New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sysusers: cross-check user and group names too #25107
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fine, but could you please add a testcase covering this in test/test-sysusers.sh.in
? Given it's a corner case, otherwise it will risk regressing
hmm, can you give an example what previously wasn't allowed and now is? |
This adds an additional name check when cross-matching new group entries against existing users, which allows coalescing entries matching both ID and name. It provides a small idempotence enhancement when creating groups in cases where matching user entries are in place. By fine-tuning the conflict detection logic, this avoids picking up new random IDs and correctly prefers configuration values instead.
762b6fc
to
76ad8ef
Compare
Rebased, const-ified, and added a new It fixes the following scenario (observed in the wild as a somehow degenerate side-effect of nss-altfiles forwarding to initrd):
|
lgtm |
This adds an additional name check when cross-matching new group entries against existing users, which allows coalescing entries matching both ID and name.
It provides a small idempotence enhancement when creating groups in cases where matching user entries are in place.
By fine-tuning the conflict detection logic, this avoids picking up new random IDs and correctly prefers configuration values instead.
Refs:
systemd-tmpfiles-setup.service
can skip running in the real root #23745 (comment)root
group with GID 999 in initramfs coreos/fedora-coreos-tracker#1297