core: drop taints for nobody user/group names

We have a check and warning at compile time. The user cannot do anything about
this at runtime, and all other taints are about checks that happen at runtime
and are specific to that system (and at least potentially correctable).

(The logic in the compilation-time check was updated to treat "nogroup" as OK,
but not the runtime check. But I think it's better to remove the runtime check
for this altogether, so this becomes moot.)

diff --git a/src/core/manager.c b/src/core/manager.c
index 0681bbbbd240eac35367967806e61dd9a87ea687..ff4917312c6e2d31f3188d6ed4bb032e25d5bc9c 100644 (file)
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3872,14 +3872,17 @@ char *manager_taint_string(Manager *m) {
         char *buf, *e;
         int r;
 
+        /* Returns a "taint string", e.g. "local-hwclock:var-run-bad".
+         * Only things that are detected at runtime should be tagged
+         * here. For stuff that is set during compilation, emit a warning
+         * in the configuration phase. */
+
         assert(m);
 
         buf = new(char, sizeof("split-usr:"
                                "cgroups-missing:"
                                "local-hwclock:"
                                "var-run-bad:"
-                               "weird-nobody-user:"
-                               "weird-nobody-group:"
                                "overflowuid-not-65534:"
                                "overflowgid-not-65534:"));
         if (!buf)
@@ -3901,12 +3904,6 @@ char *manager_taint_string(Manager *m) {
         if (r < 0 || !PATH_IN_SET(destination, "../run", "/run"))
                 e = stpcpy(e, "var-run-bad:");
 
-        if (!streq(NOBODY_USER_NAME, "nobody"))
-                e = stpcpy(e, "weird-nobody-user:");
-
-        if (!streq(NOBODY_GROUP_NAME, "nobody"))
-                e = stpcpy(e, "weird-nobody-group:");
-
         r = read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid);
         if (r >= 0 && !streq(overflowuid, "65534"))
                 e = stpcpy(e, "overflowuid-not-65534:");