From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 3 Jun 2025 20:27:34 +0000 (+0900)
Subject: udev-rules: skip loading /etc/shadow
X-Git-Tag: v258-rc1~396^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c57161d657001a1c8510c91b4a2ac9c62395e86;p=thirdparty%2Fsystemd.git

udev-rules: skip loading /etc/shadow

We only require UID/GID, hence not necessary to load information from shadow.
---

diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
index 2d619b02cdf..a6da5074ac6 100644
--- a/src/udev/udev-rules.c
+++ b/src/udev/udev-rules.c
@@ -509,7 +509,9 @@ static int rule_resolve_user(UdevRuleLine *rule_line, const char *name, uid_t *r
         }
 
         _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
-        r = userdb_by_name(name, &USERDB_MATCH_ROOT_AND_SYSTEM, USERDB_PARSE_NUMERIC | USERDB_SYNTHESIZE_NUMERIC, &ur);
+        r = userdb_by_name(name, &USERDB_MATCH_ROOT_AND_SYSTEM,
+                           USERDB_SUPPRESS_SHADOW | USERDB_PARSE_NUMERIC | USERDB_SYNTHESIZE_NUMERIC,
+                           &ur);
         if (r == -ESRCH)
                 return log_line_error_errno(rule_line, r, "Unknown user '%s', ignoring.", name);
         if (r == -ENOEXEC)
@@ -544,7 +546,9 @@ static int rule_resolve_group(UdevRuleLine *rule_line, const char *name, gid_t *
         }
 
         _cleanup_(group_record_unrefp) GroupRecord *gr = NULL;
-        r = groupdb_by_name(name, &USERDB_MATCH_ROOT_AND_SYSTEM, USERDB_PARSE_NUMERIC | USERDB_SYNTHESIZE_NUMERIC, &gr);
+        r = groupdb_by_name(name, &USERDB_MATCH_ROOT_AND_SYSTEM,
+                            USERDB_SUPPRESS_SHADOW | USERDB_PARSE_NUMERIC | USERDB_SYNTHESIZE_NUMERIC,
+                            &gr);
         if (r == -ESRCH)
                 return log_line_error_errno(rule_line, r, "Unknown group '%s', ignoring.", name);
         if (r == -ENOEXEC)
@@ -2674,7 +2678,9 @@ static int udev_rule_apply_token_to_event(
                         return true;
 
                 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
-                r = userdb_by_name(owner, &USERDB_MATCH_ROOT_AND_SYSTEM, USERDB_PARSE_NUMERIC | USERDB_SYNTHESIZE_NUMERIC, &ur);
+                r = userdb_by_name(owner, &USERDB_MATCH_ROOT_AND_SYSTEM,
+                                   USERDB_SUPPRESS_SHADOW | USERDB_PARSE_NUMERIC | USERDB_SYNTHESIZE_NUMERIC,
+                                   &ur);
                 if (r == -ESRCH)
                         log_event_error_errno(event, token, r, "Unknown user \"%s\", ignoring.", owner);
                 else if (r == -ENOEXEC)
@@ -2700,7 +2706,9 @@ static int udev_rule_apply_token_to_event(
                         return true;
 
                 _cleanup_(group_record_unrefp) GroupRecord *gr = NULL;
-                r = groupdb_by_name(group, &USERDB_MATCH_ROOT_AND_SYSTEM, USERDB_PARSE_NUMERIC | USERDB_SYNTHESIZE_NUMERIC, &gr);
+                r = groupdb_by_name(group, &USERDB_MATCH_ROOT_AND_SYSTEM,
+                                    USERDB_SUPPRESS_SHADOW | USERDB_PARSE_NUMERIC | USERDB_SYNTHESIZE_NUMERIC,
+                                    &gr);
                 if (r == -ESRCH)
                         log_event_error_errno(event, token, r, "Unknown group \"%s\", ignoring.", group);
                 else if (r == -ENOEXEC)