--test implies do nothing harmful and should be run by root.

Bug proves --test functionality has not been tested at all.
This example is strait from the fedora 19 docs.
Comment 1 Zbigniew Jędrzejewski-Szmek 2014-10-14 21:27:38 EDT
This got fixed as part of the systemd-analyze work (http://cgit.freedesktop.org/systemd/systemd/commit/?id=0d8c31ff72 is the gist of that). So this works fine in F21 since a while. I'll not backport this though.

Note You need to log in before you can comment on or make changes to this bug.