git.ipfire.org Git - thirdparty/xfsprogs-dev.git/commit

author	Darrick J. Wong <djwong@kernel.org>
	Mon, 13 Oct 2025 23:34:24 +0000 (16:34 -0700)
committer	Andrey Albershteyn <aalbersh@kernel.org>
	Wed, 15 Oct 2025 09:25:30 +0000 (11:25 +0200)
commit	15fd6fc686d5ce7640e46d44f6fa018413ce1b64
tree	63481513bb3cb105926b778d13d66ca604ca08cb	tree \| snapshot
parent	059eef174487133bec609752b6deb3b9db5e64bb	commit \| diff

xfs_scrub_fail: reduce security lockdowns to avoid postfix problems

Iustin Pop reports that the xfs_scrub_fail service fails to email
problem reports on Debian when postfix is installed. This is apparently
due to several factors:

1. postfix's sendmail wrapper calling postdrop directly,
2. postdrop requiring the ability to write to the postdrop group,
3. lockdown preventing the xfs_scrub_fail@ service to have postdrop in
the supplemental group list or the ability to run setgid programs

Item (3) could be solved by adding the whole service to the postdrop
group via SupplementalGroups=, but that will fail if postfix is not
installed and hence there is no postdrop group.

It could also be solved by forcing msmtp to be installed, bind mounting
msmtp into the service container, and injecting a config file that
instructs msmtp to connect to port 25, but that in turn isn't compatible
with systems not configured to allow an smtp server to listen on ::1.

So we'll go with the less restrictive approach that e2scrub_fail@ does,
which is to say that we just turn off all the sandboxing. :( :(

Reported-by: iustin@debian.org
Cc: linux-xfs@vger.kernel.org # v6.10.0
Fixes: 9042fcc08eed6a ("xfs_scrub_fail: tighten up the security on the background systemd service")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Andrey Albershteyn <aalbersh@kernel.org>