From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 14 Sep 2022 21:07:22 +0000 (+0900)
Subject: unit: drop ProtectClock=yes from systemd-udevd.service
X-Git-Tag: v252-rc1~184
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f562abe2963bad241d34e0b308e48cf114672c84;p=thirdparty%2Fsystemd.git

unit: drop ProtectClock=yes from systemd-udevd.service

This partially reverts cabc1c6d7adae658a2966a4b02a6faabb803e92b.

The setting ProtectClock= implies DeviceAllow=, which is not suitable
for udevd. Although we are slowly removing cgropsv1 support, but
DeviceAllow= with cgroupsv1 is necessarily racy, and reloading PID1
during the early boot process may cause issues like #24668.

Let's disable ProtectClock= for udevd. And, if necessary, let's
explicitly drop CAP_SYS_TIME and CAP_WAKE_ALARM (and possibly others)
by using CapabilityBoundingSet= later.

Fixes #24668.
---

diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index 99011982740..3579de4a687 100644
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -17,8 +17,6 @@ ConditionPathIsReadWrite=/sys
 
 [Service]
 Delegate=pids
-DeviceAllow=block-* rwm
-DeviceAllow=char-* rwm
 Type=notify
 # Note that udev will reset the value internally for its workers
 OOMScoreAdjust=-1000
@@ -30,7 +28,6 @@ ExecReload=udevadm control --reload --timeout 0
 KillMode=mixed
 TasksMax=infinity
 PrivateMounts=yes
-ProtectClock=yes
 ProtectHostname=yes
 MemoryDenyWriteExecute=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6