tree-wide: Allow running capsules as any user

For many use cases DynamicUser= just doesn't cut it. Specifically lots
of stuff wants to run as root. Let's support this use case by relaxing
our checks for capsules a bit.

diff --git a/src/run/run.c b/src/run/run.c
index 3d72d7b4c342256d1d07b96ac18fa49a9f61e524..04e643b209c129f45983882c1f77bf32c98b4983 100644 (file)
--- a/src/run/run.c
+++ b/src/run/run.c
@@ -61,7 +61,6 @@
 #include "strv.h"
 #include "terminal-util.h"
 #include "time-util.h"
-#include "uid-classification.h"
 #include "unit-def.h"
 #include "unit-name.h"
 #include "user-util.h"
@@ -2248,9 +2247,6 @@ static int fchown_to_capsule(int fd, const char *capsule) {
         if (r < 0)
                 return r;
 
-        if (uid_is_system(st.st_uid) || gid_is_system(st.st_gid)) /* paranoid safety check */
-                return -EPERM;
-
         return fchmod_and_chown(fd, 0600, st.st_uid, st.st_gid);
 }
 

diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index c8d4c47f73150cf249fce8b121cd405b9d7f56e9..444c4df0fb43646be4f8169365be080bf7778aa1 100644 (file)
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -35,7 +35,6 @@
 #include "string-util.h"
 #include "strv.h"
 #include "time-util.h"
-#include "uid-classification.h"
 
 static int name_owner_change_callback(sd_bus_message *m, void *userdata, sd_bus_error *reterr_error) {
         sd_event *e = ASSERT_PTR(userdata);
@@ -316,7 +315,7 @@ static int pin_capsule_socket(const char *capsule, const char *suffix, uid_t *re
         if (!p)
                 return -ENOMEM;
 
-        /* We enter territory owned by the user, hence let's be paranoid about symlinks and ownership */
+        /* We enter territory owned by the user, hence let's be paranoid about symlinks */
         r = chase(p, /* root= */ NULL, CHASE_SAFE|CHASE_PROHIBIT_SYMLINKS, /* ret_path= */ NULL, &inode_fd);
         if (r < 0)
                 return r;
@@ -324,10 +323,6 @@ static int pin_capsule_socket(const char *capsule, const char *suffix, uid_t *re
         if (fstat(inode_fd, &st) < 0)
                 return negative_errno();
 
-        /* Paranoid safety check */
-        if (uid_is_system(st.st_uid) || gid_is_system(st.st_gid))
-                return -EPERM;
-
         *ret_uid = st.st_uid;
         *ret_gid = st.st_gid;